This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Corinna or Pierre please comment? [jason@tishler.net: Re: setuid() problem when disconnected from PDC under 1.3.12-2]
At 02:49 PM 7/17/2002 -0400, Jason Tishler wrote:
>Your patch works great! Will you be submitting it (or a variation) for
>consideration?
>
Corinna, what do you think?
You wrote:
if (!GetPDC())
FAIL;
if (!get_domain_groups_of_account())
FAIL;
if (!get_local_groups_of_account())
FAIL;
if (!has_primary_group) <- from setgid()
get_primary_group_of_account();
get_supplementary_groups_from_etc_group();
We *could* change it this way to succeed more often:
GetPDC();
if (has_pdc)
{
get_domain_groups_of_account();
get_local_groups_of_account();
if (!has_primary_group)
get_primary_group_of_account();
}
if (!has_primary_group)
get_primary_group_from_etc_passwd();
get_supplementary_groups_from_etc_group();
What the patch is doing is:
GetPDC();
if (has_pdc)
{
get_domain_groups_of_account();
}
get_primary_group_from_etc_passwd();
get_supplementary_groups_from_etc_group();
get_local_groups_of_account();
add primary group passed as arg <- from setgid()
- The group from passwd is added unconditionally because in Windows
the primary group must be a group (either global or local) in the token,
and will always be added anyway if a DC is reachable (assuming the
passwd group is the Windows primary group, e.g. as built by mkpasswd).
That will greatly help in most cases, without editing /etc/group
- That group and the supplementary groups are looked up before
get_local_groups() because membership in a global group can induce
membership in local groups. So /etc/group should only be edited
to add membership in global groups (if any different from the passwd group).
That deviates from traditional Unix where group membership is never
induced, but the main reason to use supplementary groups in Cygwin
is to handle the case where the DC is unreachable (should mkgroup do it
automagically?) and following Windows logic seems appropriate.
- The primary group passed as arg is added last (if not yet present),
so as to avoid inducing extra memberships in local groups (thus
respecting Unix tradition). That's important when that group is special,
e.g. "mail". We don't want unexpected side effects.
- Should we add an informational system_printf() if the DC can't be
looked up?
I have researched cached credentials. That feature can be turned off
(it's a security risk), and by default applies only to the last 10
distinct logins. Thus it can't be relied on. Somebody already asked
where the info was kept (on a number of lists) but never got any answer.
I also found (on Win2000)
HKEY_USERS\S-1-5-21-XXX\Software\Microsoft\Windows\CurrentVersion\Group
Policy\GroupMembership
It has the right info, apparently updated regularly. But it can be tampered
with by the user (?) and doesn't seem to be the source of the group info
for logons. Should it be used by Cygwin?
Pierre