Re: OpenSSH 5.1: call for testing - openssh

This is a discussion on Re: OpenSSH 5.1: call for testing - openssh ; On Mon, 7 Jul 2008, Corinna Vinschen wrote: > Other than that: > > - session.c, line 427: > > #define USE_PIPES > > Is that planned or just left over fomr some test? No, that is planned. We now ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: Re: OpenSSH 5.1: call for testing

  1. Re: OpenSSH 5.1: call for testing

    On Mon, 7 Jul 2008, Corinna Vinschen wrote:

    > Other than that:
    >
    > - session.c, line 427:
    >
    > #define USE_PIPES
    >
    > Is that planned or just left over fomr some test?


    No, that is planned. We now unconditionally use pipes for communicating
    with the session subprocesses because they seem to give better semantics
    for half-closed channels (cf. https://bugzilla.mindrot.org/b/85).

    > - The following testcases fail on Cygwin 1.5.25:
    >
    > - addrmatch.sh tries to run IPv6 tests even though IPv6 is not
    > available.


    I'm not sure of a good way to determine at runtime whether IPv6 is
    available on a platform. Perhaps these tests should be disabled in
    portable or made non-fatal.

    > - sftp-glob.sh tries to match filenames with characters not
    > allowed in filenames on Windows filesystems ("*", "\\").


    These should be special-cased for Windows.

    -d
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  2. Re: OpenSSH 5.1: call for testing

    On Jul 8 16:41, Corinna Vinschen wrote:
    > On Jul 9 00:18, Damien Miller wrote:
    > > On Mon, 7 Jul 2008, Corinna Vinschen wrote:
    > >
    > > > Other than that:
    > > >
    > > > - session.c, line 427:
    > > >
    > > > #define USE_PIPES
    > > >
    > > > Is that planned or just left over fomr some test?

    > >
    > > No, that is planned. We now unconditionally use pipes for communicating
    > > with the session subprocesses because they seem to give better semantics
    > > for half-closed channels (cf. https://bugzilla.mindrot.org/b/85).

    >
    > Ok. Given that USE_PIPES is now only used in sftp.c, wouldn't it
    > be easier now to always use pipes, even in sftp.c? That would drop
    > the whole test and a bunch of conditional code.
    >
    > > > - The following testcases fail on Cygwin 1.5.25:
    > > >
    > > > - addrmatch.sh tries to run IPv6 tests even though IPv6 is not
    > > > available.

    > >
    > > I'm not sure of a good way to determine at runtime whether IPv6 is
    > > available on a platform. Perhaps these tests should be disabled in
    > > portable or made non-fatal.

    >
    > Ack. Unfortunately `ssh -6' falls silently back to IPv4 instead of
    > complaining on platforms not supporting IPv6. Complaining would allow
    > to use this as a test.


    Oh, btw. Here's another testsuite problem. Even after I fixed the IPv6
    problems in Cygwin I mentioned in the other mail, there's nothing I can
    do against this error on Windows up to and including Windows Server 2003:

    forwarding.sh:

    exit on -L forward failure, proto 1
    connection not termintated, but should (0)
    [...]
    exit on -L forward failure, proto 2
    connection not termintated, but should (0)

    This problem can only be fixed for Windows Vista and Server 2008. The
    underlying problem is a bug in SO_REUSEADDR handling in WinSock.
    Usually it should be impossible to reuse a complete duplicate of a local
    TCP address (same IP, same port), even if SO_REUSEADDR has been set.
    That's unfortunately possible in WinSock and, instead of fixing this
    bug, has been defined as "that's how it works here", despite a lot of
    other changes in this area over the time.

    I have a workaround for IPv4 for a while now, but working around this
    for IPv6 requires the existance of a function which is only available
    since Windows Vista/2008. No chance on earlier Windows versions.

    I don't know if that fact should really be taken into account in the
    testsuite, but I thought I should mention it for the records.


    Corinna

    --
    Corinna Vinschen
    Cygwin Project Co-Leader
    Red Hat
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  3. Re: OpenSSH 5.1: call for testing

    On Tue, 8 Jul 2008, Corinna Vinschen wrote:

    > On Jul 9 00:18, Damien Miller wrote:
    > > On Mon, 7 Jul 2008, Corinna Vinschen wrote:
    > >
    > > > Other than that:
    > > >
    > > > - session.c, line 427:
    > > >
    > > > #define USE_PIPES
    > > >
    > > > Is that planned or just left over fomr some test?

