This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
At 11:25 AM 6/25/2002 +0200, Corinna Vinschen wrote: >> I would actually read passwd by calling extract_nt_dom_user (), >> modifying it to first read the domain from the passwd file, and >> if that fails, use LookupAccountSid [currently it tries >> LookupAccountSid first, getting the sid from passwd]. > >Actually it sounds good. Do you have a patch? Corinna, Here it is. Actually, here they are. You can choose. In both cases extract_nt_dom_user () first reads domain\username name in gecos. If that fails it reads the sid (again in gecos !) and calls LookupAccountSid. The "strict" version wants to see "U-domain\username" to avoid falling back. The "soft" version keeps some of the existing features (that are never exercised in normal cases) and accepts also "U-username" and the cygwin user name. In those two cases LookupAccountSid is also called (to try to fill the domain, overwriting the username from passwd if it succeeds). Note that the cygwin user name is never parsed for domain\user. So "strict" and "soft" can only differ if the U- field is messed up AND if LookupAccountSid fails, ALTHOUGH the sid is good in gecos! The sid must be good for the seteuid to work. My preference would be to use the strict version, the other one is offered in the spirit of making minimal changes. If you adopt it, delete the third line below. Pierre 2002-06-29 Pierre Humblet <pierre.humblet@ieee.org> security.cc (extract_nt_dom_user): Check for all buffer overflows. Call LookupAccountSid after trying to get domain & user from passwd. Only accept correct syntax for U-domain\username. (get_group_sidlist): Obtain the domain and user by calling extract_nt_dom_user instead of LookupAccountSid.
Attachment:
security.cc.diff.strict
Description: Text document
Attachment:
security.cc.diff.soft
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |