X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=wEIsszcZcT7Xqj+t50kxwBabCqLICw6QSsTCND4uW1k402khZECkW
	hsfckQLmZW0AVabtMaCJ+p/rIWmo/vDjt6QIB05EwWQFxRm9DC6fnkh+AmHfALXf
	pBpQWuBpBG+d+nTq6J1/3tElIWOqWjdHIAD16UwLftbB3y9yNcFvtM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=KQyRtPpB7EBpBy3S3Hw595Ogqhc=; b=FbfFqpYNYN0ldEpevI1LDS7/EoZQ
	scq1e0vFbtILThfwKFWVWauz0fi0mOv/nrx5jBF4j30sn/vASyWGvk2qzH0NEbOD
	ABKTksTqfqohM50fmmqjnwOvDQyhRwpyGv+GphkRjAyAEtnSuMA6BkQm27EQ2AdE
	mGIXKizJQIkR9dk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Tue, 11 Nov 2014 12:36:56 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 1.7.33-0.6
Message-ID: <20141111113656.GP2782@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <545BD14A DOT 8080803 AT t-online DOT de> <20141106200635 DOT GP28195 AT calimero DOT vinschen DOT de> <20141106204222 DOT GQ28195 AT calimero DOT vinschen DOT de> <545C68BA DOT 3050007 AT t-online DOT de> <20141107101659 DOT GU28195 AT calimero DOT vinschen DOT de> <545D30DA DOT 9040507 AT t-online DOT de> <20141110105151 DOT GB2782 AT calimero DOT vinschen DOT de> <54611048 DOT 4000404 AT t-online DOT de> <20141110204500 DOT GB13071 AT calimero DOT vinschen DOT de> <5461AF09 DOT 5010809 AT t-online DOT de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="r/w8vo2lxBmCPGjQ"
Content-Disposition: inline
In-Reply-To: <5461AF09.5010809@t-online.de>
User-Agent: Mutt/1.5.23 (2014-03-12)

--r/w8vo2lxBmCPGjQ
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov 11 07:39, Christian Franke wrote:
> Corinna Vinschen wrote:
> >On Nov 10 20:21, Christian Franke wrote:
> >>What will be the behavior of the predecessor of e.g. the csih function
> >>csih_create_unprivileged_user if called with USER without HOST prefix,
> >>machine is inside of domain and the user does not exist:
> >>- create local windows USER and require the config script to retrieve t=
he
> >>actual Cygwin HOST+USER name,
> >>- fail and tell the calling config script to retry with HOST+USER inste=
ad
> >>(if possible),
> >>- create local windows USER and create a /etc/passwd entry to support a
> >>non-prefixed Cygwin USER in this case,
> >>- one of the above, selected by a new option.
> >I'm not exactly sure yet.  I'm working on it, and I ripped apart the
> >functions dealing with this problem by handling the cygwin username and
> >the windows username separately.  But it's not yet finished.  In theory
> >you have two cases.
> >
> >Either the account already exists, then the user should (probably
> >(grain/salt)) specify the Cygwin username, which is either prefixed or
> >not prefixed, dependent on the DB it will get taken from.  The script
> >fetches the Windows domain and username from the U-... entry in pw_gecos
> >then.
> >
> >Or the account doesn't exist, then the username is just a name.  The
> >user account will be created in the local SAM and dependent on the state
> >of the machine, AD member or not, will be prefixed or not as Cygwin
> >account.
> >
> >Something like that.
>=20
> Possibly a two step process:
>=20
> csih_check_unprivileged_user --allow-prefix $USER
>=20
> if [ "$csih_unpriv_cygwin_username" !=3D "$USER ]; then
>   # Cygwin username has prefix
>    .... inform user, patch configuration file, ...
> fu
>=20
> csih_create_unprivileged_user [ $PASSWORD ]

I'm making the prefixing depend on the just running Cygwin version
right now, and then, if an nsswitch.conf file exists, whether the
setting is "files"-only or not.

> >Is there any compromise possible which lets mkpasswd generate the
> >forward compatible accounts by default?  I made the change to mkpasswd
> >and mkgroup I outlined last week, but I deliberately didn't check it in
> >because I'm still hoping we find a compromise going forward.  I
> >understand that in your scenario you will have to use /etc/passwd for a
> >while longer.
> >
> >But...  how many scripts would you really have to change if mkpasswd
> >generates prefixed names?
>=20
> We could add 'sed' to /etc/passwd generating script, no problem.

Oh, cool!

> The actual test scripts & tools from this use case pass local usernames
> from/to non-Cygwin programs and rely on the fact that Cygwin and Windows
> username match.
>=20
> For the long term, have some cyguser, cyggroup tools (similar to cygpath)
> which convert the names would be helpful.

Feel free to provide them.  I'm not quite sure what kind of conversion
you're thinking about.  Cygwin->Windows?  If so, you can get that
with simple scripts:

  pwd_entry=3D$(/usr/bin/getent passwd "$username")
  # Extract Windows username and domain
  tmp=3D"${pwd_entry#*:*:*:*U-}"
  tmp=3D"${pwd_entry%%,*}"
  domain=3D"${tmp%\\*}"
  username=3D"${tmp#*\\}"

> >   Alternatively, is setting some environment
> >variable feasible for tweaking the output of mkpasswd backward
> >compatible?
>=20
> Of course, yes.
>=20
> Or mkpasswd -l behavior depends on nsswitch.conf setting:
>=20
> passwd only: Old behavior
> passwd, db: New behavior, print warning
> db only: fail

That's an interesting idea...


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--r/w8vo2lxBmCPGjQ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUYfTYAAoJEPU2Bp2uRE+g7I4P/15O/cpUOY33rTNdWrcA3sBF
RpEaXoCfdEQw59XoEpSep2vfDsblp1v+7B0oTHnIEoEHnxo6lqQztM5Mbdh9aCYa
6mi3a5cknzNeDYVK4XC6Rx/cWzZmMRN8qmgHa/BTIFM8gsEocaozYePwMmiN/Swc
8oPlCTHbpuILZundYdSWdrpQH/R6bpdjBzRdryhJsdXR1/uz14asPppHHggwGr2v
FANpSkgD0WjEeHEYBsXZc3NbrBFr5Rtz5eQwDWfCNYVP4YLPty+D85kpVp5J7+1Q
wW63nMx+UWIKYupJrP2BYra+NNsLzLildpfXgp3VrIVpYM9rbp4YeJ2P+Wdx4VDN
3Gh7hlQNCFyJWpbX4SsmMXqf0XLYoJG6ngSyZExDJGHWOUyrjh7PJrtI54qB3DuO
MRGIpK3NEi5tOiAqASkXoMuOz9UhYdl4EKnn85KWv8vkjPv9rbwbS6f27Ot8Tgj5
7ljsW7+iqgfJUenLaXBYl/W9y/X8eMm5O8+uUYZ3pdJoiBwGnKHNuZupWcfoSd3x
07ZhHoQNBVBkptk8gW4iKePgXA0BqWiPOKbWcBQCji4tLqakYLkcTNn2a28tK4z7
36GVvVcKDvv8dj6hUk0brPkPLrP/tzQf/mHhedAphCqT/0mpcklenVXMLCGO1gRO
ltvWQ72n/VZrd6xdwTZt
=u26G
-----END PGP SIGNATURE-----

--r/w8vo2lxBmCPGjQ--