delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2014/11/26/15:57:23

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:subject:message-id:reply-to
:references:mime-version:content-type:in-reply-to; q=dns; s=
default; b=nkP4B3DZ7fgGl+BU2ES1rEQz68Dr22nrXXTpBRGlU4sfvHAHvwVfO
g4Y/kTGp63M2vcngVQFUaQoWuDzstIm2au0iFSA1EYKpVVkQyQkwl8eIUT0WRhpg
rBT0KVGjzq0D3R0jkU/Ui+h0lRy+fx1aujBKSuq+hdTP2TbyRyicHM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:subject:message-id:reply-to
:references:mime-version:content-type:in-reply-to; s=default;
bh=bbA5/YjZD5Dh8x6FxblnuO7Y4hM=; b=pRDahP5zm/1mHFa8NqM0cfH2RgzM
/S+PSxi9Xy311mSNYH0URCDUe1qFosFzu3RLFrsMOQUyimmzyG633iHQq2Zoz9aN
QiFkwBAwk4d8AzLPNH/h0pe6Ocr2BUFAwQz1HUxGRIfa/DEJoRAn4S9h9Y2LW5O9
5fghqb5FmAPfaFI=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Wed, 26 Nov 2014 21:56:58 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: RFC: 1.7.33 problem with user's home directory
Message-ID: <20141126205658.GA9157@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20141110205216 DOT GJ2782 AT calimero DOT vinschen DOT de> <0B8D23F7-0258-472D-BF38-860402FD3CDC AT etr-usa DOT com> <20141111101821 DOT GO2782 AT calimero DOT vinschen DOT de> <loom DOT 20141111T112847-576 AT post DOT gmane DOT org> <20141111111437 DOT GB28012 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
In-Reply-To: <20141111111437.GB28012@calimero.vinschen.de>
User-Agent: Mutt/1.5.23 (2014-03-12) 

--oyUTqETQ0mS9luUI
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov 11 12:14, Corinna Vinschen wrote:
> On Nov 11 11:05, Achim Gratz wrote:
> > Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > > 1. Add a setting to /etc/nsswitch.conf which allows to specify one of
> > >   the above:
> > >=20
> > >     home: [unix|win|home]...
> > >=20
> > >    - "unix" means, set pw_dir to unixHomeDirectory
> > >    - "win" means, set pw_dir to homeDirectory
> > >    - "home" means, set pw_dir to /home/$USER
> > >    - Multiple entries are possible.
> > >    - Default in the absence of this setting is: always set pw_dir to
> > >      /home/$USER.
> >=20
> > Looks good, but maybe allow the AD attribute to be explicitly named (e.=
g.
> > cygwinHomeDirectory).
>=20
> Cygwin schema extension? :)

I just created a patch and a matching snapshot on
https://cygwin.com/snapshots/

The new stuff is still missing documentation, so I'm explaining it here
for now.

For the attentive, there are two questions in the text...

Here's what you get:

/etc/nsswitch.conf now supports specifying three new settings which
allow to configure the pw_dir, pw_shell, and pw_gecos content:

  db_home: schema...
  db_shell: schema...
  db_gecos: schema...

"schema..." is a list of up to four space-separated schemata:

  db_home: schema1 schema2 ...

If the first schema returns an empty string, skip to the second, and
so on.  Schemata only supported on AD are silently skipped for SAM
accounts and on non-AD machines.

The default for all three settings is:

  db_foo:  cygwin desc

Four predefined schemata are supported:

  windows           Utilizes typical Windows settings.  Supported for
		    AD and SAM accounts.

  cygwin            Utilizes predefined cygwinUser/cygwinGroup AD schema
                    extensions.  These are available via a schema extension
		    file /usr/share/cygwin/cygwin.ldif.

  unix              Utilizes the RFC2307 posixAccount/posixGroup schema
		    extensions.  These are available when installing the
		    Server for NIS AD feature.

  desc              Utilizes XML-style attributes in the description
                    attribute.  Supported for AD and SAM accounts.  This
		    way to fetch extended user and group info from the
		    description field is already documented (albeit only
		    for SAM accounts) in
		    https://cygwin.com/preliminary-ug/ntsec.html#ntsec-mapping-passwdinfo:

Two variable schemata are supported:

  @ad_attribute     ad_attribute is any arbitrary AD attribute name which
		    should be available in the User class or in any attached
		    auxiliary class.

  /path             An arbitrary string, typically a path.  The leading sla=
sh
		    is required.  The /path schema supports a few wildcards:

		      %u   Cygwin username
		      %U   Windows username
		      %D   Windows domain in NetBIOS style
		      %_   A space
		      %%   A percent sign.

The meaning of the schemata depend on the setting:

  db_home:

    windows         AD and SAM: Utilizes the setting of the homeDrive or
		    homeDirectory attributes, or their SAM "Home folder"
		    counterparts.  The Windows path is converted to a
		    POSIX path.

    cygwin          AD only: Shortcut for the cygwinHome attribute from
                    the predefined cygwinUser auxiliary class.  POSIX path
		    expected.

    unix            AD only: Shortcut for the unixHomeDirectory attribute
		    from the posixAccount auxiliary class.  POSIX path
		    expected.

    desc            AD and SAM: Fetch the home=3D"..."
                    setting from the user's description attribute.
		    POSIX path expected.

    @ad_attribute   AD-only: Read AD attribute "ad_attribute" as POSIX
		    path.
=09=09=20=20=20=20
		    However, I'm contemplating to allow a Windows path
		    here, too.  Does this make sense to you?

    /path	    POSIX path.  Remember the wildcards.

    fallback        If nothing works, the fallback is /home/$USERNAME
                    (Windows username).


  db_shell:

    windows         Ignored.  Do you want CMD instead?

    cygwin          AD-only: Shortcut for the cygwinShell attribute
		    from the cygwinUser class.  POSIX path.

    unix            AD-only: Shortcut for the loginShell attribute
		    from the posixAccount class.  POSIX path.

    desc            AD and SAM: Fetch the shell=3D"" setting from the
		    user's description attribute.  POSIX path.

    @ad_attribute   See above.

    /path	    See above.

    fallback        If nothing works, the fallback is /bin/bash.


  db_gecos:

    windows         AD and SAM: displayName attribute, or "Full Name"
		    setting in SAM.=20

    cygwin          AD-only: cygwinGecos attribute from cygwinUser class.

    unix            AD-only: gecos attribute from posixAccount class.

    @ad_attribute   Read AD attribute "ad_attribute" and prepend
                    to pw_gecos.

    /path	    Skip the slash, prepend the reminder of the string
                    to pw_gecos.  Note that the wildcards are still
		    evaluated.

    fallback        If nothing works, the fallback is no fallback.


Examples:

  db_home: cygwin desc

    The default.  Try the cygwinHome attribute first. If it's empty,
    evalaute the description field and see if the home dir is set via
    the cygwin XML-style text.  If that fails, fallback is /home/$USERNAME
    (Windows username).

  db_home: unix @msTSHomeDirectory /home/%u

    Try the unixHomeDirectory attribute first.  Empty?  Try the
    (otherwise unused) msTSHomeDirectory attribute.  Empty?  Fall back
    to /home/$USER (Cygwin username).

  db_gecos: @comment /Hallo%_%U

    Try the comment attribute.  Empty?  Fall back to the string
    "Hallo <Windows username>".  Example passwd entry:

      corinna:*:1049577:1049701:Hallo corinna,U-MY_DOM\corinna,S-1-5-21-yad=
a-yada:/home/corinna:/bin/bash

Is this new stuff basically clear?  Questions?

Please give it a try.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--oyUTqETQ0mS9luUI
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUdj6aAAoJEPU2Bp2uRE+gEj0P/0Vz1r9vlNh0y9BWxy7ug42r
hJ9soCIawx9nbmaNXhdmTlovE7PeEO19XP4SUhUxgS8WY/nriHD5diHOxUEossaL
S0FrTt7hUS8h1YeHUL0vtRRpRWrUHpwZANEgV4VtFL7JdfOcO5Nh3klH5Z5cK9UP
EC1weVrn3SIFsMpGguSnOfD9d1V0JTBnUVg5Nhd1QukPY40Gi1VsdHWly96mKXIo
xThIB6NL6/avW440oUs2s6KXPPvHr8n4uCuR+PGs0UBbHeoP09OvkAAdf4n9qBsB
GI59xEOV2oSqwXnlIQO2bBWoV4JXbTDGw5fIRSV5jBZBeWsGdYIh+BK0NHJa9sxk
4dWfkvvoxcGJCkNep6g73FAm6qEAfjiZSqP8SgUqOD+w3rN687kI2RyUl+bafzwS
1ERjVnCPO/+ZSeY+wMjvxGmSZ3pt4XAVlHBOJO9F+9EKfqU9rc0ey7cXGSwoXdRL
Y4u3+zQ3rrptC+cqYS6d8Po75T6Oa2Z6O7fPFjamz9xbC+9KyCk0FJf4RYMPbQm5
JG0X9YnTwpVaAqPxsEH8dvJqYNJK5CqRGElcaLBC4vkunTyxc25R1kvEu1UQxTO1
O+BIBQFllVOFvmTSKw+txC/qF/PXraIP86tI1NH1KXtfAa4El7bktf6X5Qw1ikqP
wlYf6F4mKiXRvJzIl9YF
=rUmn
-----END PGP SIGNATURE-----

--oyUTqETQ0mS9luUI--

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019