Created attachment 1021 [details] Support for Interix in configure, and authentication support Interix authentication is a very interesting beast. Attached are diffs to add an autoconf block for Interix, as well as the necessary authentication bits to make sshd build for non-privsep usage.
Comment on attachment 1021 [details] Support for Interix in configure, and authentication support >+#ifdef HAVE_INTERIX >+ result = (!setuser(pw->pw_name, password, SU_CHECK); >+#else > result = sys_auth_passwd(authctxt, password); >+#endif This is exactly the kind of thing the sys_auth_passwd abstraction is designed to avoid. The correct way to do this is to implement your own sys_auth_passwd() and define CUSTOM_SYS_AUTH_PASSWD. >+#ifndef HAVE_INTERIX > case ' ': >+#endif Why this change? >+# if !defined(HAVE_INTERIX) > /* Initialize the group list. */ > if (initgroups(pw->pw_name, pw->pw_gid) < 0) { > perror("initgroups"); > exit(1); > } >+# endif /* !HAVE_INTERIX */ Does Interix have initgroups()? If not, just implement initgroups() as a null function that just returns zero. Ditto setgroups. >+#ifdef HAVE_INTERIX >+ use_privsep = 0; >+#else > use_privsep = 1; >+#endif Why doesn't privsep work? Does defining DISABLE_FD_PASSING make preauth privsep work? (That's what Cygwin and a number of other platforms do.)
> >+#ifdef HAVE_INTERIX > >+ result = (!setuser(pw->pw_name, password, SU_CHECK); > >+#else > > result = sys_auth_passwd(authctxt, password); > >+#endif > > This is exactly the kind of thing the sys_auth_passwd abstraction is designed > to avoid. The correct way to do this is to implement your own > sys_auth_passwd() and define CUSTOM_SYS_AUTH_PASSWD. Will do, and will resubmit patch at that time. > >+#ifndef HAVE_INTERIX > > case ' ': > >+#endif > > Why this change? Interix users and groups are allowed to have spaces in them. (This is because Interix is a Unix layer on top of Windows, similar to Cygwin but working at a much lower NT level.) > >+# if !defined(HAVE_INTERIX) > > /* Initialize the group list. */ > > if (initgroups(pw->pw_name, pw->pw_gid) < 0) { > > perror("initgroups"); > > exit(1); > > } > >+# endif /* !HAVE_INTERIX */ > > Does Interix have initgroups()? If not, just implement initgroups() as a null > function that just returns zero. Ditto setgroups. OK, will do. There used to be a no-op setgroups() that was used for Cygwin too, but it disappeared early in 2005. I'll have to track back to find which portable release had it last, and merge it back in. > >+#ifdef HAVE_INTERIX > >+ use_privsep = 0; > >+#else > > use_privsep = 1; > >+#endif > > Why doesn't privsep work? Does defining DISABLE_FD_PASSING make preauth > privsep work? (That's what Cygwin and a number of other platforms do.) I can't remember why this was here, but last time I looked, DISABLE_FD_PASSING wasn't enough. I'll check again and resubmit.
Created attachment 1027 [details] add null implementations of initgroups and setgroups Since these might be shared, they belong in a common file. Anything Interix specific (eg the sys_auth_passwd implementation) should go into a "port-interix.c" or similar.
I think this is obsolete with the addition of native windows OpenSSH
closing resolved bugs as of 8.6p1 release