Tue Oct 5 03:21:00 GMT 1999
I have patched ntsec so, that SIDs are used, that were previously
saved in /etc/passwd and /etc/group. This has following advantages:
- Correct working ntsec in domain environments.
- Non-login accounts (users _and_ groups) may get another name in
/etc/passwd and /etc/group files than their NT account name.
The new name is transparently used by applications (so chown,
chgrp, ls -l, etc. use them now),
No problem if running in console window,
BUT: If you need the account to login via telnet, ssh or similar
the login name _must_ be the NT user name.
- Cygwin UIDs and GIDs are now not necessarily the RID part of the
- As with U*X systems, UIDs and GIDs numbering scheme now don't
influence each other, so it's possible to have same Id's for a
user and a group,
root::0:0:... # former 'administrator::500:544:...'
root::0: # former 'administrators::544:'
Disadvantages, if you like to use the new features:
- /etc/passwd: The pw_gecos field has to contain a SID as the last
element of the comma separated list.
- /etc/group: The gr_passwd (former unused) has to contain a SID.
If no SIDs are found in /etc/passwd and /etc/group, ntsec acts like
the previous version.
The SIDs are saved in standard WinNT notation (S-1-5-32-...)
the utilities mkpasswd and mkgroup are patched, to support the new
- mkpasswd and mkgroup generate SIDs by default. This behaviour may
be switched off by the new commandline option `-s' or `--no-sids'.
Moreover, mkpasswd generates the home dir path with the function
cygwin_conv_to_posix_path(), so mount points are used now. This
behaviour may be changed to `/cygdrive/<Driveletter>' by using the
commandline option `-m' or `--no-mount'.
Another new feature:
uinfo.cc(getlogin) now uses a function uinfo.cc(internal_getlogin)
that asks for the users domain and logon server by using the
netapi32 function `NetWkstaUserGetInfo()'. These infos are saved in
the pinfo structure `myself'. Later calls to security.cc(lookup_name)
use them to get correct account information.
Moreover, the users SID is retrieved and saved in myself, so many
calls to lookup_name while process creation are avoidable:
ntsec should be objectively faster than before.
Unfortunately, the used netapi32 functions are not implemented under
Win9X, so netapi32.dll is dynamically loaded only under NT and W2K.
The calls to get_admin_sid(), get_world_sid() and get_system_sid()
are deleted from dcrt0.cc(dll_crt0_1). These functions don't fragment
the heap anymore. The new method of SID creation don't allocate
heap space dynamically.
This patch needs the lm-header-patch, send at Oct 2, 1999.
Thu Oct 5 11:45:00 1999 Corinna Vinschen <email@example.com>
* dcrt0.cc (dll_crt0_1): Calls to get_WHOEVER_sid deleted.
Call to uinfo_init() moved to the end of the function.
* fhandler.cc (get_file_owner): Call to get_id_from_sid()
substituted by call to get_uid_from_sid().
(get_file_group): Call to get_id_from_sid() substituted by
call to get_gid_from_sid().
* fork.cc (fork): Copy new pinfo members to child.
* grp.cc (parse_grp): Rewritten. Saves gr_passwd and all
user names in gr_mem.
(read_etc_group): Variable `group_sem' avoids endless loop.
* passwd.cc (read_etc_passwd): Variable `passwd_sem' avoids
* security.cc (get_sid): New function to generate SID from
(get_ssid): New function to generate SID from string.
(get_pw_sid): New function to generate SID from pw_gecos
(get_gr_sid): New function to generate SID from gr_passwd
(get_admin_sid): Rewritten to avoid using heap space.
(get_id_from_sid): Tries to read SIDs from /etc/passwd or
/etc/group files before using RID or Lookup... function.
(legal_sid_type): New function.
(lookup_name): Rewritten to use the logon server info,
(alloc_sd): Tries to use SID from /etc/passwd and /etc/group
files before call to lookup_name().
(alloc_sd): New parameter for logon server.
* shared.cc (sec_user): If SID is saved in myself, use it
instead of calling lookup_name().
* shared.h: struct pinfo got extended user information.
* spawn.cc (spawn_guts): method for forcing reread /etc
(_spawnve): Copy new pinfo members to child.
* syscalls.cc (chown): Changed call to set_file_attribute().
* uinfo.cc (internal_getlogin): New function.
(uinfo_init): Calls internal_getlogin() now.
(getlogin): Uses myself->username now.
* winsup.h: extern HANDLE netapi32_handle;
Changed prototypes for set_file_attribute(), lookup_name(),
New inline functions get_uid_from_sid() and get_gid_from_sid().
* utils/mkgroup.c: Adapted to the new ntsec features.
* utils/mkpasswd.c: Ditto.
More information about the Cygwin-developers