X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Date: Thu, 11 Feb 2010 19:52:14 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: cron & Windows 7 Message-ID: <20100211185214.GS28659@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <010601caaaca$58aa1e20$7b00a8c0 AT wirelessworld DOT airvananet DOT com> <4B73894B DOT 4060306 AT tpg DOT com DOT au> <014d01caab1d$bed91720$7b00a8c0 AT wirelessworld DOT airvananet DOT com> <20100211134116 DOT GM28659 AT calimero DOT vinschen DOT de> <01a301caab2a$1c496a70$7b00a8c0 AT wirelessworld DOT airvananet DOT com> <20100211151748 DOT GN28659 AT calimero DOT vinschen DOT de> <01ef01caab42$ed7a31c0$7b00a8c0 AT wirelessworld DOT airvananet DOT com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01ef01caab42$ed7a31c0$7b00a8c0@wirelessworld.airvananet.com> User-Agent: Mutt/1.5.20 (2009-06-14) Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Feb 11 12:52, Pierre A. Humblet wrote: > > ----- Original Message ----- > From: "Corinna Vinschen" > To: > Sent: Thursday, February 11, 2010 10:17 > | > | If a domain isn't involved, why fails loading user32 DLL?!? In that > | case there should be no issue with the user account since the local > | SAM replies with the correct group list. Or not?!? > > The only strange output is > get_user_local_groups: LookupAccountName(BUILTIN\Administratoren), Win32 error 1332 > but there should be other groups, like Users. Uh oh. Is the name of the BUILTIN group not BUILTIN on non-English systems? If so, the code in get_user_local_groups must be changed to emit the correct name, rather than just storing the fixed string "BUILTIN\\" in builtin_grp. [...time passes...] Can you please check if this untested(!) code is doing the right thing? Index: sec_auth.cc =================================================================== RCS file: /cvs/src/src/winsup/cygwin/sec_auth.cc,v retrieving revision 1.29 diff -u -p -r1.29 sec_auth.cc --- sec_auth.cc 6 Feb 2010 13:13:15 -0000 1.29 +++ sec_auth.cc 11 Feb 2010 18:44:05 -0000 @@ -320,20 +320,19 @@ get_user_local_groups (PWCHAR logonserve } WCHAR domlocal_grp[MAX_DOMAIN_NAME_LEN + GNLEN + 2]; - WCHAR builtin_grp[sizeof ("BUILTIN\\") + GNLEN + 2]; - PWCHAR dg_ptr, bg_ptr; + WCHAR builtin_grp[2 * GNLEN + 2]; + PWCHAR dg_ptr, bg_ptr = NULL; SID_NAME_USE use; dg_ptr = wcpcpy (domlocal_grp, domain); *dg_ptr++ = L'\\'; - bg_ptr = wcpcpy (builtin_grp, L"BUILTIN\\"); for (DWORD i = 0; i < cnt; ++i) { cygsid gsid; DWORD glen = MAX_SID_LEN; WCHAR dom[MAX_DOMAIN_NAME_LEN + 1]; - DWORD domlen = sizeof (dom); + DWORD domlen = MAX_DOMAIN_NAME_LEN + 1; use = SidTypeInvalid; wcscpy (dg_ptr, buf[i].lgrpi0_name); @@ -348,17 +347,35 @@ get_user_local_groups (PWCHAR logonserve else if (GetLastError () == ERROR_NONE_MAPPED) { /* Check if it's a builtin group. */ - wcscpy (bg_ptr, dg_ptr); - if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen, - dom, &domlen, &use)) + if (!bg_ptr) { - if (!legal_sid_type (use)) - debug_printf ("Rejecting local %W. use: %d", dg_ptr, use); + cygsid bgsid ("S-1-5-32"); + glen = 2 * GNLEN + 2; + if (!LookupAccountSidW (NULL, bgsid, builtin_grp, &glen, + domain, &domlen, &use)) + debug_printf ("LookupAccountSid(BUILTIN), %E"); else - grp_list *= gsid; + { + bg_ptr = builtin_grp + wcslen (builtin_grp); + bg_ptr = wcpcpy (builtin_grp, L"\\"); + glen = MAX_SID_LEN; + domlen = MAX_DOMAIN_NAME_LEN + 1; + } + } + if (bg_ptr) + { + wcscpy (bg_ptr, dg_ptr); + if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen, + dom, &domlen, &use)) + { + if (!legal_sid_type (use)) + debug_printf ("Rejecting local %W. use: %d", dg_ptr, use); + else + grp_list *= gsid; + } + else + debug_printf ("LookupAccountName(%W), %E", builtin_grp); } - else - debug_printf ("LookupAccountName(%W), %E", builtin_grp); } else debug_printf ("LookupAccountName(%W), %E", domlocal_grp); > If we want to eliminate that possibility: > Matthias , could you edit /etc/passwd and change your gid from 513 to 545, > or edit /etc/group and add your id (text, not uid) in the last (currently empty) > field of the 545 group. > > | Well, in the long run I'd like to drop the chance to add groups by adding > | users to /etc/group. This allows overriding AD settings for no good reason. > I would at least keep it as backup. There have been reported cases were the DC > does not answer due to temporary network reasons. Yeah, it's just a nightmare for Admins... > B.t.w. I just tried mkgroup -lu on my local XP (still 1.5). It does NOT populate users > in some groups, in particular Users (545) It does not populate users in *any* group. The option has been disabled. The group list should only be used in rare cases, if at all. > Also when I ssh into my home XP (1.7), I get > mkgroup (376): [1722] The RPC server is unavailable. For me this also occurs in a normal console window and that's to be expected. -l is an `optional_argument' option. Try `mkgroup -l -u'. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple