public inbox for cygwin-apps-cvs@sourceware.org help / color / mirror / Atom feed
From: corinna@sourceware.org To: cygwin-apps-cvs@sourceware.org Subject: [login - The unix login(1), tweaked for Cygwin] branch master, updated. v1_12 Date: Mon, 18 Jun 2018 12:13:00 -0000 [thread overview] Message-ID: <20180618121258.106777.qmail@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=cygwin-apps/login.git;h=9e8b7b73e99242ce7047a18bf8028fb10c2c03ac commit 9e8b7b73e99242ce7047a18bf8028fb10c2c03ac Author: Corinna Vinschen <vinschen@redhat.com> Date: Mon Jun 18 13:55:37 2018 +0200 fix gcc warnings Signed-off-by: Corinna Vinschen <vinschen@redhat.com> https://sourceware.org/git/gitweb.cgi?p=cygwin-apps/login.git;h=d79c969df159bae1f4457c1096dc8174cf253953 commit d79c969df159bae1f4457c1096dc8174cf253953 Author: Takashi Yano <takashi.yano@nifty.ne.jp> Date: Sat Jun 16 21:59:30 2018 +0900 Fix the issue that login command with -f flag fails to switch user account. * login.c (main): Use getpwnam_r() instead of getpwnam() to prevent the area pointed to by pwd from being overwritten by other calls of getpw*() family functions. * login.c (isROOT_UID): Remove checking SeIncreaseQuotaPrivilege privilege because the account cyg_server created by csih does not have this privilege. * winsec.c (getUserInfoForUID): Fix the first argument of the second NetUserGetInfo() call so that it can check user information locally if the machine is on a domain. Refer to the following post for detail. https://cygwin.com/ml/cygwin/2018-06/msg00146.html Diff: --- login.c | 9 +++++---- test_winsec.c | 2 +- winpriv.c | 6 ++---- winsec.c | 8 +------- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/login.c b/login.c index 2ddfdcd..271d5e8 100644 --- a/login.c +++ b/login.c @@ -91,6 +91,8 @@ static void sleepexit (int eval); */ int timeout = 300; +struct passwd userpwd; +char pwbuf[16384]; struct passwd *pwd; int failures; char term[64], *hostname, *username, *tty; @@ -213,7 +215,7 @@ main (int argc, char **argv) } (void) strcpy (tbuf, username); #ifdef __CYGWIN__ - pwd = getpwnam (username); + getpwnam_r (username, &userpwd, pwbuf, sizeof(pwbuf), &pwd); #else if (pwd = getpwnam (username)) salt = pwd->pw_passwd; @@ -551,10 +553,9 @@ isROOT_UID (uid_t uid) { static const char *REQUIRED_PRIVS[] = { "SeAssignPrimaryTokenPrivilege", - "SeTcbPrivilege", - "SeIncreaseQuotaPrivilege" + "SeTcbPrivilege" }; - static const ULONG NUM_REQUIRED_PRIV = 3; + static const ULONG NUM_REQUIRED_PRIV = 2; OSVERSIONINFOEX osvi; struct passwd *pw; diff --git a/test_winsec.c b/test_winsec.c index b6ace0a..f00487a 100644 --- a/test_winsec.c +++ b/test_winsec.c @@ -111,7 +111,7 @@ main (int argc, char **argv) } else if (var < 0) { - fprintf (stderr, "ignoring negative uid (%d): '%s'\n", var, val); + fprintf (stderr, "ignoring negative uid (%ld): '%s'\n", var, val); continue; } uid = (uid_t) var; diff --git a/winpriv.c b/winpriv.c index 8d9237e..2f19c6e 100644 --- a/winpriv.c +++ b/winpriv.c @@ -127,7 +127,7 @@ openPolicy (const char *strMachine, ACCESS_MASK access) NTSTATUS status; LSA_UNICODE_STRING machine; int c; - int NTCHECKERROR_FAILED = 0; + int NTCHECKERROR_FAILED __attribute__ ((__unused__)) = 0; c = strMachine ? strlen (strMachine) : 0; machine.Buffer = (PWSTR) alloca ((c + 1) * 2); /* Keep within this function so we * @@ -202,10 +202,8 @@ getSID (LSA_HANDLE hLSA, const char *strUser) PLSA_TRANSLATED_SID sids; int c; ULONG cSubAuth, NewSidLength; - PSID NewSid; + PSID NewSid = NULL; NTSTATUS status; - LPTSTR strSid; - BOOL bStatus; int NTCHECKERROR_FAILED = 0; c = strUser ? strlen (strUser) : 0; diff --git a/winsec.c b/winsec.c index 307a66b..4575387 100644 --- a/winsec.c +++ b/winsec.c @@ -397,7 +397,6 @@ currentUserIsMemberOfGroupSID (BYTE nSubAuthorityCount, DWORD dwLength = 0; PTOKEN_GROUPS ptg = NULL; int rv = -1; - int i; if (!AllocateAndInitializeSid (&nt_auth, nSubAuthorityCount, @@ -497,7 +496,6 @@ uidMatchesAccountSID (uid_t uid, SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY; PSID requestedSID = NULL; PSID userSID = NULL; - DWORD dwLength = 0; int rv = -1; if (!AllocateAndInitializeSid (&nt_auth, @@ -552,7 +550,6 @@ uidIsMemberOfGroupSID (uid_t uid, SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY; PSID requestedSID = NULL; PSID userSID = NULL; - DWORD dwLength = 0; int rv = -1; if (!AllocateAndInitializeSid (&nt_auth, @@ -874,13 +871,11 @@ getUserInfoForUID (uid_t uid, DWORD level, LPBYTE * bufptr, LPWSTR * uni_servername, int *matchedName) { - DWORD dwLength = 0; int rv = -1; struct passwd *pw; char name[UNLEN + 1]; WCHAR uni_name[2 * (UNLEN + 1)]; char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; - WCHAR uni_domain[2 * (INTERNET_MAX_HOST_NAME_LENGTH + 1)]; char servername[256]; if (!uni_servername) @@ -978,8 +973,7 @@ getUserInfoForUID (uid_t uid, /* if we had a domain, then try again locally. if we didn't have a domain, then the initial call WAS local */ if (NetUserGetInfo - (*uni_servername, (LPWSTR) & uni_name, level, - bufptr) != NERR_Success) + (NULL, (LPWSTR) & uni_name, level, bufptr) != NERR_Success) { syslog (LOG_ERR, "unable to obtain user info for %s [tried domain controller %s and localhost]\n",
reply other threads:[~2018-06-18 12:13 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180618121258.106777.qmail@sourceware.org \ --to=corinna@sourceware.org \ --cc=cygwin-apps-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).