public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin/main] Cygwin: getgrent: don't skip SAM-only builtin-accounts
@ 2024-03-11 16:22 Corinna Vinschen
0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2024-03-11 16:22 UTC (permalink / raw)
To: cygwin-cvs
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=5f586adc634588895b5c4afa24f819859aee50d7
commit 5f586adc634588895b5c4afa24f819859aee50d7
Author: Corinna Vinschen <corinna@vinschen.de>
AuthorDate: Mon Mar 11 12:38:39 2024 +0100
Commit: Corinna Vinschen <corinna@vinschen.de>
CommitDate: Mon Mar 11 12:46:50 2024 +0100
Cygwin: getgrent: don't skip SAM-only builtin-accounts
Since commit 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration
on domain member machines") we skip enumerating local BUILTIN accounts
if we also enumerate AD. However, there are two local accounts which
are only available in local SAM, not in AD. Don't skip enumerating
those.
Fixes: 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration on domain member machines")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/grp.cc | 11 ++++++++---
winsup/cygwin/local_includes/winlean.h | 4 ++++
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc
index 77cf6a72c69f..5f80d7aa7ec5 100644
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@@ -428,10 +428,15 @@ gr_ent::enumerate_local ()
((PLOCALGROUP_INFO_0) buf)[cnt++].lgrpi0_name,
sid, &slen, dom, &dlen, &acc_type))
continue;
- if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
+ /* Skip builtin groups if we're enumerating AD as well to avoid
+ duplication. Don't skip "Power Users" and "Device Owners"
+ accounts, they don't show up in AD enumeration. */
+ if (cygheap->dom.member_machine ()
+ && nss_db_enum_primary ()
+ && sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
&& sid_sub_auth (sid, 0) == SECURITY_BUILTIN_DOMAIN_RID
- && cygheap->dom.member_machine ()
- && nss_db_enum_primary ())
+ && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_POWER_USERS
+ && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_DEVICE_OWNERS)
continue;
fetch_user_arg_t arg;
arg.type = SID_arg;
diff --git a/winsup/cygwin/local_includes/winlean.h b/winsup/cygwin/local_includes/winlean.h
index 947109bdeee4..5bf1be262a00 100644
--- a/winsup/cygwin/local_includes/winlean.h
+++ b/winsup/cygwin/local_includes/winlean.h
@@ -104,6 +104,10 @@ details. */
#define FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS 0x00400000
#endif
+#ifndef DOMAIN_ALIAS_RID_DEVICE_OWNERS
+#define DOMAIN_ALIAS_RID_DEVICE_OWNERS (__MSABI_LONG(0x00000247))
+#endif
+
/* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name
"MicrosoftAccounts". The new "Application Container SIDs" (S-1-15-...)
have a netbios domain name "APPLICATION PACKAGE AUTHORITY"
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-03-11 16:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-11 16:22 [newlib-cygwin/main] Cygwin: getgrent: don't skip SAM-only builtin-accounts Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).