This is the mail archive of the
mailing list for the Cygwin project.
Re: Why does CYGWIN implementation of getgrouplist() verify the supplied user or gid?
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 14 May 2013 10:54:53 +0200
- Subject: Re: Why does CYGWIN implementation of getgrouplist() verify the supplied user or gid?
- References: <5F8AAC04F9616747BC4CC0E803D5907D0AF79776 at MLBXv04 dot nih dot gov>
- Reply-to: cygwin at cygwin dot com
On May 13 20:51, Lavrentiev, Anton (NIH/NLM/NCBI) [C] wrote:
> Per a hint I've got earlier today from this list (and which I appreciate!),
> I've tried to use getgrouplist() to obtain group information about a user.
> There's a problem with that.
> I notice that the actual behavior of this call deviates from
> what's documented: nowhere in the documentation that I found,
> it states that the call fails for non-existent user and / or group ID
> provided in the parameters; but only if there is insufficient space
> to store the resultant group IDs (one place specifically mentions that
> "if user does not refer to a valid user on the system, getgrouplist()
> shall return 0, and set the value referenced by ngroups to 0").
> I checked the attached test case on Linux, Free BSD and, oh well,
> Mac OS X, and the results are pretty consistent:
> for non-existent user, the call does _not_ fail (i.e. does not return -1)
> but results in the list of GIDs containing only the GID passed in the
> parameters, regardless whether or not that GID is valid (i.e. of an
> existing group).
> If the user does exist, the provided GID gets added to the list, if it
> does not happen to be there already (again, the GID is not checked
> for validity).
> On Cygwin, the call always fails with return code -1 for nonexistent
> user name and / or GID.
> Note that errnos are not particularly documented for this call, so the
> only reason for it to fail, is for insufficient buffer (otherwise, the
> failure reasons cannot be distinguished)! To work around this
> behavior I have to bulk the code with a number of '#ifdef CYGWIN'.
> Why it's being different on CYGWIN?
The reason is that the underlying OS uses SIDs, not UIDs and GIDs.
Thus, the UIDs and GIDs have to be converted to SIDs before they
can be used to create a user token. If a UID/GID can't be converted
to a SID, it literally doesn't exist.
Having said that, I changed that in CVS so that getgrouplist now always
creates a group list. If the group given as second parameter doesn't
exist in /etc/group, it's not added to the list, though. If the user
doesn't exist in /etc/passwd, but the group exists, a group list with
a single entry consisting of that group is created. If both don't
exist, the created group list is empty.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple