This is the mail archive of the
cygwin-cvs@cygwin.com
mailing list for the Cygwin project.
[newlib-cygwin] Handle WinFSP nobody account
- From: Corinna Vinschen <corinna at sourceware dot org>
- To: cygwin-cvs at sourceware dot org
- Date: 19 Jul 2016 09:16:24 -0000
- Subject: [newlib-cygwin] Handle WinFSP nobody account
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=1a988fc6baa00ea157c743fc87a8c9b08ea79a46
commit 1a988fc6baa00ea157c743fc87a8c9b08ea79a46
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Wed Jun 29 17:12:38 2016 +0200
Handle WinFSP nobody account
Per discussion started at
https://cygwin.com/ml/cygwin/2016-06/msg00347.html
S-1-0-65534 == uid/gid 65534 == nodomain+nobody
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/uinfo.cc | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 247131d..bc2a2d8 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1894,6 +1894,14 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
}
if (!ret)
{
+ if (!strcmp (arg.name, "nodomain+nobody"))
+ {
+ /* Special case "nobody" for reproducible construction of a
+ nobody SID for WinFsp and similar services. We use the
+ value 65534 which is -2 with 16 bit uid/gids. */
+ csid.create (0, 1, 0xfffe);
+ break;
+ }
debug_printf ("LookupAccountNameW (%W), %E", name);
return NULL;
}
@@ -2004,6 +2012,15 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
sid = logon_sid;
break;
}
+ else if (arg.id == 0xfffe)
+ {
+ /* Special case "nobody" for reproducible construction of a
+ nobody SID for WinFsp and similar services. We use the
+ value 65534 which is -2 with 16 bit uid/gids. */
+ csid.create (0, 1, 0xfffe);
+ sid = csid;
+ break;
+ }
else if (arg.id < 0x10000)
{
/* Nothing. */
@@ -2428,6 +2445,17 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
return NULL;
}
}
+ else if (sid_id_auth (sid) == 0 && sid_sub_auth (sid, 0) == 0xfffe)
+ {
+ /* Special case "nobody" for reproducible construction of a
+ nobody SID for WinFsp and similar services. We use the
+ value 65534 which is -2 with 16 bit uid/gids. */
+ uid = gid = 0xfffe;
+ wcpcpy (dom, L"nodomain");
+ wcpcpy (name = namebuf, L"nobody");
+ fully_qualified_name = true;
+ acc_type = SidTypeUnknown;
+ }
else if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
&& sid_sub_auth (sid, 0) == SECURITY_LOGON_IDS_RID)
{