X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:references
	:in-reply-to:content-type:content-id:content-transfer-encoding
	:mime-version; q=dns; s=default; b=u2mzpn7A2lQA0/lBq/5oixyDtfcYA
	SJaLdaVTSVzhJGS+F9KWU7ZvOCLsolY+r8o0IahahN96gWBCF3yleov58Pic9SlX
	BxQpEXGzuUJypQ8E0v64aIJE0tPUuYx2WrepeXn741dAcwcjOeCGqASGmMCRZyCb
	hS0TBoNePlVnnw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:references
	:in-reply-to:content-type:content-id:content-transfer-encoding
	:mime-version; s=default; bh=SAcjEo0W0c3N6Mujab5crqObfo0=; b=hBF
	pfxySxcbqIDtisjnsumXRprVCk/NXqErgjycP+t8r6ICedgw5MbHBkw81uFxETYO
	6SfvNg7Ac/n2awJ+48ELys+me4GXLmIWXjAFYhhl9cMNlTjKRW2Udy25xllbx85t
	N6DHo0hCeXV+fAIPuBwyCt+zr4hAM0W+PqfhHWtU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.2 required=5.0 tests=AWL,BAYES_00,CYGWIN_OWNER_BODY,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 spammy=
X-HELO: na01-by2-obe.outbound.protection.outlook.com
From: Bill Zissimopoulos <billziss AT navimatics DOT com>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject: Re: POSIX permission mapping and NULL SIDs
Date: Tue, 28 Jun 2016 18:06:13 +0000
Message-ID: <D3980824.9862%billziss@navimatics.com>
References: <D392BA70.95D4%billziss AT navimatics DOT com> <20160624195144 DOT GB27089 AT calimero DOT vinschen DOT de> <D392F074.962E%billziss AT navimatics DOT com> <20160624215948 DOT GD27089 AT calimero DOT vinschen DOT de> <D39583E5.96E3%billziss AT navimatics DOT com> <1945820393 DOT 20160627122324 AT yandex DOT ru> <20160627102614 DOT GA8258 AT calimero DOT vinschen DOT de> <D396C16E.9770%billziss AT navimatics DOT com> <20160628102705 DOT GA22797 AT calimero DOT vinschen DOT de>
In-Reply-To: <20160628102705.GA22797@calimero.vinschen.de>
authentication-results: spf=none (sender IP is ) smtp.mailfrom=billziss AT navimatics DOT com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-office365-filtering-correlation-id: 575eac42-9b96-4923-c733-08d39f7ee460
x-microsoft-exchange-diagnostics: 1;CY1PR07MB2199;6:qRTbra94c487elET6Z/2CPK9w7vJcCEpY8dNMCH/YYDTfe8DX0nk1tnz0vNfJ341zL7lA0ML2gs9R8csWslmqFyeY4KU2bh4ZcgV4ih06ZaC4G5pPeUxM4r0/lU5pdt5WAYX2FFW6Cgc0iwZRtGc6MPEAqRwwDGa5pYUB00M6K2QeMrNybpdJXjJs0G8Cz0kFyfGy7GRGizX+PSWpRVSE+EBrbh3d1mSBSIMkRxMjJvFVgcEO0LoWCaRo0bux5SKznVyiSJ400m300p1+LmBL7bsXsIGCCAkMXKGLcSMDTQfRXHLr5d19rphAljAaVOnEEPPE4dusRFA5Fmeyle2Cw==;5:MvfVeX0YyKUrz/HZn5rFaV6lOGAJGbc96+nWMlT2lJDOfRYe9GFGIukB0OFuT4/NzEwhoMs+rYro7zzEhWlGJ4GtqBW1h1nb5PraPUBNcWpYXtj6ydhBc7r6XdO4OBZgqXxe4jK+mcVk3SYNLEQyAQ==;24:BTM+19yK4NCpkyxa3jxYWtEXkDToBHaWOMxKbSG5rrgCz7KmMDEBJiM8Cq45RAuyr+5T1+erf5Ht50SqQYK2NrBVsMK03blLvaYD9axcvmA=;7:cYDOBRiwSGQMTQleNtapDeOqiUf8tUera9HbhD64esddz2M6uuv0i7YTR1XmFqALVtDdyShr/HnfhYZVOdJf+D10rECdkUDMnnc2RG972J7rMcdgHIgAoI5JK+9LvI5i6cqFkcaySN1BQeh0kyfUzVP6Rr+xvmO4yCE4oyDSPCeayAPd044mjScl/GpdXCX26npFdtrhWFVhRqUuE0V0WPEB2H8WMPHYgaWsa0r4y8p4M/xdXwWPViqqQhgkXqbjIQl+xUvMzAStNv8MHGjz6Q==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR07MB2199;
x-microsoft-antispam-prvs: <CY1PR07MB2199FB581F244D2833DE3A0FBC220 AT CY1PR07MB2199 DOT namprd07 DOT prod DOT outlook DOT com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040130)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041072)(6043046);SRVR:CY1PR07MB2199;BCL:0;PCL:0;RULEID:;SRVR:CY1PR07MB2199;
x-forefront-prvs: 0987ACA2E2
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(7916002)(24454002)(189002)(54014002)(199003)(377454003)(450100001)(101416001)(2906002)(2950100001)(93886004)(87936001)(2900100001)(66066001)(8936002)(11100500001)(36756003)(99286002)(122556002)(305945005)(10400500002)(5640700001)(68736007)(7736002)(2501003)(1730700003)(586003)(81166006)(81156014)(3660700001)(110136002)(6116002)(102836003)(3846002)(8676002)(105586002)(19580405001)(106356001)(106116001)(107886002)(19580395003)(189998001)(92566002)(2351001)(5002640100001)(97736004)(3280700002)(54356999)(50986999)(76176999)(86362001)(77096005)(7846002)(94096001);DIR:OUT;SFP:1102;SCL:1;SRVR:CY1PR07MB2199;H:CY1PR07MB2199.namprd07.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
received-spf: None (protection.outlook.com: navimatics.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <EFA41BF989CD4D469AF968275005C420 AT namprd07 DOT prod DOT outlook DOT com>
MIME-Version: 1.0
X-OriginatorOrg: navimatics.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2016 18:06:13.2652 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 21071be9-4f9a-413b-89ac-8353a5d2410a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR07MB2199
X-IsSubscribed: yes
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id u5SI6iOa016785

On 6/28/16, 3:27 AM, "Corinna Vinschen" <cygwin-owner AT cygwin DOT com on behalf
of corinna-cygwin AT cygwin DOT com> wrote:


>>Ok.  Please keep in mind that
>
>a) there can't be a bijective mapping between arbitrary length SIDs
>   and a 32 bit uid/gid.
>
>b) The mapping used in Cygwin is not self-created but (mostly, except
>   for a single deviation) identical to the Interix mapping.  The code
>   basically follows how this mapping has been defined by Microsoft.

Corinna, please stop explaining things to me that I already know.

>> BTW, I have here a partitioning of the UID namespace that may help
>>choose
>> the right mapping:
>> 
>> /*
>>  * UID namespace partitioning (from [IDMAP] rules):
>>  *
>>  * 0x000000 + RID              S-1-5-RID,S-1-5-32-RID
>>  * 0x000ffe                    OtherSession
>>  * 0x000fff                    CurrentSession
>>  * 0x001000 * X + RID          S-1-5-X-RID ([WKSID]:
>> X=1-15,17-21,32,64,80,83)
>>  * 0x010000 + 0x100 * X + Y    S-1-X-Y ([WKSID]: X=1,2,3,4,5,9,16)
>>  * 0x030000 + RID              S-1-5-21-X-Y-Z-RID
>>  * 0x060000 + RID              S-1-16-RID
>>  * 0x100000 + RID              S-1-5-21-X-Y-Z-RID
>>  */
>
>You're aware that I wrote the code for this mapping as well as its
>documentation? :)

Corinna, of course I am aware of that. I have found your original post to
this list about it. Why would you think otherwise? And why would it change
anything?

>>With all that and to help conclude this thread I gather here all the
>> proposed mappings. Corinna, I will use the one which you prefer the
>>most:
>> 
>> S-1-0-65534                    <-> 65534
>
>This one is still my favorite.  Again, the range from 0x1000 up to
>0xffff is unused.  Right now any incoming uid/gid value in this range
>for a reverse SID lookup is treated as invalid SID.

I disagree. You are saying that it is unused, but a (perhaps erroneous)
SID would map into that space.

In any case I will use your mapping of S-1-0-65534 <-> 65534.

Bill