mkpasswd and mkgroup patch, ntsec documentation, 3rd try
Corinna Vinschen
corinna@vinschen.de
Tue Jun 1 05:31:00 GMT 1999
Hi Chris,
Chris Faylor wrote:
>
> On Mon, May 31, 1999 at 07:56:03PM +0200, Corinna Vinschen wrote:
> >Chris Faylor wrote:
> >> Also, I was thinking that CYGWIN=ntsec should be *on* by default. That
> >> way it will be tested by more people. Can you add a check in environ.cc
> >> to turn this on if it's running under NT (assuming you agree)?
> >
> >Done.
It's essential now, to document this in the installation instructions:
NT users have to create /etc/passwd and /etc/group or they have to
set CYGWIN=nontsec if they don't want to use NT security.
Michael Hirmke has corrected my ntsec documentation (oh god, my English
is SO bad!) and it's definitely more readable now.
NT security is so complex, that I think, the document should be part of
winsup. Do you agree?
I have attached patches to mkpasswd.c and mkgroup.c for better working
with ntsec.
mkpasswd and mkgroup both list the correct native name of the
`Everyone' group (SID 0) and mkgroup additionally lists the native
name of the `None' group (SID 513) now.
On a workstation the commands `mkpasswd -l -g' and `mkgroup -l'
result in real complete passwd and group files now. I don't know,
how it looks like in domains. Unfortunately there is no solution for
correct primary group assignment outside of domains as I mention in
the ntsec doc.
Regards,
Corinna
ChangeLog:
==========
Thu Jun 1 14:17:00 1999 Corinna Vinschen <corinna@vinschen.de>
* utils/mkpasswd.c: Changed to output native names of
well known group `Everyone' (SID 0).
* utils/mkgroup.c: Ditto plus output of native name of
well known group `None' (SID 513).
Index: mkpasswd.c
===================================================================
RCS file: /src/cvsroot/winsup-990526/utils/mkpasswd.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mkpasswd.c
--- mkpasswd.c 1999/05/28 19:28:24 1.1.1.1
+++ mkpasswd.c 1999/06/01 12:20:26
@@ -22,6 +22,9 @@
#include <stdio.h>
+SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY};
+
#ifndef min
#define min(a,b) (((a)<(b))?(a):(b))
#endif
@@ -167,9 +170,9 @@ enum_local_groups ()
return 0;
}
- gid = *GetSidSubAuthority (psid, 1);
+ gid = *GetSidSubAuthority (psid, *GetSidSubAuthorityCount(psid) - 1);
- printf ("%s::%ld:0:::\n", localgroup_name, gid);
+ printf ("%s:*:%ld:%ld:::\n", localgroup_name, gid, gid);
}
NetApiBufferFree (buffer);
@@ -208,6 +211,11 @@ main (int argc, char **argv)
int domain_name_specified = 0;
int i;
+ char name[256], dom[256];
+ DWORD len, len2;
+ PSID sid;
+ SID_NAME_USE use;
+
if (argc == 1)
usage ();
@@ -243,6 +251,23 @@ main (int argc, char **argv)
exit (1);
}
+ /*
+ * Get `Everyone' group
+ */
+ if (AllocateAndInitializeSid (&sid_world_auth, 1, SECURITY_WORLD_RID,
+ 0, 0, 0, 0, 0, 0, 0, &sid))
+ {
+ if (LookupAccountSid (NULL, sid,
+ name, (len = 256, &len),
+ dom, (len2 = 256, &len),
+ &use))
+ printf ("%s:*:%d:%d:::\n", name, SECURITY_WORLD_RID, SECURITY_WORLD_RID);
+ FreeSid (sid);
+ }
+
+ if (print_local_groups)
+ enum_local_groups ();
+
if (print_domain)
{
if (domain_name_specified)
@@ -262,9 +287,6 @@ main (int argc, char **argv)
if (print_local)
enum_users (NULL);
-
- if (print_local_groups)
- enum_local_groups ();
return 0;
}
Index: mkgroup.c
