public inbox for cygwin-cvs@sourceware.org help / color / mirror / Atom feed
From: Corinna Vinschen <corinna@sourceware.org> To: cygwin-cvs@sourceware.org Subject: [newlib-cygwin/cygwin-3_5-branch] Cygwin: getgrent: don't skip SAM-only builtin-accounts Date: Mon, 11 Mar 2024 16:21:57 +0000 (GMT) [thread overview] Message-ID: <20240311162157.4A534385843B@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3 commit 66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3 Author: Corinna Vinschen <corinna@vinschen.de> AuthorDate: Mon Mar 11 12:38:39 2024 +0100 Commit: Corinna Vinschen <corinna@vinschen.de> CommitDate: Mon Mar 11 15:29:51 2024 +0100 Cygwin: getgrent: don't skip SAM-only builtin-accounts Since commit 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration on domain member machines") we skip enumerating local BUILTIN accounts if we also enumerate AD. However, there are two local accounts which are only available in local SAM, not in AD. Don't skip enumerating those. Fixes: 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration on domain member machines") Signed-off-by: Corinna Vinschen <corinna@vinschen.de> Diff: --- winsup/cygwin/grp.cc | 11 ++++++++--- winsup/cygwin/local_includes/winlean.h | 4 ++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc index 77cf6a72c69f..5f80d7aa7ec5 100644 --- a/winsup/cygwin/grp.cc +++ b/winsup/cygwin/grp.cc @@ -428,10 +428,15 @@ gr_ent::enumerate_local () ((PLOCALGROUP_INFO_0) buf)[cnt++].lgrpi0_name, sid, &slen, dom, &dlen, &acc_type)) continue; - if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */ + /* Skip builtin groups if we're enumerating AD as well to avoid + duplication. Don't skip "Power Users" and "Device Owners" + accounts, they don't show up in AD enumeration. */ + if (cygheap->dom.member_machine () + && nss_db_enum_primary () + && sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */ && sid_sub_auth (sid, 0) == SECURITY_BUILTIN_DOMAIN_RID - && cygheap->dom.member_machine () - && nss_db_enum_primary ()) + && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_POWER_USERS + && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_DEVICE_OWNERS) continue; fetch_user_arg_t arg; arg.type = SID_arg; diff --git a/winsup/cygwin/local_includes/winlean.h b/winsup/cygwin/local_includes/winlean.h index 947109bdeee4..5bf1be262a00 100644 --- a/winsup/cygwin/local_includes/winlean.h +++ b/winsup/cygwin/local_includes/winlean.h @@ -104,6 +104,10 @@ details. */ #define FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS 0x00400000 #endif +#ifndef DOMAIN_ALIAS_RID_DEVICE_OWNERS +#define DOMAIN_ALIAS_RID_DEVICE_OWNERS (__MSABI_LONG(0x00000247)) +#endif + /* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name "MicrosoftAccounts". The new "Application Container SIDs" (S-1-15-...) have a netbios domain name "APPLICATION PACKAGE AUTHORITY"
reply other threads:[~2024-03-11 16:21 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20240311162157.4A534385843B@sourceware.org \ --to=corinna@sourceware.org \ --cc=cygwin-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).