"Unknown" Groups Not Caching - Debugging

Bryan Berns bryan.berns@gmail.com
Fri Apr 17 10:21:00 GMT 2015


On Fri, Apr 17, 2015 at 4:23 AM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> On Apr 16 22:50, Bryan Berns wrote:
>>
>> So I was looking into the issue I found with Cygwin not caching
>> orphaned / unknown groups.  At least for my test case, this appears to
>> be rooted in the RID getting striped from the end of the SID just
>> prior to the line being outputted (line 2464 from the exert below)
>> within fetch_account_from_windows().
>>
>> uinfo.cc: 2460: /* Check if we know the domain.  If so, create a passwd/group
>> uinfo.cc: 2461:    entry with domain prefix and RID as username. */
>> uinfo.cc: 2462: PDS_DOMAIN_TRUSTSW td = NULL;
>> uinfo.cc: 2463:
>> uinfo.cc: 2464: sid_sub_auth_count (sid) = sid_sub_auth_count (sid) - 1;
>>
>> It's not clear to me, in general, why we're interested in creating a
>> "passwd/group entry with domain prefix and RID as username".
>
> Counter question.  Why not?  The result is that you know it's some
> account from a known domain, and the combination of the domain name
> and the RID results in a unique account name.
>
> Thanks for looking into this and tracking it down to this point.
> The problem in your case is that the sid isn't reverted in the
> following !domain branch.
>
> Please try this patch:
>
> diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
> index 6186327..91d1d1c 100644
> --- a/winsup/cygwin/uinfo.cc
> +++ b/winsup/cygwin/uinfo.cc
> @@ -2475,10 +2475,10 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
>                   posix_offset = fetch_posix_offset (td, &loc_ldap);
>                   break;
>                 }
> +         sid_sub_auth_count (sid) = sid_sub_auth_count (sid) + 1;
>         }
>        if (domain)
>         {
> -         sid_sub_auth_count (sid) = sid_sub_auth_count (sid) + 1;
>           wcscpy (dom, domain);
>           __small_swprintf (name = namebuf, L"%W(%u)",
>                             is_group () ? L"Group" : L"User",

Yeah, works like a charm -- I guess I have to have more confidence
since that's actually what I did to test it works when I discovered
the issue.  I guess my earlier question rooted in the thought that the
original author wanted to explicitly restore the SID if and only if a
domain was defined.  Was this a simple misplacement of the code to
required restore the RID to the SID or is there some forgotten nuanced
scenario that we're not thinking of where we actually want to store
the SID with the RID removed?  I can't think of one, but then again
this is my first time looking a this code.

Thanks!



More information about the Cygwin-developers mailing list