From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 107206 invoked by alias); 18 Jun 2018 12:13:01 -0000 Mailing-List: contact cygwin-apps-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: cygwin-apps-cvs-owner@sourceware.org Received: (qmail 106824 invoked by uid 9078); 18 Jun 2018 12:12:58 -0000 Date: Mon, 18 Jun 2018 12:13:00 -0000 Message-ID: <20180618121258.106777.qmail@sourceware.org> From: corinna@sourceware.org To: cygwin-apps-cvs@sourceware.org Subject: [login - The unix login(1), tweaked for Cygwin] branch master, updated. v1_12 X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 20f203f01d2797f6d463076807078eec0220a559 X-Git-Newrev: 9e8b7b73e99242ce7047a18bf8028fb10c2c03ac X-SW-Source: 2018-q2/txt/msg00011.txt.bz2 https://sourceware.org/git/gitweb.cgi?p=cygwin-apps/login.git;h=9e8b7b73e99242ce7047a18bf8028fb10c2c03ac commit 9e8b7b73e99242ce7047a18bf8028fb10c2c03ac Author: Corinna Vinschen Date: Mon Jun 18 13:55:37 2018 +0200 fix gcc warnings Signed-off-by: Corinna Vinschen https://sourceware.org/git/gitweb.cgi?p=cygwin-apps/login.git;h=d79c969df159bae1f4457c1096dc8174cf253953 commit d79c969df159bae1f4457c1096dc8174cf253953 Author: Takashi Yano Date: Sat Jun 16 21:59:30 2018 +0900 Fix the issue that login command with -f flag fails to switch user account. * login.c (main): Use getpwnam_r() instead of getpwnam() to prevent the area pointed to by pwd from being overwritten by other calls of getpw*() family functions. * login.c (isROOT_UID): Remove checking SeIncreaseQuotaPrivilege privilege because the account cyg_server created by csih does not have this privilege. * winsec.c (getUserInfoForUID): Fix the first argument of the second NetUserGetInfo() call so that it can check user information locally if the machine is on a domain. Refer to the following post for detail. https://cygwin.com/ml/cygwin/2018-06/msg00146.html Diff: --- login.c | 9 +++++---- test_winsec.c | 2 +- winpriv.c | 6 ++---- winsec.c | 8 +------- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/login.c b/login.c index 2ddfdcd..271d5e8 100644 --- a/login.c +++ b/login.c @@ -91,6 +91,8 @@ static void sleepexit (int eval); */ int timeout = 300; +struct passwd userpwd; +char pwbuf[16384]; struct passwd *pwd; int failures; char term[64], *hostname, *username, *tty; @@ -213,7 +215,7 @@ main (int argc, char **argv) } (void) strcpy (tbuf, username); #ifdef __CYGWIN__ - pwd = getpwnam (username); + getpwnam_r (username, &userpwd, pwbuf, sizeof(pwbuf), &pwd); #else if (pwd = getpwnam (username)) salt = pwd->pw_passwd; @@ -551,10 +553,9 @@ isROOT_UID (uid_t uid) { static const char *REQUIRED_PRIVS[] = { "SeAssignPrimaryTokenPrivilege", - "SeTcbPrivilege", - "SeIncreaseQuotaPrivilege" + "SeTcbPrivilege" }; - static const ULONG NUM_REQUIRED_PRIV = 3; + static const ULONG NUM_REQUIRED_PRIV = 2; OSVERSIONINFOEX osvi; struct passwd *pw; diff --git a/test_winsec.c b/test_winsec.c index b6ace0a..f00487a 100644 --- a/test_winsec.c +++ b/test_winsec.c @@ -111,7 +111,7 @@ main (int argc, char **argv) } else if (var < 0) { - fprintf (stderr, "ignoring negative uid (%d): '%s'\n", var, val); + fprintf (stderr, "ignoring negative uid (%ld): '%s'\n", var, val); continue; } uid = (uid_t) var; diff --git a/winpriv.c b/winpriv.c index 8d9237e..2f19c6e 100644 --- a/winpriv.c +++ b/winpriv.c @@ -127,7 +127,7 @@ openPolicy (const char *strMachine, ACCESS_MASK access) NTSTATUS status; LSA_UNICODE_STRING machine; int c; - int NTCHECKERROR_FAILED = 0; + int NTCHECKERROR_FAILED __attribute__ ((__unused__)) = 0; c = strMachine ? strlen (strMachine) : 0; machine.Buffer = (PWSTR) alloca ((c + 1) * 2); /* Keep within this function so we * @@ -202,10 +202,8 @@ getSID (LSA_HANDLE hLSA, const char *strUser) PLSA_TRANSLATED_SID sids; int c; ULONG cSubAuth, NewSidLength; - PSID NewSid; + PSID NewSid = NULL; NTSTATUS status; - LPTSTR strSid; - BOOL bStatus; int NTCHECKERROR_FAILED = 0; c = strUser ? strlen (strUser) : 0; diff --git a/winsec.c b/winsec.c index 307a66b..4575387 100644 --- a/winsec.c +++ b/winsec.c @@ -397,7 +397,6 @@ currentUserIsMemberOfGroupSID (BYTE nSubAuthorityCount, DWORD dwLength = 0; PTOKEN_GROUPS ptg = NULL; int rv = -1; - int i; if (!AllocateAndInitializeSid (&nt_auth, nSubAuthorityCount, @@ -497,7 +496,6 @@ uidMatchesAccountSID (uid_t uid, SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY; PSID requestedSID = NULL; PSID userSID = NULL; - DWORD dwLength = 0; int rv = -1; if (!AllocateAndInitializeSid (&nt_auth, @@ -552,7 +550,6 @@ uidIsMemberOfGroupSID (uid_t uid, SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY; PSID requestedSID = NULL; PSID userSID = NULL; - DWORD dwLength = 0; int rv = -1; if (!AllocateAndInitializeSid (&nt_auth, @@ -874,13 +871,11 @@ getUserInfoForUID (uid_t uid, DWORD level, LPBYTE * bufptr, LPWSTR * uni_servername, int *matchedName) { - DWORD dwLength = 0; int rv = -1; struct passwd *pw; char name[UNLEN + 1]; WCHAR uni_name[2 * (UNLEN + 1)]; char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; - WCHAR uni_domain[2 * (INTERNET_MAX_HOST_NAME_LENGTH + 1)]; char servername[256]; if (!uni_servername) @@ -978,8 +973,7 @@ getUserInfoForUID (uid_t uid, /* if we had a domain, then try again locally. if we didn't have a domain, then the initial call WAS local */ if (NetUserGetInfo - (*uni_servername, (LPWSTR) & uni_name, level, - bufptr) != NERR_Success) + (NULL, (LPWSTR) & uni_name, level, bufptr) != NERR_Success) { syslog (LOG_ERR, "unable to obtain user info for %s [tried domain controller %s and localhost]\n",