X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=aLqscdgXFuF4DaS+q0Fl1muVAHvQwGCkX5xgsWQ7aXbi6BEp6jGC5
	0TonCpfgDR9eobDZmbtG7kAV9AuPJ+pLBPUq40Wh3zbkmsq8VSAHYCr3MPSJgq36
	VP1HgGAWB8oGQOpaCPxW4zIfMLDQV6uN5P99DqMka4S0V0enIc90VI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=ybERJz/oNzfn3VfD9a9dciiac0U=; b=bAda6sN7/IF+PEldHimrCjN4l93k
	NhT6/DzEIgqPbECoN74UcZHX7QwAOsMzRuplO/F6bZ+i2DImyiTXt4zxb4K3IO8T
	+ZrDOKRqYpbTKSZxDNX2q0KIPYW9Q5WNdKnfAuNCnvLhx7zjSZ+wBxZCJMD6VhPe
	zWNBliUfoJVunzY=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.0 required=5.0 tests=AWL,BAYES_20 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Mon, 17 Feb 2014 17:21:52 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Testers needed:  New passwd/group handling in Cygwin
Message-ID: <20140217162152.GA17278@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20140213143849 DOT GH2246 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="O5XBE6gyVG5Rl6Rj"
Content-Disposition: inline
In-Reply-To: <20140213143849.GH2246@calimero.vinschen.de>
User-Agent: Mutt/1.5.21 (2010-09-15)

--O5XBE6gyVG5Rl6Rj
Content-Type: multipart/mixed; boundary="YZ5djTAD1cGYuMQK"
Content-Disposition: inline


--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 13 15:38, Corinna Vinschen wrote:
> Hi folks,
>=20
>=20
> this week I applied the first incarnation of the new passwd/group
> handling code to the Cygwin repository and after fixing a crash which
> manifested in Denis Excoffier's network, I think we're at a point
> which allows to push this forward.
> [...]

Ok guys, I just applied a patch implementing getpwent and getgrent,
and the way to configure the output is probably more detailed than
you ever wanted:

The default output of both functions consists of the so far cached
accounts, plus a fixed set of builtin accounts for backward
compatibility with mkpasswd/mkgroup output.  For instance, getpwent
output looks like this:

  corinna:*:1049577:1049701:Corinna Vinschen,U-VINSCHEN\corinna,S-1-5-21-29=
13048732-1697188782-3448811101-1001:/home/corinna:/bin/tcsh
  +SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash
  +LOCAL SERVICE:*:19:19:U-NT AUTHORITY\LOCAL SERVICE,S-1-5-19:/home/LOCAL =
SERVICE:/bin/bash
  +NETWORK SERVICE:*:20:20:U-NT AUTHORITY\NETWORK SERVICE,S-1-5-20:/home/NE=
TWORK SERVICE:/bin/bash
  +Administrators:*:544:513:U-BUILTIN\Administrators,S-1-5-32-544:/home/Adm=
inistrators:/bin/bash
  +TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-=
956008885-3418522649-1831038044-1853292631-2271478464:/home/TrustedInstalle=
r:/bin/bash

and getgrent like this:

  vinschen:S-1-5-21-2913048732-1697188782-3448811101-1125:1049701:
  +Administrators:S-1-5-32-544:544:
  +SYSTEM:S-1-5-18:18:
  +TrustedInstaller:S-1-5-80-956008885-3418522649-1831038044-1853292631-227=
1478464:328384:

As long as we didn't decide to do it differently, the configuration
takes place in /etc/nsswitch.conf.  The new keyword is "db_enum", and
the value is a list of sources:

  db_enum: source...

A source can be

  none             No output from getpwent/getgrent at all.

  all              The opposite.  Output accounts from all known
                   sources, including all trusted domains.

  cache            List all accounts currently cached in memory.

  builtin          List the predefined builtin accounts for backward
                   compatibility.

  files            List the accounts from /etc/passwd or /etc/group.

  local            List all accounts from the local SAM.

  primary          List all accounts from the primary domain.

  alltrusted       List all accounts from all trusted domains.

  some.domain      List all accounts from the trusted domain some.domain.
                   The trusted domain can be given as Netbios flat name
                   (MY_DOMAIN) or as dns domain name (my_domain.corp).
                   In contrast to the aforementioned fixed source keywords,
                   distinct domain names are caseinsensitive.  Only domains
                   which are actually trusted domains are enumerated.
                   Unknown domains are simply ignored.

