From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-cvs-return-13837-listarch-cygwin-cvs=sources.redhat.com@cygwin.com>
Received: (qmail 120974 invoked by alias); 24 Jan 2019 15:25:18 -0000
Mailing-List: contact cygwin-cvs-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin-cvs.cygwin.com>
List-Subscribe: <mailto:cygwin-cvs-subscribe@cygwin.com>
List-Post: <mailto:cygwin-cvs@cygwin.com>
List-Help: <mailto:cygwin-cvs-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-cvs-owner@cygwin.com
Received: (qmail 120931 invoked by uid 9078); 24 Jan 2019 15:25:18 -0000
Date: Thu, 24 Jan 2019 15:25:00 -0000
Message-ID: <20190124152518.120929.qmail@sourceware.org>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Corinna Vinschen <corinna@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin] Cygwin: seteuid: refuse changing uid to disabled or
 locked out user
X-Act-Checkin: newlib-cygwin
X-Git-Author: Corinna Vinschen <corinna@vinschen.de>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 2166f7dc0d9ae212d9f663241501f6fd17b71e50
X-Git-Newrev: 2c12a2c32a6fe43f8a74e2792ad15c65116c6e2c
X-SW-Source: 2019-q1/txt/msg00096.txt.bz2

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=2c12a2c32a6fe43f8a74e2792ad15c65116c6e2c

commit 2c12a2c32a6fe43f8a74e2792ad15c65116c6e2c
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Thu Jan 24 16:22:49 2019 +0100

    Cygwin: seteuid: refuse changing uid to disabled or locked out user
    
    So far seteuid could change uid to any existing account, given
    sufficient permissions of the caller.  This is kind of bad since
    it disallows admins to refuse login to disabled or locked out
    accounts.
    
    Add check for the account's UF_ACCOUNTDISABLE or UF_LOCKOUT flags
    and don't let the user in, if one of the flags is set.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/release/2.12.0 |  3 +++
 winsup/cygwin/sec_auth.cc    | 15 +++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/winsup/cygwin/release/2.12.0 b/winsup/cygwin/release/2.12.0
index 5835952..c2abc93 100644
--- a/winsup/cygwin/release/2.12.0
+++ b/winsup/cygwin/release/2.12.0
@@ -81,3 +81,6 @@ Bug Fixes
 - Fix thread names in GDB when cygthreads get reused.
 
 - Fix return value of gethostname in a border case.
+
+- Disallow seteuid on disabled or locked out accounts.
+  Addresses: https://cygwin.com/ml/cygwin/2019-01/msg00197.html
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index d4c2701..8fdfa3a 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -553,6 +553,21 @@ get_server_groups (cygsidlist &grp_list, PSID usersid)
       && sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE
       && get_logon_server (domain, server, DS_IS_FLAT_NAME))
     {
+      NET_API_STATUS napi_stat;
+      USER_INFO_1 *ui1;
+      bool allow_user = false;
+
+      napi_stat = NetUserGetInfo (server, user, 1, (LPBYTE *) &ui1);
+      if (napi_stat == NERR_Success)
+	allow_user = !(ui1->usri1_flags & (UF_ACCOUNTDISABLE | UF_LOCKOUT));
+      if (ui1)
+	NetApiBufferFree (ui1);
+      if (!allow_user)
+	{
+	  debug_printf ("User denied: %W\\%W", domain, user);
+	  set_errno (EACCES);
+	  return false;
+	}
       get_user_groups (server, grp_list, user, domain);
       get_user_local_groups (server, domain, grp_list, user);
     }