    > >
    > > No, that is planned. We now unconditionally use pipes for communicating
    > > with the session subprocesses because they seem to give better semantics
    > > for half-closed channels (cf. https://bugzilla.mindrot.org/b/85).

    >
    > Ok. Given that USE_PIPES is now only used in sftp.c, wouldn't it
    > be easier now to always use pipes, even in sftp.c? That would drop
    > the whole test and a bunch of conditional code.


    USE_PIPES wastes an extra file descriptor where it isn't needed, so
    we still prefer sockets where possible.

    > > I'm not sure of a good way to determine at runtime whether IPv6 is
    > > available on a platform. Perhaps these tests should be disabled in
    > > portable or made non-fatal.

    >
    > Ack. Unfortunately `ssh -6' falls silently back to IPv4 instead of
    > complaining on platforms not supporting IPv6. Complaining would allow
    > to use this as a test.


    It shouldn't!

    [djm@fuyu ssh]$ ssh -6 anoncvs.mindrot.org
    ssh: Could not resolve hostname anoncvs.mindrot.org: no address associated with name
    [djm@fuyu ssh]$ echo $?
    255

    (verified on OpenBSD and Linux)

    -d
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  4. Re: OpenSSH 5.1: call for testing

    On Jul 14 11:59, Damien Miller wrote:
    > On Tue, 8 Jul 2008, Corinna Vinschen wrote:
    > > On Jul 9 00:18, Damien Miller wrote:
    > > > I'm not sure of a good way to determine at runtime whether IPv6 is
    > > > available on a platform. Perhaps these tests should be disabled in
    > > > portable or made non-fatal.

    > >
    > > Ack. Unfortunately `ssh -6' falls silently back to IPv4 instead of
    > > complaining on platforms not supporting IPv6. Complaining would allow
    > > to use this as a test.

    >
    > It shouldn't!
    >
    > [djm@fuyu ssh]$ ssh -6 anoncvs.mindrot.org
    > ssh: Could not resolve hostname anoncvs.mindrot.org: no address associated with name
    > [djm@fuyu ssh]$ echo $?
    > 255
    >
    > (verified on OpenBSD and Linux)


    Your example is not what I had in mind.

    In your scenario ssh is running on an OS which supports IPv6, but the
    target you're trying to connect to has no IPv6 address.

    I'm talking about running ssh on a system which doesn't support IPv6 at
    all and which doesn't even know the newer system calls getaddrinfo,
    getnameinfo, freeaddrinfo, like the older Cygwin releases. The main
    difference to your scenario is that ssh uses the getaddrinfo implementation
    in openbsd-compat/fake-rfc2553.c.

    And here's the problem. getaddrinfo in fake-rfc2553.c does not check
    for the requested address family. Actually it should only allow
    hints->ai_family == AF_UNSPEC or == AF_INET, and it should return with
    EAI_FAMILY if hints->ai_family is anything else. Since it doesn't, `ssh
    -6 foo' will happily use AF_INET and just work.

    Below you'll find a patch which fixes that problem in fake-rfc2553.c.
    Tested on Cygwin 1.5.25.

    Before:

    cygwin$ ssh -6 foo
    [...]
    foo$ echo $SSH_CONNECTION
    192.168.129.14 1217 192.168.129.6 22

    With the patch:

    cygwin$ ssh foo
    [...]
    foo$ echo $SSH_CONNECTION
    192.168.129.14 1217 192.168.129.6 22

    cygwin$ ssh -4 foo
    [...]
    foo$ echo $SSH_CONNECTION
    192.168.129.14 1217 192.168.129.6 22

    cygwin$ ssh -6 foo
    ssh: Could not resolve hostname calimero: ai_family not supported


    Corinna


    Index: openbsd-compat/fake-rfc2553.h
    ================================================== =================
    RCS file: /cvs/openssh/openbsd-compat/fake-rfc2553.h,v
    retrieving revision 1.15
    diff -u -p -r1.15 fake-rfc2553.h
    --- openbsd-compat/fake-rfc2553.h 10 Jun 2008 13:52:51 -0000 1.15
    +++ openbsd-compat/fake-rfc2553.h 14 Jul 2008 10:00:38 -0000
    @@ -129,6 +129,9 @@ struct sockaddr_in6 {
    #ifndef EAI_SYSTEM
    # define EAI_SYSTEM (INT_MAX - 4)
    #endif
    +#ifndef EAI_FAMILY
    +# define EAI_FAMILY (INT_MAX - 5)
    +#endif

