X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Mon, 10 Dec 2012 11:45:49 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Cygrunsrv and special Windows virtual accounts "NT SERVICE"
Message-ID: <20121210104549.GA16985@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <5F8AAC04F9616747BC4CC0E803D5907D043FCB1D AT MLBXv04 DOT nih DOT gov> <20121207160028 DOT GA2374 AT calimero DOT vinschen DOT de> <5F8AAC04F9616747BC4CC0E803D5907D043FCEC7 AT MLBXv04 DOT nih DOT gov> <5F8AAC04F9616747BC4CC0E803D5907D043FCF9B AT MLBXv04 DOT nih DOT gov>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <5F8AAC04F9616747BC4CC0E803D5907D043FCF9B@MLBXv04.nih.gov>
User-Agent: Mutt/1.5.21 (2010-09-15)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Dec  7 16:49, Lavrentiev, Anton (NIH/NLM/NCBI) [C] wrote:
> > per the bad user/pass combo, presumably).
> 
> Per MSDN, http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450%28v=vs.85%29.aspx :
> 
> If the account name specified by the lpServiceStartName parameter is the name of a managed service account or virtual account name, the lpPassword parameter must be NULL.
> 
> But cygrunsrv passes either "" or the actual string (when any username is provided).
> 
> It should pass NULL for the username that look like "NT SERVICE\svcname":
> 
>   if (!(sh = CreateService (sm, san.name (), disp, SERVICE_ALL_ACCESS,
> 			    SERVICE_WIN32_OWN_PROCESS |
> 			    (interactive ? SERVICE_INTERACTIVE_PROCESS : 0),
> 			    type == Auto ? SERVICE_AUTO_START
> 			    		 : SERVICE_DEMAND_START,
> 			    SERVICE_ERROR_NORMAL, mypath, NULL, NULL,
> 			    dependencies,
> 			    username, username ? pass ?: "" : NULL)))

I'm wondering if it's such a bright idea to use a NULL password based on
a check for a certain domain.  That's practically guaranteed to break
at one point again.

Is it worth at all to support empty passwords?  If not, we could always
use NULL if !pass || pass[0] == '\0'.

Or, alternatively, what about something like `-w NULL'?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple