X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=Mh424iruTx7yrrM+PCTlXbTRkk5XSNCg+5/8A2lhSFOsrl+C6H4xg
	yGOLHWw6AQFxyqIDpe7OFCgr/WxZA2d6rpp5i8zrFSdbabYEXW0piab8LdQSPNQw
	w4gooIVRxS/VK5LKLZr28ZqjOldNMzq6qFc5M6AyF7ilMr4ysujZbE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=gdp3hTrzWwh/EKpPmkIoabvcrR8=; b=HNNWWFGZ9PUU+y5n4bBifig2bMFL
	tgHN8it2CH/8lrOOsO6MWL/933qHY2CDbPtZ9P2PyEwQofnuDxszrRNl97kHW63B
	fOBrUUPXpesJDDPE4fiXmFuYJPL7y4kWhhIydqyTjIdA4f7SbejZl3CByNWSLzeq
	t4znwUvWV8zSbtw=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.9 required=5.0 tests=AWL,BAYES_00,UNSUBSCRIBE_BODY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Wed, 18 Feb 2015 14:34:54 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: ssh-host-config script sends /etc/passwd thru awk
Message-ID: <20150218133454.GA31759@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <4C148215-468D-469D-8060-B2010DF5E9A9@etr-usa.com> <20150217230230.GH8493@calimero.vinschen.de> <62DA4A6B-8BA1-4676-B88F-42F6A3707AAD@etr-usa.com> <20150218100809.GK8493@calimero.vinschen.de> <87k2zf1lbc.fsf@Rainer.invalid> <20150218130152.GO8493@calimero.vinschen.de> <8761az1hul.fsf@Rainer.invalid>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb"
Content-Disposition: inline
In-Reply-To: <8761az1hul.fsf@Rainer.invalid>
User-Agent: Mutt/1.5.23 (2014-03-12)

--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 18 14:15, Achim Gratz wrote:
> Corinna Vinschen writes:
> >> +  csih_old_cygwin ; use_file=3D$?
> >>    if [ ${use_file} -ne 0 -a -f /etc/nsswitch.conf ]
> >>    then
> >> -    grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf || use_file=3D0
> >> +    grep -Eq "^${file}:" /etc/nsswitch.conf &&
> >> +      grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf ||
> >> +       use_file=3D0
> >
> > And here, the test for the version is moved into the csih_old_cygwin
> > function.  So far, so good, but... in how far does this change the
> > result of csih_use_file_etc?!?  Assuming the expression has a bug,
> > wouldn't this still be the case, and the mkpasswd calls in
> > csih_create_privileged_user and csih_create_unprivileged_user
> > would still write the entry to /etc/passwd?
> >
> > Can you explain what I'm missing?
>=20
> The old test wrote to /etc/{passwd,group} when use_file!=3D1,
> /etc/nsswitch.conf existed and did not have a line for either passwd or
> group or if that line had no "db" on it.  If the line is missing
> altogether, then files should still not be used since the default is
> "files db", only when the line exists and omits "db".  I think=E2=80=A6

Uh, the penny is dropping... in slow motion...

Hang on, let me try to rephrase what we need here, without letting
myself getting distracted by the code nor your patch.  I'm firmly
securing my blinders...

- If we have an old Cygwin version <=3D 1.7.33 =3D=3D> write to /etc/passwd

- Otherwise, if /etc/nsswitch.conf is missing, don't write.

- Otherwise, if /etc/nsswitch.conf is missing the "passwd:" entry,
  the default is "files db", don't write.

- Otherwise, if "passwd" contains "db", don't write.

- Otherwise, write.

Now lets' check the expression:

   csih_old_cygwin ; use_file=3D$?
   if [ ${use_file} -ne 0 -a -f /etc/nsswitch.conf ]
   then
     grep -Eq "^${file}:" /etc/nsswitch.conf &&
       grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf ||
         use_file=3D0

Old version?  use_file is 0
New version but /etc/nsswitch.conf is missing?  use_file =3D 1
/etc/nsswitch.conf does not contain a "passwd" line?  use_file =3D 1
/etc/nsswitch.conf contain a "passwd" line but no "db"?  use_file =3D 0
otherwise use_file =3D 1

Yup, that looks right.  Thanks for explaining.  I guess that should
help us along.  If you check this change in, I will release a new
csih version asap.


Thank you!
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU5JT+AAoJEPU2Bp2uRE+gmu4P/1dVXHeMOoNtNwL5HzABNLT/
6AYiA9VHVxOTCf+MrjxGquap/tSIaZKFBCx7KS0wSa5ffXj6nznXv4YxpqBromYU
q3gkn0DJxhqRl8wA6uv70e4XxQmJwcGh6Nx0KQBz0VU8KzuqGQ2b+JSmlLTj2NpD
ZgiPspITJj3dyY7WXhqBqhlOh1eCpvg0dP2J1lv5BQ25hcNRgGQuPvbY8+c8sqUT
HZQAxCeMlKQ2sp0zYSa7NgQLibre9AuSZuG0n8vr4bClSYctOf3mpiOi5FrCcwyw
IDEAtv7/xawvMdft2spii8LwCGfyey3fGoyMqQpR8fYWGchjqpLLmz3Jn8TE3QKE
/SCARTu2YKv+lOSXqpqKyBSAT17f44qwsVM4Qhq1TWnbzH87Y48jrib2z7be8kkj
VomIy1Zx9jHflK22R2nHt4lGopY/HKEKXO9sGgsk1mUp9HhN3OE/QKgMjQLdIcZ6
/mC8WrRaNj9ugyHPYh4YpDSFt9/2dElynMcY5+vgfcMKKQ+KRrszTCIg+zzC+Tlv
ADrc0ehWBkqF24Gp1EdTGDUNGLPctYlwVrl7PVvfp5k6bfuzLvfN7KeTgk4ag42H
rjypoNaFzyqD1f4IK2JViSFi5MCXwD4Dt0bSdW4rWu7FNKllDf1BenUxTskNQ82F
n2P+D+yDZYX51IWE1/HR
=HKLS
-----END PGP SIGNATURE-----

--VS++wcV0S1rZb1Fb--