    #ifndef HAVE_STRUCT_ADDRINFO
    struct addrinfo {
    Index: openbsd-compat/fake-rfc2553.c
    ================================================== =================
    RCS file: /cvs/openssh/openbsd-compat/fake-rfc2553.c,v
    retrieving revision 1.9
    diff -u -p -r1.9 fake-rfc2553.c
    --- openbsd-compat/fake-rfc2553.c 17 Aug 2006 08:55:28 -0000 1.9
    +++ openbsd-compat/fake-rfc2553.c 14 Jul 2008 10:00:38 -0000
    @@ -51,6 +51,8 @@ int getnameinfo(const struct sockaddr *s
    struct hostent *hp;
    char tmpserv[16];

    + if (sa->sa_family != AF_UNSPEC && sa->sa_family != AF_INET)
    + return (EAI_FAMILY);
    if (serv != NULL) {
    snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
    if (strlcpy(serv, tmpserv, servlen) >= servlen)
    @@ -95,6 +97,8 @@ gai_strerror(int err)
    return ("memory allocation failure.");
    case EAI_NONAME:
    return ("nodename nor servname provided, or not known");
    + case EAI_FAMILY:
    + return ("ai_family not supported");
    default:
    return ("unknown/invalid error.");
    }
    @@ -159,6 +163,9 @@ getaddrinfo(const char *hostname, const
    u_long addr;

    port = 0;
    + if (hints && hints->ai_family != AF_UNSPEC &&
    + hints->ai_family != AF_INET)
    + return (EAI_FAMILY);
    if (servname != NULL) {
    char *cp;


    --
    Corinna Vinschen
    Cygwin Project Co-Leader
    Red Hat
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  5. Re: OpenSSH 5.1: call for testing

    On Mon, 14 Jul 2008, Corinna Vinschen wrote:

    > Your example is not what I had in mind.
    >
    > In your scenario ssh is running on an OS which supports IPv6, but the
    > target you're trying to connect to has no IPv6 address.


    Yes, I forgot about the fallback code. Doesn't cygwin provide its
    own getaddrinfo? I though winsock did...

    > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
    > Tested on Cygwin 1.5.25.


    Applied - thanks.

    -d
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  6. Re: OpenSSH 5.1: call for testing

    On Jul 14 21:38, Damien Miller wrote:
    > On Mon, 14 Jul 2008, Corinna Vinschen wrote:
    >
    > > Your example is not what I had in mind.
    > >
    > > In your scenario ssh is running on an OS which supports IPv6, but the
    > > target you're trying to connect to has no IPv6 address.

    >
    > Yes, I forgot about the fallback code. Doesn't cygwin provide its
    > own getaddrinfo? I though winsock did...


    Not in the still current 1.5.25. The next major release 1.7 provides
    fallback code for systems not supporting them (pre-XP). That code
    also checks for an AF_INET6 request and refuses it with EAI_FAMILY.
    Hopefully the WinSock call starting with XP will do the same if the
    IPv6 stack isn't activated. Actually I never tried :}

    > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
    > > Tested on Cygwin 1.5.25.

    >
    > Applied - thanks.


    Thanks to you,
    Corinna

    --
    Corinna Vinschen
    Cygwin Project Co-Leader
    Red Hat
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  7. Re: OpenSSH 5.1: call for testing

    On Jul 14 14:10, Corinna Vinschen wrote:
    > On Jul 14 21:38, Damien Miller wrote:
    > > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
    > > > Tested on Cygwin 1.5.25.

    > >
    > > Applied - thanks.


    Below is another patch which simplifies the test for POSIX file security
    in Cygwin. The functionality implemented in check_ntsec() is already
    present in the Cygwin DLL for about seven years and accessible through
    pathconf(3). In fact, in Cygwin 1.7, this will be the *only* valid
    interface to check for POSIX file security, since the global
    "CYGWIN=ntsec" environment option will be dropped in favor of a
    per-mount option.

    Another question is this: The has_capability function requests Cygwin
    version information to figure out if specific features are available.
    The newest of the requested capabilities exists since Cygwin 1.5.0,
    which has been release in 2003, five years ago. Older versions of
    Cygwin are long out of support. That's why I would like to ask, if it
    isn't time to drop the whole has_capability() function as well as the
    check_nt_auth() function and to remove calling this Cygwin-specific
    function throughout OpenSSH. Right now it's called in auth1.c,
    auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
    That's a lot of #ifdef HAVE_CYGWIN which could go away


    Corinna


    Index: openbsd-compat/bsd-cygwin_util.c
    ================================================== =================
    RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
    retrieving revision 1.19
    diff -u -p -r1.19 bsd-cygwin_util.c
    --- openbsd-compat/bsd-cygwin_util.c 1 Sep 2006 09:29:01 -0000 1.19
    +++ openbsd-compat/bsd-cygwin_util.c 14 Jul 2008 21:01:36 -0000
    @@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
    int
    check_ntsec(const char *filename)
    {
    - char *cygwin;
    - int allow_ntea = 0, allow_ntsec = 0;
    - struct statfs fsstat;
    -
    - /* Windows 95/98/ME don't support file system security at all. */
    - if (!is_winnt)
    - return (0);
    -
    - /* Evaluate current CYGWIN settings. */
    - cygwin = getenv("CYGWIN");
    - allow_ntea = ntea_on(cygwin);
    - allow_ntsec = ntsec_on(cygwin) ||
    - (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
    -
    - /*
    - * `ntea' is an emulation of POSIX attributes. It doesn't support
    - * real file level security as ntsec on NTFS file systems does
    - * but it supports FAT filesystems. `ntea' is minimum requirement
    - * for security checks.
    - */
    - if (allow_ntea)
    - return (1);
    -
    - /*
    - * Retrieve file system flags. In Cygwin, file system flags are
    - * copied to f_type which has no meaning in Win32 itself.
    - */
    - if (statfs(filename, &fsstat))
    - return (1);
    -
    - /*
    - * Only file systems supporting ACLs are able to set permissions.
    - * `ntsec' is the setting in Cygwin which switches using of NTFS
    - * ACLs to support POSIX permissions on files.
    - */
    - if (fsstat.f_type & FS_PERSISTENT_ACLS)
    - return (allow_ntsec);
    -
    - return (0);
    + return (pathconf(filename, _PC_POSIX_PERMISSIONS));
    }

    void

    --
    Corinna Vinschen
    Cygwin Project Co-Leader
    Red Hat
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  8. Re: OpenSSH 5.1: call for testing

    Ping?

    On Jul 14 23:20, Corinna Vinschen wrote:
    > On Jul 14 14:10, Corinna Vinschen wrote:
    > > On Jul 14 21:38, Damien Miller wrote:
    > > > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
    > > > > Tested on Cygwin 1.5.25.
    > > >
    > > > Applied - thanks.

    >
    > Below is another patch which simplifies the test for POSIX file security
    > in Cygwin. The functionality implemented in check_ntsec() is already
    > present in the Cygwin DLL for about seven years and accessible through
    > pathconf(3). In fact, in Cygwin 1.7, this will be the *only* valid
    > interface to check for POSIX file security, since the global
    > "CYGWIN=ntsec" environment option will be dropped in favor of a
    > per-mount option.
    >
    > Another question is this: The has_capability function requests Cygwin
    > version information to figure out if specific features are available.
    > The newest of the requested capabilities exists since Cygwin 1.5.0,
    > which has been release in 2003, five years ago. Older versions of
    > Cygwin are long out of support. That's why I would like to ask, if it
    > isn't time to drop the whole has_capability() function as well as the
    > check_nt_auth() function and to remove calling this Cygwin-specific
    > function throughout OpenSSH. Right now it's called in auth1.c,
    > auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
    > That's a lot of #ifdef HAVE_CYGWIN which could go away
    >
    >
    > Corinna
    >
    >
    > Index: openbsd-compat/bsd-cygwin_util.c
    > ================================================== =================
    > RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
    > retrieving revision 1.19
    > diff -u -p -r1.19 bsd-cygwin_util.c
    > --- openbsd-compat/bsd-cygwin_util.c 1 Sep 2006 09:29:01 -0000 1.19
    > +++ openbsd-compat/bsd-cygwin_util.c 14 Jul 2008 21:01:36 -0000
    > @@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
    > int
    > check_ntsec(const char *filename)
    > {
    > - char *cygwin;
    > - int allow_ntea = 0, allow_ntsec = 0;
    > - struct statfs fsstat;
    > -
    > - /* Windows 95/98/ME don't support file system security at all. */
    > - if (!is_winnt)
    > - return (0);
    > -
    > - /* Evaluate current CYGWIN settings. */
    > - cygwin = getenv("CYGWIN");
    > - allow_ntea = ntea_on(cygwin);
    > - allow_ntsec = ntsec_on(cygwin) ||
    > - (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
    > -
    > - /*
    > - * `ntea' is an emulation of POSIX attributes. It doesn't support
    > - * real file level security as ntsec on NTFS file systems does
    > - * but it supports FAT filesystems. `ntea' is minimum requirement
    > - * for security checks.
    > - */
    > - if (allow_ntea)
    > - return (1);
    > -
    > - /*
    > - * Retrieve file system flags. In Cygwin, file system flags are
    > - * copied to f_type which has no meaning in Win32 itself.
    > - */
    > - if (statfs(filename, &fsstat))
    > - return (1);
    > -
    > - /*
    > - * Only file systems supporting ACLs are able to set permissions.
    > - * `ntsec' is the setting in Cygwin which switches using of NTFS
    > - * ACLs to support POSIX permissions on files.
    > - */
    > - if (fsstat.f_type & FS_PERSISTENT_ACLS)
    > - return (allow_ntsec);
    > -
    > - return (0);
    > + return (pathconf(filename, _PC_POSIX_PERMISSIONS));
    > }
    >
    > void
    >
    > --
    > Corinna Vinschen
    > Cygwin Project Co-Leader
    > Red Hat
    > _______________________________________________
    > openssh-unix-dev mailing list
    > openssh-unix-dev@mindrot.org
    > https://lists.mindrot.org/mailman/li...enssh-unix-dev


