[login - The unix login(1), tweaked for Cygwin] branch master, updated. v1_12

corinna@sourceware.org corinna@sourceware.org
Mon Jun 18 12:13:00 GMT 2018 



https://sourceware.org/git/gitweb.cgi?p=cygwin-apps/login.git;h=9e8b7b73e99242ce7047a18bf8028fb10c2c03ac

commit 9e8b7b73e99242ce7047a18bf8028fb10c2c03ac
Author: Corinna Vinschen <vinschen@redhat.com>
Date:   Mon Jun 18 13:55:37 2018 +0200

    fix gcc warnings
    
    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

https://sourceware.org/git/gitweb.cgi?p=cygwin-apps/login.git;h=d79c969df159bae1f4457c1096dc8174cf253953

commit d79c969df159bae1f4457c1096dc8174cf253953
Author: Takashi Yano <takashi.yano@nifty.ne.jp>
Date:   Sat Jun 16 21:59:30 2018 +0900

    Fix the issue that login command with -f flag fails to switch user account.
    
    * login.c (main): Use getpwnam_r() instead of getpwnam() to prevent
    the area pointed to by pwd from being overwritten by other calls of
    getpw*() family functions.
    * login.c (isROOT_UID): Remove checking SeIncreaseQuotaPrivilege
    privilege because the account cyg_server created by csih does not
    have this privilege.
    * winsec.c (getUserInfoForUID): Fix the first argument of the second
    NetUserGetInfo() call so that it can check user information locally
    if the machine is on a domain.
    
    Refer to the following post for detail.
    https://cygwin.com/ml/cygwin/2018-06/msg00146.html


Diff:
---
 login.c       |    9 +++++----
 test_winsec.c |    2 +-
 winpriv.c     |    6 ++----
 winsec.c      |    8 +-------
 4 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/login.c b/login.c
index 2ddfdcd..271d5e8 100644
--- a/login.c
+++ b/login.c
@@ -91,6 +91,8 @@ static void sleepexit (int eval);
  */
 int timeout = 300;
 
+struct passwd userpwd;
+char pwbuf[16384];
 struct passwd *pwd;
 int failures;
 char term[64], *hostname, *username, *tty;
@@ -213,7 +215,7 @@ main (int argc, char **argv)
 	}
       (void) strcpy (tbuf, username);
 #ifdef __CYGWIN__
-      pwd = getpwnam (username);
+      getpwnam_r (username, &userpwd, pwbuf, sizeof(pwbuf), &pwd);
 #else
       if (pwd = getpwnam (username))
 	salt = pwd->pw_passwd;
@@ -551,10 +553,9 @@ isROOT_UID (uid_t uid)
 {
   static const char *REQUIRED_PRIVS[] = {
     "SeAssignPrimaryTokenPrivilege",
-    "SeTcbPrivilege",
-    "SeIncreaseQuotaPrivilege"
+    "SeTcbPrivilege"
   };
-  static const ULONG NUM_REQUIRED_PRIV = 3;
+  static const ULONG NUM_REQUIRED_PRIV = 2;
 
   OSVERSIONINFOEX osvi;
   struct passwd *pw;
diff --git a/test_winsec.c b/test_winsec.c
index b6ace0a..f00487a 100644
--- a/test_winsec.c
+++ b/test_winsec.c
@@ -111,7 +111,7 @@ main (int argc, char **argv)
 	}
       else if (var < 0)
 	{
-	  fprintf (stderr, "ignoring negative uid (%d): '%s'\n", var, val);
+	  fprintf (stderr, "ignoring negative uid (%ld): '%s'\n", var, val);
 	  continue;
 	}
       uid = (uid_t) var;
diff --git a/winpriv.c b/winpriv.c
index 8d9237e..2f19c6e 100644
--- a/winpriv.c
+++ b/winpriv.c
@@ -127,7 +127,7 @@ openPolicy (const char *strMachine, ACCESS_MASK access)
   NTSTATUS status;
   LSA_UNICODE_STRING machine;
   int c;
-  int NTCHECKERROR_FAILED = 0;
+  int NTCHECKERROR_FAILED __attribute__ ((__unused__)) = 0;
 
   c = strMachine ? strlen (strMachine) : 0;
   machine.Buffer = (PWSTR) alloca ((c + 1) * 2);	/* Keep within this function so we *
@@ -202,10 +202,8 @@ getSID (LSA_HANDLE hLSA, const char *strUser)
   PLSA_TRANSLATED_SID sids;
   int c;
   ULONG cSubAuth, NewSidLength;
-  PSID NewSid;
+  PSID NewSid = NULL;
   NTSTATUS status;
-  LPTSTR strSid;
-  BOOL bStatus;
   int NTCHECKERROR_FAILED = 0;
 
   c = strUser ? strlen (strUser) : 0;
diff --git a/winsec.c b/winsec.c
index 307a66b..4575387 100644
--- a/winsec.c
+++ b/winsec.c
@@ -397,7 +397,6 @@ currentUserIsMemberOfGroupSID (BYTE nSubAuthorityCount,
   DWORD dwLength = 0;
   PTOKEN_GROUPS ptg = NULL;
   int rv = -1;
-  int i;
 
   if (!AllocateAndInitializeSid (&nt_auth,
 				       nSubAuthorityCount,
@@ -497,7 +496,6 @@ uidMatchesAccountSID (uid_t uid,
   SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
   PSID requestedSID = NULL;
   PSID userSID = NULL;
-  DWORD dwLength = 0;
   int rv = -1;
 
   if (!AllocateAndInitializeSid (&nt_auth,
@@ -552,7 +550,6 @@ uidIsMemberOfGroupSID (uid_t uid,
   SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
   PSID requestedSID = NULL;
   PSID userSID = NULL;
-  DWORD dwLength = 0;
   int rv = -1;
 
   if (!AllocateAndInitializeSid (&nt_auth,
@@ -874,13 +871,11 @@ getUserInfoForUID (uid_t uid,
 		   DWORD level,
 		   LPBYTE * bufptr, LPWSTR * uni_servername, int *matchedName)
 {
-  DWORD dwLength = 0;
   int rv = -1;
   struct passwd *pw;
   char name[UNLEN + 1];
   WCHAR uni_name[2 * (UNLEN + 1)];
   char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
-  WCHAR uni_domain[2 * (INTERNET_MAX_HOST_NAME_LENGTH + 1)];
   char servername[256];
 
   if (!uni_servername)
@@ -978,8 +973,7 @@ getUserInfoForUID (uid_t uid,
 	  /* if we had a domain, then try again locally. if we didn't have a
 	     domain, then the initial call WAS local */
 	  if (NetUserGetInfo
-	      (*uni_servername, (LPWSTR) & uni_name, level,
-	       bufptr) != NERR_Success)
+	      (NULL, (LPWSTR) & uni_name, level, bufptr) != NERR_Success)
 	    {
 	      syslog (LOG_ERR,
 		      "unable to obtain user info for %s [tried domain controller %s and localhost]\n",

More information about the Cygwin-apps-cvs mailing list