* Re: /dev/ptmx fails with Azure accounts
@ 2016-08-03 6:19 rmora
2016-08-03 18:00 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: rmora @ 2016-08-03 6:19 UTC (permalink / raw)
To: cygwin
[I'm so sorry I'm messing up the mailing list by not replying to the proper email.... I only just got it through my thick skull now to subscribe to the mailing list. I think my brain is on vacation already....]
Unfortunately your prediction was correct - RunAs Administrator CMD gives this:
C:\WINDOWS\system32>whoami
azuread\russellmora
C:\WINDOWS\system32>whoami /all
USER INFORMATION
----------------
User Name SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================= ================ ==================================================== ===============================================================
Mandatory Label\High Mandatory Level Label S-1-16-12288
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36 Mandatory group, Enabled by default, Enabled group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
=============================== ========================================= ========
SeLockMemoryPrivilege Lock pages in memory Disabled
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
C:\WINDOWS\system32>
-----Original Message-----
From: "rmora@aboutgolf.com" <rmora@aboutgolf.com>
Sent: Tuesday, August 2, 2016 11:44
To: corinna-cygwin@cygwin.com, cygwin@cygwin.com
Cc: towo@towo.net
Subject: Re: /dev/ptmx fails with Azure accounts
<squeek squeek>
Though I am going on vacation in a couple of days until the 15th....
C:\Users\RussellMora>whoami
azuread\russellmora
C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
logged-on user is not a domain user.
C:\Users\RussellMora>whoami /all
USER INFORMATION
----------------
User Name SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================= ================ ==================================================== ==================================================
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36 Mandatory group, Enabled by default, Enabled group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
C:\Users\RussellMora>
On Aug 1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
y()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>=20
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>=20
> I have no idea how to establish a working startup of mintty for those use=
rs.
The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts. I like it
how Microsoft screws up otherwise working software with this
strange domain handling.
To fix this we have to be able to come up with a working user and group
account for these cases. For that I need at least output from `whoami
/all'. I wonder why supposedly nobody tried that after /fqdn didn't
work.
This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows(). There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).
Alternatively I need at least a guinea pig with such an account,
Corinna
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-03 6:19 /dev/ptmx fails with Azure accounts rmora
@ 2016-08-03 18:00 ` Corinna Vinschen
2016-08-03 18:17 ` rmora
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-03 18:00 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 956 bytes --]
On Aug 2 12:54, rmora@aboutgolf.com wrote:
> [I'm so sorry I'm messing up the mailing list by not replying to the proper email.... I only just got it through my thick skull now to subscribe to the mailing list. I think my brain is on vacation already....]
>
>
> Unfortunately your prediction was correct - RunAs Administrator CMD gives this:
Thanks!
In the meantime I prepared my test application. Can you please fetch
the attached source and store it as, e.g., azure-check.c. Then build
and run it like this:
$ gcc -g -o azure-check azure-check.c -lnetapi32
$ ./azure-check
Then run it and paste the complete output into your reply.
I have an idea for an extension of this testcase, but I think I have
to see the output of this one first.
Thanks in advance,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #1.2: azure-check.c --]
[-- Type: text/plain, Size: 4422 bytes --]
#include <stdio.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <winternl.h>
#include <ntsecapi.h>
#include <dsgetdc.h>
#include <sddl.h>
int
main ()
{
HANDLE lsa;
NTSTATUS status;
ULONG ret;
PPOLICY_DNS_DOMAIN_INFO pdom;
PPOLICY_ACCOUNT_DOMAIN_INFO adom;
PDS_DOMAIN_TRUSTSW td;
ULONG tdom_cnt;
static LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
LPSTR str;
BOOL has_dom;
HANDLE tok;
WCHAR name[256];
WCHAR dom[256];
DWORD nlen, dlen;
SID_NAME_USE type;
status = LsaOpenPolicy (NULL, &oa, POLICY_VIEW_LOCAL_INFORMATION, &lsa);
if (!NT_SUCCESS (status))
{
printf ("LsaOpenPolicy: 0x%08x\n", status);
return 1;
}
status = LsaQueryInformationPolicy (lsa, PolicyDnsDomainInformation,
(PVOID *) &pdom);
if (NT_SUCCESS (status))
{
if (pdom->Name.Length)
printf ("PDom.Name: %ls\n", pdom->Name.Buffer);
if (pdom->DnsDomainName.Length)
printf ("PDom.DnsDomainName: %ls\n", pdom->DnsDomainName.Buffer);
if (pdom->DnsForestName.Length)
printf ("PDom.DnsForestName: %ls\n", pdom->DnsForestName.Buffer);
has_dom = !!pdom->Sid;
if (has_dom)
{
ConvertSidToStringSidA (pdom->Sid, &str);
printf ("PDom.Sid: %s\n", str);
LocalFree (str);
}
LsaFreeMemory (pdom);
}
else
printf ("LsaQueryInformationPolicy (PDOM): 0x%08x\n", status);
status = LsaQueryInformationPolicy (lsa, PolicyAccountDomainInformation,
(PVOID *) &adom);
if (NT_SUCCESS (status))
{
if (adom->DomainName.Length)
printf ("ADom.DomainName: %ls\n", adom->DomainName.Buffer);
ConvertSidToStringSidA (adom->DomainSid, &str);
printf ("ADom.DomainSid: %s\n", str);
LocalFree (str);
LsaFreeMemory (adom);
}
else
printf ("LsaQueryInformationPolicy (ADOM): 0x%08x\n", status);
if (dom)
{
ret = DsEnumerateDomainTrustsW (NULL, DS_DOMAIN_DIRECT_INBOUND
| DS_DOMAIN_DIRECT_OUTBOUND
| DS_DOMAIN_IN_FOREST,
&td, &tdom_cnt);
if (ret == ERROR_SUCCESS)
for (ULONG idx = 0; idx < tdom_cnt; ++idx)
{
printf ("Trusted Domain %u:\n", idx);
printf (" NetbiosDomainName: %ls\n", td[idx].NetbiosDomainName);
if (td[idx].DnsDomainName)
printf (" DnsDomainName: %ls\n", td[idx].DnsDomainName);
printf (" Flags: 0x%08x\n", td[idx].Flags);
printf (" TrustType: 0x%08x\n", td[idx].TrustType);
printf (" TrustAttributes: 0x%08x\n", td[idx].TrustAttributes);
if (td[idx].DomainSid)
{
ConvertSidToStringSidA (td[idx].DomainSid, &str);
printf ("DomainSid: %s\n", str);
LocalFree (str);
}
}
else
printf ("DsEnumerateDomainTrustsW: %u\n", ret);
}
LsaClose (lsa);
if (OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
if (GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("User:\n");
ConvertSidToStringSidA (tp->User.Sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
dom, &dlen, &type))
printf (" Dom\\Name: %ls\\%ls\n", dom, name);
else
printf (" LookupAccountSidW: %u\n", GetLastError ());
printf (" Attributes: 0x%08x\n", tp->User.Attributes);
}
else
printf ("GetTokenInformation(user): %u\n", GetLastError ());
free (tp);
PTOKEN_GROUPS tg = (PTOKEN_GROUPS) malloc (65536);
if (GetTokenInformation (tok, TokenGroups, tg, 65536, &ret))
for (ULONG idx = 0; idx < tg->GroupCount; ++idx)
{
printf ("Group %u\n", idx);
ConvertSidToStringSidA (tg->Groups[idx].Sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tg->Groups[idx].Sid, name, &nlen,
dom, &dlen, &type))
printf (" Dom\\Name: %ls\\%ls\n", dom, name);
else
printf (" LookupAccountSidW: %u\n", GetLastError ());
printf (" Attributes: 0x%08x\n", tg->Groups[idx].Attributes);
}
else
printf ("GetTokenInformation(groups): %u\n", GetLastError ());
free (tg);
}
else
printf ("OpenProcessToken: %u\n", GetLastError ());
return 0;
}
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-03 18:00 ` Corinna Vinschen
@ 2016-08-03 18:17 ` rmora
2016-08-03 19:05 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: rmora @ 2016-08-03 18:17 UTC (permalink / raw)
To: cygwin; +Cc: cygwin
On Wednesday, August 3, 2016 10:32, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
>
> In the meantime I prepared my test application. Can you please fetch
> the attached source and store it as, e.g., azure-check.c. Then build
> and run it like this:
>
> $ gcc -g -o azure-check azure-check.c -lnetapi32
> $ ./azure-check
>
> Then run it and paste the complete output into your reply.
