[cvsnt] Re: Patch proposal: $Author substitution with cygwin sshd and RSA keys

Markus Kuehni markus.kuehni at trilab.ch
Tue Mar 23 10:00:50 GMT 2004


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


Because the mailing list swallows the attachment, here the text of the
patch:

Index: windows-NT/win32.c
===================================================================
RCS file: /usr/local/cvs/cvsnt/windows-NT/win32.c,v
retrieving revision 1.86
diff -u -2 -r1.86 win32.c
--- windows-NT/win32.c	7 Mar 2004 21:40:11 -0000	1.86
+++ windows-NT/win32.c	22 Mar 2004 07:08:57 -0000
@@ -477,4 +477,15 @@
 	if(!GetUserNameA(UserName,&len))
 		return NULL;
+	/* Ignore "SYSTEM" as it implies an	incomplete impersonation
such as with 
+	   Cygwin sshd RSA-Key authentication. Go for environment variables
in this case. */
+	if (strcmp(UserName, "SYSTEM") == 0)
+	{ 
+		char * name;
+		if (((name = getenv("LOGNAME")) && strlen(name) <= UNLEN)
+		 || ((name = getenv("USER")) && strlen(name) <= UNLEN))
+		{
+			strcpy(UserName, name);
+		}
+	}
 	return UserName;
 } 

-----Original Message-----
From: Markus Kuehni [mailto:markus.kuehni at trilab.ch] 
Sent: Montag, 22. März 2004 08:39
To: 'Tony Hoyle'; 'cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook'
Subject: RE: [cvsnt] Re: Patch proposal: $Author substitution with cygwin
sshd and RSA keys

Hi

So here's the proposed patch for win32getlogin()

Again, I can't test/build it as I don't have MSVC7 (see original post).

Thanks,
Mark

-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf Of
Tony Hoyle
Sent: Samstag, 20. März 2004 03:02
To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook
Subject: [cvsnt] Re: Patch proposal: $Author substitution with cygwin sshd
and RSA keys

Markus Kuehni wrote:

> Background:
> Cygwin sshd seems to use a "imperfect" Windows impersonation when using
RSA
> key authentication so cvsnt still gets "SYSTEM" when calling GetUserName()
> in win32getlogin(). 
...

It's better to patch win32getlogin as it's a win32 specific problem.
I like the idea of checking for "SYSTEM" as it's better than previous
solutions.

...




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook