diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2024-03-11 12:38:39 +0100 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2024-03-11 15:29:51 +0100 |
| commit | 66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3 (patch) | |
| tree | 99c318a334ca51e58d0e2fa672038ea19309e0e3 | |
| parent | 66138cbee4ed784b4cafc00533ebb74b6cdbfff1 (diff) | |
| download | newlib-66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3.zip newlib-66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3.tar.gz newlib-66f7dd9ff676a17b877b7be12b3ad8d01c8eb3f3.tar.bz2 | |
Cygwin: getgrent: don't skip SAM-only builtin-accounts
Since commit 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration
on domain member machines") we skip enumerating local BUILTIN accounts
if we also enumerate AD. However, there are two local accounts which
are only available in local SAM, not in AD. Don't skip enumerating
those.
Fixes: 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration on domain member machines")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
| -rw-r--r-- | winsup/cygwin/grp.cc | 11 | ||||
| -rw-r--r-- | winsup/cygwin/local_includes/winlean.h | 4 |
2 files changed, 12 insertions, 3 deletions
diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc index 77cf6a7..5f80d7a 100644 --- a/winsup/cygwin/grp.cc +++ b/winsup/cygwin/grp.cc @@ -428,10 +428,15 @@ gr_ent::enumerate_local () ((PLOCALGROUP_INFO_0) buf)[cnt++].lgrpi0_name, sid, &slen, dom, &dlen, &acc_type)) continue; - if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */ + /* Skip builtin groups if we're enumerating AD as well to avoid + duplication. Don't skip "Power Users" and "Device Owners" + accounts, they don't show up in AD enumeration. */ + if (cygheap->dom.member_machine () + && nss_db_enum_primary () + && sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */ && sid_sub_auth (sid, 0) == SECURITY_BUILTIN_DOMAIN_RID - && cygheap->dom.member_machine () - && nss_db_enum_primary ()) + && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_POWER_USERS + && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_DEVICE_OWNERS) continue; fetch_user_arg_t arg; arg.type = SID_arg; diff --git a/winsup/cygwin/local_includes/winlean.h b/winsup/cygwin/local_includes/winlean.h index 947109b..5bf1be2 100644 --- a/winsup/cygwin/local_includes/winlean.h +++ b/winsup/cygwin/local_includes/winlean.h @@ -104,6 +104,10 @@ details. */ #define FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS 0x00400000 #endif +#ifndef DOMAIN_ALIAS_RID_DEVICE_OWNERS +#define DOMAIN_ALIAS_RID_DEVICE_OWNERS (__MSABI_LONG(0x00000247)) +#endif + /* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name "MicrosoftAccounts". The new "Application Container SIDs" (S-1-15-...) have a netbios domain name "APPLICATION PACKAGE AUTHORITY" |