diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2014-03-06 18:54:08 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2014-03-06 18:54:08 +0000 |
| commit | 29adfd78bd5870268f0b930f25374f7299dd7e8d (patch) | |
| tree | 0a916602d45e2e017b06686bb9cb3950cf4d35f9 /winsup/cygwin/uinfo.cc | |
| parent | 722c840b35178adc5b5ad438334a04723cc624ac (diff) | |
| download | cygnal-29adfd78bd5870268f0b930f25374f7299dd7e8d.tar.gz cygnal-29adfd78bd5870268f0b930f25374f7299dd7e8d.tar.bz2 cygnal-29adfd78bd5870268f0b930f25374f7299dd7e8d.zip | |
* passwd.cc (pg_ent::enumerate_builtin): Convert pwd_builtins and
grp_builtins to array of cygpsid pointers. Replace SID strings with
pointers to well known SIDs.
* sec_helper.cc (well_known_local_service_sid): Define.
(well_known_network_service_sid): Define.
(trusted_installer_sid): Define.
* security.h (well_known_local_service_sid): Declare.
(well_known_network_service_sid): Declare.
(trusted_installer_sid): Declare.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Throughout set acc_type
to SidTypeUnknown if LookupAccountXXX function failed. Create
simplified passwd entry for non-user accounts, except for LocalSystem.
Add comment.
Diffstat (limited to 'winsup/cygwin/uinfo.cc')
| -rw-r--r-- | winsup/cygwin/uinfo.cc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index ef8128265..efda17a1f 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -1721,6 +1721,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group, uid = 0xffe; wcpcpy (name = namebuf, L"OtherSession"); } + acc_type = SidTypeUnknown; } else if (sid_id_auth (sid) == 18) { @@ -1733,6 +1734,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group, ? (PWCHAR) L"Authentication authority asserted identity" : (PWCHAR) L"Service asserted identity"); name_style = plus_prepended; + acc_type = SidTypeUnknown; } else if (sid_id_auth (sid) == 22) { @@ -1747,6 +1749,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group, wcpcpy (p, sid_sub_auth (sid, 0) == 1 ? L"User" : L"Group"); __small_swprintf (name = namebuf, L"%d", uid & UNIX_POSIX_MASK); name_style = fully_qualified; + acc_type = SidTypeUnknown; } else { @@ -1787,6 +1790,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group, wcpcpy (name = namebuf, group ? L"Group" : L"User"); } name_style = fully_qualified; + acc_type = SidTypeUnknown; } tmp_pathbuf tp; @@ -1806,6 +1810,12 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group, if (group) __small_swprintf (linebuf, L"%W:%W:%u:", posix_name, sid.string (sidstr), uid); + /* For non-users, create a passwd entry which doesn't allow interactive + logon. Unless it's the SYSTEM account. This conveniently allows to + long interactively as SYSTEM for debugging purposes. */ + else if (acc_type != SidTypeUser && sid != well_known_system_sid) + __small_swprintf (linebuf, L"%W:*:%u:%u:,%W:/:/sbin/nologin", + posix_name, uid, gid, sid.string (sidstr)); else __small_swprintf (linebuf, L"%W:*:%u:%u:%W%WU-%W\\%W,%W:%W%W:%W", posix_name, uid, gid, |