Re: Will all SIDs fit into |SECURITY_MAX_SID_SIZE| bytes ? / was: Re: Switching groups with newgrp - how to get the new group with |GetTokenInformation()| ?

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: gs-cygwin.com@gluelogic.com
To: Roland Mainz <roland.mainz@nrubsig.org>
Cc: cygwin@cygwin.com
Subject: Re: Will all SIDs fit into |SECURITY_MAX_SID_SIZE| bytes ? / was: Re: Switching groups with newgrp - how to get the new group with |GetTokenInformation()| ?
Date: Sun, 25 Feb 2024 17:32:22 -0500	[thread overview]
Message-ID: <Zdu_9j2OplMcA5ki@xps13> (raw)
In-Reply-To: <CAKAoaQmL4wQ526dQ_-ASHCMum8L2sKiR_LnP-ba+R+39ZCMKVw@mail.gmail.com>

On Sun, Feb 25, 2024 at 10:04:29PM +0100, Roland Mainz via Cygwin wrote:
> On Sat, Feb 24, 2024 at 7:57 PM Corinna Vinschen via Cygwin
> <cygwin@cygwin.com> wrote:
> >
> > On Feb 24 15:38, Roland Mainz via Cygwin wrote:
> > > On Thu, Feb 22, 2024 at 8:11 PM Corinna Vinschen via Cygwin
> > > <cygwin@cygwin.com> wrote:
> > > > On Feb 22 18:38, Roland Mainz via Cygwin wrote:
> > > > > If I switch the current user's group with /usr/bin/newgrp, how can a
> > > > > (native) Win32 process use
> > > > > |GetTokenInformation(GetCurrentThreadToken(), ...)| to find out which
> > > > > group is the new "current group" (e.g. which |TokenInformationClass|
> > > > > should I use) ?
> > > >
> > > >   PSID sidbuf = (PSID) alloca (SECURITY_MAX_SID_SIZE);
> > > [snip]
> > >
> > > Win32/NT API question: All known SIDs will fit into
> > > |SECURITY_MAX_SID_SIZE| bytes, right ? I'm asking because right now
> > > the ms-nfs41-client code assumes that all SIDs use a variable amount
> > > of memory, and we always have to ask the Win32/NT API about the number
> > > of bytes to allocate. If |SECURITY_MAX_SID_SIZE| is the global maximum
> > > limit for all Windows versions, then we could simplify the code a
> > > lot...
> >
> > Yes.  ACLs are size restricted to 64K, though, but that shouldn't be
> > much of a problem usally.
> 
> Erm... why ACLs? I was asking about the memory allocation size for an SID.
> 
> Example:
> Right now our code uses two calls to |LookupAccountNameA()| for the
> conversion from a Windows account name to Windows SID.
> The first call gets the allocation size for a SID, our code then
> allocates that memory, and then does a second call to
> |LookupAccountNameA()| to fill that memory with that SID.
> 
> If |SECURITY_MAX_SID_SIZE| (currently 68 bytes) is the maximum memory
> size a Windows syscall can return for a SID, then the code above could
> be simplified to a |sidmem =
> malloc(SECURITY_MAX_SID_SIZE)|+|LookupAccountNameA(..., sidmem, ...)|.
> 
> The same could be done in many many other places, leading to a
> considerable reduction of Win32 system library calls.
> 
> Question is whether the assumption about |SECURITY_MAX_SID_SIZE| is correct...

A robust solution which also reduces syscalls does not necessarily
require a precise answer here.

I suggest writing a wrapper function which has on the stack
  CSTR sidbuf[SECURITY_MAX_SID_SIZE];
and calls LookupAccountNameA() passing sidbuf as Sid.
If it succeeds, then malloc() returned cbSid value and copy sidbuf[].
If it fails because the buffer is too small, then malloc() the returned
cbSid value and call LookupAccountNameA() again.

Doing the above will keep memory use to a minimum, and will generally
call LookupAccountNameA() once per wrapper func invocation rather than
twice.

Cheers, Glenn

next prev parent reply	other threads:[~2024-02-25 22:32 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-22 17:38 Roland Mainz
2024-02-22 19:11 ` Corinna Vinschen
2024-02-23 13:03   ` Roland Mainz
2024-02-23 15:47     ` Corinna Vinschen
2024-02-23 18:45       ` Roland Mainz
2024-02-23 21:15         ` Dan Shelton
2024-02-24 13:11           ` Corinna Vinschen
2024-03-05 22:38             ` Dan Shelton
2024-03-06 13:01               ` Corinna Vinschen
2024-03-09 21:26                 ` Glenn Strauss
2024-03-11  1:30                   ` Dan Shelton
2024-03-11  3:49                     ` Brian Inglis
2024-03-11 16:54                   ` Corinna Vinschen
2024-03-11  1:28                 ` Dan Shelton
2024-03-11 16:56                   ` Corinna Vinschen
2024-04-19 23:44                     ` Dan Shelton
2024-04-26  9:04                       ` Andrey Repin
2024-02-24 16:57           ` Brian Inglis
2024-02-24 12:53         ` Corinna Vinschen
2024-02-24 14:38   ` Will all SIDs fit into |SECURITY_MAX_SID_SIZE| bytes ? / was: " Roland Mainz
2024-02-24 18:57     ` Corinna Vinschen
2024-02-25 21:04       ` Roland Mainz
2024-02-25 22:32         ` gs-cygwin.com [this message]
2024-02-26  4:17           ` gs-cygwin.com
2024-02-26 16:12           ` [EXTERNAL] " Lavrentiev, Anton (NIH/NLM/NCBI) [C]
2024-02-26  9:20         ` Corinna Vinschen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Zdu_9j2OplMcA5ki@xps13 \
    --to=gs-cygwin.com@gluelogic.com \
    --cc=cygwin@cygwin.com \
    --cc=roland.mainz@nrubsig.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).