This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: POSIX permission mapping and NULL SIDs
- From: Bill Zissimopoulos <billziss at navimatics dot com>
- To: "cygwin at cygwin dot com" <cygwin at cygwin dot com>
- Date: Tue, 28 Jun 2016 18:06:13 +0000
- Subject: Re: POSIX permission mapping and NULL SIDs
- Authentication-results: sourceware.org; auth=none
- Authentication-results: spf=none (sender IP is ) smtp dot mailfrom=billziss at navimatics dot com;
- References: <D392BA70 dot 95D4%billziss at navimatics dot com> <20160624195144 dot GB27089 at calimero dot vinschen dot de> <D392F074 dot 962E%billziss at navimatics dot com> <20160624215948 dot GD27089 at calimero dot vinschen dot de> <D39583E5 dot 96E3%billziss at navimatics dot com> <1945820393 dot 20160627122324 at yandex dot ru> <20160627102614 dot GA8258 at calimero dot vinschen dot de> <D396C16E dot 9770%billziss at navimatics dot com> <20160628102705 dot GA22797 at calimero dot vinschen dot de>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
On 6/28/16, 3:27 AM, "Corinna Vinschen" <cygwin-owner@cygwin.com on behalf
of corinna-cygwin@cygwin.com> wrote:
>>Ok. Please keep in mind that
>
>a) there can't be a bijective mapping between arbitrary length SIDs
> and a 32 bit uid/gid.
>
>b) The mapping used in Cygwin is not self-created but (mostly, except
> for a single deviation) identical to the Interix mapping. The code
> basically follows how this mapping has been defined by Microsoft.
Corinna, please stop explaining things to me that I already know.
>> BTW, I have here a partitioning of the UID namespace that may help
>>choose
>> the right mapping:
>>
>> /*
>> * UID namespace partitioning (from [IDMAP] rules):
>> *
>> * 0x000000 + RID S-1-5-RID,S-1-5-32-RID
>> * 0x000ffe OtherSession
>> * 0x000fff CurrentSession
>> * 0x001000 * X + RID S-1-5-X-RID ([WKSID]:
>> X=1-15,17-21,32,64,80,83)
>> * 0x010000 + 0x100 * X + Y S-1-X-Y ([WKSID]: X=1,2,3,4,5,9,16)
>> * 0x030000 + RID S-1-5-21-X-Y-Z-RID
>> * 0x060000 + RID S-1-16-RID
>> * 0x100000 + RID S-1-5-21-X-Y-Z-RID
>> */
>
>You're aware that I wrote the code for this mapping as well as its
>documentation? :)
Corinna, of course I am aware of that. I have found your original post to
this list about it. Why would you think otherwise? And why would it change
anything?
>>With all that and to help conclude this thread I gather here all the
>> proposed mappings. Corinna, I will use the one which you prefer the
>>most:
>>
>> S-1-0-65534 <-> 65534
>
>This one is still my favorite. Again, the range from 0x1000 up to
>0xffff is unused. Right now any incoming uid/gid value in this range
>for a reverse SID lookup is treated as invalid SID.
I disagree. You are saying that it is unused, but a (perhaps erroneous)
SID would map into that space.
In any case I will use your mapping of S-1-0-65534 <-> 65534.
Bill