openssh unix dev - Aug 2006 - [PATCH] Cygwin: Add SeTcbPrivilege to sshd_server user

Hi,

the below patch adds a Windows NT user right to the sshd_server user
which will be important in an upcoming version of Cygwin.  I have a
preliminary implementation which solves the problem that native Windows
processes don't recognize the user name correctly, if the user has
logged in using public key authentication.  The new mechanism requires
the SeTcbPrivilege for the user which changes the user context using
setuid.  To keep the transition as smooth as possible, I'd like to give
the user this specific right rather early.

Could this be applied to config/cygwin/ssh-host-config before 4.4p1 is
released?


Thanks,
Corinna


Index: contrib/cygwin/ssh-host-config
==================================================================RCS file:
/cvs/openssh/contrib/cygwin/ssh-host-config,v
retrieving revision 1.19
diff -p -u -r1.19 ssh-host-config
--- contrib/cygwin/ssh-host-config	3 Mar 2006 21:50:32 -0000	1.19
+++ contrib/cygwin/ssh-host-config	30 Aug 2006 16:45:57 -0000
@@ -516,6 +516,7 @@ then
 	    fi
 	    editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
 	    editrights -a SeCreateTokenPrivilege -u sshd_server &&
+	    editrights -a SeTcbPrivilege -u sshd_server &&
 	    editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
 	    editrights -a SeDenyNetworkLogonRight -u sshd_server &&
 	    editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat