From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: /dev/ptmx fails with Azure accounts
Date: Tue, 16 Aug 2016 10:32:00 -0000 [thread overview]
Message-ID: <20160816091236.yws3hk3o5fihlbe7@calimero.vinschen.de> (raw)
In-Reply-To: <1471279732.794730680@apps.rackspace.com>
[-- Attachment #1.1: Type: text/plain, Size: 1621 bytes --]
Hi Russell,
On Aug 15 12:48, rmora@aboutgolf.com wrote:
> $ ./azure-check3
> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> DsGetDcNameW: 1355
> NetUserGetInfo(NULL, 3): 2221
> NetUserGetInfo(NULL, 24): 2221
This is as bad as I feared. Apart from the username and the Windows
home dir, there are no other information which could be fetched by
the usual means. Quite apart from the fact that there are no means to
*store* this information somewhere, other than creating an explicit
/etc/passwd and matching /etc/group entry.
But, anyway, I prepared some code for the Cygwin DLL to handle these
accounts even if no /etc/passwd and /etc/group entries are present. It
still needs some work, though, and for that I'd ask you to perform a
last test.
I attached a short testcase. We know that LookupAccountSid from the
user SID in the user token returns a name (RussellMora) and a domain
(AzureAD). However, the open question is if the reverse operation
LookupAccountName works as desired when feeding it the domain name
and the user name. Actually, for completeness the testcase tries it
two ways: Once only with the username, once with dom\username.
The reason for testing this is, if the reverse lookup works with only
the name we *could* go ahead and omit the domain from the Cygwin
username. I'm not yet sure if that's feasible, but it's certainly worth
a try.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 1713 bytes --]
#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>
int
main ()
{
HANDLE tok;
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
DWORD ret;
LPSTR str;
WCHAR name[256];
WCHAR dom[256];
WCHAR aname[513];
PSID rsid = (PSID) malloc (128);
DWORD nlen, dlen, rlen;
SID_NAME_USE type;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
printf ("OpenProcessToken: %u\n", GetLastError ());
return 1;
}
if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("GetTokenInformation(user): %u\n", GetLastError ());
return 1;
}
ConvertSidToStringSidA (tp->User.Sid, &str);
printf ("Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, dom, &dlen, &type))
printf ("Dom\\Name: %ls\\%ls\n", dom, name);
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
rlen = 128;
dlen = 256;
if (LookupAccountNameW (NULL, name, rsid, &rlen, dom, &dlen, &type))
{
ConvertSidToStringSidA (rsid, &str);
printf ("Reverse Sid (%ls): %s\n", name, str);
LocalFree (str);
}
else
printf ("LookupAccountNameW (%ls): %u\n", name, GetLastError ());
wcpcpy (wcpcpy (wcpcpy (aname, dom), L"\\"), name);
rlen = 128;
dlen = 256;
if (LookupAccountNameW (NULL, aname, rsid, &rlen, dom, &dlen, &type))
{
ConvertSidToStringSidA (rsid, &str);
printf ("Reverse Sid (%ls): %s\n", aname, str);
LocalFree (str);
}
else
printf ("LookupAccountNameW (%ls): %u\n", aname, GetLastError ());
return 0;
}
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-08-16 9:12 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-03 6:19 rmora
2016-08-03 18:00 ` Corinna Vinschen
2016-08-03 18:17 ` rmora
2016-08-03 19:05 ` Corinna Vinschen
2016-08-03 19:47 ` Corinna Vinschen
2016-08-03 19:47 ` rmora
2016-08-04 9:13 ` Corinna Vinschen
2016-08-05 11:24 ` Corinna Vinschen
2016-08-05 17:52 ` Corinna Vinschen
2016-08-15 18:34 ` rmora
2016-08-07 5:52 ` Duncan Roe
2016-08-08 7:24 ` Corinna Vinschen
2016-08-08 12:42 ` Duncan Roe
2016-08-08 13:43 ` Corinna Vinschen
2016-08-15 16:49 ` rmora
2016-08-15 18:54 ` rmora
2016-08-16 10:32 ` Corinna Vinschen [this message]
2016-08-16 15:50 ` rmora
2016-08-16 16:07 ` Corinna Vinschen
2016-08-18 10:04 ` Corinna Vinschen
2016-08-19 9:09 ` Thomas Wolff
2016-08-19 12:28 ` Corinna Vinschen
2016-08-19 20:04 ` Thomas Wolff
2016-08-19 21:28 ` Erik Soderquist
2016-08-22 3:28 ` Thomas Wolff
2016-08-22 14:23 ` cyg Simple
2016-08-22 18:51 ` Achim Gratz
-- strict thread matches above, loose matches on Subject: below --
2016-08-02 15:45 rmora
2016-08-02 16:29 ` rmora
2016-08-02 16:54 ` Corinna Vinschen
2016-08-01 20:25 Thomas Wolff
2016-08-02 9:54 ` Corinna Vinschen
2016-08-02 13:50 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160816091236.yws3hk3o5fihlbe7@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).