Re: inetutils-1.5-2 test release

2008-04-17 Thread Charles Wilson 

Dr. Volker Zell wrote:

Fixed the ftp problem. It was an '=' vs. '==' transcription bug.


If I try the old rsh against your new daemons it seems to work:

06:53 PM [637] /bin/rsh [EMAIL PROTECTED] pwd
/home/vzell


Fixed this. The new version of rsh added a check to ensure that rsh.exe 
client had the setuid bit ON (that is, its getuid() is 'root'), and 
exited otherwise.  Obvious that's wrong on cygwin.  The only reason 
'/bin/rsh [EMAIL PROTECTED]' (with no command) worked is because that is 
implmented as 'exec rlogin' BEFORE checking the setuid -- and the 
rlogin.exe client does not check that getuid() is 'root').



and in /var/log/messages:

Mar 18 18:53:28 localhost rshd: PID 160: 2nd port not reserved 1022


This was a red herring. Just a cut-n-paste error; this log message 
belonged elsewhere in the code.



Mar 18 18:53:51 localhost rshd: PID 2948: [EMAIL PROTECTED] as vzell: cmd='pwd'


Normal log message when a rcmd/rexec/rsh fails. The failure was due to 
the setuid thing, above.



By the way, for every telnet session I see the following two entries in
/var/log/messages

Mar 18 18:02:11 localhost telnetd: PID 180: ttloop: retrying
Mar 18 18:02:39 localhost telnetd: PID 180: child process 1180 exited: 0

Is this expected behaviour ?


Well, kinda. If your server is faster than your client...

// function io_drain //
 again:
  ncc = read (net, netibuf, sizeof netibuf);
  if (ncc  0)
{
  if (errno == EAGAIN)
{
  syslog (LOG_INFO, ttloop: retrying);
  goto again;
}

It just means that you tried to read from an empty but non-blocking 
socket. I don't really like the way this is coded; it's a 100% busy 
loop. But, that's why it's called ttloop (which is the only caller of 
io_drain):


#define ttloop(c) while (c) io_drain ()

But ttloop is used rather sparingly -- for instance, while doing the 
handshaking to set up the login prompt. Most of the time telnetd sits in 
a select() loop.


--
Chuck

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

RE: inetutils-1.5-2 test release

2008-03-18 Thread Charles Wilson 
 The test release of inetutils installs fine with setup.
 I tested it with my original xinetd setup (replacing the in.* daemons with 
 the new ones).
 
 Authentication via ftpd does not seem to work in the new release:
 ...
 530 Login incorrect.

This is odd. ftpd works for me
  1) on XP SP2, where inetd is installed as a service on its own,
  running under the local system account
  2) on XP SP2, where inetd is installed as a service using cygrunsrv,
  running under the local system account
  3) on XP SP2, where inetd is invoked via sysvinit's init process
  (/etc/rc.d/inetd), and were init is running under the local system
  account

However, ftpd does not work if inetd is running under
sshd_server/cyg_server/other_privileged_user -- so I assume it will not
yet work under vista.  But that issue is not a regression, AFAICT. What
are the details of your installation?  I don't need full cygcheck, just
OS ver, user that inetd is running as, whether inetd is installed as a
service on its own, under cygrunsrv, or via sysvinit's init service (and
the user under which init is running), and an `ls -l' listing of /etc.

 Remote commands via the new rsh do not seem to work:
 rsh [EMAIL PROTECTED] ls
 /bin/rsh: must be setuid root.

Hm. again, this works for me -- unless inetd is running under a
privileged user. This is because rshd contains code to check the UID
(against '18' == LocalSystem; it doesn't know how to deal with other
privileged UIDs. But again -- the old rshd had the same limitation in
the code, so I am a bit confused as to how it worked for you, before.
Unless xinetd was running under LocalSystem, but inetd is not?

 Last question. What is .talkrc for ? I get the following in /var/log/messages 
 when running talk. The man page says nothing.
 Mar 18 13:30:37 localhost talkd: PID 2132: can't open config file 
 /home/vzell/.talkrc: No such file or directory

You're right, this is not documented at all.

2001-10-25  Sergey Poznyakoff

Talkd essencially rewritten. New feature: system-wide and
user-specific access-control lists allow for controlling
who and from where is able to request talks.

Somebody also mentioned that error message (note the date):
http://lists.gnu.org/archive/html/bug-inetutils/2002-09/msg00037.html
but it was never corrected.

Anyway, it seems that .talkrc is intended for per-user access control,
like the `talkd --acl FILE' option is for site-wide access control. 
  -a, --acl FILE read site-wide ACLs from FILE
The format of the site-wide acl file and the per-user acl file is the
same -- because it is parsed by the same code. However, the format isn't
documented at all, either.

Perusing the code, it looks like the format is:

allow|deny RE INET [INET [INET ...]

where one of allow/deny is required
RE is a regular expression (regcomp() style) that is applied to the
caller's username. Whether Extended RE patterns are allowed depends on
the system implementation of regcomp.
INET is a network address. It appears that any of these formats work:
  192.168.1.0/255.255.255.0 
  192.168.1.0/24
  192.168.1.2
  any
but no dns lookups are possible. Both RE and (one of the) INET have
to match for the specified rule (allow or deny) to apply. The default
behavior is:

allow * any

I'll look into silencing that error message.

BTW, I hadn't even gotten around to announcing this as an official test
release yet. You're really on the ball...

--
Chuck

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: inetutils-1.5-2 test release

2008-03-18 Thread Corinna Vinschen 
On Mar 18 12:32, Charles Wilson wrote:
  The test release of inetutils installs fine with setup.
  I tested it with my original xinetd setup (replacing the in.* daemons with 
  the new ones).
  
  Authentication via ftpd does not seem to work in the new release:
  ...
  530 Login incorrect.
 
 This is odd. ftpd works for me
   1) on XP SP2, where inetd is installed as a service on its own,
   running under the local system account
   2) on XP SP2, where inetd is installed as a service using cygrunsrv,
   running under the local system account
   3) on XP SP2, where inetd is invoked via sysvinit's init process
   (/etc/rc.d/inetd), and were init is running under the local system
   account
 
 However, ftpd does not work if inetd is running under
 sshd_server/cyg_server/other_privileged_user -- so I assume it will not
 yet work under vista.  But that issue is not a regression, AFAICT. What
 are the details of your installation?

That is a regression, afaics.  The privileged account needs the specific
user privileges to change the user context, but if it has these
privileges, it should behave not different than when running under the
SYSTEM account in earlier versions of Windows.  The old ftpd doesn't test
the uid for being any fixed value.  Same for inetd.

 Hm. again, this works for me -- unless inetd is running under a
 privileged user. This is because rshd contains code to check the UID
 (against '18' == LocalSystem; it doesn't know how to deal with other
 privileged UIDs. But again -- the old rshd had the same limitation in
 the code, 

Uh, no.  the old rshd has this in the code:

  #ifdef __CYGWIN__
  uid_t ROOT_UID = getuid ();
  #else
  ROOT_UID  (0)
  #endif


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader  cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: inetutils-1.5-2 test release

2008-03-18 Thread Dr. Volker Zell 
 Charles Wilson writes:

 The test release of inetutils installs fine with setup.
 I tested it with my original xinetd setup (replacing the in.* daemons 
with the new ones).
 
 Authentication via ftpd does not seem to work in the new release:
 ...
 530 Login incorrect.

 This is odd. ftpd works for me
   1) on XP SP2, where inetd is installed as a service on its own,
   running under the local system account
   2) on XP SP2, where inetd is installed as a service using cygrunsrv,
   running under the local system account
   3) on XP SP2, where inetd is invoked via sysvinit's init process
   (/etc/rc.d/inetd), and were init is running under the local system
   account

 However, ftpd does not work if inetd is running under
 sshd_server/cyg_server/other_privileged_user -- so I assume it will not
 yet work under vista.  But that issue is not a regression, AFAICT. What
 are the details of your installation?  I don't need full cygcheck, just
 OS ver, user that inetd is running as, whether inetd is installed as a
 service on its own, under cygrunsrv, or via sysvinit's init service (and
 the user under which init is running), and an `ls -l' listing of /etc.


