From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4497 invoked by alias); 29 Jun 2016 08:21:43 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 4480 invoked by uid 89); 29 Jun 2016 08:21:42 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-94.3 required=5.0 tests=AWL,BAYES_00,CYGWIN_OWNER_BODY,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC autolearn=ham version=3.3.2 spammy=erroneous, explaining, H*f:D3980824.9862, H*MI:D3980824.9862 X-HELO: calimero.vinschen.de Received: from ipbcc0227e.dynamic.kabel-deutschland.de (HELO calimero.vinschen.de) (188.192.34.126) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 29 Jun 2016 08:21:32 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id CA084A80959; Wed, 29 Jun 2016 10:21:29 +0200 (CEST) Date: Wed, 29 Jun 2016 08:43:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: POSIX permission mapping and NULL SIDs Message-ID: <20160629082129.GC981@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20160624195144.GB27089@calimero.vinschen.de> <20160624215948.GD27089@calimero.vinschen.de> <1945820393.20160627122324@yandex.ru> <20160627102614.GA8258@calimero.vinschen.de> <20160628102705.GA22797@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="uQr8t48UFsdbeI+V" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.1 (2016-04-27) X-SW-Source: 2016-06/txt/msg00423.txt.bz2 --uQr8t48UFsdbeI+V Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 3483 On Jun 28 18:06, Bill Zissimopoulos wrote: > On 6/28/16, 3:27 AM, "Corinna Vinschen" of corinna-cygwin@cygwin.com> wrote: >=20 >=20 > >>Ok. Please keep in mind that > > > >a) there can't be a bijective mapping between arbitrary length SIDs > > and a 32 bit uid/gid. > > > >b) The mapping used in Cygwin is not self-created but (mostly, except > > for a single deviation) identical to the Interix mapping. The code > > basically follows how this mapping has been defined by Microsoft. >=20 > Corinna, please stop explaining things to me that I already know. Sorry but I don't grok this. During this discussion you were explaining things to me which I obviously had to know. If I'm explainig things to you you already know, well, sorry about that. Your attempt at creating an artificial SID just to prove that a collision could be constructed looked like you didn't understand how well-known Windows SIDs work and are constructed, and that there's no way for a collision from a valid Windows SID here. > >> BTW, I have here a partitioning of the UID namespace that may help > >>choose > >> the right mapping: > >>=20 > >> /* > >> * UID namespace partitioning (from [IDMAP] rules): > >> * > >> * 0x000000 + RID S-1-5-RID,S-1-5-32-RID > >> * 0x000ffe OtherSession > >> * 0x000fff CurrentSession > >> * 0x001000 * X + RID S-1-5-X-RID ([WKSID]: > >> X=3D1-15,17-21,32,64,80,83) > >> * 0x010000 + 0x100 * X + Y S-1-X-Y ([WKSID]: X=3D1,2,3,4,5,9,16) > >> * 0x030000 + RID S-1-5-21-X-Y-Z-RID > >> * 0x060000 + RID S-1-16-RID > >> * 0x100000 + RID S-1-5-21-X-Y-Z-RID > >> */ > > > >You're aware that I wrote the code for this mapping as well as its > >documentation? :) >=20 > Corinna, of course I am aware of that. I have found your original post to > this list about it. Why would you think otherwise? And why would it change > anything? If that's the case, then why do you explain all these things to me? I'm a bit at a loss to see the difference between me explaining things to you you already know vs. you explaing things to me I already know. Aren't we kind of on par here? But, never mind. > >>With all that and to help conclude this thread I gather here all the > >> proposed mappings. Corinna, I will use the one which you prefer the > >>most: > >>=20 > >> S-1-0-65534 <-> 65534 > > > >This one is still my favorite. Again, the range from 0x1000 up to > >0xffff is unused. Right now any incoming uid/gid value in this range > >for a reverse SID lookup is treated as invalid SID. >=20 > I disagree. You are saying that it is unused, but a (perhaps erroneous) > SID would map into that space. Yes that's possible. However, where would this erroneous SID come from? The chances that a SID comes in which gets converted to uid/gid 0xfffffffe is actually higher. See UNIX_POSIX_OFFSET. > In any case I will use your mapping of S-1-0-65534 <-> 65534. Thanks. Do you want to add handling for this mapping to pwdgrp::fetch_account_from_windows yourself or shall I do it? I could come up with a patch in the next couple of days. I will prepare a developer's snapshot then, so you can immediately test if it works as desired. Thanks again, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --uQr8t48UFsdbeI+V Content-Type: application/pgp-signature; name="signature.asc" Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXc4UJAAoJEPU2Bp2uRE+gaAgP/1KCH7t3xfGufMAv6X3ypkQD XM2kZqn19Ny8OgtuM/E4LULqYVZdX+9spYPwbJC9ox1WTBU4SlKDYVGpqhugRhyk xGUxmDDsHp1DoAf2STbSEp82y2yYW4qRv++ZPlEohu+vY2xN/W47dcXNa1bKo0sQ aJD8CXq3aivX5tGsyDfr3lEoXn4s2ZiPj1B++F8TuFqeuCCUXjCkaDaCXrj47rsX tPKxWwPLVCArFqn+zpap3keLR5RKTIQXX0Mloo01s1c5Sv8rlybYr7cHRuOEuG0I Ov14DiFGGDko95J+6tRzzESXXqRrci7eg+QoY8Pett0xBCtGSuqH0gxOCFOhAzwS Mi6HK89Rg4S3m1j8NSSvYHWbHevdYAcbyQFqUogbFIDTiR+szwbEfIZwO0h7zizs 0YgvPt73jxxSFLGCr0ehaF5UlJ0ywusTRpEbGJhwDt4PC7MZO6N+RQD1o/wp0mqS xv/AZzp2dv/xyjAOrpTTHGYCwQ+TJSkMv5XplqBO/O/HbHYJSurFhyPMw4HCWa35 7JOszQEgT0vsG01QlItwmYkTB7u/38FyaDpBi+KB4eeGw++an8o1kXcwcjbWDCNM W1KSVoyXUrUVWSVYD6rrTp+0YtHJWbBnhTzBuZCLFlJ7GQY7QO+r7NY52iB4EBFU 9I95zB+kB41LHEddtsUr =DV0a -----END PGP SIGNATURE----- --uQr8t48UFsdbeI+V--