Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hi I followed some of the conversations in the mailing list archives of cvsnt and cygwin regarding the sshd impersonation problem. It still seems very much unresolved. Here is a proposed patch (attached). **BUT** I can't test it, as I don't have MSVC 7 (only 6) and can't build the solution. Judging from the getcaller() description it should work, though... Background: Cygwin sshd seems to use a "imperfect" Windows impersonation when using RSA key authentication so cvsnt still gets "SYSTEM" when calling GetUserName() in win32getlogin(). The patch tells getcaller() routine to use the $LOGNAME or $USER environment variable if getlogin() which calls win32getlogin() returns "SYSTEM". According to its description, getcaller() is only used for non-critical stuff such as the $Author substitution. So the patch should in no way affect security. On the other hand, maybe it would even be save to patch win32getlogin() generally. Some possibilities: 1. the patch gets accepted and a new release is made available for download sometime soon ;-) 2. somebody can send me a MSVC6 project and/or Makefile so I can test it myself (and deploy the patched version) 3. somebody has a MSVC 7 and cvsnt checked out and could send me the patched-built DLLs/EXEs BTW, does the "imperfect impersonation" of sshd otherwise adversely affect cvsnt operation? Thanks for all help, Mark