    --
    Corinna Vinschen
    Cygwin Project Co-Leader
    Red Hat
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  9. Re: OpenSSH 5.1: call for testing

    On Wed, 16 Jul 2008, Corinna Vinschen wrote:

    > Ping?


    This will be post-5.1. Could you file is as a bug so it doesn't get lost?

    -d

    > On Jul 14 23:20, Corinna Vinschen wrote:
    > > On Jul 14 14:10, Corinna Vinschen wrote:
    > > > On Jul 14 21:38, Damien Miller wrote:
    > > > > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
    > > > > > Tested on Cygwin 1.5.25.
    > > > >
    > > > > Applied - thanks.

    > >
    > > Below is another patch which simplifies the test for POSIX file security
    > > in Cygwin. The functionality implemented in check_ntsec() is already
    > > present in the Cygwin DLL for about seven years and accessible through
    > > pathconf(3). In fact, in Cygwin 1.7, this will be the *only* valid
    > > interface to check for POSIX file security, since the global
    > > "CYGWIN=ntsec" environment option will be dropped in favor of a
    > > per-mount option.
    > >
    > > Another question is this: The has_capability function requests Cygwin
    > > version information to figure out if specific features are available.
    > > The newest of the requested capabilities exists since Cygwin 1.5.0,
    > > which has been release in 2003, five years ago. Older versions of
    > > Cygwin are long out of support. That's why I would like to ask, if it
    > > isn't time to drop the whole has_capability() function as well as the
    > > check_nt_auth() function and to remove calling this Cygwin-specific
    > > function throughout OpenSSH. Right now it's called in auth1.c,
    > > auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
    > > That's a lot of #ifdef HAVE_CYGWIN which could go away
    > >
    > >
    > > Corinna
    > >
    > >
    > > Index: openbsd-compat/bsd-cygwin_util.c
    > > ================================================== =================
    > > RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
    > > retrieving revision 1.19
    > > diff -u -p -r1.19 bsd-cygwin_util.c
    > > --- openbsd-compat/bsd-cygwin_util.c 1 Sep 2006 09:29:01 -0000 1.19
    > > +++ openbsd-compat/bsd-cygwin_util.c 14 Jul 2008 21:01:36 -0000
    > > @@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
    > > int
    > > check_ntsec(const char *filename)
    > > {
    > > - char *cygwin;
    > > - int allow_ntea = 0, allow_ntsec = 0;
    > > - struct statfs fsstat;
    > > -
    > > - /* Windows 95/98/ME don't support file system security at all. */
    > > - if (!is_winnt)
    > > - return (0);
    > > -
    > > - /* Evaluate current CYGWIN settings. */
    > > - cygwin = getenv("CYGWIN");
    > > - allow_ntea = ntea_on(cygwin);
    > > - allow_ntsec = ntsec_on(cygwin) ||
    > > - (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
    > > -
    > > - /*
    > > - * `ntea' is an emulation of POSIX attributes. It doesn't support
    > > - * real file level security as ntsec on NTFS file systems does
    > > - * but it supports FAT filesystems. `ntea' is minimum requirement
    > > - * for security checks.
    > > - */
    > > - if (allow_ntea)
    > > - return (1);
    > > -
    > > - /*
    > > - * Retrieve file system flags. In Cygwin, file system flags are
    > > - * copied to f_type which has no meaning in Win32 itself.
    > > - */
    > > - if (statfs(filename, &fsstat))
    > > - return (1);
    > > -
    > > - /*
    > > - * Only file systems supporting ACLs are able to set permissions.
    > > - * `ntsec' is the setting in Cygwin which switches using of NTFS
    > > - * ACLs to support POSIX permissions on files.
    > > - */
    > > - if (fsstat.f_type & FS_PERSISTENT_ACLS)
    > > - return (allow_ntsec);
    > > -
    > > - return (0);
    > > + return (pathconf(filename, _PC_POSIX_PERMISSIONS));
    > > }
    > >
    > > void
    > >
    > > --
    > > Corinna Vinschen
    > > Cygwin Project Co-Leader
    > > Red Hat
    > > _______________________________________________
    > > openssh-unix-dev mailing list
    > > openssh-unix-dev@mindrot.org
    > > https://lists.mindrot.org/mailman/li...enssh-unix-dev

    >
    > --
    > Corinna Vinschen
    > Cygwin Project Co-Leader
    > Red Hat
    > _______________________________________________
    > openssh-unix-dev mailing list
    > openssh-unix-dev@mindrot.org
    > https://lists.mindrot.org/mailman/li...enssh-unix-dev
    >

    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  10. Re: OpenSSH 5.1: call for testing

    On Jul 17 07:39, Damien Miller wrote:
    > On Wed, 16 Jul 2008, Corinna Vinschen wrote:
    >
    > > Ping?

    >
    > This will be post-5.1.


    Too bad. That means that 5.1 will not run on Cygwin 1.7 without local
    patch.

    > This will be post-5.1. Could you file is as a bug so it doesn't get lost?


    Ok, will do.

    What about my question:

    > > > Another question is this: The has_capability function requests Cygwin
    > > > version information to figure out if specific features are available.
    > > > The newest of the requested capabilities exists since Cygwin 1.5.0,
    > > > which has been release in 2003, five years ago. Older versions of
    > > > Cygwin are long out of support. That's why I would like to ask, if it
    > > > isn't time to drop the whole has_capability() function as well as the
    > > > check_nt_auth() function and to remove calling this Cygwin-specific
    > > > function throughout OpenSSH. Right now it's called in auth1.c,
    > > > auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
    > > > That's a lot of #ifdef HAVE_CYGWIN which could go away


    Is that also ok for post-5.1?


    Corinna

    --
    Corinna Vinschen
    Cygwin Project Co-Leader
    Red Hat
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  11. Re: OpenSSH 5.1: call for testing

    Corinna Vinschen wrote:
    > On Jul 17 07:39, Damien Miller wrote:
    >> On Wed, 16 Jul 2008, Corinna Vinschen wrote:
    >>
    >>> Ping?

    >> This will be post-5.1.

    >
    > Too bad. That means that 5.1 will not run on Cygwin 1.7 without local
    > patch.


    In that case I think we should put it in now. It affects cygwin only
    and you're in the best position to know what the impact is.

    >> This will be post-5.1. Could you file is as a bug so it doesn't get lost?

    >
    > Ok, will do.
    >
    > What about my question:
    >
    >>>> Another question is this: The has_capability function requests Cygwin
    >>>> version information to figure out if specific features are available.
    >>>> The newest of the requested capabilities exists since Cygwin 1.5.0,
    >>>> which has been release in 2003, five years ago. Older versions of
    >>>> Cygwin are long out of support. That's why I would like to ask, if it
    >>>> isn't time to drop the whole has_capability() function as well as the
    >>>> check_nt_auth() function and to remove calling this Cygwin-specific
    >>>> function throughout OpenSSH. Right now it's called in auth1.c,
    >>>> auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
    >>>> That's a lot of #ifdef HAVE_CYGWIN which could go away

    >
    > Is that also ok for post-5.1?


    If it removes ifdefs and doesn't break anything other than
    long-unsupported cygwin then it sounds good to me.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


+ Reply to Thread