This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SSHD key based authentication hangs cscript

On May  4 11:15, Stuart Westbury wrote:
> "There are actually two problems here: 1) a problem with CygWin/OpenSSH
> (after  public  key  authentication  GetUserName()  returns  incorrect
> value)..........."
> Is this my problem?

No, that's our problem.  There's nothing we can do about it, I'm sorry.

What happens is this:  When sshd calls seteuid(), the Cygwin DLL creates
a new user token based on the information in the SAM and Cygwin's /etc/passwd
and /etc/group files.  Nothing wrong with that, but since this happens
in user land and not within a registered Windows authentication package,
there's a problem here.  The new sub process still runs in the authenticated
session for the SYSTEM resp. the sshd_server user.  Even though the new
user token contains all the correct information otherwise, it doesn't
contain a new session identifier since as a non-authentication package,
it can't create its own session identifier.  This has the unfortunate
result, that Windows functions still return the name resp. SID of the user
who started the original process (SYSTEM/sshd_server).  From my point of
view this is a bug in Windows, but who am I to be asked?

This doesn't happen when using password authentication because in this
case the authentication is done by the standard authentication package
and a new, shiny session identifier is added to the new user token.

And the second question is what?


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader
Red Hat, Inc.

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]