ssh-host-config script sends /etc/passwd thru awk

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Feb 18 13:15:00 GMT 2015


On Feb 18 13:00, Achim Gratz wrote:
> Corinna Vinschen writes:
> > It's a bit confusing to talk about the Cygwin version when this is
> > only about openssh and the csih package.  I'm really busy with other
> > stuff right now.  I quickly scanned the ssh-*-config scripts again
> > and they never write a passwd entry so, if anything, it's a problem
> > in the csih helper script.  Does anybody want to inspect
> > /usr/share/csih/cygwin-service-installation-helper.sh for this?
> 
> How about this (untested)?

Thanks for looking and the patch.  However, I seem to miss the point:

> +  if csih_old_cygwin
> +    if [ "$(/usr/bin/id -un)" = "mkpasswd" ]

At this point, the csih_old_cygwin test should be unnecessary because
the "mkpasswd" and "mkgroup" accounts names are not generated at all
by Cygwin >= 1.7.34.  So the test for the name alone should be sufficient.
OTOH, the csih_old_cygwin test won't hurt either, of course.

>  # ======================================================================
> +# Routine: csih_old_cygwin
> +#   Check Cygwin version, account databases are avaiable since 1.7.34
> +#   On Cygwin versions <= 1.7.33 return 0
> +#   On Cygwin versions >  1.7.33 return 1
> +# ======================================================================
> +csih_old_cygwin()
> +{
> +  local old_cygwin
> +
> +  /usr/bin/uname -r |
> +  /usr/bin/awk -F. '{
> +                     if ( $1 < 1 || \
> +                         ($1 == 1 && $2 < 7) || \
> +                         ($1 == 1 && $2 == 7 && strtonum($3) <= 33))
> +                       exit 0;
> +                     exit 1;
> +                   }'
> +  old_cygwin=$?
> +  return ${old_cygwin}
> +} # === End of csih_old_cygwin() === #
> +readonly -f csih_old_cygwin
> +
> +# ======================================================================
>  # Routine: csih_use_file_etc passwd|group
>  #   Check if /etc/passwd or /etc/group file is in use.
>  #   On Cygwin versions < 1.7.33, files are always used.
> @@ -2517,18 +2558,12 @@
>    then
>      csih_error 'Script error: csih_use_file_etc requires argument "passwd" or "group".'
>    fi
> -  /usr/bin/uname -r |
> -  /usr/bin/awk -F. '{
> -                     if ($1 < 1 || \
> -                         ($1 == 1 && $2 < 7) || \
> -                         ($1 == 1 && $2 == 7 && strtonum($3) <= 33))
> -                       exit 0;
> -                     exit 1;
> -                   }'
> -  use_file=$?
> +  csih_old_cygwin ; use_file=$?
>    if [ ${use_file} -ne 0 -a -f /etc/nsswitch.conf ]
>    then
> -    grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf || use_file=0
> +    grep -Eq "^${file}:" /etc/nsswitch.conf &&
> +      grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf ||
> +       use_file=0

And here, the test for the version is moved into the csih_old_cygwin
function.  So far, so good, but... in how far does this change the
result of csih_use_file_etc?!?  Assuming the expression has a bug,
wouldn't this still be the case, and the mkpasswd calls in
csih_create_privileged_user and csih_create_unprivileged_user
would still write the entry to /etc/passwd?

Can you explain what I'm missing?


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150218/3f819dcc/attachment.sig>


More information about the Cygwin mailing list