This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [1.7] passwd: useless if used with a logged on domain user


On Mon, Mar 23, 2009 at 16:40, Corinna Vinschen wrote:
> On Mar 23 15:33, Julio Costa wrote:
>> On Mon, Mar 23, 2009 at 14:59, Corinna Vinschen wrote:
>> > Using CheckTokenMembership isn't quite the way to go. ÂIf I understand
>> > you right that the idea is just checking if the token contains the
>> > well-known Administrators group, I'll check in something equivalent.
>>
>> Ok. I'll be waiting for the a new check-in, then.
>
> I've applied another patch to passwd which now checks admin membership
> by inspecting the token groups of the calling user. ÂAs you proposed,
> the default is now the local machine, unless trying to change the
> caller's password itself.
>

After a minor typo-killing:

~/passwd $ diff -u passwd_118.c passwd_118b.c
--- passwd_118.c        2009-03-23 17:56:55.268054500 +0000
+++ passwd_118b.c       2009-03-23 18:10:55.925848600 +0000
@@ -571,7 +571,7 @@
   strcpy (user, optind >= argc ? getlogin () : argv[optind]);

   /* Changing password for calling user?  Use logonserver for user as well. */
-  if (!server && optind < argc)
+  if (!server && optind >= argc)
     {
       myself = 1;
       if ((logonserver = getenv ("LOGONSERVER")))

All goes smooth:

~/passwd $ ./my_passwd_118b.exe -v
my_passwd_118b (cygwin) 1.5
Password Utility
Copyright 1999, 2000, 2001, 2002, 2003 Red Hat, Inc.
Compiled on Mar 23 2009

~/passwd $ id
uid=18606(security) gid=10513(Domain Users)
groups=0(root),544(Administrators),545(Users),10513(Domain Users)

~/passwd $ ./my_passwd_118b.exe -S
Account disabled           : no
Password not required      : no
User can't change password : yes
Password never expires     : yes
Password expired           : no
Latest password change     : Wed Jul 18 15:34:32 2007

System password settings:
Max. password age 35 days
Min. password age 2 days
Force logout after 0 days
Min. password length: 8

# now with a local user
~/passwd $ id cyg_server
uid=1006(cyg_server) gid=544(Administrators) groups=544(Administrators)

~/passwd $ ./my_passwd_118b.exe -S cyg_server
Account disabled           : no
Password not required      : no
User can't change password : no
Password never expires     : yes
Password expired           : no
Latest password change     : Sat Mar 21 01:21:39 2009

System password settings:
Max. password age 35 days
Min. password age 2 days
Force logout after 0 days
Min. password length: 0

# This is another user in the domain (not in /etc/passwd):
~/passwd $ ./my_passwd_118b.exe -S costaju
my_passwd_118b: unknown user costaju
~/passwd $ ./my_passwd_118b.exe -S costaju -d $LOGONSERVER
Account disabled           : no
Password not required      : no
User can't change password : no
Password never expires     : no
Password expired           : no
Latest password change     : Wed Mar 11 15:40:35 2009

System password settings:
Max. password age 35 days
Min. password age 2 days
Force logout after 0 days
Min. password length: 8
~/passwd $

# And finally, the classic:
~/passwd $ ./my_passwd_118b.exe
Enter the new password (minimum of 5, maximum of 8 characters).
Please use a combination of upper and lower case letters and numbers.
New password:

Superb! Great work, Corinna!

___________
Julio Costa

Robert Benchley  - "I have tried to know absolutely nothing about a
great many things, and I have succeeded fair...

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]