>
> I have an idea for an extension of this testcase, but I think I have
> to see the output of this one first.
The output is as below. This was without Run As Administrator - with it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which *seems* appropriate....
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check
PDom.Name: WORKGROUP
ADom.DomainName: Lenovo-PC
ADom.DomainSid: S-1-5-21-1836915194-3548948870-2562531131
DsEnumerateDomainTrustsW: 1722
User:
Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
Attributes: 0x00000000
Group 0
Sid: S-1-16-8192
Dom\Name: Mandatory Label\Medium Mandatory Level
Attributes: 0x00000060
Group 1
Sid: S-1-1-0
Dom\Name: \Everyone
Attributes: 0x00000007
Group 2
Sid: S-1-5-32-544
Dom\Name: BUILTIN\Administrators
Attributes: 0x00000010
Group 3
Sid: S-1-5-32-545
Dom\Name: BUILTIN\Users
Attributes: 0x00000007
Group 4
Sid: S-1-5-4
Dom\Name: NT AUTHORITY\INTERACTIVE
Attributes: 0x00000007
Group 5
Sid: S-1-2-1
Dom\Name: \CONSOLE LOGON
Attributes: 0x00000007
Group 6
Sid: S-1-5-11
Dom\Name: NT AUTHORITY\Authenticated Users
Attributes: 0x00000007
Group 7
Sid: S-1-5-15
Dom\Name: NT AUTHORITY\This Organization
Attributes: 0x00000007
Group 8
Sid: S-1-5-5-0-852920
Dom\Name: NT AUTHORITY\LogonSessionId_0_852920
Attributes: 0xc0000007
Group 9
Sid: S-1-2-0
Dom\Name: \LOCAL
Attributes: 0x00000007
Group 10
Sid: S-1-12-1-2741946010-1181797680-2322883994-3292483823
LookupAccountSidW: 1332
Attributes: 0x00000007
Group 11
Sid: S-1-5-64-36
Dom\Name: NT AUTHORITY\Cloud Account Authentication
Attributes: 0x00000007
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$
HTH!
Cheers,
Russell
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-03 18:17 ` rmora
@ 2016-08-03 19:05 ` Corinna Vinschen
2016-08-03 19:47 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-03 19:05 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 1210 bytes --]
On Aug 3 12:53, rmora@aboutgolf.com wrote:
>
>
> On Wednesday, August 3, 2016 10:32, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> >
> > In the meantime I prepared my test application. Can you please fetch
> > the attached source and store it as, e.g., azure-check.c. Then build
> > and run it like this:
> >
> > $ gcc -g -o azure-check azure-check.c -lnetapi32
> > $ ./azure-check
> >
> > Then run it and paste the complete output into your reply.
> >
> > I have an idea for an extension of this testcase, but I think I have
> > to see the output of this one first.
>
> The output is as below. This was without Run As Administrator - with
> it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> *seems* appropriate....
It is. Thanks for this test, the result is as horrifying as I imagined.
Can you please try the testcase attached to this mail, too? It should
be built and run the same way:
$ gcc -g -o azure-check2 azure-check2.c -lnetapi32
$ ./azure-check2
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 1780 bytes --]
#include <stdio.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <sddl.h>
int
main ()
{
HANDLE tok;
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
DWORD ret;
LPSTR str;
WCHAR name[256];
WCHAR dom[256];
DWORD nlen, dlen;
SID_NAME_USE type;
NET_API_STATUS status;
PUSER_INFO_24 ui24;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
printf ("OpenProcessToken: %u\n", GetLastError ());
return 1;
}
if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("GetTokenInformation(user): %u\n", GetLastError ());
return 1;
}
ConvertSidToStringSidA (tp->User.Sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
dom, &dlen, &type))
printf ("Dom\\Name: %ls\\%ls\n", dom, name);
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
printf ("Attributes: 0x%08x\n", tp->User.Attributes);
status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
if (status != NERR_Success)
{
status = NetUserGetInfo (dom, name, 24, (PBYTE *) &ui24);
if (status != NERR_Success)
{
printf ("NetUserGetInfo: %u\n", status);
return 1;
}
}
printf ("UserInfo:\n");
printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
printf (" Flags: 0x%08x\n", ui24->usri24_flags);
printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
return 0;
}
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-03 19:47 ` Corinna Vinschen
@ 2016-08-03 19:47 ` rmora
2016-08-04 9:13 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: rmora @ 2016-08-03 19:47 UTC (permalink / raw)
To: cygwin; +Cc: cygwin
On Wednesday, August 3, 2016 14:16, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> On Aug 3 20:00, Corinna Vinschen wrote:
>> On Aug 3 12:53, rmora@aboutgolf.com wrote:
>> >
>> >
>> > The output is as below. This was without Run As Administrator - with
>> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
>> > *seems* appropriate....
