From: Corinna Vinschen Date: Fri, 5 Sep 2014 09:46:26 +0000 (+0000) Subject: * uinfo.cc (pwdgrp::fetch_account_from_windows): Handle APPLICATION X-Git-Tag: sid-snapshot-20141001~14 X-Git-Url: https://sourceware.org/git/?a=commitdiff_plain;h=acc511d184cd702e171729771c80e62545f8e0b3;p=newlib-cygwin.git * uinfo.cc (pwdgrp::fetch_account_from_windows): Handle APPLICATION PACKAGE AUTHORITY SIDs. * winlean.h (DNLEN): Raise to 31. Explain why. --- diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 34111d538..7b2f2c5af 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,9 @@ +2014-09-05 Corinna Vinschen + + * uinfo.cc (pwdgrp::fetch_account_from_windows): Handle APPLICATION + PACKAGE AUTHORITY SIDs. + * winlean.h (DNLEN): Raise to 31. Explain why. + 2014-09-03 Corinna Vinschen * sec_acl.cc (aclcheck32): Check for required default entries as well. diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index 6d1b5b7a8..9d6c7df7c 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -1411,7 +1411,12 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) { /* Well-Known Group */ arg.id -= 0x10000; - __small_swprintf (sidstr, L"S-1-%u-%u", arg.id >> 8, arg.id & 0xff); + /* SECURITY_APP_PACKAGE_AUTHORITY */ + if (arg.id >= 0xf20 && arg.id <= 0xf3f) + __small_swprintf (sidstr, L"S-1-15-%u-%u", (arg.id >> 4) & 0xf, + arg.id & 0xf); + else + __small_swprintf (sidstr, L"S-1-%u-%u", arg.id >> 8, arg.id & 0xff); } else if (arg.id >= 0x30000 && arg.id < 0x40000) { @@ -1794,7 +1799,11 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) uid = 0x10000 + 0x100 * sid_id_auth (sid) + (sid_sub_auth_rid (sid) & 0xff); #else - if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */) + if (sid_id_auth (sid) == 15 /* SECURITY_APP_PACKAGE_AUTHORITY */) + uid = 0x10000 + 0x100 * sid_id_auth (sid) + + 0x10 * sid_sub_auth (sid, 0) + + (sid_sub_auth_rid (sid) & 0xf); + else if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */) uid = 0x10000 + 0x100 * sid_id_auth (sid) + (sid_sub_auth_rid (sid) & 0xff); else if (sid_sub_auth (sid, 0) < SECURITY_PACKAGE_BASE_RID diff --git a/winsup/cygwin/winlean.h b/winsup/cygwin/winlean.h index 162994854..63cebdb96 100644 --- a/winsup/cygwin/winlean.h +++ b/winsup/cygwin/winlean.h @@ -74,12 +74,16 @@ details. */ #undef CRITICAL #endif -/* So-called "Microsoft Account" SIDs have a netbios domain name - "MicrosoftAccounts". The problem is, while DNLEN is 15, that domain - name is 16 chars :-P So we override DNLEN here to be 16, so that calls - to LookupAccountSid/Name don't fail if the buffer is based on DNLEN. */ +/* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name + "MicrosoftAccounts". The new "Application Container SIDs" (S-1-15-...) + have a netbios domain name "APPLICATION PACKAGE AUTHORITY" + + The problem is, DNLEN is 15, but these domain names have a length of 16 + resp. 29 chars :-P So we override DNLEN here to be 31, so that calls + to LookupAccountSid/Name don't fail if the buffer is based on DNLEN. + Hope that's enough for a while... */ #undef DNLEN -#define DNLEN 16 +#define DNLEN 31 /* When Terminal Services are installed, the GetWindowsDirectory function does not return the system installation dir, but a user specific directory