On Jul 8 16:41, Corinna Vinschen wrote:
> On Jul 9 00:18, Damien Miller wrote:
> > On Mon, 7 Jul 2008, Corinna Vinschen wrote:
> >
> > > Other than that:
> > >
> > > - session.c, line 427:
> > >
> > > #define USE_PIPES
> > >
> > > Is that planned or just left over fomr some test?
> >
> > No, that is planned. We now unconditionally use pipes for communicating
> > with the session subprocesses because they seem to give better semantics
> > for half-closed channels (cf. https://bugzilla.mindrot.org/b/85).
>
> Ok. Given that USE_PIPES is now only used in sftp.c, wouldn't it
> be easier now to always use pipes, even in sftp.c? That would drop
> the whole test and a bunch of conditional code.
>
> > > - The following testcases fail on Cygwin 1.5.25:
> > >
> > > - addrmatch.sh tries to run IPv6 tests even though IPv6 is not
> > > available.
> >
> > I'm not sure of a good way to determine at runtime whether IPv6 is
> > available on a platform. Perhaps these tests should be disabled in
> > portable or made non-fatal.
>
> Ack. Unfortunately `ssh -6' falls silently back to IPv4 instead of
> complaining on platforms not supporting IPv6. Complaining would allow
> to use this as a test.

Oh, btw. Here's another testsuite problem. Even after I fixed the IPv6
problems in Cygwin I mentioned in the other mail, there's nothing I can
do against this error on Windows up to and including Windows Server 2003:

forwarding.sh:

exit on -L forward failure, proto 1
connection not termintated, but should (0)
[...]
exit on -L forward failure, proto 2
connection not termintated, but should (0)

This problem can only be fixed for Windows Vista and Server 2008. The
underlying problem is a bug in SO_REUSEADDR handling in WinSock.
Usually it should be impossible to reuse a complete duplicate of a local
TCP address (same IP, same port), even if SO_REUSEADDR has been set.
That's unfortunately possible in WinSock and, instead of fixing this
bug, has been defined as "that's how it works here", despite a lot of
other changes in this area over the time.

I have a workaround for IPv4 for a while now, but working around this
for IPv6 requires the existance of a function which is only available
since Windows Vista/2008. No chance on earlier Windows versions.

I don't know if that fact should really be taken into account in the
testsuite, but I thought I should mention it for the records.


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

On Tue, 8 Jul 2008, Corinna Vinschen wrote:

> On Jul 9 00:18, Damien Miller wrote:
> > On Mon, 7 Jul 2008, Corinna Vinschen wrote:
> >
> > > Other than that:
> > >
> > > - session.c, line 427:
> > >
> > > #define USE_PIPES
> > >
> > > Is that planned or just left over fomr some test?
> >
> > No, that is planned. We now unconditionally use pipes for communicating
> > with the session subprocesses because they seem to give better semantics
> > for half-closed channels (cf. https://bugzilla.mindrot.org/b/85).
>
> Ok. Given that USE_PIPES is now only used in sftp.c, wouldn't it
> be easier now to always use pipes, even in sftp.c? That would drop
> the whole test and a bunch of conditional code.

USE_PIPES wastes an extra file descriptor where it isn't needed, so
we still prefer sockets where possible.

> > I'm not sure of a good way to determine at runtime whether IPv6 is
> > available on a platform. Perhaps these tests should be disabled in
> > portable or made non-fatal.
>
> Ack. Unfortunately `ssh -6' falls silently back to IPv4 instead of
> complaining on platforms not supporting IPv6. Complaining would allow
> to use this as a test.

It shouldn't!

[djm@fuyu ssh]$ ssh -6 anoncvs.mindrot.org
ssh: Could not resolve hostname anoncvs.mindrot.org: no address associated with name
[djm@fuyu ssh]$ echo $?
255

(verified on OpenBSD and Linux)

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

On Jul 14 11:59, Damien Miller wrote:
> On Tue, 8 Jul 2008, Corinna Vinschen wrote:
> > On Jul 9 00:18, Damien Miller wrote:
> > > I'm not sure of a good way to determine at runtime whether IPv6 is
> > > available on a platform. Perhaps these tests should be disabled in
> > > portable or made non-fatal.
> >
> > Ack. Unfortunately `ssh -6' falls silently back to IPv4 instead of
> > complaining on platforms not supporting IPv6. Complaining would allow
> > to use this as a test.
>
> It shouldn't!
>
> [djm@fuyu ssh]$ ssh -6 anoncvs.mindrot.org
> ssh: Could not resolve hostname anoncvs.mindrot.org: no address associated with name
> [djm@fuyu ssh]$ echo $?
> 255
>
> (verified on OpenBSD and Linux)

Your example is not what I had in mind.

