diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2014-05-14 15:27:47 +0400 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2014-05-14 15:27:47 +0400 |
commit | 6506454fb38c7684d53126b3455ff2a663932b16 (patch) | |
tree | d0a67c699f1b7b48067375ce097a590577b6d9e3 /winsup/cygwin/sec_auth.cc | |
parent | d4ff931bf83181966dfd210013b1229e2b1e2c79 (diff) |
* sec_auth.cc (get_server_groups): Call get_logon_server only for
non-builtin accounts.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Check incoming
account name for validity in terms of the current name prefixing rules
and refuse invalid names.
Diffstat (limited to 'winsup/cygwin/sec_auth.cc')
-rw-r--r-- | winsup/cygwin/sec_auth.cc | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index fb9e371fb..709874337 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -465,7 +465,11 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw) __seterrno (); return false; } - if (get_logon_server (domain, server, DS_IS_FLAT_NAME)) + /* If the SID does NOT start with S-1-5-21, the domain is some builtin + domain. The search for a logon server is moot. */ + if (sid_id_auth (usersid) == 5 /* SECURITY_NT_AUTHORITY */ + && sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE + && get_logon_server (domain, server, DS_IS_FLAT_NAME)) get_user_groups (server, grp_list, user, domain); get_user_local_groups (server, domain, grp_list, user); return true; |