[PATCH v2 2/2] Respect `db_home` setting even for the SYSTEM account

Corinna Vinschen corinna-cygwin@cygwin.com
Thu Dec 17 20:49:00 GMT 2015

On Dec 17 19:05, Johannes Schindelin wrote:
> We should not blindly set the home directory of the SYSTEM account to
> /home/SYSTEM, especially not when that value disagrees with what is
> configured via the `db_home` line in the `/etc/nsswitch.conf` file.
> This fixes https://github.com/git-for-windows/git/issues/435
> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
> ---
>  winsup/cygwin/uinfo.cc | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
> index a5d6270..8c51b82 100644
> --- a/winsup/cygwin/uinfo.cc
> +++ b/winsup/cygwin/uinfo.cc
> @@ -2129,7 +2129,11 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
>  	 it to a well-known group here. */
>        if (acc_type == SidTypeUser
>  	  && (sid_sub_auth_count (sid) <= 3 || sid_id_auth (sid) == 11))
> -	acc_type = SidTypeWellKnownGroup;
> +	{
> +	  acc_type = SidTypeWellKnownGroup;
> +	  home = cygheap->pg.get_home (pldap, sid, dom, domain, name,
> +				       fully_qualified_name);

Uhm, that's a bit over the top, isn't it?  It will affect all S-1-5-X
accounts as well as the S-1-5-11 Windows account SIDs.  Is that really
what you want?

Using pldap here may SEGV in cygheap_pwdgrp::get_home, btw, because
it may be NULL.  cygheap_pwdgrp::get_home doesn't check pldap for
validity, it expects a valid pointer.  You could either use cldap, or
cygheap_pwdgrp::get_home would have to check pldap before using it.

However, either way there's another problem: Independently of the
configured db_home schemes, you don't want to ask the DC for info on
these builtin accounts.  The better approach might be to call the
PUSER_INFO_3 variant of cygheap_pwdgrp::get_home with a NULL ui
pointer and just check for ui in the NSS_SCHEME_DESC case.  The other
called functions fetch_windows_home and fetch_from_path both can
live with both pointers, pldap and ui being NULL.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20151217/fdce6dad/attachment.sig>

More information about the Cygwin-patches mailing list