In your scenario ssh is running on an OS which supports IPv6, but the
target you're trying to connect to has no IPv6 address.

I'm talking about running ssh on a system which doesn't support IPv6 at
all and which doesn't even know the newer system calls getaddrinfo,
getnameinfo, freeaddrinfo, like the older Cygwin releases. The main
difference to your scenario is that ssh uses the getaddrinfo implementation
in openbsd-compat/fake-rfc2553.c.

And here's the problem. getaddrinfo in fake-rfc2553.c does not check
for the requested address family. Actually it should only allow
hints->ai_family == AF_UNSPEC or == AF_INET, and it should return with
EAI_FAMILY if hints->ai_family is anything else. Since it doesn't, `ssh
-6 foo' will happily use AF_INET and just work.

Below you'll find a patch which fixes that problem in fake-rfc2553.c.
Tested on Cygwin 1.5.25.

Before:

cygwin$ ssh -6 foo
[...]
foo$ echo $SSH_CONNECTION
192.168.129.14 1217 192.168.129.6 22

With the patch:

cygwin$ ssh foo
[...]
foo$ echo $SSH_CONNECTION
192.168.129.14 1217 192.168.129.6 22

cygwin$ ssh -4 foo
[...]
foo$ echo $SSH_CONNECTION
192.168.129.14 1217 192.168.129.6 22

cygwin$ ssh -6 foo
ssh: Could not resolve hostname calimero: ai_family not supported


Corinna


Index: openbsd-compat/fake-rfc2553.h
================================================== =================
RCS file: /cvs/openssh/openbsd-compat/fake-rfc2553.h,v
retrieving revision 1.15
diff -u -p -r1.15 fake-rfc2553.h
--- openbsd-compat/fake-rfc2553.h 10 Jun 2008 13:52:51 -0000 1.15
+++ openbsd-compat/fake-rfc2553.h 14 Jul 2008 10:00:38 -0000
@@ -129,6 +129,9 @@ struct sockaddr_in6 {
#ifndef EAI_SYSTEM
# define EAI_SYSTEM (INT_MAX - 4)
#endif
+#ifndef EAI_FAMILY
+# define EAI_FAMILY (INT_MAX - 5)
+#endif

#ifndef HAVE_STRUCT_ADDRINFO
struct addrinfo {
Index: openbsd-compat/fake-rfc2553.c
================================================== =================
RCS file: /cvs/openssh/openbsd-compat/fake-rfc2553.c,v
retrieving revision 1.9
diff -u -p -r1.9 fake-rfc2553.c
--- openbsd-compat/fake-rfc2553.c 17 Aug 2006 08:55:28 -0000 1.9
+++ openbsd-compat/fake-rfc2553.c 14 Jul 2008 10:00:38 -0000
@@ -51,6 +51,8 @@ int getnameinfo(const struct sockaddr *s
struct hostent *hp;
char tmpserv[16];

+ if (sa->sa_family != AF_UNSPEC && sa->sa_family != AF_INET)
+ return (EAI_FAMILY);
if (serv != NULL) {
snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
if (strlcpy(serv, tmpserv, servlen) >= servlen)
@@ -95,6 +97,8 @@ gai_strerror(int err)
return ("memory allocation failure.");
case EAI_NONAME:
return ("nodename nor servname provided, or not known");
+ case EAI_FAMILY:
+ return ("ai_family not supported");
default:
return ("unknown/invalid error.");
}
@@ -159,6 +163,9 @@ getaddrinfo(const char *hostname, const
u_long addr;

port = 0;
+ if (hints && hints->ai_family != AF_UNSPEC &&
+ hints->ai_family != AF_INET)
+ return (EAI_FAMILY);
if (servname != NULL) {
char *cp;


--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

On Mon, 14 Jul 2008, Corinna Vinschen wrote:

> Your example is not what I had in mind.
>
> In your scenario ssh is running on an OS which supports IPv6, but the
> target you're trying to connect to has no IPv6 address.

Yes, I forgot about the fallback code. Doesn't cygwin provide its
own getaddrinfo? I though winsock did...

