"Unknown" Groups Not Caching - Debugging
Corinna Vinschen
corinna-cygwin@cygwin.com
Fri Apr 17 10:31:00 GMT 2015
On Apr 17 06:21, Bryan Berns wrote:
> On Fri, Apr 17, 2015 at 4:23 AM, Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:
> > On Apr 16 22:50, Bryan Berns wrote:
> >>
> >> So I was looking into the issue I found with Cygwin not caching
> >> orphaned / unknown groups. At least for my test case, this appears to
> >> be rooted in the RID getting striped from the end of the SID just
> >> prior to the line being outputted (line 2464 from the exert below)
> >> within fetch_account_from_windows().
> >>
> >> uinfo.cc: 2460: /* Check if we know the domain. If so, create a passwd/group
> >> uinfo.cc: 2461: entry with domain prefix and RID as username. */
> >> uinfo.cc: 2462: PDS_DOMAIN_TRUSTSW td = NULL;
> >> uinfo.cc: 2463:
> >> uinfo.cc: 2464: sid_sub_auth_count (sid) = sid_sub_auth_count (sid) - 1;
> >>
> >> It's not clear to me, in general, why we're interested in creating a
> >> "passwd/group entry with domain prefix and RID as username".
> >
> > Counter question. Why not? The result is that you know it's some
> > account from a known domain, and the combination of the domain name
> > and the RID results in a unique account name.
> >
> > Thanks for looking into this and tracking it down to this point.
> > The problem in your case is that the sid isn't reverted in the
> > following !domain branch.
> >
> > Please try this patch:
> >
> > diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
> > index 6186327..91d1d1c 100644
> > --- a/winsup/cygwin/uinfo.cc
> > +++ b/winsup/cygwin/uinfo.cc
> > @@ -2475,10 +2475,10 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
> > posix_offset = fetch_posix_offset (td, &loc_ldap);
> > break;
> > }
> > + sid_sub_auth_count (sid) = sid_sub_auth_count (sid) + 1;
> > }
> > if (domain)
> > {
> > - sid_sub_auth_count (sid) = sid_sub_auth_count (sid) + 1;
> > wcscpy (dom, domain);
> > __small_swprintf (name = namebuf, L"%W(%u)",
> > is_group () ? L"Group" : L"User",
>
> Yeah, works like a charm
Cool, thanks for testing.
> -- I guess I have to have more confidence
> since that's actually what I did to test it works when I discovered
> the issue. I guess my earlier question rooted in the thought that the
> original author wanted to explicitly restore the SID if and only if a
> domain was defined. Was this a simple misplacement of the code to
> required restore the RID to the SID or is there some forgotten nuanced
> scenario that we're not thinking of where we actually want to store
> the SID with the RID removed? I can't think of one, but then again
> this is my first time looking a this code.
Well, I assume it's a result of a misplacement which I never realized
because of testing with domain accounts only :}
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-developers/attachments/20150417/8cafd8e8/attachment.sig>
More information about the Cygwin-developers
mailing list