* mkgroup.c (MAX_SID_LEN): Remove. Instead, use SECURITY_MAX_SID_SIZE
throughout. (enum_unix_groups): Introduce numeric_psid and rearrange code to avoid potential heap corruption. * mkpasswd.c: Ditto.
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
/* mkpasswd.c:
|
||||
|
||||
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2008, 2009,
|
||||
2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
|
||||
2010, 2011, 2012, 2013, 2014, 2015 Red Hat, Inc.
|
||||
|
||||
This file is part of Cygwin.
|
||||
|
||||
@@ -35,8 +35,6 @@
|
||||
|
||||
#define print_win_error(x) _print_win_error(x, __LINE__)
|
||||
|
||||
#define MAX_SID_LEN 40
|
||||
|
||||
SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY};
|
||||
SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY};
|
||||
|
||||
@@ -134,7 +132,8 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
|
||||
WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
|
||||
DWORD ulen, dlen, sidlen;
|
||||
PSID psid;
|
||||
char psid_buffer[MAX_SID_LEN];
|
||||
PSID numeric_psid;
|
||||
char psid_buffer[SECURITY_MAX_SID_SIZE];
|
||||
SID_NAME_USE acc_type;
|
||||
|
||||
int ret = mbstowcs (machine, mach->str, INTERNET_MAX_HOST_NAME_LENGTH + 1);
|
||||
@@ -145,12 +144,13 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
|
||||
return;
|
||||
}
|
||||
|
||||
if (!AllocateAndInitializeSid (&auth, 2, 1, 0, 0, 0, 0, 0, 0, 0, &psid))
|
||||
if (!AllocateAndInitializeSid (&auth, 2, 1, 0, 0, 0, 0, 0, 0, 0,
|
||||
&numeric_psid))
|
||||
return;
|
||||
|
||||
if (!(user_list = strdup (unix_user_list)))
|
||||
{
|
||||
FreeSid (psid);
|
||||
FreeSid (numeric_psid);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -161,14 +161,16 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
|
||||
PWCHAR p = wcpcpy (user, L"Unix User\\");
|
||||
ret = mbstowcs (p, ustr, UNLEN + 1);
|
||||
if (ret < 1 || ret >= UNLEN + 1)
|
||||
fprintf (stderr, "%s: Invalid user name '%s'. Skipping...\n",
|
||||
program_invocation_short_name, ustr);
|
||||
else if (LookupAccountNameW (machine, user,
|
||||
psid = (PSID) psid_buffer,
|
||||
(sidlen = MAX_SID_LEN, &sidlen),
|
||||
dom,
|
||||
(dlen = MAX_DOMAIN_NAME_LEN + 1, &dlen),
|
||||
&acc_type))
|
||||
{
|
||||
fprintf (stderr, "%s: Invalid user name '%s'. Skipping...\n",
|
||||
program_invocation_short_name, ustr);
|
||||
continue;
|
||||
}
|
||||
psid = (PSID) psid_buffer;
|
||||
sidlen = SECURITY_MAX_SID_SIZE;
|
||||
dlen = MAX_DOMAIN_NAME_LEN + 1;
|
||||
if (LookupAccountNameW (machine, user, psid, &sidlen,
|
||||
dom, &dlen, &acc_type))
|
||||
printf ("%s%s%ls:*:%" PRIu32 ":99999:,%s::\n",
|
||||
"Unix_User",
|
||||
sep,
|
||||
@@ -198,13 +200,13 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
|
||||
}
|
||||
for (; start <= stop; ++ start)
|
||||
{
|
||||
psid = numeric_psid;
|
||||
*GetSidSubAuthority (psid, *GetSidSubAuthorityCount(psid) - 1)
|
||||
= start;
|
||||
if (LookupAccountSidW (machine, psid,
|
||||
user, (ulen = GNLEN + 1, &ulen),
|
||||
dom,
|
||||
(dlen = MAX_DOMAIN_NAME_LEN + 1, &dlen),
|
||||
&acc_type)
|
||||
ulen = GNLEN + 1;
|
||||
dlen = MAX_DOMAIN_NAME_LEN + 1;
|
||||
if (LookupAccountSidW (machine, psid, user, &ulen,
|
||||
dom, &dlen, &acc_type)
|
||||
&& !iswdigit (user[0]))
|
||||
printf ("%s%s%ls:*:%" PRIu32 ":99999:,%s::\n",
|
||||
"Unix_User",
|
||||
@@ -217,7 +219,7 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
|
||||
}
|
||||
|
||||
free (user_list);
|
||||
FreeSid (psid);
|
||||
FreeSid (numeric_psid);
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -279,9 +281,9 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path,
|
||||
char homedir_psx[PATH_MAX];
|
||||
WCHAR domain_name[MAX_DOMAIN_NAME_LEN + 1];
|
||||
DWORD domname_len = MAX_DOMAIN_NAME_LEN + 1;
|
||||
char psid_buffer[MAX_SID_LEN];
|
||||
char psid_buffer[SECURITY_MAX_SID_SIZE];
|
||||
PSID psid = (PSID) psid_buffer;
|
||||
DWORD sid_length = MAX_SID_LEN;
|
||||
DWORD sid_length = SECURITY_MAX_SID_SIZE;
|
||||
SID_NAME_USE acc_type;
|
||||
|
||||
int uid = buffer[i].usri3_user_id;
|
||||
@@ -317,7 +319,7 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path,
|
||||
wcscpy (domname, machine);
|
||||
wcscat (domname, L"\\");
|
||||
wcscat (domname, buffer[i].usri3_name);
|
||||
sid_length = MAX_SID_LEN;
|
||||
sid_length = SECURITY_MAX_SID_SIZE;
|
||||
domname_len = sizeof (domname);
|
||||
if (!LookupAccountNameW (machine, domname, psid,
|
||||
&sid_length, domain_name,
|
||||
|
Reference in New Issue
Block a user