Please note that this functionality does *not* test if an account was
already listed from another source, so an account can easily show up
twice or three times.  Such a test would be rather tricky, nor does the
Linux implementation perform such test.

Here are a few examples for /etc/nsswitch.conf, which are hopefully
self-explaining:

  db_enum: none

  db_enum: all

  db_enum: cache files

  db_enum: cache local primary

  db_enum: local primary alltrusted

  db_enum: primary domain1.corp sub.domain.corp domain2.net

If those examples are *not* self-explaining, don't hesitate to ask.

Please fetch the latest snapshot from http://cygwin.com/snapshots/
It contains this change.  I attached two simple test applications
to this mail.

If it works nicely, I will rewrite mkpasswd and mkgroup to use the
Cygwin implementation as well, rather than implementing their own
enumerations.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="getpwent.c"

#include <stdio.h>
#include <pwd.h>

int
main ()
{
  struct passwd *pwd;

  setpwent ();
  while ((pwd = getpwent ()))
    printf ("%s:%s:%u:%u:%s:%s:%s\n",
	    pwd->pw_name,
	    pwd->pw_passwd,
	    pwd->pw_uid,
	    pwd->pw_gid,
	    pwd->pw_gecos,
	    pwd->pw_dir,
	    pwd->pw_shell);
  endpwent ();
  return 0;
}

--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="getgrent.c"

#include <stdio.h>
#include <grp.h>

int
main ()
{
  struct group *grp;

  setgrent ();
  while ((grp = getgrent ()))
    printf ("%s:%s:%u:\n",
	    grp->gr_name,
	    grp->gr_passwd,
	    grp->gr_gid);
  endgrent ();
  return 0;
}

--YZ5djTAD1cGYuMQK--

--O5XBE6gyVG5Rl6Rj
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTAjcgAAoJEPU2Bp2uRE+gQwQP/RQ5y8Qfpu11GMitFowp4SLB
LCWAy4PkQ5BirEwqMW04t0UREqIGysV4lQXaIb60E6w3BPTC/fcO8/+wdPQb0hBG
cTgWvwqZ1STfLgp/POV+dp2cJJoPnWkITABgZaOzjP5E5/6+ZXkT1wGQKnEkywYo
ZRyehPTJkUMbZ9cswWFxuCO8HQuecYA2BcB1ZQsYv2X8tzHB5H+CkC717nBLs9hJ
SQEfURB/lgjKOG3mmQx+wTRt1MloNj1jkghlS5M/grM5G4iCv7aKqImIcA6kZeSW
zwi5rg93GcM1B4uXUaQNS9GAp8lwm9o+SC4H9y8czhShiH7LW2kwGN/0V+9qOvmO
mrWU/+V2Sj0/EpOzvHaD12LG8wkoNXCFRMpyXmMkzBWRpr8ebYgoY+yBb91QkSDc
rbB5KAey89cq0hlX3cADlgvl1Gx8nSjQS/SflFChgcbvvHdYQDLjrAJLF8JK4xcG
nqTRKCeSV1zhUr92EqUDin8BRu3XN7k0iYP2PN3WmOdyBpP9nhe7jlESs6caHH1p
U4+2DS+a9tAyFBnuXb7kMEzWSos6t5vyZU2X5UNkvqmOcImLagplF6nvYSBPe7VR
yTDNEJ9LV7rd1sz6YujeJ8W/p74TiMDzQVTDQEyPRi7fTd1NVC9cWfYdRq2i3J4J
+gUGcoRlYQRDXm6DSbO/
=mNsN
-----END PGP SIGNATURE-----

--O5XBE6gyVG5Rl6Rj--