>>
>> It is. Thanks for this test, the result is as horrifying as I imagined.
>> Can you please try the testcase attached to this mail, too? It should
>> be built and run the same way:
>>
>> $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
>> $ ./azure-check2
>
> Pleae use the one attached in this mail. I noticed I forgot to print
> primary group info. It's not unimportant to see it as well.
>
Here it is:
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check2
Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
Primary Group:
Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
NetUserGetInfo: 53
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$
(As an aside, I assume that the fact that the permissions on the compiled executable are totally messed up, and thus the executable won't run until I fix them via Windows, is incidental to the fact that I am running under "Unknown+User" and thus you don't want any information on that as well.....)
Cheers,
Russell.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-03 19:05 ` Corinna Vinschen
@ 2016-08-03 19:47 ` Corinna Vinschen
2016-08-03 19:47 ` rmora
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-03 19:47 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 1441 bytes --]
On Aug 3 20:00, Corinna Vinschen wrote:
> On Aug 3 12:53, rmora@aboutgolf.com wrote:
> >
> >
> > On Wednesday, August 3, 2016 10:32, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> > >
> > > In the meantime I prepared my test application. Can you please fetch
> > > the attached source and store it as, e.g., azure-check.c. Then build
> > > and run it like this:
> > >
> > > $ gcc -g -o azure-check azure-check.c -lnetapi32
> > > $ ./azure-check
> > >
> > > Then run it and paste the complete output into your reply.
> > >
> > > I have an idea for an extension of this testcase, but I think I have
> > > to see the output of this one first.
> >
> > The output is as below. This was without Run As Administrator - with
> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> > *seems* appropriate....
>
> It is. Thanks for this test, the result is as horrifying as I imagined.
> Can you please try the testcase attached to this mail, too? It should
> be built and run the same way:
>
> $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
> $ ./azure-check2
Pleae use the one attached in this mail. I noticed I forgot to print
primary group info. It's not unimportant to see it as well.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 2368 bytes --]
#include <stdio.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <sddl.h>
int
main ()
{
HANDLE tok;
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
DWORD ret;
LPSTR str;
WCHAR name[256];
WCHAR dom[256];
DWORD nlen, dlen;
SID_NAME_USE type;
NET_API_STATUS status;
PUSER_INFO_24 ui24;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
printf ("OpenProcessToken: %u\n", GetLastError ());
return 1;
}
if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("GetTokenInformation(user): %u\n", GetLastError ());
return 1;
}
ConvertSidToStringSidA (tp->User.Sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
dom, &dlen, &type))
printf ("Dom\\Name: %ls\\%ls\n", dom, name);
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP) malloc (65536);
if (GetTokenInformation (tok, TokenPrimaryGroup, tpg, 65536, &ret))
{
printf ("Primary Group:\n");
ConvertSidToStringSidA (tpg->PrimaryGroup, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tpg->PrimaryGroup, name, &nlen,
dom, &dlen, &type))
printf (" Dom\\Name: %ls\\%ls\n", dom, name);
else
printf (" LookupAccountSidW: %u\n", GetLastError ());
}
else
printf ("GetTokenInformation(primary): %u\n", GetLastError ());
free (tpg);
status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
if (status != NERR_Success)
{
status = NetUserGetInfo (dom, name, 24, (PBYTE *) &ui24);
if (status != NERR_Success)
{
printf ("NetUserGetInfo: %u\n", status);
return 1;
}
}
printf ("UserInfo:\n");
printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
printf (" Flags: 0x%08x\n", ui24->usri24_flags);
printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
return 0;
}
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-03 19:47 ` rmora
@ 2016-08-04 9:13 ` Corinna Vinschen
2016-08-05 11:24 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-04 9:13 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 1928 bytes --]
On Aug 3 15:05, rmora@aboutgolf.com wrote:
> On Wednesday, August 3, 2016 14:16, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
>
> > On Aug 3 20:00, Corinna Vinschen wrote:
> >> On Aug 3 12:53, rmora@aboutgolf.com wrote:
> >> >
> >> >
> >> > The output is as below. This was without Run As Administrator - with
> >> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> >> > *seems* appropriate....
