public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin] Cygwin: uinfo: don't special case current user
@ 2022-12-02 15:52 Corinna Vinschen
0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2022-12-02 15:52 UTC (permalink / raw)
To: cygwin-cvs
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=a5bcfe616c7e8f78f464bf045595d8213244876a
commit a5bcfe616c7e8f78f464bf045595d8213244876a
Author: Corinna Vinschen <corinna@vinschen.de>
AuthorDate: Fri Dec 2 16:49:47 2022 +0100
Commit: Corinna Vinschen <corinna@vinschen.de>
CommitDate: Fri Dec 2 16:49:47 2022 +0100
Cygwin: uinfo: don't special case current user
fetch_account_from_windows shortcuts the current user in that
it takes the user's domain SID and just adds the matching RID
from the token's primary group to create a group SID.
How wrong this is can be very simply reproduced:
Assuming you run a native process, like cmd, with primary group
set to the Administrators builtin group. Run Cygwin's id(1) as
child process. id(1) will print a non-existent group as primary
group and also add it to the group list.
This can only be avoided by not special casing the current user
and thus not creating a group SID from partial information.
Fixes: 6cc7c925ce86 ("(pwdgrp::fetch_account_from_windows): Default primary group for the
current user to primary group from user token.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/uinfo.cc | 24 ++++++------------------
1 file changed, 6 insertions(+), 18 deletions(-)
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index db475d710eb2..6df8c7bbbbe9 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1855,7 +1855,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
gid_t gid = ILLEGAL_GID;
bool is_domain_account = true;
PCWSTR domain = NULL;
- bool is_current_user = false;
char *shell = NULL;
char *home = NULL;
char *gecos = NULL;
@@ -2314,18 +2313,9 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
uid = posix_offset + sid_sub_auth_rid (sid);
if (!is_group () && acc_type == SidTypeUser)
{
- /* Default primary group. If the sid is the current user, fetch
- the default group from the current user token, otherwise make
- the educated guess that the user is in group "Domain Users"
- or "None". */
- if (sid == cygheap->user.sid ())
- {
- is_current_user = true;
- gid = posix_offset
- + sid_sub_auth_rid (cygheap->user.groups.pgsid);
- }
- else
- gid = posix_offset + DOMAIN_GROUP_RID_USERS;
+ /* Default primary group. Make the educated guess that the user
+ is in group "Domain Users" or "None". */
+ gid = posix_offset + DOMAIN_GROUP_RID_USERS;
}
if (is_domain_account)
@@ -2336,11 +2326,9 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
/* On AD machines, use LDAP to fetch domain account infos. */
if (cygheap->dom.primary_dns_name ())
{
- /* For the current user we got correctly cased username and
- the primary group via process token. For any other user
- we fetch it from AD and overwrite it. */
- if (!is_current_user
- && cldap->fetch_ad_account (sid, false, domain))
+ /* Fetch primary group from AD and overwrite the one we
+ just guessed above. */
+ if (cldap->fetch_ad_account (sid, false, domain))
{
if ((val = cldap->get_account_name ()))
wcscpy (name, val);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-12-02 15:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-02 15:52 [newlib-cygwin] Cygwin: uinfo: don't special case current user Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).