This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ssh-host-config script sends /etc/passwd thru awk


On Feb 18 14:15, Achim Gratz wrote:
> Corinna Vinschen writes:
> >> +  csih_old_cygwin ; use_file=$?
> >>    if [ ${use_file} -ne 0 -a -f /etc/nsswitch.conf ]
> >>    then
> >> -    grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf || use_file=0
> >> +    grep -Eq "^${file}:" /etc/nsswitch.conf &&
> >> +      grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf ||
> >> +       use_file=0
> >
> > And here, the test for the version is moved into the csih_old_cygwin
> > function.  So far, so good, but... in how far does this change the
> > result of csih_use_file_etc?!?  Assuming the expression has a bug,
> > wouldn't this still be the case, and the mkpasswd calls in
> > csih_create_privileged_user and csih_create_unprivileged_user
> > would still write the entry to /etc/passwd?
> >
> > Can you explain what I'm missing?
> 
> The old test wrote to /etc/{passwd,group} when use_file!=1,
> /etc/nsswitch.conf existed and did not have a line for either passwd or
> group or if that line had no "db" on it.  If the line is missing
> altogether, then files should still not be used since the default is
> "files db", only when the line exists and omits "db".  I thinkâ

Uh, the penny is dropping... in slow motion...

Hang on, let me try to rephrase what we need here, without letting
myself getting distracted by the code nor your patch.  I'm firmly
securing my blinders...

- If we have an old Cygwin version <= 1.7.33 ==> write to /etc/passwd

- Otherwise, if /etc/nsswitch.conf is missing, don't write.

- Otherwise, if /etc/nsswitch.conf is missing the "passwd:" entry,
  the default is "files db", don't write.

- Otherwise, if "passwd" contains "db", don't write.

- Otherwise, write.

Now lets' check the expression:

   csih_old_cygwin ; use_file=$?
   if [ ${use_file} -ne 0 -a -f /etc/nsswitch.conf ]
   then
     grep -Eq "^${file}:" /etc/nsswitch.conf &&
       grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf ||
         use_file=0

Old version?  use_file is 0
New version but /etc/nsswitch.conf is missing?  use_file = 1
/etc/nsswitch.conf does not contain a "passwd" line?  use_file = 1
/etc/nsswitch.conf contain a "passwd" line but no "db"?  use_file = 0
otherwise use_file = 1

Yup, that looks right.  Thanks for explaining.  I guess that should
help us along.  If you check this change in, I will release a new
csih version asap.


Thank you!
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpS4XKHMHvTV.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]