This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Windows username in get_group_sidlist


At 11:25 AM 6/25/2002 +0200, Corinna Vinschen wrote:
>> I would actually read passwd by calling extract_nt_dom_user (),
>> modifying it to first read the domain from the passwd file, and 
>> if that fails, use LookupAccountSid [currently it tries 
>> LookupAccountSid first, getting the sid from passwd]. 
>
>Actually it sounds good.  Do you have a patch?

Corinna,

Here it is. Actually, here they are. You can choose. In both cases
extract_nt_dom_user () first reads domain\username name in gecos.
If that fails it reads the sid (again in gecos !) and calls 
LookupAccountSid.

The "strict" version wants to see "U-domain\username" to avoid falling back.
The "soft" version keeps some of the existing features (that are never
exercised in normal cases) and accepts also "U-username" and the cygwin
user name. In those two cases LookupAccountSid is also called (to try to 
fill the domain, overwriting the username from passwd if it succeeds). 
Note that the cygwin user name is never parsed for domain\user.

So "strict" and "soft" can only differ if the U- field is messed up AND 
if LookupAccountSid fails, ALTHOUGH the sid is good in gecos!
The sid must be good for the seteuid to work.

My preference would be to use the strict version, the other one is 
offered in the spirit of making minimal changes. If you adopt it, delete
the third line below.

Pierre

2002-06-29  Pierre Humblet <pierre.humblet@ieee.org>

	security.cc (extract_nt_dom_user): Check for all buffer overflows.
	Call LookupAccountSid after trying to get domain & user from passwd. 
	Only accept correct syntax for U-domain\username. 
	(get_group_sidlist): Obtain the domain and user by calling 
	extract_nt_dom_user instead of LookupAccountSid.

Attachment: security.cc.diff.strict
Description: Text document

Attachment: security.cc.diff.soft
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]