From kkm@kis.nnov.su Sun Apr 20 14:45:47 1997 X-VM-v5-Data: ([nil nil nil nil t nil nil nil nil] [nil "Mon" "21" "April" "1997" "01:44:38" "+0400" "Kirill M. Katsnelson" "kkm@kis.nnov.su" "<2.2.32.19970420214438.00924208@kis.nnov.su>" "47" "NT emacs and user identification" "^From:" nil nil "4" nil nil nil nil] nil) Received: from xkis.kis.ru (xkis.kis.ru [194.87.66.200]) by june.cs.washington.edu (8.8.5+CS/7.2ju) with ESMTP id OAA07981 for ; Sun, 20 Apr 1997 14:45:42 -0700 Received: from pajero (ipkkm.kis.ru [194.87.109.68]) by xkis.kis.ru (8.8.5/8.8.5) with SMTP id BAA14191 for ; Mon, 21 Apr 1997 01:44:58 +0400 (MSD) Message-Id: <2.2.32.19970420214438.00924208@kis.nnov.su> X-Sender: kkm@kis.nnov.su (Unverified) X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" From: "Kirill M. Katsnelson" To: voelker@cs.washington.edu Subject: NT emacs and user identification Date: Mon, 21 Apr 1997 01:44:38 +0400 Geoff, I've been reviewing the file nt.c which is part of the NT port of emacs. The init_user_info () gets user id in incorrect way. Actually, all locally-origonated SIDs for user accounts on the same NT system differ only by their last RID, and this RID is allocated in a pretty UNIX-like way: Admin=512, Guest=513(?), first manually-created acount = 1000, next = 1001 etc. GetSidIdentifierAuthority returns the identified authority for the SID, which is equal to NT_AUTHORITY on all NT systems. Moreover, textual comparison with "administrator" is not correct. First, an administrator on an NT system is not a user named "administrator", but rather a member of the local administrator group (S-r-NT_AUTHORITY-SECURITY_BUILTIN_DOMAIN_RID-DOMAIN_ALIAS_RID_ADMINS) Every member of this group is an equal admininstrator, regardless of login name. Second, the "Administrator" is named so only in English versions of NT. Instead of diving deep into all this stuff, I'd propose simpler approach. First step is to determine if a user is administrator; Knowlegde Base article Q118626 tells how to do this. If not, then the uid may be derived simply as a hash function of user name. The same would be done with the group name. If you like this idea, I want to share my favorite string-hashing function (str is a pointer to string to hash, all lowercase). Of course, it is not my invention. I do not even know who has authored it but it appears very good. unsigned long hash = 0; while (*str) hash = hash * 33 + *str++; Kindest regards, Kirill +-------------------------------------+-----------------------------------+ + Kirill M. Katsnelson, | Genetics: If your parents + + Software and Networking Consultant | didn't have any children, + + Nizhni Novgorod, Russia | neither will you. + + E-mail: kkm@kis.ru | + +-------------------------------------+-----------------------------------+ From kkm@kis.nnov.su Fri Apr 25 01:52:23 1997 X-VM-v5-Data: ([nil nil nil nil t nil nil nil nil] [nil "Fri" "25" "April" "1997" "12:50:33" "+0400" "Kirill M. Katsnelson" "kkm@kis.nnov.su" "<2.2.32.19970425085033.0094e1c8@kis.nnov.su>" "39" "Re: NT emacs and user identification" "^From:" nil nil "4" nil nil nil nil] nil) Received: from xkis.kis.ru (xkis.kis.ru [194.87.66.200]) by june.cs.washington.edu (8.8.5+CS/7.2ju) with ESMTP id BAA28246 for ; Fri, 25 Apr 1997 01:51:52 -0700 Received: from pajero (ipkkm.kis.ru [194.87.109.68]) by xkis.kis.ru (8.8.5/8.8.5) with SMTP id MAA25572 for ; Fri, 25 Apr 1997 12:50:46 +0400 (MSD) Message-Id: <2.2.32.19970425085033.0094e1c8@kis.nnov.su> X-Sender: kkm@kis.nnov.su X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" From: "Kirill M. Katsnelson" To: voelker@cs.washington.edu (Geoff Voelker) Subject: Re: NT emacs and user identification Date: Fri, 25 Apr 1997 12:50:33 +0400 Geoff, This is because there are local users and domain users. Last RID is assigned independently by local LSA for the former and by domain controller's SAM for the latter, so they often overlap. More, this scheme may easily change with new versions of NT - I seem to forgot mentioning that the scheme 1000+N is not documented... Suppose that NT 5.0 will assign the same last RID and alter the second one from the end... Truely unique identity is the whole SID - that's the sad story. >From the other hand, an ideal hash function gives a probability of duplication 2 power -16 for 16-bit hash. Real values are about 1/10000, so that it is pretty unique. Getting CRC16 of the SID may also be an option - CRC algorithm is a well randomizing hash for binary data. Kirill Some time ago, Geoff Voelker wrote... |+ | Kirill, | | Thanks for the report and the suggestions, I'll stick this on the list | of things to do. One question, though. Why do you recommend not | recovering the SID with the unique last RID and instead use the hash | function on the name? Using the hash function seems more arbitrary | than it needs to be. | | -geoff |- +-------------------------------------+-----------------------------------+ + Kirill M. Katsnelson, | Welcome! My WebCounter shows + + Software and Networking Consultant | that you are Abnormal program + + Nizhni Novgorod, Russia | termination in 1997! + + E-mail: kkm@kis.ru | -- a real welcome banner + +-------------------------------------+-----------------------------------+ From kkm@kis.nnov.su Sat Apr 26 17:26:07 1997 X-VM-v5-Data: ([nil nil nil nil t nil nil nil nil] [nil "Sun" "27" "April" "1997" "04:25:02" "+0400" "Kirill M. Katsnelson" "kkm@kis.nnov.su" "<2.2.32.19970427002502.009296e4@kis.nnov.su>" "38" "Re: NT emacs and user identification" "^From:" nil nil "4" nil nil nil nil] nil) Received: from xkis.kis.ru (xkis.kis.ru [194.87.66.200]) by june.cs.washington.edu (8.8.5+CS/7.2ju) with ESMTP id RAA19763 for ; Sat, 26 Apr 1997 17:26:04 -0700 Received: from pajero (ipkkm.kis.ru [194.87.109.68]) by xkis.kis.ru (8.8.5/8.8.5) with SMTP id EAA20799 for ; Sun, 27 Apr 1997 04:26:00 +0400 (MSD) Message-Id: <2.2.32.19970427002502.009296e4@kis.nnov.su> X-Sender: kkm@kis.nnov.su X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" From: "Kirill M. Katsnelson" To: voelker@cs.washington.edu (Geoff Voelker) Subject: Re: NT emacs and user identification Date: Sun, 27 Apr 1997 04:25:02 +0400 Geoff, I do not think this is quite correct. Suppose that my workstation (named WS) is a member of domain DOM. I have set up some access for domain administrator (for example, for backing up some data). A domain admin, whose name is Administrator/DOM can logon locally, but does not have administrator privileges on my computer. More, the administrator account can be renamed. I could rename it for example to Admin (what I usually do to match default Novell priviliged name). So, emacs could illegally take Administrator/DOM for an administrator and Admin/WS for an ordinary user. There's no such thing as dedicated Administrator, root or whatever in NT. An administrator is who belongs to Administrators group. There's well-known SID describing this group, but nothing well-known to designate individual members of this group. Kirill Some time ago, Geoff Voelker wrote... |+ | I see. Right now, I think it is ok that they may overlap. From what | I can remember, the uid isn't used except for output purposes (e.g., | in dired mode). The key issue is distinguishing between the | administrator account and other user accounts (independent of whether | the user account has admin privileges). |- +-------------------------------------+-----------------------------------+ + Kirill M. Katsnelson, | Welcome! My WebCounter shows + + Software and Networking Consultant | that you are Abnormal program + + Nizhni Novgorod, Russia | termination in 1997! + + E-mail: kkm@kis.ru | -- a real welcome banner + +-------------------------------------+-----------------------------------+