delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2024/02/25/17:34:43

X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0EF3F3858C78
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1708900481;
bh=fmNQWGrJZ4P5217DyW9UHlHaigCD5zZdpkE2CPyZ3wQ=;
h=Date:To:Cc:Subject:References:In-Reply-To:List-Id:
List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
From:Reply-To:From;
b=FJkK8xOv/sfjZJk60AerqA/aUhixuTyJywlavX2lQNFJ98FahAAA+ZHsguwqhamIx
u4FZNurv9OccLLVnK7kePrLHHHdqHLHafCthrwanAfmA79Kl8ZqccryboUx+cRF4yq
DG3Q9TUM8rqnEl8qSANcZRH1f3HcFwSvGUXdpyxw=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 71DFB3858D39
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 71DFB3858D39
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1708900448; cv=none;
b=w0EVlV3ozgKqrd878bcUi/ksYpuPzjCKtG9xIZ+oq10ybx7mVhTDtlKTDwl/YhAtF5mDGl/Nm8y0pGdM6Sw0mAJi5uk2Q6nBI9Fuo+ahMol1OXO6Dt0zv6he2OtCKelfzu1YiBtGGn6YDtkzOtYL1e1vaP+DTJ90j7LugTu92tA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
t=1708900448; c=relaxed/simple;
bh=IzIoz/Xm+Cj0Gd8VqFMKxBqt65EAlqxA7A7ObXuVHQo=;
h=Date:From:To:Subject:Message-ID:MIME-Version;
b=ZrfFHjaQs1r8ZQLOPh8Gz7gC6qfytsSdkM+vyrPUYgXVoHMUIoaK+LLQSOMlmad/PiZu8R23Gr9beqSrDvR2tGySggUlvp7/KutziFGJwmB8h21UUQ6t613dNCqUzB+6beI2A5uRbT1LNkCjPpz+cG0HV295TuUajoHRhCaVHaI=
ARC-Authentication-Results: i=1; server2.sourceware.org
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
server2.sourceware.org
X-Spam-Language: en
X-Spam-Relay-Country:
X-Spam-DCC: B=www.nova53.net; R=smtp1.atof.net 1206; Body=1 Fuz1=1 Fuz2=1
X-Spam-RBL:
X-Spam-PYZOR: Reported 0 times.
Date: Sun, 25 Feb 2024 17:32:22 -0500
To: Roland Mainz <roland DOT mainz AT nrubsig DOT org>
Cc: cygwin AT cygwin DOT com
Subject: Re: Will all SIDs fit into |SECURITY_MAX_SID_SIZE| bytes ? / was:
Re: Switching groups with newgrp - how to get the new group with
|GetTokenInformation()| ?
Message-ID: <Zdu_9j2OplMcA5ki@xps13>
References: <CAKAoaQnFxij4Np-jg+bOLEpiSziCfamFrJ2FR_JeO+Sv_Td2Kg AT mail DOT gmail DOT com>
<ZdecXZNUgQ3i0hYN AT calimero DOT vinschen DOT de>
<CAKAoaQk39bKbG0a_sZAR2KKz5f4U04xc=499YibfbdLesxC4Vg AT mail DOT gmail DOT com>
<Zdo8B-IhG_dYAjGo AT calimero DOT vinschen DOT de>
<CAKAoaQmL4wQ526dQ_-ASHCMum8L2sKiR_LnP-ba+R+39ZCMKVw AT mail DOT gmail DOT com>
MIME-Version: 1.0
In-Reply-To: <CAKAoaQmL4wQ526dQ_-ASHCMum8L2sKiR_LnP-ba+R+39ZCMKVw@mail.gmail.com>
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
SPF_HELO_NONE, SPF_PASS, TIME_LIMIT_EXCEEDED, TXREP,
T_SCC_BODY_TEXT_LINE autolearn=unavailable version=3.4.6
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: "gs-cygwin.com--- via Cygwin" <cygwin AT cygwin DOT com>
Reply-To: gs-cygwin DOT com AT gluelogic DOT com
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 41PMYgrp248157

On Sun, Feb 25, 2024 at 10:04:29PM +0100, Roland Mainz via Cygwin wrote:
> On Sat, Feb 24, 2024 at 7:57 PM Corinna Vinschen via Cygwin
> <cygwin AT cygwin DOT com> wrote:
> >
> > On Feb 24 15:38, Roland Mainz via Cygwin wrote:
> > > On Thu, Feb 22, 2024 at 8:11 PM Corinna Vinschen via Cygwin
> > > <cygwin AT cygwin DOT com> wrote:
> > > > On Feb 22 18:38, Roland Mainz via Cygwin wrote:
> > > > > If I switch the current user's group with /usr/bin/newgrp, how can a
> > > > > (native) Win32 process use
> > > > > |GetTokenInformation(GetCurrentThreadToken(), ...)| to find out which
> > > > > group is the new "current group" (e.g. which |TokenInformationClass|
> > > > > should I use) ?
> > > >
> > > >   PSID sidbuf = (PSID) alloca (SECURITY_MAX_SID_SIZE);
> > > [snip]
> > >
> > > Win32/NT API question: All known SIDs will fit into
> > > |SECURITY_MAX_SID_SIZE| bytes, right ? I'm asking because right now
> > > the ms-nfs41-client code assumes that all SIDs use a variable amount
> > > of memory, and we always have to ask the Win32/NT API about the number
> > > of bytes to allocate. If |SECURITY_MAX_SID_SIZE| is the global maximum
> > > limit for all Windows versions, then we could simplify the code a
> > > lot...
> >
> > Yes.  ACLs are size restricted to 64K, though, but that shouldn't be
> > much of a problem usally.
> 
> Erm... why ACLs? I was asking about the memory allocation size for an SID.
> 
> Example:
> Right now our code uses two calls to |LookupAccountNameA()| for the
> conversion from a Windows account name to Windows SID.
> The first call gets the allocation size for a SID, our code then
> allocates that memory, and then does a second call to
> |LookupAccountNameA()| to fill that memory with that SID.
> 
> If |SECURITY_MAX_SID_SIZE| (currently 68 bytes) is the maximum memory
> size a Windows syscall can return for a SID, then the code above could
> be simplified to a |sidmem =
> malloc(SECURITY_MAX_SID_SIZE)|+|LookupAccountNameA(..., sidmem, ...)|.
> 
> The same could be done in many many other places, leading to a
> considerable reduction of Win32 system library calls.
> 
> Question is whether the assumption about |SECURITY_MAX_SID_SIZE| is correct...

A robust solution which also reduces syscalls does not necessarily
require a precise answer here.

I suggest writing a wrapper function which has on the stack
  CSTR sidbuf[SECURITY_MAX_SID_SIZE];
and calls LookupAccountNameA() passing sidbuf as Sid.
If it succeeds, then malloc() returned cbSid value and copy sidbuf[].
If it fails because the buffer is too small, then malloc() the returned
cbSid value and call LookupAccountNameA() again.

Doing the above will keep memory use to a minimum, and will generally
call LookupAccountNameA() once per wrapper func invocation rather than
twice.

Cheers, Glenn

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019