> Below you'll find a patch which fixes that problem in fake-rfc2553.c.
> Tested on Cygwin 1.5.25.

Applied - thanks.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

On Jul 14 21:38, Damien Miller wrote:
> On Mon, 14 Jul 2008, Corinna Vinschen wrote:
>
> > Your example is not what I had in mind.
> >
> > In your scenario ssh is running on an OS which supports IPv6, but the
> > target you're trying to connect to has no IPv6 address.
>
> Yes, I forgot about the fallback code. Doesn't cygwin provide its
> own getaddrinfo? I though winsock did...

Not in the still current 1.5.25. The next major release 1.7 provides
fallback code for systems not supporting them (pre-XP). That code
also checks for an AF_INET6 request and refuses it with EAI_FAMILY.
Hopefully the WinSock call starting with XP will do the same if the
IPv6 stack isn't activated. Actually I never tried :}

> > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
> > Tested on Cygwin 1.5.25.
>
> Applied - thanks.

Thanks to you,
Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

On Jul 14 14:10, Corinna Vinschen wrote:
> On Jul 14 21:38, Damien Miller wrote:
> > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
> > > Tested on Cygwin 1.5.25.
> >
> > Applied - thanks.

Below is another patch which simplifies the test for POSIX file security
in Cygwin. The functionality implemented in check_ntsec() is already
present in the Cygwin DLL for about seven years and accessible through
pathconf(3). In fact, in Cygwin 1.7, this will be the *only* valid
interface to check for POSIX file security, since the global
"CYGWIN=ntsec" environment option will be dropped in favor of a
per-mount option.

Another question is this: The has_capability function requests Cygwin
version information to figure out if specific features are available.
The newest of the requested capabilities exists since Cygwin 1.5.0,
which has been release in 2003, five years ago. Older versions of
Cygwin are long out of support. That's why I would like to ask, if it
isn't time to drop the whole has_capability() function as well as the
check_nt_auth() function and to remove calling this Cygwin-specific
function throughout OpenSSH. Right now it's called in auth1.c,
auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
That's a lot of #ifdef HAVE_CYGWIN which could go away


Corinna


Index: openbsd-compat/bsd-cygwin_util.c
================================================== =================
RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
retrieving revision 1.19
diff -u -p -r1.19 bsd-cygwin_util.c
--- openbsd-compat/bsd-cygwin_util.c 1 Sep 2006 09:29:01 -0000 1.19
+++ openbsd-compat/bsd-cygwin_util.c 14 Jul 2008 21:01:36 -0000
@@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
int
check_ntsec(const char *filename)
{
- char *cygwin;
- int allow_ntea = 0, allow_ntsec = 0;
- struct statfs fsstat;
-
- /* Windows 95/98/ME don't support file system security at all. */
- if (!is_winnt)
- return (0);
-
- /* Evaluate current CYGWIN settings. */
- cygwin = getenv("CYGWIN");
- allow_ntea = ntea_on(cygwin);
- allow_ntsec = ntsec_on(cygwin) ||
- (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
-
- /*
- * `ntea' is an emulation of POSIX attributes. It doesn't support
- * real file level security as ntsec on NTFS file systems does
- * but it supports FAT filesystems. `ntea' is minimum requirement
- * for security checks.
- */
- if (allow_ntea)
- return (1);
-
- /*
- * Retrieve file system flags. In Cygwin, file system flags are
- * copied to f_type which has no meaning in Win32 itself.
- */
- if (statfs(filename, &fsstat))
- return (1);
-
- /*
- * Only file systems supporting ACLs are able to set permissions.
- * `ntsec' is the setting in Cygwin which switches using of NTFS
- * ACLs to support POSIX permissions on files.
- */
- if (fsstat.f_type & FS_PERSISTENT_ACLS)
- return (allow_ntsec);
-
- return (0);
+ return (pathconf(filename, _PC_POSIX_PERMISSIONS));
}

void

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

Ping?