OS: XP SP2

I was running xinetd with my previous tests (but checked now inetd and it
is the same) with your option 3) under Local System account.


06:41 PM [632] ls -l
total 619
-rw-r--r--   1 vzell  users4279 Nov 13 01:00 DIR_COLORS
-rw-r--r--   1 vzell  admin5689 Mar 18 18:30 Descript.ion
-rw-r--r--   1 vzell  admin 588 Feb 20  2006 GeoIP.conf
-rw-r--r--   1 vzell  users   87738 Aug 23  2007 Muttrc
lrwxrwxrwx   1 vzell  admin  17 May 21  2007 TIMEZONE - /etc/default/init
drwxr-xr-x+  2 vzell  admin   0 Jul 24  2007 WindowMaker/
drwxr-xr-x+ 14 vzell  admin   0 Feb 12 15:41 X11/
-rw-r--r--   1 vzell  admin2557 Aug 22  2003 a2ps-site.cfg
-rw-r--r--   1 vzell  admin   15071 Aug 22  2003 a2ps.cfg
-rw-r--r--   1 vzell  admin  18 Jan  3  2003 aliases
drwxr-xr-x+  2 vzell  admin   0 Feb 20 14:36 alternatives/
drwxr-xr-x+  2 vzell  admin   0 Jul 24  2007 apache/
drwxr-xr-x+  5 vzell  admin   0 Feb 17 18:10 apache2/
drwxr-xr-x+  7 vzell  users   0 Feb 12 14:58 asciidoc/
-rw-r--r--   1 vzell  admin 144 Jan  2  2003 at.deny
-rw-r--r--   1 vzell  admin 301 Feb  2  2006 bash.bashrc
-rw-r--r--   1 vzell  admin  215739 Oct 30  2006 bash_completion
drwxr-xr-x+  2 vzell  admin   0 Nov 13 00:52 bash_completion.d/
drwxr-xr-x+  2 vzell  admin   0 Jul 24  2007 bonobo-activation/
drwxr-xr-x+  2 vzell  users   0 Nov 13 01:00 boxes/
-rw-r--r--   1 vzell  users  32 Nov 13 01:00 brlapi.key
drwxr-xr-x+  2 vzell  users   0 Nov 13 00:25 brltty/
-rw-r--r--   1 vzell  users   15747 Nov 13 01:00 brltty.conf
-rw-r--r--   1 vzell  admin7658 Oct 24  2004 clamd.conf
-rw-r--r--   1 vzell  admin 844 Feb 22 13:03 colordiffrc
drwxr-xr-x+  2 vzell  admin   0 Jul 24  2007 cron.d/
-rw-r--r--   1 vzell  admin1714 Jun 10  2007 csh.cshrc
-rw-r--r--   1 vzell  admin 428 Jun 10  2007 csh.login
-rw-r--r--   1 vzell  admin1471 Dec  9  2006 cygport.conf
-rw-r--r--   1 vzell  admin5138 Jan  5 19:48 cygserver.conf
drwxr-xr-x+  2 vzell  admin   0 Jul 24  2007 default/
drwxr-xr-x+  4 vzell  admin   0 Nov 13 00:52 defaults/
drwxr-xr-x+  3 vzell  admin   0 Jul 24  2007 dpkg/
drwxr-xr-x+  2 vzell  users   0 Nov 13 01:00 email/
-rw-r--r--   1 vzell  admin4868 Dec 16 13:03 enscript.cfg
-rw-r--r--   1 vzell  admin 153 Aug 22  2005 esd.conf
-rw-r--r--   1 system root22992 Jan 13  2007 exim.conf
drwxr-xr-x+  4 vzell  admin   0 Jul 24  2007 fonts/
-rw-r--r--   1 vzell  admin1497 Sep 17  2004 freshclam.conf
-rw-r--r--   1 vzell  admin  14 Mar  5 02:54 ftpusers
-rw-r--r--   1 vzell  admin  40 Mar  5 02:54 ftpwelcome
drwxr-xr-x+  6 vzell  admin   0 Jul 24  2007 gconf/
drwxr-xr-x+  3 vzell  admin   0 Jul 24  2007 ggi/
drwxr-xr-x+  3 vzell  admin   0 Jul 24  2007 gnome-vfs-2.0/
-rw-r--r--   1 vzell  admin   10793 Aug  2  2005 gnome-vfs-mime-magic
-rw-r--r--   1 vzell  admin 481 Feb 27 13:34 group
drwxr-xr-x+  2 vzell  admin   0 Jul 24  2007 gtk/
drwxr-xr-x+  2 vzell  admin   0 Jul 24  2007 gtk-2.0/
lrwxrwxrwx   1 vzell  admin  37 Aug  1  2005 hosts - 
C:\WINDOWS\system32\drivers\etc\hosts*
-rw-r--r--   1 vzell  admin 200 Dec 10  2002 hosts.allow
-rw-r--r--   1 vzell  admin 407 Dec 10  2002 hosts.deny
-rw-r--r--   1 vzell  admin  64 Feb 21 13:57 hosts.equiv
drwxr-xr-x+  2 vzell  admin   0 Jul 24  2007 imlib/
-rw-r--r--   1 vzell  admin2668 Mar 18 18:00 inetd.conf
-rw-r--r--   1 vzell  admin2061 Dec  4  2003 inetd.conf.ok
drwxr-xr-x+  2 vzell  users   0 Mar 18 11:39 inetd.d/
-rw-r--r--   1 vzell  admin1678 Feb 20 12:48 inittab
-rw-r--r--+  1 vzell  admin  44 Feb 27 14:03 ioctl.save
-rw-r--r--   1 vzell  admin5651 Feb 15 17:20

