PACKAGE AUTHORITY SIDs.
* winlean.h (DNLEN): Raise to 31. Explain why.
+2014-09-05 Corinna Vinschen <corinna@vinschen.de>
+
+ * uinfo.cc (pwdgrp::fetch_account_from_windows): Handle APPLICATION
+ PACKAGE AUTHORITY SIDs.
+ * winlean.h (DNLEN): Raise to 31. Explain why.
+
2014-09-03 Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (aclcheck32): Check for required default entries as well.
{
/* Well-Known Group */
arg.id -= 0x10000;
- __small_swprintf (sidstr, L"S-1-%u-%u", arg.id >> 8, arg.id & 0xff);
+ /* SECURITY_APP_PACKAGE_AUTHORITY */
+ if (arg.id >= 0xf20 && arg.id <= 0xf3f)
+ __small_swprintf (sidstr, L"S-1-15-%u-%u", (arg.id >> 4) & 0xf,
+ arg.id & 0xf);
+ else
+ __small_swprintf (sidstr, L"S-1-%u-%u", arg.id >> 8, arg.id & 0xff);
}
else if (arg.id >= 0x30000 && arg.id < 0x40000)
{
uid = 0x10000 + 0x100 * sid_id_auth (sid)
+ (sid_sub_auth_rid (sid) & 0xff);
#else
- if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */)
+ if (sid_id_auth (sid) == 15 /* SECURITY_APP_PACKAGE_AUTHORITY */)
+ uid = 0x10000 + 0x100 * sid_id_auth (sid)
+ + 0x10 * sid_sub_auth (sid, 0)
+ + (sid_sub_auth_rid (sid) & 0xf);
+ else if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */)
uid = 0x10000 + 0x100 * sid_id_auth (sid)
+ (sid_sub_auth_rid (sid) & 0xff);
else if (sid_sub_auth (sid, 0) < SECURITY_PACKAGE_BASE_RID
#undef CRITICAL
#endif
-/* So-called "Microsoft Account" SIDs have a netbios domain name
- "MicrosoftAccounts". The problem is, while DNLEN is 15, that domain
- name is 16 chars :-P So we override DNLEN here to be 16, so that calls
- to LookupAccountSid/Name don't fail if the buffer is based on DNLEN. */
+/* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name
+ "MicrosoftAccounts". The new "Application Container SIDs" (S-1-15-...)
+ have a netbios domain name "APPLICATION PACKAGE AUTHORITY"
+
+ The problem is, DNLEN is 15, but these domain names have a length of 16
+ resp. 29 chars :-P So we override DNLEN here to be 31, so that calls
+ to LookupAccountSid/Name don't fail if the buffer is based on DNLEN.
+ Hope that's enough for a while... */
#undef DNLEN
-#define DNLEN 16
+#define DNLEN 31
/* When Terminal Services are installed, the GetWindowsDirectory function
does not return the system installation dir, but a user specific directory