> >>
> >> It is. Thanks for this test, the result is as horrifying as I imagined.
> >> Can you please try the testcase attached to this mail, too? It should
> >> be built and run the same way:
> >>
> >> $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
> >> $ ./azure-check2
> >
> > Pleae use the one attached in this mail. I noticed I forgot to print
> > primary group info. It's not unimportant to see it as well.
> >
>
> Here it is:
>
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ ./azure-check2
> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> Primary Group:
> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> NetUserGetInfo: 53
>
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $
>
> (As an aside, I assume that the fact that the permissions on the
> compiled executable are totally messed up, and thus the executable
> won't run until I fix them via Windows, is incidental to the fact that
> I am running under "Unknown+User" and thus you don't want any
> information on that as well.....)
Good thinking :)
Can you please try the attached testcase? Probably my last straw. If
that doesn't work as desired, support for AzureAD accounts will be very
limited.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 2323 bytes --]
#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>
int
main ()
{
HANDLE tok;
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
DWORD ret;
LPSTR str;
WCHAR name[256];
WCHAR dom[256];
DWORD nlen, dlen;
SID_NAME_USE type;
PDOMAIN_CONTROLLER_INFOW pci;
NET_API_STATUS status;
PUSER_INFO_3 ui3;
PUSER_INFO_24 ui24;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
printf ("OpenProcessToken: %u\n", GetLastError ());
return 1;
}
if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("GetTokenInformation(user): %u\n", GetLastError ());
return 1;
}
ConvertSidToStringSidA (tp->User.Sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
dom, &dlen, &type))
printf ("Dom\\Name: %ls\\%ls\n", dom, name);
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
ret = DsGetDcNameW (NULL, dom, NULL, NULL,
DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
if (ret != ERROR_SUCCESS)
{
printf ("DsGetDcNameW: %u\n", status);
return 1;
}
printf ("domain controller: %ls\n", pci->DomainControllerName);
status = NetUserGetInfo (pci->DomainControllerName, name,
3, (PBYTE *) &ui3);
if (status != NERR_Success)
printf ("NetUserGetInfo(3): %u\n", status);
else
{
printf ("UserInfo 3:\n");
printf (" Name: %ls\n", ui3->usri3_name);
}
status = NetUserGetInfo (pci->DomainControllerName, name,
24, (PBYTE *) &ui24);
if (status != NERR_Success)
printf ("NetUserGetInfo(24): %u\n", status);
else
{
printf ("UserInfo 24:\n");
printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
printf (" Flags: 0x%08x\n", ui24->usri24_flags);
printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
}
return 0;
}
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-04 9:13 ` Corinna Vinschen
@ 2016-08-05 11:24 ` Corinna Vinschen
2016-08-05 17:52 ` Corinna Vinschen
2016-08-07 5:52 ` Duncan Roe
0 siblings, 2 replies; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-05 11:24 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 1339 bytes --]
On Aug 4 09:00, Corinna Vinschen wrote:
> On Aug 3 15:05, rmora@aboutgolf.com wrote:
> > [...]
> > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > $ ./azure-check2
> > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > Dom\Name: AzureAD\RussellMora
> > Primary Group:
> > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > Dom\Name: AzureAD\RussellMora
> > NetUserGetInfo: 53
> >
> > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > $
> >
> > (As an aside, I assume that the fact that the permissions on the
> > compiled executable are totally messed up, and thus the executable
> > won't run until I fix them via Windows, is incidental to the fact that
> > I am running under "Unknown+User" and thus you don't want any
> > information on that as well.....)
>
> Good thinking :)
>
> Can you please try the attached testcase? Probably my last straw. If
> that doesn't work as desired, support for AzureAD accounts will be very
> limited.
I guess you're already on vacation, but never mind.
I improved my testcase a bit and attached it to this mail. Can you please
try this one when you're back?
