* uinfo.cc (pwdgrp::fetch_account_from_windows): Handle APPLICATION

	PACKAGE AUTHORITY SIDs.
	* winlean.h (DNLEN): Raise to 31.  Explain why.

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 34111d538f481a62110e5e831bbf23799f564e2e..7b2f2c5af8b0f4336049216b0f77f00ca5f67334 100644 (file)
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2014-09-05  Corinna Vinschen  <corinna@vinschen.de>
+
+       * uinfo.cc (pwdgrp::fetch_account_from_windows): Handle APPLICATION
+       PACKAGE AUTHORITY SIDs.
+       * winlean.h (DNLEN): Raise to 31.  Explain why.
+
 2014-09-03  Corinna Vinschen  <corinna@vinschen.de>
 
        * sec_acl.cc (aclcheck32): Check for required default entries as well.

diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 6d1b5b7a838deead6082ebe989ee39efb6b03d67..9d6c7df7c9870aa59808bb637d675b550796b235 100644 (file)
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1411,7 +1411,12 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
        {
          /* Well-Known Group */
          arg.id -= 0x10000;
-         __small_swprintf (sidstr, L"S-1-%u-%u", arg.id >> 8, arg.id & 0xff);
+         /* SECURITY_APP_PACKAGE_AUTHORITY */
+         if (arg.id >= 0xf20 && arg.id <= 0xf3f)
+           __small_swprintf (sidstr, L"S-1-15-%u-%u", (arg.id >> 4) & 0xf,
+                                                      arg.id & 0xf);
+         else
+           __small_swprintf (sidstr, L"S-1-%u-%u", arg.id >> 8, arg.id & 0xff);
        }
       else if (arg.id >= 0x30000 && arg.id < 0x40000)
        {
@@ -1794,7 +1799,11 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
            uid = 0x10000 + 0x100 * sid_id_auth (sid)
                  + (sid_sub_auth_rid (sid) & 0xff);
 #else
-         if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */)
+         if (sid_id_auth (sid) == 15 /* SECURITY_APP_PACKAGE_AUTHORITY */)
+           uid = 0x10000 + 0x100 * sid_id_auth (sid)
+                 + 0x10 * sid_sub_auth (sid, 0)
+                 + (sid_sub_auth_rid (sid) & 0xf);
+         else if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */)
            uid = 0x10000 + 0x100 * sid_id_auth (sid)
                  + (sid_sub_auth_rid (sid) & 0xff);
          else if (sid_sub_auth (sid, 0) < SECURITY_PACKAGE_BASE_RID

diff --git a/winsup/cygwin/winlean.h b/winsup/cygwin/winlean.h
index 1629948543778656df9b357289a964631e2454fe..63cebdb9617a5d9736d16a0353ce2f5945a9f1f1 100644 (file)
--- a/winsup/cygwin/winlean.h
+++ b/winsup/cygwin/winlean.h
@@ -74,12 +74,16 @@ details. */
 #undef CRITICAL
 #endif
 
-/* So-called "Microsoft Account" SIDs have a netbios domain name
-   "MicrosoftAccounts".  The problem is, while DNLEN is 15, that domain
-   name is 16 chars :-P  So we override DNLEN here to be 16, so that calls
-   to LookupAccountSid/Name don't fail if the buffer is based on DNLEN. */
+/* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name
+   "MicrosoftAccounts".  The new "Application Container SIDs" (S-1-15-...)
+   have a netbios domain name "APPLICATION PACKAGE AUTHORITY"
+   
+   The problem is, DNLEN is 15, but these domain names have a length of 16
+   resp. 29 chars :-P  So we override DNLEN here to be 31, so that calls
+   to LookupAccountSid/Name don't fail if the buffer is based on DNLEN.
+   Hope that's enough for a while... */
 #undef DNLEN
-#define DNLEN 16
+#define DNLEN 31
 
 /* When Terminal Services are installed, the GetWindowsDirectory function
    does not return the system installation dir, but a user specific directory