X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=-1.6 required=5.0 	tests=AWL,BAYES_00,SARE_MSGID_LONG40,SPF_PASS
X-Spam-Check-By: sourceware.org
MIME-Version: 1.0
In-Reply-To: <20090323164003.GX9322@calimero.vinschen.de>
References: <af075b00903201143q1ce21219g3643c0e67e8994ac@mail.gmail.com>  	<20090321101004.GU9322@calimero.vinschen.de> <20090322100907.GA9322@calimero.vinschen.de>  	<af075b00903221034v180e635aka114fcde43f6cf00@mail.gmail.com>  	<20090322192205.GH9322@calimero.vinschen.de> <af075b00903230735i9c228b1s2b0928b698427cd4@mail.gmail.com>  	<20090323145958.GS9322@calimero.vinschen.de> <af075b00903230833u44399b81jb73bb597cfa4261b@mail.gmail.com>  	<20090323164003.GX9322@calimero.vinschen.de>
Date: Mon, 23 Mar 2009 18:26:06 +0000
Received: by 10.239.174.76 with SMTP id i12mr151038hbf.62.1237832781249; Mon,  	23 Mar 2009 11:26:21 -0700 (PDT)
Message-ID: <af075b00903231126g66bd79eu7aef04b9c4b75efd@mail.gmail.com>
Subject: Re: [1.7] passwd: useless if used with a logged on domain user
From: Julio Costa <costaju@gmail.com>
To: cygwin@cygwin.com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On Mon, Mar 23, 2009 at 16:40, Corinna Vinschen wrote:
> On Mar 23 15:33, Julio Costa wrote:
>> On Mon, Mar 23, 2009 at 14:59, Corinna Vinschen wrote:
>> > Using CheckTokenMembership isn't quite the way to go. =C2=A0If I under=
stand
>> > you right that the idea is just checking if the token contains the
>> > well-known Administrators group, I'll check in something equivalent.
>>
>> Ok. I'll be waiting for the a new check-in, then.
>
> I've applied another patch to passwd which now checks admin membership
> by inspecting the token groups of the calling user. =C2=A0As you proposed,
> the default is now the local machine, unless trying to change the
> caller's password itself.
>

After a minor typo-killing:

~/passwd $ diff -u passwd_118.c passwd_118b.c
--- passwd_118.c        2009-03-23 17:56:55.268054500 +0000
+++ passwd_118b.c       2009-03-23 18:10:55.925848600 +0000
@@ -571,7 +571,7 @@
   strcpy (user, optind >=3D argc ? getlogin () : argv[optind]);

   /* Changing password for calling user?  Use logonserver for user as well=
. */
-  if (!server && optind < argc)
+  if (!server && optind >=3D argc)
     {
       myself =3D 1;
       if ((logonserver =3D getenv ("LOGONSERVER")))

All goes smooth:

~/passwd $ ./my_passwd_118b.exe -v
my_passwd_118b (cygwin) 1.5
Password Utility
Copyright 1999, 2000, 2001, 2002, 2003 Red Hat, Inc.
Compiled on Mar 23 2009

~/passwd $ id
uid=3D18606(security) gid=3D10513(Domain Users)
groups=3D0(root),544(Administrators),545(Users),10513(Domain Users)

~/passwd $ ./my_passwd_118b.exe -S
Account disabled           : no
Password not required      : no
User can't change password : yes
Password never expires     : yes
Password expired           : no
Latest password change     : Wed Jul 18 15:34:32 2007

System password settings:
Max. password age 35 days
Min. password age 2 days
Force logout after 0 days
Min. password length: 8

# now with a local user
~/passwd $ id cyg_server
uid=3D1006(cyg_server) gid=3D544(Administrators) groups=3D544(Administrator=
s)

~/passwd $ ./my_passwd_118b.exe -S cyg_server
Account disabled           : no
Password not required      : no
User can't change password : no
Password never expires     : yes
Password expired           : no
Latest password change     : Sat Mar 21 01:21:39 2009

System password settings:
Max. password age 35 days
Min. password age 2 days
Force logout after 0 days
Min. password length: 0

# This is another user in the domain (not in /etc/passwd):
~/passwd $ ./my_passwd_118b.exe -S costaju
my_passwd_118b: unknown user costaju
~/passwd $ ./my_passwd_118b.exe -S costaju -d $LOGONSERVER
Account disabled           : no
Password not required      : no
User can't change password : no
Password never expires     : no
Password expired           : no
Latest password change     : Wed Mar 11 15:40:35 2009

System password settings:
Max. password age 35 days
Min. password age 2 days
Force logout after 0 days
Min. password length: 8
~/passwd $

# And finally, the classic:
~/passwd $ ./my_passwd_118b.exe
Enter the new password (minimum of 5, maximum of 8 characters).
Please use a combination of upper and lower case letters and numbers.
New password:

Superb! Great work, Corinna!

___________
Julio Costa

Robert Benchley  - "I have tried to know absolutely nothing about a
great many things, and I have succeeded fair...

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/