* passwd.cc (pg_ent::enumerate_builtin): Convert pwd_builtins and
grp_builtins to array of cygpsid pointers. Replace SID strings with pointers to well known SIDs. * sec_helper.cc (well_known_local_service_sid): Define. (well_known_network_service_sid): Define. (trusted_installer_sid): Define. * security.h (well_known_local_service_sid): Declare. (well_known_network_service_sid): Declare. (trusted_installer_sid): Declare. * uinfo.cc (pwdgrp::fetch_account_from_windows): Throughout set acc_type to SidTypeUnknown if LookupAccountXXX function failed. Create simplified passwd entry for non-user accounts, except for LocalSystem. Add comment.
This commit is contained in:
parent
722c840b35
commit
29adfd78bd
|
@ -1,3 +1,19 @@
|
|||
2014-03-06 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* passwd.cc (pg_ent::enumerate_builtin): Convert pwd_builtins and
|
||||
grp_builtins to array of cygpsid pointers. Replace SID strings with
|
||||
pointers to well known SIDs.
|
||||
* sec_helper.cc (well_known_local_service_sid): Define.
|
||||
(well_known_network_service_sid): Define.
|
||||
(trusted_installer_sid): Define.
|
||||
* security.h (well_known_local_service_sid): Declare.
|
||||
(well_known_network_service_sid): Declare.
|
||||
(trusted_installer_sid): Declare.
|
||||
* uinfo.cc (pwdgrp::fetch_account_from_windows): Throughout set acc_type
|
||||
to SidTypeUnknown if LookupAccountXXX function failed. Create
|
||||
simplified passwd entry for non-user accounts, except for LocalSystem.
|
||||
Add comment.
|
||||
|
||||
2014-03-06 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* setlsapwd.cc (setlsapwd): Use RtlSecureZeroMemory to delete password
|
||||
|
|
|
@ -467,36 +467,27 @@ pg_ent::enumerate_file ()
|
|||
void *
|
||||
pg_ent::enumerate_builtin ()
|
||||
{
|
||||
static const char *pwd_builtins[] = {
|
||||
/* SYSTEM */
|
||||
"S-1-5-18",
|
||||
/* LocalService */
|
||||
"S-1-5-19",
|
||||
/* NetworkService */
|
||||
"S-1-5-20",
|
||||
/* Administrators */
|
||||
"S-1-5-32-544",
|
||||
/* TrustedInstaller */
|
||||
"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464",
|
||||
/* The end */
|
||||
static cygpsid *pwd_builtins[] = {
|
||||
&well_known_system_sid,
|
||||
&well_known_local_service_sid,
|
||||
&well_known_network_service_sid,
|
||||
&well_known_admins_sid,
|
||||
&trusted_installer_sid,
|
||||
NULL
|
||||
};
|
||||
static const char *grp_builtins[] = {
|
||||
/* SYSTEM */
|
||||
"S-1-5-18",
|
||||
/* TrustedInstaller */
|
||||
"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464",
|
||||
/* The end */
|
||||
static cygpsid *grp_builtins[] = {
|
||||
&well_known_system_sid,
|
||||
&trusted_installer_sid,
|
||||
NULL
|
||||
};
|
||||
|
||||
const char **builtins = group ? grp_builtins : pwd_builtins;
|
||||
cygpsid **builtins = group ? grp_builtins : pwd_builtins;
|
||||
if (!builtins[cnt])
|
||||
{
|
||||
cnt = max = resume = 0;
|
||||
return NULL;
|
||||
}
|
||||
cygsid sid (builtins[cnt++]);
|
||||
cygsid sid (*builtins[cnt++]);
|
||||
fetch_user_arg_t arg;
|
||||
arg.type = SID_arg;
|
||||
arg.sid = &sid;
|
||||
|
|
|
@ -66,6 +66,10 @@ MKSID (well_known_this_org_sid, "S-1-5-15",
|
|||
SECURITY_NT_AUTHORITY, 1, 15);
|
||||
MKSID (well_known_system_sid, "S-1-5-18",
|
||||
SECURITY_NT_AUTHORITY, 1, SECURITY_LOCAL_SYSTEM_RID);
|
||||
MKSID (well_known_local_service_sid, "S-1-5-19",
|
||||
SECURITY_NT_AUTHORITY, 1, SECURITY_LOCAL_SERVICE_RID);
|
||||
MKSID (well_known_network_service_sid, "S-1-5-20",
|
||||
SECURITY_NT_AUTHORITY, 1, SECURITY_NETWORK_SERVICE_RID);
|
||||
MKSID (well_known_builtin_sid, "S-1-5-32",
|
||||
SECURITY_NT_AUTHORITY, 1, SECURITY_BUILTIN_DOMAIN_RID);
|
||||
MKSID (well_known_admins_sid, "S-1-5-32-544",
|
||||
|
@ -74,6 +78,11 @@ MKSID (well_known_admins_sid, "S-1-5-32-544",
|
|||
MKSID (well_known_users_sid, "S-1-5-32-545",
|
||||
SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID,
|
||||
DOMAIN_ALIAS_RID_USERS);
|
||||
MKSID (trusted_installer_sid,
|
||||
"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464",
|
||||
SECURITY_NT_AUTHORITY, SECURITY_SERVICE_ID_RID_COUNT,
|
||||
SECURITY_SERVICE_ID_BASE_RID, 956008885U, 3418522649U, 1831038044U,
|
||||
1853292631U, 2271478464U);
|
||||
MKSID (mandatory_medium_integrity_sid, "S-1-16-8192",
|
||||
SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_MEDIUM_RID);
|
||||
MKSID (mandatory_high_integrity_sid, "S-1-16-12288",
|
||||
|
|
|
@ -385,9 +385,12 @@ extern cygpsid well_known_service_sid;
|
|||
extern cygpsid well_known_authenticated_users_sid;
|
||||
extern cygpsid well_known_this_org_sid;
|
||||
extern cygpsid well_known_system_sid;
|
||||
extern cygpsid well_known_local_service_sid;
|
||||
extern cygpsid well_known_network_service_sid;
|
||||
extern cygpsid well_known_builtin_sid;
|
||||
extern cygpsid well_known_admins_sid;
|
||||
extern cygpsid well_known_users_sid;
|
||||
extern cygpsid trusted_installer_sid;
|
||||
extern cygpsid mandatory_medium_integrity_sid;
|
||||
extern cygpsid mandatory_high_integrity_sid;
|
||||
extern cygpsid mandatory_system_integrity_sid;
|
||||
|
|
|
@ -1721,6 +1721,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
|
|||
uid = 0xffe;
|
||||
wcpcpy (name = namebuf, L"OtherSession");
|
||||
}
|
||||
acc_type = SidTypeUnknown;
|
||||
}
|
||||
else if (sid_id_auth (sid) == 18)
|
||||
{
|
||||
|
@ -1733,6 +1734,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
|
|||
? (PWCHAR) L"Authentication authority asserted identity"
|
||||
: (PWCHAR) L"Service asserted identity");
|
||||
name_style = plus_prepended;
|
||||
acc_type = SidTypeUnknown;
|
||||
}
|
||||
else if (sid_id_auth (sid) == 22)
|
||||
{
|
||||
|
@ -1747,6 +1749,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
|
|||
wcpcpy (p, sid_sub_auth (sid, 0) == 1 ? L"User" : L"Group");
|
||||
__small_swprintf (name = namebuf, L"%d", uid & UNIX_POSIX_MASK);
|
||||
name_style = fully_qualified;
|
||||
acc_type = SidTypeUnknown;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -1787,6 +1790,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
|
|||
wcpcpy (name = namebuf, group ? L"Group" : L"User");
|
||||
}
|
||||
name_style = fully_qualified;
|
||||
acc_type = SidTypeUnknown;
|
||||
}
|
||||
|
||||
tmp_pathbuf tp;
|
||||
|
@ -1806,6 +1810,12 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
|
|||
if (group)
|
||||
__small_swprintf (linebuf, L"%W:%W:%u:",
|
||||
posix_name, sid.string (sidstr), uid);
|
||||
/* For non-users, create a passwd entry which doesn't allow interactive
|
||||
logon. Unless it's the SYSTEM account. This conveniently allows to
|
||||
long interactively as SYSTEM for debugging purposes. */
|
||||
else if (acc_type != SidTypeUser && sid != well_known_system_sid)
|
||||
__small_swprintf (linebuf, L"%W:*:%u:%u:,%W:/:/sbin/nologin",
|
||||
posix_name, uid, gid, sid.string (sidstr));
|
||||
else
|
||||
__small_swprintf (linebuf, L"%W:*:%u:%u:%W%WU-%W\\%W,%W:%W%W:%W",
|
||||
posix_name, uid, gid,
|
||||
|
|
Loading…
Reference in New Issue