Re: /dev/ptmx fails with Azure accounts

Re: /dev/ptmx fails with Azure accounts

[rmora]

[I'm so sorry I'm messing up the mailing list by not replying to the proper email.... I only just got it through my thick skull now to subscribe to the mailing list. I think my brain is on vacation already....]


Unfortunately your prediction was correct - RunAs Administrator CMD gives this:

C:\WINDOWS\system32>whoami
azuread\russellmora

C:\WINDOWS\system32>whoami /all

USER INFORMATION
----------------

User Name           SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282


GROUP INFORMATION
-----------------

Group Name                                Type             SID                                                  Attributes
========================================= ================ ==================================================== ===============================================================
Mandatory Label\High Mandatory Level      Label            S-1-16-12288
Everyone                                  Well-known group S-1-1-0                                              Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators                    Alias            S-1-5-32-544                                         Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users                             Alias            S-1-5-32-545                                         Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE                  Well-known group S-1-5-4                                              Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                             Well-known group S-1-2-1                                              Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users          Well-known group S-1-5-11                                             Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization            Well-known group S-1-5-15                                             Mandatory group, Enabled by default, Enabled group
LOCAL                                     Well-known group S-1-2-0                                              Mandatory group, Enabled by default, Enabled group
                                          Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36                                          Mandatory group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name                  Description                               State
=============================== ========================================= ========
SeLockMemoryPrivilege           Lock pages in memory                      Disabled
SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        Disabled
SeSecurityPrivilege             Manage auditing and security log          Disabled
SeTakeOwnershipPrivilege        Take ownership of files or other objects  Disabled
SeLoadDriverPrivilege           Load and unload device drivers            Disabled
SeSystemProfilePrivilege        Profile system performance                Disabled
SeSystemtimePrivilege           Change the system time                    Disabled
SeProfileSingleProcessPrivilege Profile single process                    Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority              Disabled
SeCreatePagefilePrivilege       Create a pagefile                         Disabled
SeBackupPrivilege               Back up files and directories             Disabled
SeRestorePrivilege              Restore files and directories             Disabled
SeShutdownPrivilege             Shut down the system                      Disabled
SeDebugPrivilege                Debug programs                            Disabled
SeSystemEnvironmentPrivilege    Modify firmware environment values        Disabled
SeChangeNotifyPrivilege         Bypass traverse checking                  Enabled
SeRemoteShutdownPrivilege       Force shutdown from a remote system       Disabled
SeUndockPrivilege               Remove computer from docking station      Disabled
SeManageVolumePrivilege         Perform volume maintenance tasks          Disabled
SeImpersonatePrivilege          Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege         Create global objects                     Enabled
SeIncreaseWorkingSetPrivilege   Increase a process working set            Disabled
SeTimeZonePrivilege             Change the time zone                      Disabled
SeCreateSymbolicLinkPrivilege   Create symbolic links                     Disabled


C:\WINDOWS\system32>


-----Original Message-----
From: "rmora@aboutgolf.com" <rmora@aboutgolf.com>
Sent: Tuesday, August 2, 2016 11:44
To: corinna-cygwin@cygwin.com, cygwin@cygwin.com
Cc: towo@towo.net
Subject: Re: /dev/ptmx fails with Azure accounts

<squeek squeek>

Though I am going on vacation in a couple of days until the 15th....

C:\Users\RussellMora>whoami
azuread\russellmora

C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
       logged-on user is not a domain user.

C:\Users\RussellMora>whoami /all

USER INFORMATION
----------------

User Name           SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282


GROUP INFORMATION
-----------------

Group Name                                Type             SID                                                  Attributes
========================================= ================ ==================================================== ==================================================
Mandatory Label\Medium Mandatory Level    Label            S-1-16-8192
Everyone                                  Well-known group S-1-1-0                                              Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators                    Alias            S-1-5-32-544                                         Group used for deny only
BUILTIN\Users                             Alias            S-1-5-32-545                                         Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE                  Well-known group S-1-5-4                                              Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                             Well-known group S-1-2-1                                              Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users          Well-known group S-1-5-11                                             Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization            Well-known group S-1-5-15                                             Mandatory group, Enabled by default, Enabled group
LOCAL                                     Well-known group S-1-2-0                                              Mandatory group, Enabled by default, Enabled group
                                          Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36                                          Mandatory group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                          State
============================= ==================================== ========
SeShutdownPrivilege           Shut down the system                 Disabled
SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
SeUndockPrivilege             Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
SeTimeZonePrivilege           Change the time zone                 Disabled


C:\Users\RussellMora>



On Aug  1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
y()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>=20
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>=20
> I have no idea how to establish a working startup of mintty for those use=
rs.

The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts.  I like it
how Microsoft screws up otherwise working software with this
strange domain handling.

To fix this we have to be able to come up with a working user and group
account for these cases.  For that I need at least output from `whoami
/all'.  I wonder why supposedly nobody tried that after /fqdn didn't
work.

This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows().  There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).

Alternatively I need at least a guinea pig with such an account,


Corinna






--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1.1: Type: text/plain, Size: 956 bytes --]

On Aug  2 12:54, rmora@aboutgolf.com wrote:
> [I'm so sorry I'm messing up the mailing list by not replying to the proper email.... I only just got it through my thick skull now to subscribe to the mailing list. I think my brain is on vacation already....]
> 
> 
> Unfortunately your prediction was correct - RunAs Administrator CMD gives this:

Thanks!

In the meantime I prepared my test application.  Can you please fetch
the attached source and store it as, e.g., azure-check.c.  Then build
and run it like this:

  $ gcc -g -o azure-check azure-check.c -lnetapi32
  $ ./azure-check

Then run it and paste the complete output into your reply.

I have an idea for an extension of this testcase, but I think I have
to see the output of this one first.


Thanks in advance,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #1.2: azure-check.c --]
[-- Type: text/plain, Size: 4422 bytes --]

#include <stdio.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <winternl.h>
#include <ntsecapi.h>
#include <dsgetdc.h>
#include <sddl.h>

int
main ()
{
  HANDLE lsa;
  NTSTATUS status;
  ULONG ret;
  PPOLICY_DNS_DOMAIN_INFO pdom;
  PPOLICY_ACCOUNT_DOMAIN_INFO adom;
  PDS_DOMAIN_TRUSTSW td;
  ULONG tdom_cnt;
  static LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
  LPSTR str;
  BOOL has_dom;
  HANDLE tok;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;

  status = LsaOpenPolicy (NULL, &oa, POLICY_VIEW_LOCAL_INFORMATION, &lsa);
  if (!NT_SUCCESS (status))
    {
      printf ("LsaOpenPolicy: 0x%08x\n", status);
      return 1;
    }
  status = LsaQueryInformationPolicy (lsa, PolicyDnsDomainInformation,
				      (PVOID *) &pdom);
  if (NT_SUCCESS (status))
    {
      if (pdom->Name.Length)
	printf ("PDom.Name: %ls\n", pdom->Name.Buffer);
      if (pdom->DnsDomainName.Length)
	printf ("PDom.DnsDomainName: %ls\n", pdom->DnsDomainName.Buffer);
      if (pdom->DnsForestName.Length)
	printf ("PDom.DnsForestName: %ls\n", pdom->DnsForestName.Buffer);
      has_dom = !!pdom->Sid;
      if (has_dom)
      	{
	  ConvertSidToStringSidA (pdom->Sid, &str);
	  printf ("PDom.Sid: %s\n", str);
	  LocalFree (str);
	}
      LsaFreeMemory (pdom);
    }
  else
    printf ("LsaQueryInformationPolicy (PDOM): 0x%08x\n", status);
    
  status = LsaQueryInformationPolicy (lsa, PolicyAccountDomainInformation,
				      (PVOID *) &adom);
  if (NT_SUCCESS (status))
    {
      if (adom->DomainName.Length)
	  printf ("ADom.DomainName: %ls\n", adom->DomainName.Buffer);
      ConvertSidToStringSidA (adom->DomainSid, &str);
      printf ("ADom.DomainSid: %s\n", str);
      LocalFree (str);
      LsaFreeMemory (adom);
    }
  else
    printf ("LsaQueryInformationPolicy (ADOM): 0x%08x\n", status);
  if (dom)
    {
      ret = DsEnumerateDomainTrustsW (NULL, DS_DOMAIN_DIRECT_INBOUND
					    | DS_DOMAIN_DIRECT_OUTBOUND
					    | DS_DOMAIN_IN_FOREST,
				       &td, &tdom_cnt);
      if (ret == ERROR_SUCCESS)
	for (ULONG idx = 0; idx < tdom_cnt; ++idx)
	  {
	    printf ("Trusted Domain %u:\n", idx);
	    printf ("  NetbiosDomainName: %ls\n", td[idx].NetbiosDomainName);
	    if (td[idx].DnsDomainName)
	      printf ("  DnsDomainName: %ls\n", td[idx].DnsDomainName);
	    printf ("  Flags: 0x%08x\n", td[idx].Flags);
	    printf ("  TrustType: 0x%08x\n", td[idx].TrustType);
	    printf ("  TrustAttributes: 0x%08x\n", td[idx].TrustAttributes);
	    if (td[idx].DomainSid)
	      {
		ConvertSidToStringSidA (td[idx].DomainSid, &str);
		printf ("DomainSid: %s\n", str);
		LocalFree (str);
	      }
	  }
      else
	printf ("DsEnumerateDomainTrustsW: %u\n", ret);
    }
  LsaClose (lsa);
  if (OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
      if (GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
      	{
	  printf ("User:\n");
	  ConvertSidToStringSidA (tp->User.Sid, &str);
	  printf ("  Sid: %s\n", str);
	  LocalFree (str);

	  nlen = dlen = 256;
	  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, 
				 dom, &dlen, &type))
	    printf ("  Dom\\Name: %ls\\%ls\n", dom, name);
	  else
	    printf ("  LookupAccountSidW: %u\n", GetLastError ());
	  printf ("  Attributes: 0x%08x\n", tp->User.Attributes);
	}
      else
	printf ("GetTokenInformation(user): %u\n", GetLastError ());
      free (tp);

      PTOKEN_GROUPS tg = (PTOKEN_GROUPS) malloc (65536);
      if (GetTokenInformation (tok, TokenGroups, tg, 65536, &ret))
	for (ULONG idx = 0; idx < tg->GroupCount; ++idx)
	  {
	    printf ("Group %u\n", idx);
	    ConvertSidToStringSidA (tg->Groups[idx].Sid, &str);
	    printf ("  Sid: %s\n", str);
	    LocalFree (str);

	    nlen = dlen = 256;
	    if (LookupAccountSidW (NULL, tg->Groups[idx].Sid, name, &nlen, 
				   dom, &dlen, &type))
	      printf ("  Dom\\Name: %ls\\%ls\n", dom, name);
	    else
	      printf ("  LookupAccountSidW: %u\n", GetLastError ());
	    printf ("  Attributes: 0x%08x\n", tg->Groups[idx].Attributes);
	  }
      else
	printf ("GetTokenInformation(groups): %u\n", GetLastError ());
      free (tg);
    }
  else
    printf ("OpenProcessToken: %u\n", GetLastError ());
  return 0;
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[rmora]

On Wednesday, August 3, 2016 10:32, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> 
> In the meantime I prepared my test application.  Can you please fetch
> the attached source and store it as, e.g., azure-check.c.  Then build
> and run it like this:
> 
>   $ gcc -g -o azure-check azure-check.c -lnetapi32
>   $ ./azure-check
> 
> Then run it and paste the complete output into your reply.
> 
> I have an idea for an extension of this testcase, but I think I have
> to see the output of this one first.

The output is as below. This was without Run As Administrator - with it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which *seems* appropriate....

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check
PDom.Name: WORKGROUP
ADom.DomainName: Lenovo-PC
ADom.DomainSid: S-1-5-21-1836915194-3548948870-2562531131
DsEnumerateDomainTrustsW: 1722
User:
  Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
  Dom\Name: AzureAD\RussellMora
  Attributes: 0x00000000
Group 0
  Sid: S-1-16-8192
  Dom\Name: Mandatory Label\Medium Mandatory Level
  Attributes: 0x00000060
Group 1
  Sid: S-1-1-0
  Dom\Name: \Everyone
  Attributes: 0x00000007
Group 2
  Sid: S-1-5-32-544
  Dom\Name: BUILTIN\Administrators
  Attributes: 0x00000010
Group 3
  Sid: S-1-5-32-545
  Dom\Name: BUILTIN\Users
  Attributes: 0x00000007
Group 4
  Sid: S-1-5-4
  Dom\Name: NT AUTHORITY\INTERACTIVE
  Attributes: 0x00000007
Group 5
  Sid: S-1-2-1
  Dom\Name: \CONSOLE LOGON
  Attributes: 0x00000007
Group 6
  Sid: S-1-5-11
  Dom\Name: NT AUTHORITY\Authenticated Users
  Attributes: 0x00000007
Group 7
  Sid: S-1-5-15
  Dom\Name: NT AUTHORITY\This Organization
  Attributes: 0x00000007
Group 8
  Sid: S-1-5-5-0-852920
  Dom\Name: NT AUTHORITY\LogonSessionId_0_852920
  Attributes: 0xc0000007
Group 9
  Sid: S-1-2-0
  Dom\Name: \LOCAL
  Attributes: 0x00000007
Group 10
  Sid: S-1-12-1-2741946010-1181797680-2322883994-3292483823
  LookupAccountSidW: 1332
  Attributes: 0x00000007
Group 11
  Sid: S-1-5-64-36
  Dom\Name: NT AUTHORITY\Cloud Account Authentication
  Attributes: 0x00000007

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$

HTH!

Cheers,
Russell


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1.1: Type: text/plain, Size: 1210 bytes --]

On Aug  3 12:53, rmora@aboutgolf.com wrote:
> 
> 
> On Wednesday, August 3, 2016 10:32, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> > 
> > In the meantime I prepared my test application.  Can you please fetch
> > the attached source and store it as, e.g., azure-check.c.  Then build
> > and run it like this:
> > 
> >   $ gcc -g -o azure-check azure-check.c -lnetapi32
> >   $ ./azure-check
> > 
> > Then run it and paste the complete output into your reply.
> > 
> > I have an idea for an extension of this testcase, but I think I have
> > to see the output of this one first.
> 
> The output is as below. This was without Run As Administrator - with
> it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> *seems* appropriate....

It is.  Thanks for this test, the result is as horrifying as I imagined.
Can you please try the testcase attached to this mail, too?  It should
be built and run the same way:

  $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
  $ ./azure-check2


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 1780 bytes --]

#include <stdio.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;
  NET_API_STATUS status;
  PUSER_INFO_24 ui24;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, 
			 dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());
  printf ("Attributes: 0x%08x\n", tp->User.Attributes);

  status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
  if (status != NERR_Success)
    {
      status = NetUserGetInfo (dom, name, 24, (PBYTE *) &ui24);
      if (status != NERR_Success)
	{
	  printf ("NetUserGetInfo: %u\n", status);
	  return 1;
	}
    }
  printf ("UserInfo:\n");
  printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
  printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
  printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
  printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
  ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);

  return 0;
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1.1: Type: text/plain, Size: 1441 bytes --]

On Aug  3 20:00, Corinna Vinschen wrote:
> On Aug  3 12:53, rmora@aboutgolf.com wrote:
> > 
> > 
> > On Wednesday, August 3, 2016 10:32, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> > > 
> > > In the meantime I prepared my test application.  Can you please fetch
> > > the attached source and store it as, e.g., azure-check.c.  Then build
> > > and run it like this:
> > > 
> > >   $ gcc -g -o azure-check azure-check.c -lnetapi32
> > >   $ ./azure-check
> > > 
> > > Then run it and paste the complete output into your reply.
> > > 
> > > I have an idea for an extension of this testcase, but I think I have
> > > to see the output of this one first.
> > 
> > The output is as below. This was without Run As Administrator - with
> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> > *seems* appropriate....
> 
> It is.  Thanks for this test, the result is as horrifying as I imagined.
> Can you please try the testcase attached to this mail, too?  It should
> be built and run the same way:
> 
>   $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
>   $ ./azure-check2

Pleae use the one attached in this mail.  I noticed I forgot to print
primary group info.  It's not unimportant to see it as well.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 2368 bytes --]

#include <stdio.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;
  NET_API_STATUS status;
  PUSER_INFO_24 ui24;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, 
			 dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP) malloc (65536);
  if (GetTokenInformation (tok, TokenPrimaryGroup, tpg, 65536, &ret))
    {
      printf ("Primary Group:\n");
      ConvertSidToStringSidA (tpg->PrimaryGroup, &str);
      printf ("  Sid: %s\n", str);
      LocalFree (str);

      nlen = dlen = 256;
      if (LookupAccountSidW (NULL, tpg->PrimaryGroup, name, &nlen, 
			     dom, &dlen, &type))
	printf ("  Dom\\Name: %ls\\%ls\n", dom, name);
      else
	printf ("  LookupAccountSidW: %u\n", GetLastError ());
    }
  else
    printf ("GetTokenInformation(primary): %u\n", GetLastError ());
  free (tpg);

  status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
  if (status != NERR_Success)
    {
      status = NetUserGetInfo (dom, name, 24, (PBYTE *) &ui24);
      if (status != NERR_Success)
	{
	  printf ("NetUserGetInfo: %u\n", status);
	  return 1;
	}
    }
  printf ("UserInfo:\n");
  printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
  printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
  printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
  printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
  ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);

  return 0;
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[rmora]

On Wednesday, August 3, 2016 14:16, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:

> On Aug  3 20:00, Corinna Vinschen wrote:
>> On Aug  3 12:53, rmora@aboutgolf.com wrote:
>> >
>> >
>> > The output is as below. This was without Run As Administrator - with
>> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
>> > *seems* appropriate....
>>
>> It is.  Thanks for this test, the result is as horrifying as I imagined.
>> Can you please try the testcase attached to this mail, too?  It should
>> be built and run the same way:
>>
>>   $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
>>   $ ./azure-check2
> 
> Pleae use the one attached in this mail.  I noticed I forgot to print
> primary group info.  It's not unimportant to see it as well.
> 

Here it is:

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check2
  Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
Primary Group:
  Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
  Dom\Name: AzureAD\RussellMora
NetUserGetInfo: 53

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$

(As an aside, I assume that the fact that the permissions on the compiled executable are totally messed up, and thus the executable won't run until I fix them via Windows, is incidental to the fact that I am running under "Unknown+User" and thus you don't want any information on that as well.....)

Cheers,
Russell.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1.1: Type: text/plain, Size: 1928 bytes --]

On Aug  3 15:05, rmora@aboutgolf.com wrote:
> On Wednesday, August 3, 2016 14:16, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> 
> > On Aug  3 20:00, Corinna Vinschen wrote:
> >> On Aug  3 12:53, rmora@aboutgolf.com wrote:
> >> >
> >> >
> >> > The output is as below. This was without Run As Administrator - with
> >> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> >> > *seems* appropriate....
> >>
> >> It is.  Thanks for this test, the result is as horrifying as I imagined.
> >> Can you please try the testcase attached to this mail, too?  It should
> >> be built and run the same way:
> >>
> >>   $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
> >>   $ ./azure-check2
> > 
> > Pleae use the one attached in this mail.  I noticed I forgot to print
> > primary group info.  It's not unimportant to see it as well.
> > 
> 
> Here it is:
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ ./azure-check2
>   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> Primary Group:
>   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>   Dom\Name: AzureAD\RussellMora
> NetUserGetInfo: 53
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $
> 
> (As an aside, I assume that the fact that the permissions on the
> compiled executable are totally messed up, and thus the executable
> won't run until I fix them via Windows, is incidental to the fact that
> I am running under "Unknown+User" and thus you don't want any
> information on that as well.....)

Good thinking :)

Can you please try the attached testcase?  Probably my last straw.  If
that doesn't work as desired, support for AzureAD accounts will be very
limited.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 2323 bytes --]

#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;
  PDOMAIN_CONTROLLER_INFOW pci;
  NET_API_STATUS status;
  PUSER_INFO_3 ui3;
  PUSER_INFO_24 ui24;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, 
			 dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  ret = DsGetDcNameW (NULL, dom, NULL, NULL,
		      DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
  if (ret != ERROR_SUCCESS)
    {
      printf ("DsGetDcNameW: %u\n", status);
      return 1;
    }
  printf ("domain controller: %ls\n", pci->DomainControllerName);

  status = NetUserGetInfo (pci->DomainControllerName, name,
			   3, (PBYTE *) &ui3);
  if (status != NERR_Success)
    printf ("NetUserGetInfo(3): %u\n", status);
  else
    {
      printf ("UserInfo 3:\n");
      printf ("  Name: %ls\n", ui3->usri3_name);
    }

  status = NetUserGetInfo (pci->DomainControllerName, name,
			   24, (PBYTE *) &ui24);
  if (status != NERR_Success)
    printf ("NetUserGetInfo(24): %u\n", status);
  else
    {
      printf ("UserInfo 24:\n");
      printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
      printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
      printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
      printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
      ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
      printf ("  Sid: %s\n", str);
      LocalFree (str);
    }

  return 0;
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1.1: Type: text/plain, Size: 1339 bytes --]

On Aug  4 09:00, Corinna Vinschen wrote:
> On Aug  3 15:05, rmora@aboutgolf.com wrote:
> > [...]
> > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > $ ./azure-check2
> >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > Dom\Name: AzureAD\RussellMora
> > Primary Group:
> >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> >   Dom\Name: AzureAD\RussellMora
> > NetUserGetInfo: 53
> > 
> > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > $
> > 
> > (As an aside, I assume that the fact that the permissions on the
> > compiled executable are totally messed up, and thus the executable
> > won't run until I fix them via Windows, is incidental to the fact that
> > I am running under "Unknown+User" and thus you don't want any
> > information on that as well.....)
> 
> Good thinking :)
> 
> Can you please try the attached testcase?  Probably my last straw.  If
> that doesn't work as desired, support for AzureAD accounts will be very
> limited.

I guess you're already on vacation, but never mind.

I improved my testcase a bit and attached it to this mail.  Can you please
try this one when you're back?


Thanks a lot,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 3445 bytes --]

#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;
  PDOMAIN_CONTROLLER_INFOW pci;
  NET_API_STATUS status;
  PUSER_INFO_3 ui3;
  PUSER_INFO_24 ui24;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, 
			 dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  ret = DsGetDcNameW (NULL, dom, NULL, NULL,
		      DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
  if (ret != ERROR_SUCCESS)
    {
      printf ("DsGetDcNameW: %u\n", status);
      pci->DomainControllerName = NULL;
    }

  status = NetUserGetInfo (NULL, name, 3, (PBYTE *) &ui3);
  if (status != NERR_Success)
    printf ("NetUserGetInfo(NULL, 3): %u\n", status);
  else
    {
      printf ("UserInfo NULL, 3:\n");
      printf ("  Name: %ls\n", ui3->usri3_name);
      NetApiBufferFree (ui3);
    }
  status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
  if (status != NERR_Success)
    printf ("NetUserGetInfo(NULL, 24): %u\n", status);
  else
    {
      printf ("UserInfo NULL, 24:\n");
      printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
      printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
      printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
      printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
      ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
      printf ("  Sid: %s\n", str);
      LocalFree (str);
      NetApiBufferFree (ui24);
    }

  if (pci->DomainControllerName)
    {
      status = NetUserGetInfo (pci->DomainControllerName, name,
			       3, (PBYTE *) &ui3);
      if (status != NERR_Success)
	printf ("NetUserGetInfo(%ls, 3): %u\n", pci->DomainControllerName, status);
      else
	{
	  printf ("UserInfo %ls, 3:\n", pci->DomainControllerName);
	  printf ("  Name: %ls\n", ui3->usri3_name);
	  NetApiBufferFree (ui3);
	}

      status = NetUserGetInfo (pci->DomainControllerName, name,
			       24, (PBYTE *) &ui24);
      if (status != NERR_Success)
	printf ("NetUserGetInfo(%ls, 24): %u\n",
		pci->DomainControllerName, status);
      else
	{
	  printf ("UserInfo %ls, 24:\n", pci->DomainControllerName);
	  printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
	  printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
	  printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
	  printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
	  ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
	  printf ("  Sid: %s\n", str);
	  LocalFree (str);
	  NetApiBufferFree (ui24);
	}
    }

  return 0;
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1766 bytes --]

On Aug  5 12:27, Corinna Vinschen wrote:
> On Aug  4 09:00, Corinna Vinschen wrote:
> > On Aug  3 15:05, rmora@aboutgolf.com wrote:
> > > [...]
> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > $ ./azure-check2
> > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > Dom\Name: AzureAD\RussellMora
> > > Primary Group:
> > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > >   Dom\Name: AzureAD\RussellMora
> > > NetUserGetInfo: 53
> > > 
> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > $
> > > 
> > > (As an aside, I assume that the fact that the permissions on the
> > > compiled executable are totally messed up, and thus the executable
> > > won't run until I fix them via Windows, is incidental to the fact that
> > > I am running under "Unknown+User" and thus you don't want any
> > > information on that as well.....)
> > 
> > Good thinking :)
> > 
> > Can you please try the attached testcase?  Probably my last straw.  If
> > that doesn't work as desired, support for AzureAD accounts will be very
> > limited.
> 
> I guess you're already on vacation, but never mind.
> 
> I improved my testcase a bit and attached it to this mail.  Can you please
> try this one when you're back?

Oh, and while you're at it, can you please check your registry for a key

 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-12-1-2043906341-1249388050-2635137163-399631282

It should have a value called "ProfileImagePath" which contains something
along the lines of "C:\Users\RussellMora".


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[rmora]

On Friday, August 5, 2016 11:34, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:

> On Aug  5 12:27, Corinna Vinschen wrote:
>> On Aug  4 09:00, Corinna Vinschen wrote:
>> > On Aug  3 15:05, rmora@aboutgolf.com wrote:
>> > > [...]
>> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>> > > $ ./azure-check2
>> > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>> > > Dom\Name: AzureAD\RussellMora
>> > > Primary Group:
>> > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>> > >   Dom\Name: AzureAD\RussellMora
>> > > NetUserGetInfo: 53
>> > >
>> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>> > > $
>> > >
>> > > (As an aside, I assume that the fact that the permissions on the
>> > > compiled executable are totally messed up, and thus the executable
>> > > won't run until I fix them via Windows, is incidental to the fact that
>> > > I am running under "Unknown+User" and thus you don't want any
>> > > information on that as well.....)
>> >
>> > Good thinking :)
>> >
>> > Can you please try the attached testcase?  Probably my last straw.  If
>> > that doesn't work as desired, support for AzureAD accounts will be very
>> > limited.
>>
>> I guess you're already on vacation, but never mind.
>>
>> I improved my testcase a bit and attached it to this mail.  Can you please
>> try this one when you're back?
> 
> Oh, and while you're at it, can you please check your registry for a key
> 
>  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\ProfileList\S-1-12-1-2043906341-1249388050-2635137163-399631282
> 
> It should have a value called "ProfileImagePath" which contains something
> along the lines of "C:\Users\RussellMora".
> 

Yes it does, exactly as you described.

Cheers,
Russell.




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Duncan Roe]

On Fri, Aug 05, 2016 at 12:27:51PM +0200, Corinna Vinschen wrote:
> On Aug  4 09:00, Corinna Vinschen wrote:
> > On Aug  3 15:05, rmora@aboutgolf.com wrote:
> > > [...]
> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > $ ./azure-check2
> > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > Dom\Name: AzureAD\RussellMora
> > > Primary Group:
> > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > >   Dom\Name: AzureAD\RussellMora
> > > NetUserGetInfo: 53
> > >
> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > $
> > >
> > > (As an aside, I assume that the fact that the permissions on the
> > > compiled executable are totally messed up, and thus the executable
> > > won't run until I fix them via Windows, is incidental to the fact that
> > > I am running under "Unknown+User" and thus you don't want any
> > > information on that as well.....)
> >
> > Good thinking :)
> >
> > Can you please try the attached testcase?  Probably my last straw.  If
> > that doesn't work as desired, support for AzureAD accounts will be very
> > limited.
>
> I guess you're already on vacation, but never mind.
>
> I improved my testcase a bit and attached it to this mail.  Can you please
> try this one when you're back?
>
>
> Thanks a lot,
> Corinna
>
> --
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Maintainer                 cygwin AT cygwin DOT com
> Red Hat

> #include <stdio.h>
> #include <wchar.h>
> #define _WIN32_WINNT 0x0a00
> #define WINVER 0x0a00
> #include <windows.h>
> #include <lm.h>
> #include <dsgetdc.h>
> #include <sddl.h>
>
> int
> main ()
> {
>   HANDLE tok;
>   PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
>   DWORD ret;
>   LPSTR str;
>   WCHAR name[256];
>   WCHAR dom[256];
>   DWORD nlen, dlen;
>   SID_NAME_USE type;
>   PDOMAIN_CONTROLLER_INFOW pci;
>   NET_API_STATUS status;
>   PUSER_INFO_3 ui3;
>   PUSER_INFO_24 ui24;
>
>   if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
>     {
>       printf ("OpenProcessToken: %u\n", GetLastError ());
>       return 1;
>     }
>   if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
>     {
>       printf ("GetTokenInformation(user): %u\n", GetLastError ());
>       return 1;
>     }
>   ConvertSidToStringSidA (tp->User.Sid, &str);
>   printf ("  Sid: %s\n", str);
>   LocalFree (str);
>   nlen = dlen = 256;
>   if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
> 			 dom, &dlen, &type))
>     printf ("Dom\\Name: %ls\\%ls\n", dom, name);
>   else
>     printf ("LookupAccountSidW: %u\n", GetLastError ());
>
>   ret = DsGetDcNameW (NULL, dom, NULL, NULL,
> 		      DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
>   if (ret != ERROR_SUCCESS)
>     {
>       printf ("DsGetDcNameW: %u\n", status);
>       pci->DomainControllerName = NULL;
>     }
>
>   status = NetUserGetInfo (NULL, name, 3, (PBYTE *) &ui3);
>   if (status != NERR_Success)
>     printf ("NetUserGetInfo(NULL, 3): %u\n", status);
>   else
>     {
>       printf ("UserInfo NULL, 3:\n");
>       printf ("  Name: %ls\n", ui3->usri3_name);
>       NetApiBufferFree (ui3);
>     }
>   status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
>   if (status != NERR_Success)
>     printf ("NetUserGetInfo(NULL, 24): %u\n", status);
>   else
>     {
>       printf ("UserInfo NULL, 24:\n");
>       printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
>       printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
>       printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
>       printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
>       ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
>       printf ("  Sid: %s\n", str);
>       LocalFree (str);
>       NetApiBufferFree (ui24);
>     }
>
>   if (pci->DomainControllerName)
>     {
>       status = NetUserGetInfo (pci->DomainControllerName, name,
> 			       3, (PBYTE *) &ui3);
>       if (status != NERR_Success)
> 	printf ("NetUserGetInfo(%ls, 3): %u\n", pci->DomainControllerName, status);
>       else
> 	{
> 	  printf ("UserInfo %ls, 3:\n", pci->DomainControllerName);
> 	  printf ("  Name: %ls\n", ui3->usri3_name);
> 	  NetApiBufferFree (ui3);
> 	}
>
>       status = NetUserGetInfo (pci->DomainControllerName, name,
> 			       24, (PBYTE *) &ui24);
>       if (status != NERR_Success)
> 	printf ("NetUserGetInfo(%ls, 24): %u\n",
> 		pci->DomainControllerName, status);
>       else
> 	{
> 	  printf ("UserInfo %ls, 24:\n", pci->DomainControllerName);
> 	  printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
> 	  printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
> 	  printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
> 	  printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
> 	  ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
> 	  printf ("  Sid: %s\n", str);
> 	  LocalFree (str);
> 	  NetApiBufferFree (ui24);
> 	}
>     }
>
>   return 0;
> }




Hi Corrina,

I've been trying your tests out of interest (no Axure accounts here), and they all worked except this last one which segfaults:

13:24:12$ gcc -g -o azure-check2 azure-check2.c -lnetapi32
13:24:21$ ./azure-check2
  Sid: S-1-5-21-3870155988-15194067-1289216332-1002
Dom\Name: ROCKSTAR\Duncan
DsGetDcNameW: 0
Segmentation fault (core dumped)
13:24:28$ cat azure-check2.exe.stackdump
Exception: STATUS_ACCESS_VIOLATION at rip=001004012D6
rax=000000018027AB4C rbx=00000000FFFFCC60 rcx=0000000600000060
rdx=0000000000000000 rsi=000000018034A4D0 rdi=00000000FFFFCDF0
r8 =00000000FFFFC4AC r9 =00000001801523B0 r10=0000000100000000
r11=00000001004012D2 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
rbp=00000000FFFFC7F0 rsp=00000000FFFFC770
program=C:\cygwin64\home\dunc\tests\azure-check2.exe, pid 5824, thread main
cs=0033 ds=002B es=002B fs=0053 gs=002B ss=002B
Stack trace:
Frame        Function    Args
000FFFFC7F0  001004012D6 (00000000020, 30001000000FF00, 00180047B61, 000FFFFD680)
000FFFFCCC0  00180047BD2 (00000000000, 00000000000, 00000000000, 00000000000)
00000000000  0018004591C (00000000000, 00000000000, 00000000000, 00000000000)
000FFFFFFF0  001800459B4 (00000000000, 00000000000, 00000000000, 00000000000)
End of stack trace

Cheers ... Duncan.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1.1: Type: text/plain, Size: 1816 bytes --]

On Aug  7 13:27, Duncan Roe wrote:
> On Fri, Aug 05, 2016 at 12:27:51PM +0200, Corinna Vinschen wrote:
> > On Aug  4 09:00, Corinna Vinschen wrote:
> > > On Aug  3 15:05, rmora@aboutgolf.com wrote:
> > > > [...]
> > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > $ ./azure-check2
> > > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > Dom\Name: AzureAD\RussellMora
> > > > Primary Group:
> > > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > >   Dom\Name: AzureAD\RussellMora
> > > > NetUserGetInfo: 53
> > > >
> > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > $
> > > >
> > > > (As an aside, I assume that the fact that the permissions on the
> > > > compiled executable are totally messed up, and thus the executable
> > > > won't run until I fix them via Windows, is incidental to the fact that
> > > > I am running under "Unknown+User" and thus you don't want any
> > > > information on that as well.....)
> > >
> > > Good thinking :)
> > >
> > > Can you please try the attached testcase?  Probably my last straw.  If
> > > that doesn't work as desired, support for AzureAD accounts will be very
> > > limited.
> >
> > I guess you're already on vacation, but never mind.
> >
> > I improved my testcase a bit and attached it to this mail.  Can you please
> > try this one when you're back?
> >[...]
> Hi Corrina,

s/rr/in/rinn/ :)

> I've been trying your tests out of interest (no Axure accounts here), and they all worked except this last one which segfaults:

That you, I think I see where I made the mistake.  Can you try the 
attached?


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 3401 bytes --]

#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;
  PDOMAIN_CONTROLLER_INFOW pci;
  NET_API_STATUS status;
  PUSER_INFO_3 ui3;
  PUSER_INFO_24 ui24;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, 
			 dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  ret = DsGetDcNameW (NULL, dom, NULL, NULL,
		      DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
  if (ret != ERROR_SUCCESS)
    {
      printf ("DsGetDcNameW: %u\n", status);
      pci = NULL;
    }

  status = NetUserGetInfo (NULL, name, 3, (PBYTE *) &ui3);
  if (status != NERR_Success)
    printf ("NetUserGetInfo(NULL, 3): %u\n", status);
  else
    {
      printf ("UserInfo NULL, 3:\n");
      printf ("  Name: %ls\n", ui3->usri3_name);
      NetApiBufferFree (ui3);
    }
  status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
  if (status != NERR_Success)
    printf ("NetUserGetInfo(NULL, 24): %u\n", status);
  else
    {
      printf ("UserInfo NULL, 24:\n");
      printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
      printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
      printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
      printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
      ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
      printf ("  Sid: %s\n", str);
      LocalFree (str);
      NetApiBufferFree (ui24);
    }

  if (pci)
    {
      status = NetUserGetInfo (pci->DomainControllerName, name,
			       3, (PBYTE *) &ui3);
      if (status != NERR_Success)
	printf ("NetUserGetInfo(%ls, 3): %u\n", pci->DomainControllerName, status);
      else
	{
	  printf ("UserInfo %ls, 3:\n", pci->DomainControllerName);
	  printf ("  Name: %ls\n", ui3->usri3_name);
	  NetApiBufferFree (ui3);
	}

      status = NetUserGetInfo (pci->DomainControllerName, name,
			       24, (PBYTE *) &ui24);
      if (status != NERR_Success)
	printf ("NetUserGetInfo(%ls, 24): %u\n",
		pci->DomainControllerName, status);
      else
	{
	  printf ("UserInfo %ls, 24:\n", pci->DomainControllerName);
	  printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
	  printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
	  printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
	  printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
	  ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
	  printf ("  Sid: %s\n", str);
	  LocalFree (str);
	  NetApiBufferFree (ui24);
	}
    }

  return 0;
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[Duncan Roe]

On Mon, Aug 08, 2016 at 09:05:27AM +0200, Corinna Vinschen wrote:
> On Aug  7 13:27, Duncan Roe wrote:
> > On Fri, Aug 05, 2016 at 12:27:51PM +0200, Corinna Vinschen wrote:
> > > On Aug  4 09:00, Corinna Vinschen wrote:
> > > > On Aug  3 15:05, rmora@aboutgolf.com wrote:
> > > > > [...]
> > > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > > $ ./azure-check2
> > > > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > > Dom\Name: AzureAD\RussellMora
> > > > > Primary Group:
> > > > >   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > >   Dom\Name: AzureAD\RussellMora
> > > > > NetUserGetInfo: 53
> > > > >
> > > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > > $
> > > > >
> > > > > (As an aside, I assume that the fact that the permissions on the
> > > > > compiled executable are totally messed up, and thus the executable
> > > > > won't run until I fix them via Windows, is incidental to the fact that
> > > > > I am running under "Unknown+User" and thus you don't want any
> > > > > information on that as well.....)
> > > >
> > > > Good thinking :)
> > > >
> > > > Can you please try the attached testcase?  Probably my last straw.  If
> > > > that doesn't work as desired, support for AzureAD accounts will be very
> > > > limited.
> > >
> > > I guess you're already on vacation, but never mind.
> > >
> > > I improved my testcase a bit and attached it to this mail.  Can you please
> > > try this one when you're back?
> > >[...]
> > Hi Corrina,
>
> s/rr/in/rinn/ :)
>
> > I've been trying your tests out of interest (no Axure accounts here), and they all worked except this last one which segfaults:
>
> That you, I think I see where I made the mistake.  Can you try the
> attached?
>
>
> Thanks,
> Corinna
>
> --
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Maintainer                 cygwin AT cygwin DOT com
> Red Hat

> #include <stdio.h>
> #include <wchar.h>
> #define _WIN32_WINNT 0x0a00
> #define WINVER 0x0a00
> #include <windows.h>
> #include <lm.h>
> #include <dsgetdc.h>
> #include <sddl.h>
>
> int
> main ()
> {
>   HANDLE tok;
>   PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
>   DWORD ret;
>   LPSTR str;
>   WCHAR name[256];
>   WCHAR dom[256];
>   DWORD nlen, dlen;
>   SID_NAME_USE type;
>   PDOMAIN_CONTROLLER_INFOW pci;
>   NET_API_STATUS status;
>   PUSER_INFO_3 ui3;
>   PUSER_INFO_24 ui24;
>
>   if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
>     {
>       printf ("OpenProcessToken: %u\n", GetLastError ());
>       return 1;
>     }
>   if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
>     {
>       printf ("GetTokenInformation(user): %u\n", GetLastError ());
>       return 1;
>     }
>   ConvertSidToStringSidA (tp->User.Sid, &str);
>   printf ("  Sid: %s\n", str);
>   LocalFree (str);
>   nlen = dlen = 256;
>   if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
> 			 dom, &dlen, &type))
>     printf ("Dom\\Name: %ls\\%ls\n", dom, name);
>   else
>     printf ("LookupAccountSidW: %u\n", GetLastError ());
>
>   ret = DsGetDcNameW (NULL, dom, NULL, NULL,
> 		      DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
>   if (ret != ERROR_SUCCESS)
>     {
>       printf ("DsGetDcNameW: %u\n", status);
>       pci = NULL;
>     }
>
>   status = NetUserGetInfo (NULL, name, 3, (PBYTE *) &ui3);
>   if (status != NERR_Success)
>     printf ("NetUserGetInfo(NULL, 3): %u\n", status);
>   else
>     {
>       printf ("UserInfo NULL, 3:\n");
>       printf ("  Name: %ls\n", ui3->usri3_name);
>       NetApiBufferFree (ui3);
>     }
>   status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
>   if (status != NERR_Success)
>     printf ("NetUserGetInfo(NULL, 24): %u\n", status);
>   else
>     {
>       printf ("UserInfo NULL, 24:\n");
>       printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
>       printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
>       printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
>       printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
>       ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
>       printf ("  Sid: %s\n", str);
>       LocalFree (str);
>       NetApiBufferFree (ui24);
>     }
>
>   if (pci)
>     {
>       status = NetUserGetInfo (pci->DomainControllerName, name,
> 			       3, (PBYTE *) &ui3);
>       if (status != NERR_Success)
> 	printf ("NetUserGetInfo(%ls, 3): %u\n", pci->DomainControllerName, status);
>       else
> 	{
> 	  printf ("UserInfo %ls, 3:\n", pci->DomainControllerName);
> 	  printf ("  Name: %ls\n", ui3->usri3_name);
> 	  NetApiBufferFree (ui3);
> 	}
>
>       status = NetUserGetInfo (pci->DomainControllerName, name,
> 			       24, (PBYTE *) &ui24);
>       if (status != NERR_Success)
> 	printf ("NetUserGetInfo(%ls, 24): %u\n",
> 		pci->DomainControllerName, status);
>       else
> 	{
> 	  printf ("UserInfo %ls, 24:\n", pci->DomainControllerName);
> 	  printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
> 	  printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
> 	  printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
> 	  printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
> 	  ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
> 	  printf ("  Sid: %s\n", str);
> 	  LocalFree (str);
> 	  NetApiBufferFree (ui24);
> 	}
>     }
>
>   return 0;
> }

Runs to completion again,

Cheers ... Duncan.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 627 bytes --]

On Aug  8 21:48, Duncan Roe wrote:
> On Mon, Aug 08, 2016 at 09:05:27AM +0200, Corinna Vinschen wrote:
> > On Aug  7 13:27, Duncan Roe wrote:
> > > I've been trying your tests out of interest (no Axure accounts here), and they all worked except this last one which segfaults:
> >
> > That you, I think I see where I made the mistake.  Can you try the
> > attached?
> >[...]
> 
> Runs to completion again,
> 
> Cheers ... Duncan.

