- (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]

[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
         separation user at runtime, since it may need to be a domain account.
            Patch from Corinna Vinschen.

ChangeLog

@@ -3,6 +3,10 @@
  - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config
    from Corinna Vinschen, fixing a number of bugs and preparing for
    Cygwin 1.7.30.
+ - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
+   [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
+   separation user at runtime, since it may need to be a domain account.
+   Patch from Corinna Vinschen.
 
 20140522
  - (djm) [Makefile.in] typo in path

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.574 2014/05/21 07:06:47 djm Exp $
+# $Id: configure.ac,v 1.575 2014/05/27 04:34:43 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.574 $)
+AC_REVISION($Revision: 1.575 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
 
@@ -2871,7 +2871,14 @@ if test "x$PAM_MSG" = "xyes" ; then
 	])
 fi
 
-SSH_PRIVSEP_USER=sshd
+case "$host" in
+*-*-cygwin*)
+	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
+	;;
+*)
+	SSH_PRIVSEP_USER=sshd
+	;;
+esac
 AC_ARG_WITH([privsep-user],
 	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
 	[
@@ -2881,8 +2888,13 @@ AC_ARG_WITH([privsep-user],
 		fi
 	]
 )
-AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
-	[non-privileged user for privilege separation])
+if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
+	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
+		[Cygwin function to fetch non-privileged user for privilege separation])
+else
+	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
+		[non-privileged user for privilege separation])
+fi
 AC_SUBST([SSH_PRIVSEP_USER])
 
 if test "x$have_linux_no_new_privs" = "x1" ; then

openbsd-compat/bsd-cygwin_util.c

@@ -57,6 +57,22 @@ check_ntsec(const char *filename)
 	return (pathconf(filename, _PC_POSIX_PERMISSIONS));
 }
 
+const char *
+cygwin_ssh_privsep_user()
+{
+  static char cyg_privsep_user[DNLEN + UNLEN + 2];
+
+  if (!cyg_privsep_user[0])
+    {
+#ifdef CW_CYGNAME_FROM_WINNAME
+      if (cygwin_internal (CW_CYGNAME_FROM_WINNAME, "sshd", cyg_privsep_user,
+			   sizeof cyg_privsep_user) != 0)
+#endif
+	strcpy (cyg_privsep_user, "sshd");
+    }
+  return cyg_privsep_user;
+}
+
 #define NL(x) x, (sizeof (x) - 1)
 #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
 

openbsd-compat/bsd-cygwin_util.h

@@ -1,4 +1,4 @@
-/* $Id: bsd-cygwin_util.h,v 1.17 2014/01/18 10:04:00 dtucker Exp $ */
+/* $Id: bsd-cygwin_util.h,v 1.18 2014/05/27 04:34:43 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com>
@@ -39,6 +39,8 @@
 /* Avoid including windows headers. */
 typedef void *HANDLE;
 #define INVALID_HANDLE_VALUE ((HANDLE) -1)
+#define DNLEN 16
+#define UNLEN 256
 
 /* Cygwin functions for which declarations are only available when including
    windows headers, so we have to define them here explicitely. */
@@ -48,6 +50,8 @@ extern void cygwin_set_impersonation_token (const HANDLE);
 #include <sys/cygwin.h>
 #include <io.h>
 
+#define CYGWIN_SSH_PRIVSEP_USER (cygwin_ssh_privsep_user())
+const char *cygwin_ssh_privsep_user();
 
 int binary_open(const char *, int , ...);
 int check_ntsec(const char *);