similar to: openssh for UWIN

Hi, I've sent that patch once already but it seems more or less forgotten in the tumultuous days of the latest vulnerability. It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined on platforms not supporting the concept of "privileged" ports only accessible by privileged users but which allow everyone to use these ports. This patch removes some Cygwin dependencies

Linux has just raised the NGROUPS_MAX limit from 32 to 64k. In doing an audit of various tools, openssh turned up as having incorrect groups handling. Almost no user-space apps really care about NGROUPS_MAX. A proposed patch (untested, since the CVS build won't compile on my RH box.. :-/) : What think? Index: uidswap.c ===================================================================

Ok, for those running NeXT and other platforms with broken/missing _POSIX_SAVED_ID please try this patch, and anyone that has spent any amount of time dealing with this problem. I believe it's right. BTW, this patch is no where near as big as it looks. The patch was done against an earily version of the tree which had an issue with white space. - Ben --- ../openssh/uidswap.c Sun Apr 22

Currently openssh (3.4p1) relies on the NGROUPS_MAX define. This makes the number of allowed simultaneous (per-user) secondary groups a compile-time decision. $ find . -name \*.c | xargs grep NGROUPS_MAX ./groupaccess.c:static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ ./groupaccess.c: gid_t groups_bygid[NGROUPS_MAX + 1]; ./uidswap.c:static gid_t

If we can get people to test their platforms against the last snapshot/cvs tree I'd be greatful. (http://www.openssh.com/portable.html) I know NeXT platform has problems. I'm going to spend tonight looking at it. Also, take a moment to see what manpage type ./configure decided for your system and if it's 'cat' please let us know. Thanks. - Ben

Fixes a potential (but probably rather unlikely) use after free bug in function temporarily_use_uid(), file uidswap.c. --- a/uidswap.c +++ b/uidswap.c @@ -113,8 +113,9 @@ temporarily_use_uid(struct passwd *pw) } } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) -

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

Hi all, We are in the process of compiling OpenSSH for our product UWIN which is very similar to cygwin. ======================================================= Here is a brief description about UWIN: Wipro UWIN is a Unix to Windows migration toolkit that gives you most features of a traditional Unix operating system on Windows NT and Windows 95/98. Features include pipes, hard file links, Unix

Attached is the patch for the Cygwin port of 2.2.0p1. As usual I didn't attach the patch to `configure' but only the patch to `configure.in'. BTW: I have attached a gzip'd version of the patch since it's size is > 20K and I thought that it might be too big. The gzip'd diff is < 8K. What are "Small attachments (such as diff files) within the bounds of common

Hello, I've been porting rsync-3.0.7 to run on UWIN, an AT&T Labs open source project, supporting a Unix environment on Windows. The code configured easily and compiled without any modifications or ifdef's added to the code. The backup test was failing because it didn't create a subdirectory. In tracing the code I realized the problem was in robust_move() in backup.c. UWIN returns

Hi, the following patch by Pierre A. Humblet <Pierre.Humblet at ieee.org> allows to use more than one uid on 9x/Me boxes which is currently blocked due to the behaviour of Cygwin's security code. After this patch is applied to sshd, we can safely change the affected code in Cygwin. Thanks, Corinna Index: session.c ===================================================================

The attached patch should solve the following problem: ssh-agent creates a temporary directory under /tmp with '600' permissions. The actual socket file is created in that dir using the default umask. That's no problem in U*X systems since nobody but the owner of the directory can read the socket file. Unfortunately, Windows has a user privilege called "Bypass traverse

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

Hi, attached is a patch which solves the following problem: Sometimes scp could hang in Cygwin when used as remote end using the -t option. This is due to a binmode/textmode problem which could be raised by the login shell which is used by the user and it's setting of textmode on stdin. The patch solves that problem by explicitly setting binmode on stdin. Besides solving the hanging

Hi, I have added calls to `check_ntsec()' to the code which checks for the ownership and modes of identity files and directories. As you might know, check_ntsec() tests if owner/modes are supported by the OS (9x/ME=no, NT/W2K=yes), the filesystem (FAT/FAT32=no, NTFS=yes) and the current Cygwin settings (ntea/ntsec). Corinna Index: auth-rhosts.c

Hi All. I tried building -current on Cygwin but got a couple of minor errors. The first is in auth-passwd.c where it appears Ben got a bit over-enthusiastic cleaning up :-). The patch restores the relevant "#ifdef HAVE_CYGWIN" fragment. The second is in the send-break code in session.c, which won't compile because Cygwin apparently doesn't have TIOCSBRK and TIOCCBRK ioctls.

Hi. This was added just before 3.4p1 for passing to aix_usrinfo and is now unused. -Daz. Index: session.c =================================================================== RCS file: /cvs/openssh/session.c,v retrieving revision 1.210 diff -u -r1.210 session.c --- session.c 4 Jul 2002 03:08:41 -0000 1.210 +++ session.c 15 Jul 2002 11:50:14 -0000 @@ -1159,8 +1159,6 @@ void

3.8p1 added the following to main() in sshd.c: #ifndef HAVE_CYGWIN /* Clear environment */ environ[0] = NULL; #endif This breaks the getenv("TZ") in session.c and causes logins to occur in GMT time. It also causes any sshd syslog messages to be written in GMT time. I'm on SCO Openserver 5.0.7, but this looks like it should affect all platforms. Am I missing something? I

Hi, the following patch is a (hopefully least intrusive) extension when sshd is started so that it daemonizes itself. In that case Windows 9x/Me has a slight problem with sshd as soon as the current user logs off. The sshd daemon will be killed as well. Since installing services is very different between NT and 9x, the way used for NT boxes isn't working well for 9x. For that reason