Thanks for testing!


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[rmora]

On Monday, August 8, 2016 07:58, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:

> On Aug  8 21:48, Duncan Roe wrote:
>> On Mon, Aug 08, 2016 at 09:05:27AM +0200, Corinna Vinschen wrote:
>> > On Aug  7 13:27, Duncan Roe wrote:
>> > > I've been trying your tests out of interest (no Axure accounts here), and
>> they all worked except this last one which segfaults:
>> >
>> > That you, I think I see where I made the mistake.  Can you try the
>> > attached?
>> >[...]
>>
>> Runs to completion again,
>>
>> Cheers ... Duncan.
> 
> Thanks for testing!
> 

Hi

Sorry for the delay in getting back to this. Here is the output I get:

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ gcc -W azure-check3.c -l Netapi32 -o azure-check3
azure-check3.c: In function ‘main’:
azure-check3.c:50:1: warning: ‘status’ may be used uninitialized in this function [-Wmaybe-uninitialized]
 printf ("DsGetDcNameW: %u\n", status);
 ^

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check3
 Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
DsGetDcNameW: 0
NetUserGetInfo(NULL, 3): 2221
NetUserGetInfo(NULL, 24): 2221

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$

Does that help at all?

Cheers,
Russell.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[rmora]

On Monday, August 15, 2016 12:29, "rmora@aboutgolf.com" <rmora@aboutgolf.com> said:

> 
> 
> Hi
> 
> Sorry for the delay in getting back to this. Here is the output I get:
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ gcc -W azure-check3.c -l Netapi32 -o azure-check3
> azure-check3.c: In function ‘main’:
> azure-check3.c:50:1: warning: ‘status’ may be used uninitialized in
> this function [-Wmaybe-uninitialized]
>  printf ("DsGetDcNameW: %u\n", status);
>  ^
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ ./azure-check3
>  Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> DsGetDcNameW: 0
> NetUserGetInfo(NULL, 3): 2221
> NetUserGetInfo(NULL, 24): 2221
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $
> 

Oops - I fixed the warning. Now I get this:

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ diff -u azure-check3.c__ORIG  azure-check3.c
--- azure-check3.c__ORIG        2016-08-15 12:48:06.682783600 -0400
+++ azure-check3.c      2016-08-15 12:45:57.266928000 -0400
@@ -42,8 +42,8 @@
        else
                printf ("LookupAccountSidW: %u\n", GetLastError ());

-       ret = DsGetDcNameW (NULL, dom, NULL, NULL, DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
-       if (ret != ERROR_SUCCESS)
+       status = DsGetDcNameW (NULL, dom, NULL, NULL, DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
+       if (status != ERROR_SUCCESS)
        {
                printf ("DsGetDcNameW: %u\n", status);
                pci = NULL;

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check3
 Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
DsGetDcNameW: 1355
NetUserGetInfo(NULL, 3): 2221
NetUserGetInfo(NULL, 24): 2221

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1.1: Type: text/plain, Size: 1621 bytes --]

Hi Russell,

On Aug 15 12:48, rmora@aboutgolf.com wrote:
> $ ./azure-check3
>  Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> DsGetDcNameW: 1355
> NetUserGetInfo(NULL, 3): 2221
> NetUserGetInfo(NULL, 24): 2221

This is as bad as I feared.  Apart from the username and the Windows
home dir, there are no other information which could be fetched by
the usual means.  Quite apart from the fact that there are no means to
*store* this information somewhere, other than creating an explicit
/etc/passwd and matching /etc/group entry.

But, anyway, I prepared some code for the Cygwin DLL to handle these
accounts even if no /etc/passwd and /etc/group entries are present.  It
still needs some work, though, and for that I'd ask you to perform a
last test.

I attached a short testcase.  We know that LookupAccountSid from the
user SID in the user token returns a name (RussellMora) and a domain
(AzureAD).  However, the open question is if the reverse operation
LookupAccountName works as desired when feeding it the domain name
and the user name.  Actually, for completeness the testcase tries it
two ways:  Once only with the username, once with dom\username.

The reason for testing this is, if the reverse lookup works with only
the name we *could* go ahead and omit the domain from the Cygwin
username.  I'm not yet sure if that's feasible, but it's certainly worth
a try.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 1713 bytes --]

#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  WCHAR aname[513];
  PSID rsid = (PSID) malloc (128);
  DWORD nlen, dlen, rlen;
  SID_NAME_USE type;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  rlen = 128;
  dlen = 256;
  if (LookupAccountNameW (NULL, name, rsid, &rlen, dom, &dlen, &type))
    {
      ConvertSidToStringSidA (rsid, &str);
      printf ("Reverse Sid (%ls): %s\n", name, str);
      LocalFree (str);
    }
  else
    printf ("LookupAccountNameW (%ls): %u\n", name, GetLastError ());

  wcpcpy (wcpcpy (wcpcpy (aname, dom), L"\\"), name);
  rlen = 128;
  dlen = 256;
  if (LookupAccountNameW (NULL, aname, rsid, &rlen, dom, &dlen, &type))
    {
      ConvertSidToStringSidA (rsid, &str);
      printf ("Reverse Sid (%ls): %s\n", aname, str);
      LocalFree (str);
    }
  else
    printf ("LookupAccountNameW (%ls): %u\n", aname, GetLastError ());

  return 0;
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[rmora]

Hi Corinna

On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:

> Hi Russell,
> 
> This is as bad as I feared.  Apart from the username and the Windows
> home dir, there are no other information which could be fetched by
> the usual means.  Quite apart from the fact that there are no means to
> *store* this information somewhere, other than creating an explicit
> /etc/passwd and matching /etc/group entry.
> 
> But, anyway, I prepared some code for the Cygwin DLL to handle these
> accounts even if no /etc/passwd and /etc/group entries are present.  It
> still needs some work, though, and for that I'd ask you to perform a
> last test.
> 
> I attached a short testcase.  We know that LookupAccountSid from the
> user SID in the user token returns a name (RussellMora) and a domain
> (AzureAD).  However, the open question is if the reverse operation
> LookupAccountName works as desired when feeding it the domain name
> and the user name.  Actually, for completeness the testcase tries it
> two ways:  Once only with the username, once with dom\username.
> 
> The reason for testing this is, if the reverse lookup works with only
> the name we *could* go ahead and omit the domain from the Cygwin
> username.  I'm not yet sure if that's feasible, but it's certainly worth
> a try.
> 

Both seem to work. I guess what you are proposing makes sense - the AzureAD domain is like a single domain with multiple tenants (yeah, I don't really know what I'm talking about with respect to AD....). Anyway, let me know if you want me to do any more testing, I'm still very willing to be a Guinea Pig (squeek squeek) - thanks for figuring this out for me!

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ gcc -W azure-check5.c -l Netapi32 -o azure-check5

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check5
Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282

Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$

HTH

Cheers,
Russell.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2566 bytes --]

Hi Russell,

On Aug 16 11:27, rmora@aboutgolf.com wrote:
> Hi Corinna
> 
> On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> 
> > Hi Russell,
> > 
> > This is as bad as I feared.  Apart from the username and the Windows
> > home dir, there are no other information which could be fetched by
> > the usual means.  Quite apart from the fact that there are no means to
> > *store* this information somewhere, other than creating an explicit
> > /etc/passwd and matching /etc/group entry.
> > 
> > But, anyway, I prepared some code for the Cygwin DLL to handle these
> > accounts even if no /etc/passwd and /etc/group entries are present.  It
> > still needs some work, though, and for that I'd ask you to perform a
> > last test.
> > 
> > I attached a short testcase.  We know that LookupAccountSid from the
> > user SID in the user token returns a name (RussellMora) and a domain
> > (AzureAD).  However, the open question is if the reverse operation
> > LookupAccountName works as desired when feeding it the domain name
> > and the user name.  Actually, for completeness the testcase tries it
> > two ways:  Once only with the username, once with dom\username.
> > 
> > The reason for testing this is, if the reverse lookup works with only
> > the name we *could* go ahead and omit the domain from the Cygwin
> > username.  I'm not yet sure if that's feasible, but it's certainly worth
> > a try.
> > 
> 
> Both seem to work. I guess what you are proposing makes sense - the
> AzureAD domain is like a single domain with multiple tenants (yeah, I
> don't really know what I'm talking about with respect to AD....).
> Anyway, let me know if you want me to do any more testing, I'm still
> very willing to be a Guinea Pig (squeek squeek) - thanks for figuring
> this out for me!
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ ./azure-check5
> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282

Good to know, thank you.  Give me a bit and I'll come up with a Cygwin
DLL for testing.


