This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Testers needed: New passwd/group handling in Cygwin

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Mon, 17 Feb 2014 17:21:52 +0100
Subject: Re: Testers needed: New passwd/group handling in Cygwin
Authentication-results: sourceware.org; auth=none
References: <20140213143849 dot GH2246 at calimero dot vinschen dot de>
Reply-to: cygwin at cygwin dot com

On Feb 13 15:38, Corinna Vinschen wrote:
> Hi folks,
>
>
> this week I applied the first incarnation of the new passwd/group
> handling code to the Cygwin repository and after fixing a crash which
> manifested in Denis Excoffier's network, I think we're at a point
> which allows to push this forward.
> [...]

Ok guys, I just applied a patch implementing getpwent and getgrent,
and the way to configure the output is probably more detailed than
you ever wanted:

The default output of both functions consists of the so far cached
accounts, plus a fixed set of builtin accounts for backward
compatibility with mkpasswd/mkgroup output. For instance, getpwent
output looks like this:

corinna:*:1049577:1049701:Corinna Vinschen,U-VINSCHEN\corinna,S-1-5-21-2913048732-1697188782-3448811101-1001:/home/corinna:/bin/tcsh
+SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash
+LOCAL SERVICE:*:19:19:U-NT AUTHORITY\LOCAL SERVICE,S-1-5-19:/home/LOCAL SERVICE:/bin/bash
+NETWORK SERVICE:*:20:20:U-NT AUTHORITY\NETWORK SERVICE,S-1-5-20:/home/NETWORK SERVICE:/bin/bash
+Administrators:*:544:513:U-BUILTIN\Administrators,S-1-5-32-544:/home/Administrators:/bin/bash
+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:/home/TrustedInstaller:/bin/bash

and getgrent like this:

vinschen:S-1-5-21-2913048732-1697188782-3448811101-1125:1049701:
+Administrators:S-1-5-32-544:544:
+SYSTEM:S-1-5-18:18:
+TrustedInstaller:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:328384:

As long as we didn't decide to do it differently, the configuration
takes place in /etc/nsswitch.conf. The new keyword is "db_enum", and
the value is a list of sources:

db_enum: source...

A source can be

none No output from getpwent/getgrent at all.

all The opposite. Output accounts from all known
sources, including all trusted domains.

cache List all accounts currently cached in memory.

builtin List the predefined builtin accounts for backward
compatibility.

files List the accounts from /etc/passwd or /etc/group.

local List all accounts from the local SAM.

primary List all accounts from the primary domain.

alltrusted List all accounts from all trusted domains.

some.domain List all accounts from the trusted domain some.domain.
The trusted domain can be given as Netbios flat name
(MY_DOMAIN) or as dns domain name (my_domain.corp).
In contrast to the aforementioned fixed source keywords,
distinct domain names are caseinsensitive. Only domains
which are actually trusted domains are enumerated.
Unknown domains are simply ignored.

Please note that this functionality does *not* test if an account was
already listed from another source, so an account can easily show up
twice or three times. Such a test would be rather tricky, nor does the
Linux implementation perform such test.

Here are a few examples for /etc/nsswitch.conf, which are hopefully
self-explaining:

db_enum: none

db_enum: all

db_enum: cache files

db_enum: cache local primary

db_enum: local primary alltrusted

db_enum: primary domain1.corp sub.domain.corp domain2.net

If those examples are *not* self-explaining, don't hesitate to ask.

Please fetch the latest snapshot from http://cygwin.com/snapshots/
It contains this change. I attached two simple test applications
to this mail.

If it works nicely, I will rewrite mkpasswd and mkgroup to use the
Cygwin implementation as well, rather than implementing their own
enumerations.

Corinna

--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat

Attachment: getpwent.c
Description: Text document

Attachment: getgrent.c
Description: Text document

Attachment: pgp7u5sbQH3Ty.pgp
Description: PGP signature

Follow-Ups:
- Re: Testers needed: New passwd/group handling in Cygwin
  - From: Andrey Repin
- Re: Testers needed: New passwd/group handling in Cygwin
  - From: Corinna Vinschen

References:
- Testers needed: New passwd/group handling in Cygwin
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]