From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2155) id 4A534385843B; Mon, 11 Mar 2024 16:21:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4A534385843B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1710174117; bh=4bKUvgjduQgj7WK/dDW84hRwJ5dtJPm8XowrVeGOhE4=; h=From:To:Subject:Date:From; b=kmQygsXUBwsIrcYDBJ9peA3HnqhrJT9tA9uyRJLlsIZgKg2QmNOwvZqamArmpcdio alLRdqE4oHCOgNedgFSvI5kNUBBIXqNhsCUGORkmgDsr2Gz9oO9EgZxRXkgORFirF6 tn/LUwPxu01FBSpfNALStVJGU8N8oPEJIZnFGaxk= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Corinna Vinschen To: cygwin-cvs@sourceware.org Subject: [newlib-cygwin/cygwin-3_5-branch] Cygwin: getgrent: don't skip SAM-only builtin-accounts X-Act-Checkin: newlib-cygwin X-Git-Author: Corinna Vinschen X-Git-Refname: refs/heads/cygwin-3_5-branch X-Git-Oldrev: 66138cbee4ed784b4cafc00533ebb74b6cdbfff1 X-Git-Newrev: 66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3 Message-Id: <20240311162157.4A534385843B@sourceware.org> Date: Mon, 11 Mar 2024 16:21:57 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3D66f7dd9ff67= 6a17b877b7be12b3ad8d01c8eb3f3 commit 66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3 Author: Corinna Vinschen AuthorDate: Mon Mar 11 12:38:39 2024 +0100 Commit: Corinna Vinschen CommitDate: Mon Mar 11 15:29:51 2024 +0100 Cygwin: getgrent: don't skip SAM-only builtin-accounts =20 Since commit 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration on domain member machines") we skip enumerating local BUILTIN accounts if we also enumerate AD. However, there are two local accounts which are only available in local SAM, not in AD. Don't skip enumerating those. =20 Fixes: 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration on d= omain member machines") Signed-off-by: Corinna Vinschen Diff: --- winsup/cygwin/grp.cc | 11 ++++++++--- winsup/cygwin/local_includes/winlean.h | 4 ++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc index 77cf6a72c69f..5f80d7aa7ec5 100644 --- a/winsup/cygwin/grp.cc +++ b/winsup/cygwin/grp.cc @@ -428,10 +428,15 @@ gr_ent::enumerate_local () ((PLOCALGROUP_INFO_0) buf)[cnt++].lgrpi0_name, sid, &slen, dom, &dlen, &acc_type)) continue; - if (sid_id_auth (sid) =3D=3D 5 /* SECURITY_NT_AUTHORITY */ + /* Skip builtin groups if we're enumerating AD as well to avoid + duplication. Don't skip "Power Users" and "Device Owners" + accounts, they don't show up in AD enumeration. */ + if (cygheap->dom.member_machine () + && nss_db_enum_primary () + && sid_id_auth (sid) =3D=3D 5 /* SECURITY_NT_AUTHORITY */ && sid_sub_auth (sid, 0) =3D=3D SECURITY_BUILTIN_DOMAIN_RID - && cygheap->dom.member_machine () - && nss_db_enum_primary ()) + && sid_sub_auth (sid, 1) !=3D DOMAIN_ALIAS_RID_POWER_USERS + && sid_sub_auth (sid, 1) !=3D DOMAIN_ALIAS_RID_DEVICE_OWNERS) continue; fetch_user_arg_t arg; arg.type =3D SID_arg; diff --git a/winsup/cygwin/local_includes/winlean.h b/winsup/cygwin/local_i= ncludes/winlean.h index 947109bdeee4..5bf1be262a00 100644 --- a/winsup/cygwin/local_includes/winlean.h +++ b/winsup/cygwin/local_includes/winlean.h @@ -104,6 +104,10 @@ details. */ #define FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS 0x00400000 #endif =20 +#ifndef DOMAIN_ALIAS_RID_DEVICE_OWNERS +#define DOMAIN_ALIAS_RID_DEVICE_OWNERS (__MSABI_LONG(0x00000247)) +#endif + /* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain n= ame "MicrosoftAccounts". The new "Application Container SIDs" (S-1-15-...) have a netbios domain name "APPLICATION PACKAGE AUTHORITY"