On Jun 28 18:06, Bill Zissimopoulos wrote: > On 6/28/16, 3:27 AM, "Corinna Vinschen" of corinna-cygwin@cygwin.com> wrote: > > > >>Ok. Please keep in mind that > > > >a) there can't be a bijective mapping between arbitrary length SIDs > > and a 32 bit uid/gid. > > > >b) The mapping used in Cygwin is not self-created but (mostly, except > > for a single deviation) identical to the Interix mapping. The code > > basically follows how this mapping has been defined by Microsoft. > > Corinna, please stop explaining things to me that I already know. Sorry but I don't grok this. During this discussion you were explaining things to me which I obviously had to know. If I'm explainig things to you you already know, well, sorry about that. Your attempt at creating an artificial SID just to prove that a collision could be constructed looked like you didn't understand how well-known Windows SIDs work and are constructed, and that there's no way for a collision from a valid Windows SID here. > >> BTW, I have here a partitioning of the UID namespace that may help > >>choose > >> the right mapping: > >> > >> /* > >> * UID namespace partitioning (from [IDMAP] rules): > >> * > >> * 0x000000 + RID S-1-5-RID,S-1-5-32-RID > >> * 0x000ffe OtherSession > >> * 0x000fff CurrentSession > >> * 0x001000 * X + RID S-1-5-X-RID ([WKSID]: > >> X=1-15,17-21,32,64,80,83) > >> * 0x010000 + 0x100 * X + Y S-1-X-Y ([WKSID]: X=1,2,3,4,5,9,16) > >> * 0x030000 + RID S-1-5-21-X-Y-Z-RID > >> * 0x060000 + RID S-1-16-RID > >> * 0x100000 + RID S-1-5-21-X-Y-Z-RID > >> */ > > > >You're aware that I wrote the code for this mapping as well as its > >documentation? :) > > Corinna, of course I am aware of that. I have found your original post to > this list about it. Why would you think otherwise? And why would it change > anything? If that's the case, then why do you explain all these things to me? I'm a bit at a loss to see the difference between me explaining things to you you already know vs. you explaing things to me I already know. Aren't we kind of on par here? But, never mind. > >>With all that and to help conclude this thread I gather here all the > >> proposed mappings. Corinna, I will use the one which you prefer the > >>most: > >> > >> S-1-0-65534 <-> 65534 > > > >This one is still my favorite. Again, the range from 0x1000 up to > >0xffff is unused. Right now any incoming uid/gid value in this range > >for a reverse SID lookup is treated as invalid SID. > > I disagree. You are saying that it is unused, but a (perhaps erroneous) > SID would map into that space. Yes that's possible. However, where would this erroneous SID come from? The chances that a SID comes in which gets converted to uid/gid 0xfffffffe is actually higher. See UNIX_POSIX_OFFSET. > In any case I will use your mapping of S-1-0-65534 <-> 65534. Thanks. Do you want to add handling for this mapping to pwdgrp::fetch_account_from_windows yourself or shall I do it? I could come up with a patch in the next couple of days. I will prepare a developer's snapshot then, so you can immediately test if it works as desired. Thanks again, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat