ssh-host-config script sends /etc/passwd thru awk

Wed Feb 18 13:15:00 GMT 2015

On Feb 18 13:00, Achim Gratz wrote:
> Corinna Vinschen writes:
> > It's a bit confusing to talk about the Cygwin version when this is
> > only about openssh and the csih package. I'm really busy with other
> > stuff right now. I quickly scanned the ssh-*-config scripts again
> > and they never write a passwd entry so, if anything, it's a problem
> > in the csih helper script. Does anybody want to inspect
> > /usr/share/csih/cygwin-service-installation-helper.sh for this?
>> How about this (untested)?

Thanks for looking and the patch. However, I seem to miss the point:
> + if csih_old_cygwin
> + if [ "$(/usr/bin/id -un)" = "mkpasswd" ]

At this point, the csih_old_cygwin test should be unnecessary because
the "mkpasswd" and "mkgroup" accounts names are not generated at all
by Cygwin >= 1.7.34. So the test for the name alone should be sufficient.
OTOH, the csih_old_cygwin test won't hurt either, of course.
> # ======================================================================
> +# Routine: csih_old_cygwin
> +# Check Cygwin version, account databases are avaiable since 1.7.34
> +# On Cygwin versions <= 1.7.33 return 0
> +# On Cygwin versions > 1.7.33 return 1
> +# ======================================================================
> +csih_old_cygwin()
> +{
> + local old_cygwin
> +
> + /usr/bin/uname -r |
> + /usr/bin/awk -F. '{
> + if ( 1ドル < 1 || \
> + (1ドル == 1 && 2ドル < 7) || \
> + (1ドル == 1 && 2ドル == 7 && strtonum(3ドル) <= 33))
> + exit 0;
> + exit 1;
> + }'
> + old_cygwin=$?
> + return ${old_cygwin}
> +} # === End of csih_old_cygwin() === #
> +readonly -f csih_old_cygwin
> +
> +# ======================================================================
> # Routine: csih_use_file_etc passwd|group
> # Check if /etc/passwd or /etc/group file is in use.
> # On Cygwin versions < 1.7.33, files are always used.
> @@ -2517,18 +2558,12 @@
> then
> csih_error 'Script error: csih_use_file_etc requires argument "passwd" or "group".'
> fi
> - /usr/bin/uname -r |
> - /usr/bin/awk -F. '{
> - if (1ドル < 1 || \
> - (1ドル == 1 && 2ドル < 7) || \
> - (1ドル == 1 && 2ドル == 7 && strtonum(3ドル) <= 33))
> - exit 0;
> - exit 1;
> - }'
> - use_file=$?
> + csih_old_cygwin ; use_file=$?
> if [ ${use_file} -ne 0 -a -f /etc/nsswitch.conf ]
> then
> - grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf || use_file=0
> + grep -Eq "^${file}:" /etc/nsswitch.conf &&
> + grep -Eq "^${file}:[^#]*\<db\>" /etc/nsswitch.conf ||
> + use_file=0

And here, the test for the version is moved into the csih_old_cygwin
function. So far, so good, but... in how far does this change the
result of csih_use_file_etc?!? Assuming the expression has a bug,
wouldn't this still be the case, and the mkpasswd calls in
csih_create_privileged_user and csih_create_unprivileged_user
would still write the entry to /etc/passwd?
Can you explain what I'm missing?
Thanks,
Corinna
-- 
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150218/3f819dcc/attachment.sig>