[cvsnt] Patch proposal: $Author substitution with cygwin sshd and RSA keys

[Markus Kuehni]

Hi

I followed some of the conversations in the mailing list archives of cvsnt
and cygwin regarding the sshd impersonation problem. It still seems very
much unresolved.

Here is a proposed patch (attached).

**BUT** I can't test it, as I don't have MSVC 7 (only 6) and can't build the
solution. Judging from the getcaller() description it should work, though...


Background:
Cygwin sshd seems to use a "imperfect" Windows impersonation when using RSA
key authentication so cvsnt still gets "SYSTEM" when calling GetUserName()
in win32getlogin(). 
The patch tells getcaller() routine to use the $LOGNAME or $USER environment
variable if getlogin() which calls win32getlogin() returns "SYSTEM". 
According to its description, getcaller() is only used for non-critical
stuff such as the $Author substitution. So the patch should in no way affect
security. On the other hand, maybe it would even be save to patch
win32getlogin() generally.

Some possibilities:
1. the patch gets accepted and a new release is made available for download
sometime soon ;-)
2. somebody can send me a MSVC6 project and/or Makefile so I can test it
myself (and deploy the patched version)
3. somebody has a MSVC 7 and cvsnt checked out and could send me the
patched-built DLLs/EXEs  

BTW, does the "imperfect impersonation" of sshd otherwise adversely affect
cvsnt operation?

Thanks for all help,
Mark