Stay tuned,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1664 bytes --]

On Aug 16 17:45, Corinna Vinschen wrote:
> On Aug 16 11:27, rmora@aboutgolf.com wrote:
> > Hi Corinna
> > 
> > On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> > 
> > > Hi Russell,
> > > 
> > > This is as bad as I feared.  Apart from the username and the Windows
> > > home dir, there are no other information which could be fetched by
> > > the usual means.  Quite apart from the fact that there are no means to
> > > *store* this information somewhere, other than creating an explicit
> > > /etc/passwd and matching /etc/group entry.
> > > 
> > > But, anyway, I prepared some code for the Cygwin DLL to handle these
> > > accounts even if no /etc/passwd and /etc/group entries are present.  It
> > > still needs some work, though, and for that I'd ask you to perform a
> > > last test.
> > > [...]
> > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
> > 
> > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > $ ./azure-check5
> > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > Dom\Name: AzureAD\RussellMora
> > Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> > Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> 
> Good to know, thank you.  Give me a bit and I'll come up with a Cygwin
> DLL for testing.

FTR, this has been kinked out off-list.  The resulting patch is in git
master now.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[Thomas Wolff]

Am 18.08.2016 um 11:35 schrieb Corinna Vinschen:
> On Aug 16 17:45, Corinna Vinschen wrote:
>> On Aug 16 11:27, rmora@aboutgolf.com wrote:
>>> Hi Corinna
>>>
>>> On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
>>>
>>>> Hi Russell,
>>>>
>>>> This is as bad as I feared.  Apart from the username and the Windows
>>>> home dir, there are no other information which could be fetched by
>>>> the usual means.  Quite apart from the fact that there are no means to
>>>> *store* this information somewhere, other than creating an explicit
>>>> /etc/passwd and matching /etc/group entry.
>>>>
>>>> But, anyway, I prepared some code for the Cygwin DLL to handle these
>>>> accounts even if no /etc/passwd and /etc/group entries are present.  It
>>>> still needs some work, though, and for that I'd ask you to perform a
>>>> last test.
>>>> [...]
>>> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>>> $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
>>>
>>> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>>> $ ./azure-check5
>>> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>>> Dom\Name: AzureAD\RussellMora
>>> Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>>> Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>> Good to know, thank you.  Give me a bit and I'll come up with a Cygwin
>> DLL for testing.
> FTR, this has been kinked out off-list.  The resulting patch is in git master now.
Sounds great. Would it be an option to release this fix in a 2.5.3 
version to have a final XP release for all users?
Thomas

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2034 bytes --]

On Aug 18 21:52, Thomas Wolff wrote:
> Am 18.08.2016 um 11:35 schrieb Corinna Vinschen:
> > On Aug 16 17:45, Corinna Vinschen wrote:
> > > On Aug 16 11:27, rmora@aboutgolf.com wrote:
> > > > Hi Corinna
> > > > 
> > > > On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> > > > 
> > > > > Hi Russell,
> > > > > 
> > > > > This is as bad as I feared.  Apart from the username and the Windows
> > > > > home dir, there are no other information which could be fetched by
> > > > > the usual means.  Quite apart from the fact that there are no means to
> > > > > *store* this information somewhere, other than creating an explicit
> > > > > /etc/passwd and matching /etc/group entry.
> > > > > 
> > > > > But, anyway, I prepared some code for the Cygwin DLL to handle these
> > > > > accounts even if no /etc/passwd and /etc/group entries are present.  It
> > > > > still needs some work, though, and for that I'd ask you to perform a
> > > > > last test.
> > > > > [...]
> > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
> > > > 
> > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > $ ./azure-check5
> > > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > Dom\Name: AzureAD\RussellMora
> > > > Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > Good to know, thank you.  Give me a bit and I'll come up with a Cygwin
> > > DLL for testing.
> > FTR, this has been kinked out off-list.  The resulting patch is in git master now.
> Sounds great. Would it be an option to release this fix in a 2.5.3 version
> to have a final XP release for all users?

I'm not planning to release a 2.5.3.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[Thomas Wolff]

Am 19.08.2016 um 11:09 schrieb Corinna Vinschen:
> On Aug 18 21:52, Thomas Wolff wrote:
>> Am 18.08.2016 um 11:35 schrieb Corinna Vinschen:
>>> On Aug 16 17:45, Corinna Vinschen wrote:
>>>> On Aug 16 11:27, rmora@aboutgolf.com wrote:
>>>>> Hi Corinna
>>>>>
>>>>> On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
>>>>>
>>>>>> Hi Russell,
>>>>>>
>>>>>> This is as bad as I feared.  Apart from the username and the Windows
>>>>>> home dir, there are no other information which could be fetched by
>>>>>> the usual means.  Quite apart from the fact that there are no means to
>>>>>> *store* this information somewhere, other than creating an explicit
>>>>>> /etc/passwd and matching /etc/group entry.
>>>>>>
>>>>>> But, anyway, I prepared some code for the Cygwin DLL to handle these
>>>>>> accounts even if no /etc/passwd and /etc/group entries are present.  It
>>>>>> still needs some work, though, and for that I'd ask you to perform a
>>>>>> last test.
>>>>>> [...]
>>>>> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>>>>> $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
>>>>>
>>>>> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>>>>> $ ./azure-check5
>>>>> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>>>>> Dom\Name: AzureAD\RussellMora
>>>>> Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>>>>> Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>>>> Good to know, thank you.  Give me a bit and I'll come up with a Cygwin
>>>> DLL for testing.
>>> FTR, this has been kinked out off-list.  The resulting patch is in git master now.
>> Sounds great. Would it be an option to release this fix in a 2.5.3 version
>> to have a final XP release for all users?
> I'm not planning to release a 2.5.3.
I didn't think so. I meant to kindly attempt to nag you to modify the 
plan and add such a release so that cygwin or standalone packages based 
on cygwin would work for Azure users that happen to be still running XP.
------
Thomas

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Erik Soderquist]

On Fri, Aug 19, 2016 at 3:02 PM, Thomas Wolff wrote:
... Azure users that happen to be still running XP.

Is that actually possible?  I thought Azure's minimum requirements
would not accept XP...

--- Erik

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Thomas Wolff]

Am 19.08.2016 um 22:24 schrieb Erik Soderquist:
> On Fri, Aug 19, 2016 at 3:02 PM, Thomas Wolff wrote:
> ... Azure users that happen to be still running XP.
>
> Is that actually possible?  I thought Azure's minimum requirements
> would not accept XP...
OK, so a solution for users having both is irrelevant but still a 
solution (for standalone packages) that works alike with either XP users 
or Azure users would be useful, to avoid this conflict just for the 
timing of a few weeks that this issue got resolved after preparing 2.6. 
Just pondering for consideration...
------
Thomas

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[cyg Simple]

On 8/21/2016 7:33 PM, Thomas Wolff wrote:
> Am 19.08.2016 um 22:24 schrieb Erik Soderquist:
>> On Fri, Aug 19, 2016 at 3:02 PM, Thomas Wolff wrote:
>> ... Azure users that happen to be still running XP.
>>
>> Is that actually possible?  I thought Azure's minimum requirements
>> would not accept XP...
> OK, so a solution for users having both is irrelevant but still a
> solution (for standalone packages) that works alike with either XP users
> or Azure users would be useful, to avoid this conflict just for the
> timing of a few weeks that this issue got resolved after preparing 2.6.
> Just pondering for consideration...

This topic has been exhaustively discussed.  XP is dead for future work.
 Let's move on and let it die.  If someone wants to maintain a fork for
XP users then perhaps Corinna would be willing for a git branch to
exist, maybe?  But someone has to be responsible for maintaining it and
it will not be the maintainers of the official release branches.  So
Thomas are you volunteering to do that if Corinna allows it?