===================================================================
RCS file: /src/cvsroot/winsup-990526/utils/mkgroup.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mkgroup.c
--- mkgroup.c 1999/05/28 19:28:24 1.1.1.1
+++ mkgroup.c 1999/06/01 12:19:28
@@ -16,6 +16,8 @@
#include <lmaccess.h>
#include <lmapibuf.h>
+SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY};
+
#ifndef min
#define min(a,b) (((a)<(b))?(a):(b))
#endif
@@ -53,6 +55,70 @@ uni2ansi (LPWSTR wcs, char *mbs)
*mbs = '\0';
}
+int
+enum_local_groups ()
+{
+ LOCALGROUP_INFO_0 *buffer;
+ DWORD entriesread = 0;
+ DWORD totalentries = 0;
+ DWORD resume_handle = 0;
+
+ do
+ {
+ DWORD i;
+ DWORD rc = NetLocalGroupEnum (NULL, 0, (LPBYTE *) & buffer, 1024,
+ &entriesread, &totalentries, &resume_handle);
+
+ switch (rc)
+ {
+ case ERROR_ACCESS_DENIED:
+ fprintf (stderr, "Access denied\n");
+ exit (1);
+
+ case ERROR_MORE_DATA:
+ case ERROR_SUCCESS:
+ break;
+
+ default:
+ fprintf (stderr, "NetUserEnum() failed with %ld\n", rc);
+ exit (1);
+ }
+
+ for (i = 0; i < entriesread; i++)
+ {
+ char localgroup_name[100];
+ char domain_name[100];
+ DWORD domname_len = 100;
+ char psid_buffer[1024];
+ PSID psid = (PSID) psid_buffer;
+ DWORD sid_length = 1024;
+ DWORD gid;
+ SID_NAME_USE acc_type;
+ uni2ansi (buffer[i].lgrpi0_name, localgroup_name);
+
+ if (!LookupAccountName (NULL, localgroup_name, psid,
+ &sid_length, domain_name, &domname_len,
+ &acc_type))
+ {
+ int code = GetLastError ();
+ fprintf (stderr, "LookupAccountName(%s) failed with %d\n",
+ localgroup_name, code);
+ return 0;
+ }
+
+ gid = *GetSidSubAuthority (psid, *GetSidSubAuthorityCount(psid) - 1);
+
+ printf ("%s::%ld:\n", localgroup_name, gid);
+ }
+
+ NetApiBufferFree (buffer);
+
+ }
+ while (entriesread < totalentries);
+
+ return 0;
+}
+
void
enum_groups (LPWSTR servername)
{
@@ -126,6 +192,11 @@ main (int argc, char **argv)
int domain_specified = 0;
int i;
+ char name[256], dom[256];
+ DWORD len, len2;
+ PSID sid, csid;
+ SID_NAME_USE use;
+
if (argc == 1)
usage ();
@@ -150,6 +221,51 @@ main (int argc, char **argv)
}
}
}
+
+ /*
+ * Get `Everyone' group
+ */
+ if (AllocateAndInitializeSid (&sid_world_auth, 1, SECURITY_WORLD_RID,
+ 0, 0, 0, 0, 0, 0, 0, &sid))
+ {
+ if (LookupAccountSid (NULL, sid,
+ name, (len = 256, &len),
+ dom, (len2 = 256, &len),
+ &use))
+ printf ("%s::%d:\n", name, SECURITY_WORLD_RID);
+ FreeSid (sid);
+ }
+
+ /*
+ * Get `None' group
+ */
+ GetComputerName (name, (len = 256, &len));
+ csid = (PSID) malloc (1024);
+ LookupAccountName (NULL, name,
+ csid, (len = 1024, &len),
+ dom, (len2 = 256, &len),
+ &use);
+ if (AllocateAndInitializeSid (GetSidIdentifierAuthority (csid),
+ *GetSidSubAuthorityCount (csid),
+ *GetSidSubAuthority (csid, 0),
+ *GetSidSubAuthority (csid, 1),
+ *GetSidSubAuthority (csid, 2),
+ *GetSidSubAuthority (csid, 3),
+ 513,
+ 0,
+ 0,
+ 0,
+ &sid))
+ {
+ if (LookupAccountSid (NULL, sid,
+ name, (len = 256, &len),
+ dom, (len2 = 256, &len),
+ &use))
+ printf ("%s::513:\n", name);
+ FreeSid (sid);
+ }
+ free (csid);
+
if (print_domain)
{
if (domain_specified)
@@ -168,9 +284,7 @@ main (int argc, char **argv)
}
if (print_local)
- enum_groups (NULL);
-
- printf ("Everyone::0:\n");
+ enum_local_groups ();
return 0;
}
More information about the Cygwin-developers
mailing list