X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D1E763858C39 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1708921117; bh=zxPylhT5Lf3hPBTIcn5mgRc5ZzlCxD0Fjy8VwCGQ/3Y=; h=Date:To:Cc:Subject:References:In-Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=BavDgcQWPxldjdK/45TsnjNwSpqn/hjiBIIUehNB9LUwXgB0kfh1ITl/GbEp0Hvm9 SNr3HF83PDmH/QyUpdVKCGoUpDTtr0QSEt3+OyT9sOJ47o4/YP90CaeCOY3etSxpAm JGtz1kGaXKGDJAeW/+OQEcM2Dqg1bzNiZ6jRQd4k= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D09083858D1E ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D09083858D1E ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1708921060; cv=none; b=LcnLvFSx1Q17oBBvc8d9eZeubyrs1LPIZld/HYqOmc/T/RhTtryOO/fbPO5CCD9jMrLalkqDYk6Vwd1bQNSlPBPRXWh8Hpq68jxTfZwqnDUIf52nMlG3C5a86m6jPZHtQg0N9jWNtZsMhkTV5BJMXihDWr2f1T5kOfWEsp5sk1E= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1708921060; c=relaxed/simple; bh=8X4YFfmbIbrqlKL0IJfoIgBJ8jPAyOm6zym+M+W1ZT4=; h=Date:From:To:Subject:Message-ID:MIME-Version; b=fbpWjtOkdUErZSrwD2DaEPd55urPsWNCwd2IB6Cs1H/ch5VHN+t9GGlxk18En1W8iH4ywsOn4zL7ziU/4SzHqxOiEglK3sz7X1mO9k1r647wyAkaMhzfr83u59BS94vZdXDfr5ijJ+v5quQ8WHOTZ182T+wOPYNRTpZL0gENm80= ARC-Authentication-Results: i=1; server2.sourceware.org X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-Spam-Language: en X-Spam-Relay-Country: X-Spam-DCC: B=www.nova53.net; R=smtp1.atof.net 1206; Body=1 Fuz1=1 Fuz2=1 X-Spam-RBL: X-Spam-PYZOR: Reported 0 times. Date: Sun, 25 Feb 2024 23:17:27 -0500 To: Roland Mainz Cc: cygwin AT cygwin DOT com Subject: Re: Will all SIDs fit into |SECURITY_MAX_SID_SIZE| bytes ? / was: Re: Switching groups with newgrp - how to get the new group with |GetTokenInformation()| ? Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: "gs-cygwin.com--- via Cygwin" Reply-To: gs-cygwin DOT com AT gluelogic DOT com Content-Type: text/plain; charset="utf-8" Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 41Q4IcnL310261 On Sun, Feb 25, 2024 at 05:32:32PM -0500, Glenn Strauss via Cygwin wrote: > On Sun, Feb 25, 2024 at 10:04:29PM +0100, Roland Mainz via Cygwin wrote: > > On Sat, Feb 24, 2024 at 7:57 PM Corinna Vinschen via Cygwin > > wrote: > > > > > > On Feb 24 15:38, Roland Mainz via Cygwin wrote: > > > > On Thu, Feb 22, 2024 at 8:11 PM Corinna Vinschen via Cygwin > > > > wrote: > > > > > On Feb 22 18:38, Roland Mainz via Cygwin wrote: > > > > > > If I switch the current user's group with /usr/bin/newgrp, how can a > > > > > > (native) Win32 process use > > > > > > |GetTokenInformation(GetCurrentThreadToken(), ...)| to find out which > > > > > > group is the new "current group" (e.g. which |TokenInformationClass| > > > > > > should I use) ? > > > > > > > > > > PSID sidbuf = (PSID) alloca (SECURITY_MAX_SID_SIZE); > > > > [snip] > > > > > > > > Win32/NT API question: All known SIDs will fit into > > > > |SECURITY_MAX_SID_SIZE| bytes, right ? I'm asking because right now > > > > the ms-nfs41-client code assumes that all SIDs use a variable amount > > > > of memory, and we always have to ask the Win32/NT API about the number > > > > of bytes to allocate. If |SECURITY_MAX_SID_SIZE| is the global maximum > > > > limit for all Windows versions, then we could simplify the code a > > > > lot... > > > > > > Yes. ACLs are size restricted to 64K, though, but that shouldn't be > > > much of a problem usally. > > > > Erm... why ACLs? I was asking about the memory allocation size for an SID. > > > > Example: > > Right now our code uses two calls to |LookupAccountNameA()| for the > > conversion from a Windows account name to Windows SID. > > The first call gets the allocation size for a SID, our code then > > allocates that memory, and then does a second call to > > |LookupAccountNameA()| to fill that memory with that SID. > > > > If |SECURITY_MAX_SID_SIZE| (currently 68 bytes) is the maximum memory > > size a Windows syscall can return for a SID, then the code above could > > be simplified to a |sidmem = > > malloc(SECURITY_MAX_SID_SIZE)|+|LookupAccountNameA(..., sidmem, ...)|. > > > > The same could be done in many many other places, leading to a > > considerable reduction of Win32 system library calls. > > > > Question is whether the assumption about |SECURITY_MAX_SID_SIZE| is correct... > > A robust solution which also reduces syscalls does not necessarily > require a precise answer here. > > I suggest writing a wrapper function which has on the stack > CSTR sidbuf[SECURITY_MAX_SID_SIZE]; > and calls LookupAccountNameA() passing sidbuf as Sid. > If it succeeds, then malloc() returned cbSid value and copy sidbuf[]. > If it fails because the buffer is too small, then malloc() the returned > cbSid value and call LookupAccountNameA() again. > > Doing the above will keep memory use to a minimum, and will generally > call LookupAccountNameA() once per wrapper func invocation rather than > twice. > > Cheers, Glenn Commenters on stackoverflow provide data calculating the answer as 68 bytes for SID as binary [1] [1] https://stackoverflow.com/questions/1140528/what-is-the-maximum-length-of-a-sid-in-sddl-format -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple