public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: /dev/ptmx fails with Azure accounts
Date: Thu, 04 Aug 2016 09:13:00 -0000	[thread overview]
Message-ID: <20160804070058.GA2333@calimero.vinschen.de> (raw)
In-Reply-To: <1470251109.311822327@apps.rackspace.com>


[-- Attachment #1.1: Type: text/plain, Size: 1928 bytes --]

On Aug  3 15:05, rmora@aboutgolf.com wrote:
> On Wednesday, August 3, 2016 14:16, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> 
> > On Aug  3 20:00, Corinna Vinschen wrote:
> >> On Aug  3 12:53, rmora@aboutgolf.com wrote:
> >> >
> >> >
> >> > The output is as below. This was without Run As Administrator - with
> >> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> >> > *seems* appropriate....
> >>
> >> It is.  Thanks for this test, the result is as horrifying as I imagined.
> >> Can you please try the testcase attached to this mail, too?  It should
> >> be built and run the same way:
> >>
> >>   $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
> >>   $ ./azure-check2
> > 
> > Pleae use the one attached in this mail.  I noticed I forgot to print
> > primary group info.  It's not unimportant to see it as well.
> > 
> 
> Here it is:
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ ./azure-check2
>   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> Primary Group:
>   Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>   Dom\Name: AzureAD\RussellMora
> NetUserGetInfo: 53
> 
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $
> 
> (As an aside, I assume that the fact that the permissions on the
> compiled executable are totally messed up, and thus the executable
> won't run until I fix them via Windows, is incidental to the fact that
> I am running under "Unknown+User" and thus you don't want any
> information on that as well.....)

Good thinking :)

Can you please try the attached testcase?  Probably my last straw.  If
that doesn't work as desired, support for AzureAD accounts will be very
limited.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 2323 bytes --]

#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;
  PDOMAIN_CONTROLLER_INFOW pci;
  NET_API_STATUS status;
  PUSER_INFO_3 ui3;
  PUSER_INFO_24 ui24;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, 
			 dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  ret = DsGetDcNameW (NULL, dom, NULL, NULL,
		      DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
  if (ret != ERROR_SUCCESS)
    {
      printf ("DsGetDcNameW: %u\n", status);
      return 1;
    }
  printf ("domain controller: %ls\n", pci->DomainControllerName);

  status = NetUserGetInfo (pci->DomainControllerName, name,
			   3, (PBYTE *) &ui3);
  if (status != NERR_Success)
    printf ("NetUserGetInfo(3): %u\n", status);
  else
    {
      printf ("UserInfo 3:\n");
      printf ("  Name: %ls\n", ui3->usri3_name);
    }

  status = NetUserGetInfo (pci->DomainControllerName, name,
			   24, (PBYTE *) &ui24);
  if (status != NERR_Success)
    printf ("NetUserGetInfo(24): %u\n", status);
  else
    {
      printf ("UserInfo 24:\n");
      printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
      printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
      printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
      printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
      ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
      printf ("  Sid: %s\n", str);
      LocalFree (str);
    }

  return 0;
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

  reply	other threads:[~2016-08-04  7:01 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-03  6:19 rmora
2016-08-03 18:00 ` Corinna Vinschen
2016-08-03 18:17   ` rmora
2016-08-03 19:05     ` Corinna Vinschen
2016-08-03 19:47       ` Corinna Vinschen
2016-08-03 19:47         ` rmora
2016-08-04  9:13           ` Corinna Vinschen [this message]
2016-08-05 11:24             ` Corinna Vinschen
2016-08-05 17:52               ` Corinna Vinschen
2016-08-15 18:34                 ` rmora
2016-08-07  5:52               ` Duncan Roe
2016-08-08  7:24                 ` Corinna Vinschen
2016-08-08 12:42                   ` Duncan Roe
2016-08-08 13:43                     ` Corinna Vinschen
2016-08-15 16:49                       ` rmora
2016-08-15 18:54                         ` rmora
2016-08-16 10:32                           ` Corinna Vinschen
2016-08-16 15:50                             ` rmora
2016-08-16 16:07                               ` Corinna Vinschen
2016-08-18 10:04                                 ` Corinna Vinschen
2016-08-19  9:09                                   ` Thomas Wolff
2016-08-19 12:28                                     ` Corinna Vinschen
2016-08-19 20:04                                       ` Thomas Wolff
2016-08-19 21:28                                         ` Erik Soderquist
2016-08-22  3:28                                           ` Thomas Wolff
2016-08-22 14:23                                             ` cyg Simple
2016-08-22 18:51                                             ` Achim Gratz
  -- strict thread matches above, loose matches on Subject: below --
2016-08-02 15:45 rmora
2016-08-02 16:29 ` rmora
2016-08-02 16:54 ` Corinna Vinschen
2016-08-01 20:25 Thomas Wolff
2016-08-02  9:54 ` Corinna Vinschen
2016-08-02 13:50   ` Corinna Vinschen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160804070058.GA2333@calimero.vinschen.de \
    --to=corinna-cygwin@cygwin.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).