From b070bb0f9ced001d3fee40a75a4882ff17d02428 Mon Sep 17 00:00:00 2001
From: Takashi Yano <takashi.yano@nifty.ne.jp>
Date: Sat, 16 Jun 2018 21:59:30 +0900
Subject: [PATCH] Fixed the failure in the case of trying to switch user
 account with F flag.

* login.c (main): Use getpwnam_r() instead of getpwnam() to prevent
overwriting the area pointed by pwd by other calls of getpw* family
functions.
* login.c (isROOT_UID): Remove checking SeIncreaseQuotaPrivilege
privilege because account cyg_server created by csih does not have
this privilege.
* winsec.c (getUserInfoForUID): Fix the first argument of the second
NetUserGetInfo() call so that it can check user information locally
if the machine is on a domain.
---
 login.c  | 9 +++++----
 winsec.c | 3 +--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/login.c b/login.c
index 2ddfdcd..271d5e8 100644
--- a/login.c
+++ b/login.c
@@ -91,6 +91,8 @@ static void sleepexit (int eval);
  */
 int timeout = 300;
 
+struct passwd userpwd;
+char pwbuf[16384];
 struct passwd *pwd;
 int failures;
 char term[64], *hostname, *username, *tty;
@@ -213,7 +215,7 @@ main (int argc, char **argv)
 	}
       (void) strcpy (tbuf, username);
 #ifdef __CYGWIN__
-      pwd = getpwnam (username);
+      getpwnam_r (username, &userpwd, pwbuf, sizeof(pwbuf), &pwd);
 #else
       if (pwd = getpwnam (username))
 	salt = pwd->pw_passwd;
@@ -551,10 +553,9 @@ isROOT_UID (uid_t uid)
 {
   static const char *REQUIRED_PRIVS[] = {
     "SeAssignPrimaryTokenPrivilege",
-    "SeTcbPrivilege",
-    "SeIncreaseQuotaPrivilege"
+    "SeTcbPrivilege"
   };
-  static const ULONG NUM_REQUIRED_PRIV = 3;
+  static const ULONG NUM_REQUIRED_PRIV = 2;
 
   OSVERSIONINFOEX osvi;
   struct passwd *pw;
diff --git a/winsec.c b/winsec.c
index 307a66b..13c5ecf 100644
--- a/winsec.c
+++ b/winsec.c
@@ -978,8 +978,7 @@ getUserInfoForUID (uid_t uid,
 	  /* if we had a domain, then try again locally. if we didn't have a
 	     domain, then the initial call WAS local */
 	  if (NetUserGetInfo
-	      (*uni_servername, (LPWSTR) & uni_name, level,
-	       bufptr) != NERR_Success)
+	      (NULL, (LPWSTR) & uni_name, level, bufptr) != NERR_Success)
 	    {
 	      syslog (LOG_ERR,
 		      "unable to obtain user info for %s [tried domain controller %s and localhost]\n",
-- 
2.17.0