This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cron & Windows 7


On Feb 11 12:52, Pierre A. Humblet wrote:
> 
> ----- Original Message ----- 
> From: "Corinna Vinschen" 
> To: <cygwin@cygwin.com>
> Sent: Thursday, February 11, 2010 10:17
> | 
> | If a domain isn't involved, why fails loading user32 DLL?!?  In that
> | case there should be no issue with the user account since the local
> | SAM replies with the correct group list.  Or not?!?
> 
> The only strange output is
> get_user_local_groups: LookupAccountName(BUILTIN\Administratoren), Win32 error 1332
> but there should be other groups, like Users.

Uh oh.  Is the name of the BUILTIN group not BUILTIN on non-English
systems?  If so, the code in get_user_local_groups must be changed to
emit the correct name, rather than just storing the fixed string
"BUILTIN\\" in builtin_grp.

[...time passes...]

Can you please check if this untested(!) code is doing the right thing?

Index: sec_auth.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/sec_auth.cc,v
retrieving revision 1.29
diff -u -p -r1.29 sec_auth.cc
--- sec_auth.cc	6 Feb 2010 13:13:15 -0000	1.29
+++ sec_auth.cc	11 Feb 2010 18:44:05 -0000
@@ -320,20 +320,19 @@ get_user_local_groups (PWCHAR logonserve
     }
 
   WCHAR domlocal_grp[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
-  WCHAR builtin_grp[sizeof ("BUILTIN\\") + GNLEN + 2];
-  PWCHAR dg_ptr, bg_ptr;
+  WCHAR builtin_grp[2 * GNLEN + 2];
+  PWCHAR dg_ptr, bg_ptr = NULL;
   SID_NAME_USE use;
 
   dg_ptr = wcpcpy (domlocal_grp, domain);
   *dg_ptr++ = L'\\';
-  bg_ptr = wcpcpy (builtin_grp, L"BUILTIN\\");
 
   for (DWORD i = 0; i < cnt; ++i)
     {
       cygsid gsid;
       DWORD glen = MAX_SID_LEN;
       WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
-      DWORD domlen = sizeof (dom);
+      DWORD domlen = MAX_DOMAIN_NAME_LEN + 1;
 
       use = SidTypeInvalid;
       wcscpy (dg_ptr, buf[i].lgrpi0_name);
@@ -348,17 +347,35 @@ get_user_local_groups (PWCHAR logonserve
       else if (GetLastError () == ERROR_NONE_MAPPED)
 	{
 	  /* Check if it's a builtin group. */
-	  wcscpy (bg_ptr, dg_ptr);
-	  if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
-				  dom, &domlen, &use))
+	  if (!bg_ptr)
 	    {
-	      if (!legal_sid_type (use))
-		debug_printf ("Rejecting local %W. use: %d", dg_ptr, use);
+	      cygsid bgsid ("S-1-5-32");
+	      glen = 2 * GNLEN + 2;
+	      if (!LookupAccountSidW (NULL, bgsid, builtin_grp, &glen,
+				      domain, &domlen, &use))
+		debug_printf ("LookupAccountSid(BUILTIN), %E");
 	      else
-		grp_list *= gsid;
+		{
+		  bg_ptr = builtin_grp + wcslen (builtin_grp);
+		  bg_ptr = wcpcpy (builtin_grp, L"\\");
+		  glen = MAX_SID_LEN;
+		  domlen = MAX_DOMAIN_NAME_LEN + 1;
+		}
+	    }
+	  if (bg_ptr)
+	    {
+	      wcscpy (bg_ptr, dg_ptr);
+	      if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
+				      dom, &domlen, &use))
+		{
+		  if (!legal_sid_type (use))
+		    debug_printf ("Rejecting local %W. use: %d", dg_ptr, use);
+		  else
+		    grp_list *= gsid;
+		}
+	      else
+		debug_printf ("LookupAccountName(%W), %E", builtin_grp);
 	    }
-	  else
-	    debug_printf ("LookupAccountName(%W), %E", builtin_grp);
 	}
       else
 	debug_printf ("LookupAccountName(%W), %E", domlocal_grp);

> If we want to eliminate that possibility:
> Matthias , could you edit /etc/passwd and change your gid from 513 to 545,
> or edit /etc/group and add your id (text, not uid) in the last (currently empty) 
> field of the 545 group.
> 
> | Well, in the long run I'd like to drop the chance to add groups by adding
> | users to /etc/group.  This allows overriding AD settings for no good reason.
> I would at least keep it as backup. There have been reported cases were the DC
> does not answer due to temporary network reasons.

Yeah, it's just a nightmare for Admins...

> B.t.w. I just tried mkgroup -lu on my local XP (still 1.5). It does NOT populate users
> in some groups, in particular  Users (545)

It does not populate users in *any* group.  The option has been disabled.
The group list should only be used in rare cases, if at all.

> Also when I ssh into my home XP (1.7), I get 
> mkgroup (376): [1722] The RPC server is unavailable.

For me this also occurs in a normal console window and that's to be
expected.  -l is an `optional_argument' option.  Try `mkgroup -l -u'.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]