On Jul 14 23:20, Corinna Vinschen wrote:
> On Jul 14 14:10, Corinna Vinschen wrote:
> > On Jul 14 21:38, Damien Miller wrote:
> > > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
> > > > Tested on Cygwin 1.5.25.
> > >
> > > Applied - thanks.
>
> Below is another patch which simplifies the test for POSIX file security
> in Cygwin. The functionality implemented in check_ntsec() is already
> present in the Cygwin DLL for about seven years and accessible through
> pathconf(3). In fact, in Cygwin 1.7, this will be the *only* valid
> interface to check for POSIX file security, since the global
> "CYGWIN=ntsec" environment option will be dropped in favor of a
> per-mount option.
>
> Another question is this: The has_capability function requests Cygwin
> version information to figure out if specific features are available.
> The newest of the requested capabilities exists since Cygwin 1.5.0,
> which has been release in 2003, five years ago. Older versions of
> Cygwin are long out of support. That's why I would like to ask, if it
> isn't time to drop the whole has_capability() function as well as the
> check_nt_auth() function and to remove calling this Cygwin-specific
> function throughout OpenSSH. Right now it's called in auth1.c,
> auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
> That's a lot of #ifdef HAVE_CYGWIN which could go away
>
>
> Corinna
>
>
> Index: openbsd-compat/bsd-cygwin_util.c
> ================================================== =================
> RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
> retrieving revision 1.19
> diff -u -p -r1.19 bsd-cygwin_util.c
> --- openbsd-compat/bsd-cygwin_util.c 1 Sep 2006 09:29:01 -0000 1.19
> +++ openbsd-compat/bsd-cygwin_util.c 14 Jul 2008 21:01:36 -0000
> @@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
> int
> check_ntsec(const char *filename)
> {
> - char *cygwin;
> - int allow_ntea = 0, allow_ntsec = 0;
> - struct statfs fsstat;
> -
> - /* Windows 95/98/ME don't support file system security at all. */
> - if (!is_winnt)
> - return (0);
> -
> - /* Evaluate current CYGWIN settings. */
> - cygwin = getenv("CYGWIN");
> - allow_ntea = ntea_on(cygwin);
> - allow_ntsec = ntsec_on(cygwin) ||
> - (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
> -
> - /*
> - * `ntea' is an emulation of POSIX attributes. It doesn't support
> - * real file level security as ntsec on NTFS file systems does
> - * but it supports FAT filesystems. `ntea' is minimum requirement
> - * for security checks.
> - */
> - if (allow_ntea)
> - return (1);
> -
> - /*
> - * Retrieve file system flags. In Cygwin, file system flags are
> - * copied to f_type which has no meaning in Win32 itself.
> - */
> - if (statfs(filename, &fsstat))
> - return (1);
> -
> - /*
> - * Only file systems supporting ACLs are able to set permissions.
> - * `ntsec' is the setting in Cygwin which switches using of NTFS
> - * ACLs to support POSIX permissions on files.
> - */
> - if (fsstat.f_type & FS_PERSISTENT_ACLS)
> - return (allow_ntsec);
> -
> - return (0);
> + return (pathconf(filename, _PC_POSIX_PERMISSIONS));
> }
>
> void
>
> --
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/li...enssh-unix-dev

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

On Wed, 16 Jul 2008, Corinna Vinschen wrote:

> Ping?

This will be post-5.1. Could you file is as a bug so it doesn't get lost?

-d

> On Jul 14 23:20, Corinna Vinschen wrote:
> > On Jul 14 14:10, Corinna Vinschen wrote:
> > > On Jul 14 21:38, Damien Miller wrote:
> > > > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
> > > > > Tested on Cygwin 1.5.25.
> > > >
> > > > Applied - thanks.
> >
> > Below is another patch which simplifies the test for POSIX file security
> > in Cygwin. The functionality implemented in check_ntsec() is already
> > present in the Cygwin DLL for about seven years and accessible through
> > pathconf(3). In fact, in Cygwin 1.7, this will be the *only* valid
> > interface to check for POSIX file security, since the global
> > "CYGWIN=ntsec" environment option will be dropped in favor of a
> > per-mount option.
> >
> > Another question is this: The has_capability function requests Cygwin
> > version information to figure out if specific features are available.
> > The newest of the requested capabilities exists since Cygwin 1.5.0,
> > which has been release in 2003, five years ago. Older versions of
> > Cygwin are long out of support. That's why I would like to ask, if it
> > isn't time to drop the whole has_capability() function as well as the
> > check_nt_auth() function and to remove calling this Cygwin-specific
> > function throughout OpenSSH. Right now it's called in auth1.c,
> > auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
> > That's a lot of #ifdef HAVE_CYGWIN which could go away
> >
> >
> > Corinna
> >
> >
> > Index: openbsd-compat/bsd-cygwin_util.c
> > ================================================== =================
> > RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
> > retrieving revision 1.19
> > diff -u -p -r1.19 bsd-cygwin_util.c
> > --- openbsd-compat/bsd-cygwin_util.c 1 Sep 2006 09:29:01 -0000 1.19
> > +++ openbsd-compat/bsd-cygwin_util.c 14 Jul 2008 21:01:36 -0000
> > @@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
> > int
> > check_ntsec(const char *filename)
> > {
> > - char *cygwin;
> > - int allow_ntea = 0, allow_ntsec = 0;
> > - struct statfs fsstat;
> > -
> > - /* Windows 95/98/ME don't support file system security at all. */
> > - if (!is_winnt)
> > - return (0);
> > -
> > - /* Evaluate current CYGWIN settings. */
> > - cygwin = getenv("CYGWIN");
> > - allow_ntea = ntea_on(cygwin);
> > - allow_ntsec = ntsec_on(cygwin) ||
> > - (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
> > -
> > - /*
> > - * `ntea' is an emulation of POSIX attributes. It doesn't support
> > - * real file level security as ntsec on NTFS file systems does
> > - * but it supports FAT filesystems. `ntea' is minimum requirement
> > - * for security checks.
> > - */
> > - if (allow_ntea)
> > - return (1);
> > -
> > - /*
> > - * Retrieve file system flags. In Cygwin, file system flags are
> > - * copied to f_type which has no meaning in Win32 itself.
> > - */
> > - if (statfs(filename, &fsstat))
> > - return (1);
> > -
> > - /*
> > - * Only file systems supporting ACLs are able to set permissions.
> > - * `ntsec' is the setting in Cygwin which switches using of NTFS
> > - * ACLs to support POSIX permissions on files.
> > - */
> > - if (fsstat.f_type & FS_PERSISTENT_ACLS)
> > - return (allow_ntsec);
> > -
> > - return (0);
> > + return (pathconf(filename, _PC_POSIX_PERMISSIONS));
> > }
> >
> > void
> >
> > --
> > Corinna Vinschen
> > Cygwin Project Co-Leader
> > Red Hat
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev@mindrot.org
> > https://lists.mindrot.org/mailman/li...enssh-unix-dev
>
> --
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/li...enssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

On Jul 17 07:39, Damien Miller wrote:
> On Wed, 16 Jul 2008, Corinna Vinschen wrote:
>
> > Ping?
>
> This will be post-5.1.

Too bad. That means that 5.1 will not run on Cygwin 1.7 without local
patch.

> This will be post-5.1. Could you file is as a bug so it doesn't get lost?

Ok, will do.

What about my question:

> > > Another question is this: The has_capability function requests Cygwin
> > > version information to figure out if specific features are available.
> > > The newest of the requested capabilities exists since Cygwin 1.5.0,
> > > which has been release in 2003, five years ago. Older versions of
> > > Cygwin are long out of support. That's why I would like to ask, if it
> > > isn't time to drop the whole has_capability() function as well as the
> > > check_nt_auth() function and to remove calling this Cygwin-specific
> > > function throughout OpenSSH. Right now it's called in auth1.c,
> > > auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
> > > That's a lot of #ifdef HAVE_CYGWIN which could go away

Is that also ok for post-5.1?


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

Corinna Vinschen wrote:
> On Jul 17 07:39, Damien Miller wrote:
>> On Wed, 16 Jul 2008, Corinna Vinschen wrote:
>>
>>> Ping?
>> This will be post-5.1.
>
> Too bad. That means that 5.1 will not run on Cygwin 1.7 without local
> patch.

In that case I think we should put it in now. It affects cygwin only
and you're in the best position to know what the impact is.

>> This will be post-5.1. Could you file is as a bug so it doesn't get lost?
>
> Ok, will do.
>
> What about my question:
>
>>>> Another question is this: The has_capability function requests Cygwin
>>>> version information to figure out if specific features are available.
>>>> The newest of the requested capabilities exists since Cygwin 1.5.0,
>>>> which has been release in 2003, five years ago. Older versions of
>>>> Cygwin are long out of support. That's why I would like to ask, if it
>>>> isn't time to drop the whole has_capability() function as well as the
>>>> check_nt_auth() function and to remove calling this Cygwin-specific
>>>> function throughout OpenSSH. Right now it's called in auth1.c,
>>>> auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
>>>> That's a lot of #ifdef HAVE_CYGWIN which could go away
>
> Is that also ok for post-5.1?

If it removes ifdefs and doesn't break anything other than
long-unsupported cygwin then it sounds good to me.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev