From 8764af1eb19dc9513a8ffdf2492df3d151081980 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Thu, 8 May 2014 19:33:07 +0000 Subject: [PATCH] * uinfo.cc (cygheap_user::init): Fix formatting in debug output. (struct cyg_USER_INFO_24): Define temporarily. Explain why. (pwdgrp::fetch_account_from_windows): Handle sane primary group setting for Microsoft Accounts. Explain why. * wincap.h (wincaps::has_microsoft_accounts): New element. * wincap.cc: Implement above element throughout. --- winsup/cygwin/ChangeLog | 9 +++++++++ winsup/cygwin/uinfo.cc | 34 +++++++++++++++++++++++++++++++++- winsup/cygwin/wincap.cc | 7 ++++++- winsup/cygwin/wincap.h | 4 +++- 4 files changed, 51 insertions(+), 3 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 5efecd23b..978ef63fe 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,12 @@ +2014-05-08 Corinna Vinschen + + * uinfo.cc (cygheap_user::init): Fix formatting in debug output. + (struct cyg_USER_INFO_24): Define temporarily. Explain why. + (pwdgrp::fetch_account_from_windows): Handle sane primary group + setting for Microsoft Accounts. Explain why. + * wincap.h (wincaps::has_microsoft_accounts): New element. + * wincap.cc: Implement above element throughout. + 2014-05-08 Corinna Vinschen * grp.cc (gr_ent::enumerate_caches): Fix copy/paste bug introducing diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index 221eabfb2..a3e06d29b 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -85,7 +85,7 @@ cygheap_user::init () status = NtSetInformationToken (hProcToken, TokenOwner, &effec_cygsid, sizeof (cygsid)); if (!NT_SUCCESS (status)) - debug_printf ("NtSetInformationToken(TokenOwner), %y", status); + debug_printf ("NtSetInformationToken (TokenOwner), %y", status); /* Standard way to build a security descriptor with the usual DACL */ PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024); @@ -1162,6 +1162,19 @@ fetch_posix_offset (PDS_DOMAIN_TRUSTSW td, cyg_ldap *cldap) return td->PosixOffset; } +/* CV 2014-05-08: USER_INFO_24 is not yet defined in Mingw64, but will be in + the next release. For the time being, define the structure here with + another name which won't collide with the upcoming correct definition + in lmaccess.h. */ +struct cyg_USER_INFO_24 +{ + BOOL usri24_internet_identity; + DWORD usri24_flags; + LPWSTR usri24_internet_provider_name; + LPWSTR usri24_internet_principal_name; + PSID usri24_user_sid; +}; + char * pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) { @@ -1564,6 +1577,25 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) } /* Set comment variable for below attribute loop. */ comment = ui->usri4_comment; + /* Logging in with a Microsoft Account, the user's primary + group SID is the user's SID. Security sensitive tools + expecting tight file permissions choke on that. We need + an explicit primary group which is not identical to the + user account. Unfortunately, while the default primary + group of the account in SAM is still "None", "None" is not + in the user token group list. So, what we do here is to + use "Users" as a sane default primary group instead. */ + if (wincap.has_microsoft_accounts ()) + { + struct cyg_USER_INFO_24 *ui24; + nas = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24); + if (nas == NERR_Success) + { + if (ui24->usri24_internet_identity) + gid = DOMAIN_ALIAS_RID_USERS; + NetApiBufferFree (ui24); + } + } } else /* acc_type == SidTypeAlias */ { diff --git a/winsup/cygwin/wincap.cc b/winsup/cygwin/wincap.cc index cdbb1c37e..f6faa03b6 100644 --- a/winsup/cygwin/wincap.cc +++ b/winsup/cygwin/wincap.cc @@ -2,7 +2,7 @@ capability class to the appropriate values. Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, - 2012, 2013 Red Hat, Inc. + 2012, 2013, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -49,6 +49,7 @@ wincaps wincap_xpsp2 __attribute__((section (".cygwin_dll_common"), shared)) = { has_pipe_reject_remote_clients:false, terminate_thread_frees_stack:false, has_precise_system_time:false, + has_microsoft_accounts:false, }; wincaps wincap_2003 __attribute__((section (".cygwin_dll_common"), shared)) = { @@ -77,6 +78,7 @@ wincaps wincap_2003 __attribute__((section (".cygwin_dll_common"), shared)) = { has_pipe_reject_remote_clients:false, terminate_thread_frees_stack:false, has_precise_system_time:false, + has_microsoft_accounts:false, }; wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = { @@ -105,6 +107,7 @@ wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = { has_pipe_reject_remote_clients:true, terminate_thread_frees_stack:true, has_precise_system_time:false, + has_microsoft_accounts:false, }; wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = { @@ -133,6 +136,7 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = { has_pipe_reject_remote_clients:true, terminate_thread_frees_stack:true, has_precise_system_time:false, + has_microsoft_accounts:false, }; wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = { @@ -161,6 +165,7 @@ wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = { has_pipe_reject_remote_clients:true, terminate_thread_frees_stack:true, has_precise_system_time:true, + has_microsoft_accounts:true, }; wincapc wincap __attribute__((section (".cygwin_dll_common"), shared)); diff --git a/winsup/cygwin/wincap.h b/winsup/cygwin/wincap.h index 98fef2656..43c72b648 100644 --- a/winsup/cygwin/wincap.h +++ b/winsup/cygwin/wincap.h @@ -1,7 +1,7 @@ /* wincap.h: Header for OS capability class. Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, - 2012, 2013 Red Hat, Inc. + 2012, 2013, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -39,6 +39,7 @@ struct wincaps unsigned has_pipe_reject_remote_clients : 1; unsigned terminate_thread_frees_stack : 1; unsigned has_precise_system_time : 1; + unsigned has_microsoft_accounts : 1; }; class wincapc @@ -89,6 +90,7 @@ public: bool IMPLEMENT (has_pipe_reject_remote_clients) bool IMPLEMENT (terminate_thread_frees_stack) bool IMPLEMENT (has_precise_system_time) + bool IMPLEMENT (has_microsoft_accounts) #undef IMPLEMENT }; -- 2.43.5