Thanks a lot,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 3445 bytes --]
#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>
int
main ()
{
HANDLE tok;
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
DWORD ret;
LPSTR str;
WCHAR name[256];
WCHAR dom[256];
DWORD nlen, dlen;
SID_NAME_USE type;
PDOMAIN_CONTROLLER_INFOW pci;
NET_API_STATUS status;
PUSER_INFO_3 ui3;
PUSER_INFO_24 ui24;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
printf ("OpenProcessToken: %u\n", GetLastError ());
return 1;
}
if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("GetTokenInformation(user): %u\n", GetLastError ());
return 1;
}
ConvertSidToStringSidA (tp->User.Sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
dom, &dlen, &type))
printf ("Dom\\Name: %ls\\%ls\n", dom, name);
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
ret = DsGetDcNameW (NULL, dom, NULL, NULL,
DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
if (ret != ERROR_SUCCESS)
{
printf ("DsGetDcNameW: %u\n", status);
pci->DomainControllerName = NULL;
}
status = NetUserGetInfo (NULL, name, 3, (PBYTE *) &ui3);
if (status != NERR_Success)
printf ("NetUserGetInfo(NULL, 3): %u\n", status);
else
{
printf ("UserInfo NULL, 3:\n");
printf (" Name: %ls\n", ui3->usri3_name);
NetApiBufferFree (ui3);
}
status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
if (status != NERR_Success)
printf ("NetUserGetInfo(NULL, 24): %u\n", status);
else
{
printf ("UserInfo NULL, 24:\n");
printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
printf (" Flags: 0x%08x\n", ui24->usri24_flags);
printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
NetApiBufferFree (ui24);
}
if (pci->DomainControllerName)
{
status = NetUserGetInfo (pci->DomainControllerName, name,
3, (PBYTE *) &ui3);
if (status != NERR_Success)
printf ("NetUserGetInfo(%ls, 3): %u\n", pci->DomainControllerName, status);
else
{
printf ("UserInfo %ls, 3:\n", pci->DomainControllerName);
printf (" Name: %ls\n", ui3->usri3_name);
NetApiBufferFree (ui3);
}
status = NetUserGetInfo (pci->DomainControllerName, name,
24, (PBYTE *) &ui24);
if (status != NERR_Success)
printf ("NetUserGetInfo(%ls, 24): %u\n",
pci->DomainControllerName, status);
else
{
printf ("UserInfo %ls, 24:\n", pci->DomainControllerName);
printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
printf (" Flags: 0x%08x\n", ui24->usri24_flags);
printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
NetApiBufferFree (ui24);
}
}
return 0;
}
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-05 11:24 ` Corinna Vinschen
@ 2016-08-05 17:52 ` Corinna Vinschen
2016-08-15 18:34 ` rmora
2016-08-07 5:52 ` Duncan Roe
1 sibling, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-05 17:52 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1766 bytes --]
On Aug 5 12:27, Corinna Vinschen wrote:
> On Aug 4 09:00, Corinna Vinschen wrote:
> > On Aug 3 15:05, rmora@aboutgolf.com wrote:
> > > [...]
> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > $ ./azure-check2
> > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > Dom\Name: AzureAD\RussellMora
> > > Primary Group:
> > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > Dom\Name: AzureAD\RussellMora
> > > NetUserGetInfo: 53
> > >
> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > $
> > >
> > > (As an aside, I assume that the fact that the permissions on the
> > > compiled executable are totally messed up, and thus the executable
> > > won't run until I fix them via Windows, is incidental to the fact that
> > > I am running under "Unknown+User" and thus you don't want any
> > > information on that as well.....)
> >
> > Good thinking :)
> >
> > Can you please try the attached testcase? Probably my last straw. If
> > that doesn't work as desired, support for AzureAD accounts will be very
> > limited.
>
> I guess you're already on vacation, but never mind.
>
> I improved my testcase a bit and attached it to this mail. Can you please
> try this one when you're back?
Oh, and while you're at it, can you please check your registry for a key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-12-1-2043906341-1249388050-2635137163-399631282
It should have a value called "ProfileImagePath" which contains something
along the lines of "C:\Users\RussellMora".
