/dev/ptmx fails with Azure accounts

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Aug 16 10:32:00 GMT 2016


Hi Russell,

On Aug 15 12:48, rmora@aboutgolf.com wrote:
> $ ./azure-check3
>  Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> DsGetDcNameW: 1355
> NetUserGetInfo(NULL, 3): 2221
> NetUserGetInfo(NULL, 24): 2221

This is as bad as I feared.  Apart from the username and the Windows
home dir, there are no other information which could be fetched by
the usual means.  Quite apart from the fact that there are no means to
*store* this information somewhere, other than creating an explicit
/etc/passwd and matching /etc/group entry.

But, anyway, I prepared some code for the Cygwin DLL to handle these
accounts even if no /etc/passwd and /etc/group entries are present.  It
still needs some work, though, and for that I'd ask you to perform a
last test.

I attached a short testcase.  We know that LookupAccountSid from the
user SID in the user token returns a name (RussellMora) and a domain
(AzureAD).  However, the open question is if the reverse operation
LookupAccountName works as desired when feeding it the domain name
and the user name.  Actually, for completeness the testcase tries it
two ways:  Once only with the username, once with dom\username.

The reason for testing this is, if the reverse lookup works with only
the name we *could* go ahead and omit the domain from the Cygwin
username.  I'm not yet sure if that's feasible, but it's certainly worth
a try.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  WCHAR aname[513];
  PSID rsid = (PSID) malloc (128);
  DWORD nlen, dlen, rlen;
  SID_NAME_USE type;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  rlen = 128;
  dlen = 256;
  if (LookupAccountNameW (NULL, name, rsid, &rlen, dom, &dlen, &type))
    {
      ConvertSidToStringSidA (rsid, &str);
      printf ("Reverse Sid (%ls): %s\n", name, str);
      LocalFree (str);
    }
  else
    printf ("LookupAccountNameW (%ls): %u\n", name, GetLastError ());

  wcpcpy (wcpcpy (wcpcpy (aname, dom), L"\\"), name);
  rlen = 128;
  dlen = 256;
  if (LookupAccountNameW (NULL, aname, rsid, &rlen, dom, &dlen, &type))
    {
      ConvertSidToStringSidA (rsid, &str);
      printf ("Reverse Sid (%ls): %s\n", aname, str);
      LocalFree (str);
    }
  else
    printf ("LookupAccountNameW (%ls): %u\n", aname, GetLastError ());

  return 0;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20160816/6030c91f/attachment.sig>


More information about the Cygwin mailing list