-- 
cyg Simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Achim Gratz]

Thomas Wolff writes:
> OK, so a solution for users having both is irrelevant but still a
> solution (for standalone packages) that works alike with either XP
> users or Azure users would be useful, to avoid this conflict just for
> the timing of a few weeks that this issue got resolved after preparing
> 2.6. Just pondering for consideration...

Anyone still using XP really shouldn't be connected in any way to the
internet, so that'd rule out Azure as well.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptation for Waldorf microQ V2.22R2:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[rmora]

<squeek squeek>

Though I am going on vacation in a couple of days until the 15th....

C:\Users\RussellMora>whoami
azuread\russellmora

C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
       logged-on user is not a domain user.

C:\Users\RussellMora>whoami /all

USER INFORMATION
----------------

User Name           SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282


GROUP INFORMATION
-----------------

Group Name                                Type             SID                                                  Attributes
========================================= ================ ==================================================== ==================================================
Mandatory Label\Medium Mandatory Level    Label            S-1-16-8192
Everyone                                  Well-known group S-1-1-0                                              Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators                    Alias            S-1-5-32-544                                         Group used for deny only
BUILTIN\Users                             Alias            S-1-5-32-545                                         Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE                  Well-known group S-1-5-4                                              Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                             Well-known group S-1-2-1                                              Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users          Well-known group S-1-5-11                                             Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization            Well-known group S-1-5-15                                             Mandatory group, Enabled by default, Enabled group
LOCAL                                     Well-known group S-1-2-0                                              Mandatory group, Enabled by default, Enabled group
                                          Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36                                          Mandatory group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                          State
============================= ==================================== ========
SeShutdownPrivilege           Shut down the system                 Disabled
SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
SeUndockPrivilege             Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
SeTimeZonePrivilege           Change the time zone                 Disabled


C:\Users\RussellMora>



On Aug  1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
y()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>=20
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>=20
> I have no idea how to establish a working startup of mintty for those use=
rs.

The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts.  I like it
how Microsoft screws up otherwise working software with this
strange domain handling.

To fix this we have to be able to come up with a working user and group
account for these cases.  For that I need at least output from `whoami
/all'.  I wonder why supposedly nobody tried that after /fqdn didn't
work.

This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows().  There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).

Alternatively I need at least a guinea pig with such an account,


Corinna





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[rmora]

<squeek squeek>

Though I am going on vacation in a couple of days until the 15th....

C:\Users\RussellMora>whoami
azuread\russellmora

C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
       logged-on user is not a domain user.

C:\Users\RussellMora>whoami /all

USER INFORMATION
----------------

User Name           SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282


GROUP INFORMATION
-----------------

Group Name                                Type             SID                                                  Attributes
========================================= ================ ==================================================== ==================================================
Mandatory Label\Medium Mandatory Level    Label            S-1-16-8192
Everyone                                  Well-known group S-1-1-0                                              Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators                    Alias            S-1-5-32-544                                         Group used for deny only
BUILTIN\Users                             Alias            S-1-5-32-545                                         Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE                  Well-known group S-1-5-4                                              Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                             Well-known group S-1-2-1                                              Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users          Well-known group S-1-5-11                                             Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization            Well-known group S-1-5-15                                             Mandatory group, Enabled by default, Enabled group
LOCAL                                     Well-known group S-1-2-0                                              Mandatory group, Enabled by default, Enabled group
                                          Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36                                          Mandatory group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                          State
============================= ==================================== ========
SeShutdownPrivilege           Shut down the system                 Disabled
SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
SeUndockPrivilege             Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
SeTimeZonePrivilege           Change the time zone                 Disabled


C:\Users\RussellMora>



On Aug  1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
y()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>=20
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>=20
> I have no idea how to establish a working startup of mintty for those use=
rs.

The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts.  I like it
how Microsoft screws up otherwise working software with this
strange domain handling.

To fix this we have to be able to come up with a working user and group
account for these cases.  For that I need at least output from `whoami
/all'.  I wonder why supposedly nobody tried that after /fqdn didn't
work.

This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows().  There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).

Alternatively I need at least a guinea pig with such an account,


Corinna





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2888 bytes --]

Hi,

On Aug  2 11:44, rmora@aboutgolf.com wrote:
> <squeek squeek>

Thank you!  Just a small request, please don't cc the corinna-cygwin
account, just send to the list.  Thank you.

> C:\Users\RussellMora>whoami /all
> 
> USER INFORMATION
> ----------------
> 
> User Name           SID
> =================== ===================================================
> azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
> 
> 
> GROUP INFORMATION
> -----------------
> 
> Group Name                                Type             SID                                                  Attributes
> ========================================= ================ ==================================================== ==================================================
> Mandatory Label\Medium Mandatory Level    Label            S-1-16-8192
> Everyone                                  Well-known group S-1-1-0                                              Mandatory group, Enabled by default, Enabled group
> BUILTIN\Administrators                    Alias            S-1-5-32-544                                         Group used for deny only
> BUILTIN\Users                             Alias            S-1-5-32-545                                         Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\INTERACTIVE                  Well-known group S-1-5-4                                              Mandatory group, Enabled by default, Enabled group
> CONSOLE LOGON                             Well-known group S-1-2-1                                              Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\Authenticated Users          Well-known group S-1-5-11                                             Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\This Organization            Well-known group S-1-5-15                                             Mandatory group, Enabled by default, Enabled group
> LOCAL                                     Well-known group S-1-2-0                                              Mandatory group, Enabled by default, Enabled group
>                                           Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Yuk!

This is not nice.  Can you try to repeat this call to `whoami /all'
in an elevated shell?  I doubt it will chnage the outcome in terms
of this "Unknown SID", but let's at least try...

I think I will have to come up with a test application as well,
but this might take a day or two...


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

/dev/ptmx fails with Azure accounts

[Thomas Wolff]

For Azure Domain users (and I do not really know what that means),
pts handling does not seem to work, at least not for mintty, where 
forkpty() fails.
Please check https://github.com/mintty/mintty/issues/563 for a discussion,
and my comment 
https://github.com/mintty/mintty/issues/563#issuecomment-235310199

Also, there has been a similar report here: 
https://sourceware.org/ml/cygwin/2016-02/msg00046.html

I have no idea how to establish a working startup of mintty for those users.
------
Thomas

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1527 bytes --]

On Aug  1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpty()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
> 
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
> 
> I have no idea how to establish a working startup of mintty for those users.

The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts.  I like it
how Microsoft screws up otherwise working software with this
strange domain handling.

To fix this we have to be able to come up with a working user and group
account for these cases.  For that I need at least output from `whoami
/all'.  I wonder why supposedly nobody tried that after /fqdn didn't
work.

This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows().  There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).

Alternatively I need at least a guinea pig with such an account,


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: /dev/ptmx fails with Azure accounts

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2216 bytes --]

On Aug  2 11:54, Corinna Vinschen wrote:
> On Aug  1 22:24, Thomas Wolff wrote:
> > For Azure Domain users (and I do not really know what that means),
> > pts handling does not seem to work, at least not for mintty, where forkpty()
> > fails.
> > Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> > and my comment
> > https://github.com/mintty/mintty/issues/563#issuecomment-235310199
> > 
> > Also, there has been a similar report here:
> > https://sourceware.org/ml/cygwin/2016-02/msg00046.html
> > 
> > I have no idea how to establish a working startup of mintty for those users.
> 
> The problem here is that it's impossible to generate access
> permissions for the pty with those weird accounts.  I like it
> how Microsoft screws up otherwise working software with this
> strange domain handling.
> 
> To fix this we have to be able to come up with a working user and group
> account for these cases.  For that I need at least output from `whoami
> /all'.  I wonder why supposedly nobody tried that after /fqdn didn't
> work.
> 
> This may be fixable by somebody with such an account and willing to hack
> on the Cygwin function pwdgrp::fetch_account_from_windows().  There's
> already some code for the so-called "Windows accounts" which seem to
> work in a similar fashion (albeit in this case the user has a local
> account SID).
> 
> Alternatively I need at least a guinea pig with such an account,

There's another problem with those accounts.  If they act like a domain
account, but there's no valid domain info on the machine (*), then who
should Cygwin ask for shell and home dir?

(*) That's the cause of the "Unknown domain AzureAD".  Usually the local
    machine has a list of domains which is refreshed once in a while.
    Even the local machine SAM is a domain in this view.

    However, while the LookupAccountSid function seems to return
    "AzureAD" as the domain name for this account, the domain list on
    the local machine does not contain this domain.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]