Mail Archives: cygwin/2014/11/11/06:37:27
--r/w8vo2lxBmCPGjQ
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Nov 11 07:39, Christian Franke wrote:
> Corinna Vinschen wrote:
> >On Nov 10 20:21, Christian Franke wrote:
> >>What will be the behavior of the predecessor of e.g. the csih function
> >>csih_create_unprivileged_user if called with USER without HOST prefix,
> >>machine is inside of domain and the user does not exist:
> >>- create local windows USER and require the config script to retrieve t=
he
> >>actual Cygwin HOST+USER name,
> >>- fail and tell the calling config script to retry with HOST+USER inste=
ad
> >>(if possible),
> >>- create local windows USER and create a /etc/passwd entry to support a
> >>non-prefixed Cygwin USER in this case,
> >>- one of the above, selected by a new option.
> >I'm not exactly sure yet. I'm working on it, and I ripped apart the
> >functions dealing with this problem by handling the cygwin username and
> >the windows username separately. But it's not yet finished. In theory
> >you have two cases.
> >
> >Either the account already exists, then the user should (probably
> >(grain/salt)) specify the Cygwin username, which is either prefixed or
> >not prefixed, dependent on the DB it will get taken from. The script
> >fetches the Windows domain and username from the U-... entry in pw_gecos
> >then.
> >
> >Or the account doesn't exist, then the username is just a name. The
> >user account will be created in the local SAM and dependent on the state
> >of the machine, AD member or not, will be prefixed or not as Cygwin
> >account.
> >
> >Something like that.
>=20
> Possibly a two step process:
>=20
> csih_check_unprivileged_user --allow-prefix $USER
>=20
> if [ "$csih_unpriv_cygwin_username" !=3D "$USER ]; then
> # Cygwin username has prefix
> .... inform user, patch configuration file, ...
> fu
>=20
> csih_create_unprivileged_user [ $PASSWORD ]
I'm making the prefixing depend on the just running Cygwin version
right now, and then, if an nsswitch.conf file exists, whether the
setting is "files"-only or not.
> >Is there any compromise possible which lets mkpasswd generate the
> >forward compatible accounts by default? I made the change to mkpasswd
> >and mkgroup I outlined last week, but I deliberately didn't check it in
> >because I'm still hoping we find a compromise going forward. I
> >understand that in your scenario you will have to use /etc/passwd for a
> >while longer.
> >
> >But... how many scripts would you really have to change if mkpasswd
> >generates prefixed names?
>=20
> We could add 'sed' to /etc/passwd generating script, no problem.
Oh, cool!
> The actual test scripts & tools from this use case pass local usernames
> from/to non-Cygwin programs and rely on the fact that Cygwin and Windows
> username match.
>=20
> For the long term, have some cyguser, cyggroup tools (similar to cygpath)
> which convert the names would be helpful.
Feel free to provide them. I'm not quite sure what kind of conversion
you're thinking about. Cygwin->Windows? If so, you can get that
with simple scripts:
pwd_entry=3D$(/usr/bin/getent passwd "$username")
# Extract Windows username and domain
tmp=3D"${pwd_entry#*:*:*:*U-}"
tmp=3D"${pwd_entry%%,*}"
domain=3D"${tmp%\\*}"
username=3D"${tmp#*\\}"
> > Alternatively, is setting some environment
> >variable feasible for tweaking the output of mkpasswd backward
> >compatible?
>=20
> Of course, yes.
>=20
> Or mkpasswd -l behavior depends on nsswitch.conf setting:
>=20
> passwd only: Old behavior
> passwd, db: New behavior, print warning
> db only: fail
That's an interesting idea...
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--r/w8vo2lxBmCPGjQ
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUYfTYAAoJEPU2Bp2uRE+g7I4P/15O/cpUOY33rTNdWrcA3sBF
RpEaXoCfdEQw59XoEpSep2vfDsblp1v+7B0oTHnIEoEHnxo6lqQztM5Mbdh9aCYa
6mi3a5cknzNeDYVK4XC6Rx/cWzZmMRN8qmgHa/BTIFM8gsEocaozYePwMmiN/Swc
8oPlCTHbpuILZundYdSWdrpQH/R6bpdjBzRdryhJsdXR1/uz14asPppHHggwGr2v
FANpSkgD0WjEeHEYBsXZc3NbrBFr5Rtz5eQwDWfCNYVP4YLPty+D85kpVp5J7+1Q
wW63nMx+UWIKYupJrP2BYra+NNsLzLildpfXgp3VrIVpYM9rbp4YeJ2P+Wdx4VDN
3Gh7hlQNCFyJWpbX4SsmMXqf0XLYoJG6ngSyZExDJGHWOUyrjh7PJrtI54qB3DuO
MRGIpK3NEi5tOiAqASkXoMuOz9UhYdl4EKnn85KWv8vkjPv9rbwbS6f27Ot8Tgj5
7ljsW7+iqgfJUenLaXBYl/W9y/X8eMm5O8+uUYZ3pdJoiBwGnKHNuZupWcfoSd3x
07ZhHoQNBVBkptk8gW4iKePgXA0BqWiPOKbWcBQCji4tLqakYLkcTNn2a28tK4z7
36GVvVcKDvv8dj6hUk0brPkPLrP/tzQf/mHhedAphCqT/0mpcklenVXMLCGO1gRO
ltvWQ72n/VZrd6xdwTZt
=u26G
-----END PGP SIGNATURE-----
--r/w8vo2lxBmCPGjQ--
- Raw text -