Re: inetutils-1.5-2 test release

2008-03-18 Thread Charles Wilson 

Corinna Vinschen wrote:

On Mar 18 12:32, Charles Wilson wrote:

This is odd. ftpd works for me
  1) on XP SP2, where inetd is installed as a service on its own,
  running under the local system account
  2) on XP SP2, where inetd is installed as a service using cygrunsrv,
  running under the local system account
  3) on XP SP2, where inetd is invoked via sysvinit's init process
  (/etc/rc.d/inetd), and were init is running under the local system
  account

However, ftpd does not work if inetd is running under
sshd_server/cyg_server/other_privileged_user -- so I assume it will not
yet work under vista.  But that issue is not a regression, AFAICT. What
are the details of your installation?


That is a regression, afaics.  The privileged account needs the specific
user privileges to change the user context, but if it has these
privileges, it should behave not different than when running under the
SYSTEM account in earlier versions of Windows.  The old ftpd doesn't test
the uid for being any fixed value. 


ftp was the worst as far as porting changes from 1.3.2-X to 1.5. LOTS of 
stuff. It is entirely possible that I (a) missed something in forward 
porting old modifications, or (b) there was some new code in 1.5 that 
needed modification and I missed that.


That's why this is a test release. It works for me, but I've only got 
the one computer (* okay, I just got a vista machine last week, but I 
haven't even tried to install cygwin on it. Reading the horror stories...)



Same for inetd.


Right. I had no issues with inetd *itself*, running under the cyg_server 
(or sshd_server) account. It was (some of) the slave daemons that were 
troublesome -- but not all.  telnetd works (for me), for instance.  I 
remember that at least one of the r* cmds worked (for me), too -- except 
that unless LocalServer, .rhosts were not honored.




Uh, no.  the old rshd has this in the code:

  #ifdef __CYGWIN__
  uid_t ROOT_UID = getuid ();
  #else
  ROOT_UID  (0)
  #endif


Oops. I was thinking of rlogind:

#define ROOT_UID18

--
Chuck




--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: inetutils-1.5-2 test release

2008-03-18 Thread Corinna Vinschen 
On Mar 18 13:46, Charles Wilson wrote:
 (* okay, I just got a vista machine last week, but I haven't 
 even tried to install cygwin on it. Reading the horror stories...)

diabolical laughter

 Oops. I was thinking of rlogind:

 #define ROOT_UID18

Uh oh.  There's a certain chance that I never tested that on post-XP
either...


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader  cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/