public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
From: Corinna Vinschen <corinna@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin/cygwin-3_5-branch] Cygwin: getgrent: don't skip SAM-only builtin-accounts
Date: Mon, 11 Mar 2024 16:21:57 +0000 (GMT) [thread overview]
Message-ID: <20240311162157.4A534385843B@sourceware.org> (raw)
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3
commit 66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3
Author: Corinna Vinschen <corinna@vinschen.de>
AuthorDate: Mon Mar 11 12:38:39 2024 +0100
Commit: Corinna Vinschen <corinna@vinschen.de>
CommitDate: Mon Mar 11 15:29:51 2024 +0100
Cygwin: getgrent: don't skip SAM-only builtin-accounts
Since commit 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration
on domain member machines") we skip enumerating local BUILTIN accounts
if we also enumerate AD. However, there are two local accounts which
are only available in local SAM, not in AD. Don't skip enumerating
those.
Fixes: 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration on domain member machines")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/grp.cc | 11 ++++++++---
winsup/cygwin/local_includes/winlean.h | 4 ++++
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc
index 77cf6a72c69f..5f80d7aa7ec5 100644
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@@ -428,10 +428,15 @@ gr_ent::enumerate_local ()
((PLOCALGROUP_INFO_0) buf)[cnt++].lgrpi0_name,
sid, &slen, dom, &dlen, &acc_type))
continue;
- if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
+ /* Skip builtin groups if we're enumerating AD as well to avoid
+ duplication. Don't skip "Power Users" and "Device Owners"
+ accounts, they don't show up in AD enumeration. */
+ if (cygheap->dom.member_machine ()
+ && nss_db_enum_primary ()
+ && sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
&& sid_sub_auth (sid, 0) == SECURITY_BUILTIN_DOMAIN_RID
- && cygheap->dom.member_machine ()
- && nss_db_enum_primary ())
+ && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_POWER_USERS
+ && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_DEVICE_OWNERS)
continue;
fetch_user_arg_t arg;
arg.type = SID_arg;
diff --git a/winsup/cygwin/local_includes/winlean.h b/winsup/cygwin/local_includes/winlean.h
index 947109bdeee4..5bf1be262a00 100644
--- a/winsup/cygwin/local_includes/winlean.h
+++ b/winsup/cygwin/local_includes/winlean.h
@@ -104,6 +104,10 @@ details. */
#define FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS 0x00400000
#endif
+#ifndef DOMAIN_ALIAS_RID_DEVICE_OWNERS
+#define DOMAIN_ALIAS_RID_DEVICE_OWNERS (__MSABI_LONG(0x00000247))
+#endif
+
/* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name
"MicrosoftAccounts". The new "Application Container SIDs" (S-1-15-...)
have a netbios domain name "APPLICATION PACKAGE AUTHORITY"
reply other threads:[~2024-03-11 16:21 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240311162157.4A534385843B@sourceware.org \
--to=corinna@sourceware.org \
--cc=cygwin-cvs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).