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-05 11:24 ` Corinna Vinschen
2016-08-05 17:52 ` Corinna Vinschen
@ 2016-08-07 5:52 ` Duncan Roe
2016-08-08 7:24 ` Corinna Vinschen
1 sibling, 1 reply; 33+ messages in thread
From: Duncan Roe @ 2016-08-07 5:52 UTC (permalink / raw)
To: cygwin
On Fri, Aug 05, 2016 at 12:27:51PM +0200, Corinna Vinschen wrote:
> On Aug 4 09:00, Corinna Vinschen wrote:
> > On Aug 3 15:05, rmora@aboutgolf.com wrote:
> > > [...]
> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > $ ./azure-check2
> > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > Dom\Name: AzureAD\RussellMora
> > > Primary Group:
> > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > Dom\Name: AzureAD\RussellMora
> > > NetUserGetInfo: 53
> > >
> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > $
> > >
> > > (As an aside, I assume that the fact that the permissions on the
> > > compiled executable are totally messed up, and thus the executable
> > > won't run until I fix them via Windows, is incidental to the fact that
> > > I am running under "Unknown+User" and thus you don't want any
> > > information on that as well.....)
> >
> > Good thinking :)
> >
> > Can you please try the attached testcase? Probably my last straw. If
> > that doesn't work as desired, support for AzureAD accounts will be very
> > limited.
>
> I guess you're already on vacation, but never mind.
>
> I improved my testcase a bit and attached it to this mail. Can you please
> try this one when you're back?
>
>
> Thanks a lot,
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Maintainer cygwin AT cygwin DOT com
> Red Hat
> #include <stdio.h>
> #include <wchar.h>
> #define _WIN32_WINNT 0x0a00
> #define WINVER 0x0a00
> #include <windows.h>
> #include <lm.h>
> #include <dsgetdc.h>
> #include <sddl.h>
>
> int
> main ()
> {
> HANDLE tok;
> PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
> DWORD ret;
> LPSTR str;
> WCHAR name[256];
> WCHAR dom[256];
> DWORD nlen, dlen;
> SID_NAME_USE type;
> PDOMAIN_CONTROLLER_INFOW pci;
> NET_API_STATUS status;
> PUSER_INFO_3 ui3;
> PUSER_INFO_24 ui24;
>
> if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
> {
> printf ("OpenProcessToken: %u\n", GetLastError ());
> return 1;
> }
> if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
> {
> printf ("GetTokenInformation(user): %u\n", GetLastError ());
> return 1;
> }
> ConvertSidToStringSidA (tp->User.Sid, &str);
> printf (" Sid: %s\n", str);
> LocalFree (str);
> nlen = dlen = 256;
> if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
> dom, &dlen, &type))
> printf ("Dom\\Name: %ls\\%ls\n", dom, name);
> else
> printf ("LookupAccountSidW: %u\n", GetLastError ());
>
> ret = DsGetDcNameW (NULL, dom, NULL, NULL,
> DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
> if (ret != ERROR_SUCCESS)
> {
> printf ("DsGetDcNameW: %u\n", status);
> pci->DomainControllerName = NULL;
> }
>
> status = NetUserGetInfo (NULL, name, 3, (PBYTE *) &ui3);
> if (status != NERR_Success)
> printf ("NetUserGetInfo(NULL, 3): %u\n", status);
> else
> {
> printf ("UserInfo NULL, 3:\n");
> printf (" Name: %ls\n", ui3->usri3_name);
> NetApiBufferFree (ui3);
> }
> status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
> if (status != NERR_Success)
> printf ("NetUserGetInfo(NULL, 24): %u\n", status);
> else
> {
> printf ("UserInfo NULL, 24:\n");
> printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
> printf (" Flags: 0x%08x\n", ui24->usri24_flags);
> printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
> printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
> ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
> printf (" Sid: %s\n", str);
> LocalFree (str);
> NetApiBufferFree (ui24);
> }
>
> if (pci->DomainControllerName)
> {
> status = NetUserGetInfo (pci->DomainControllerName, name,
> 3, (PBYTE *) &ui3);
> if (status != NERR_Success)
> printf ("NetUserGetInfo(%ls, 3): %u\n", pci->DomainControllerName, status);
> else
> {
> printf ("UserInfo %ls, 3:\n", pci->DomainControllerName);
> printf (" Name: %ls\n", ui3->usri3_name);
> NetApiBufferFree (ui3);
> }
>
> status = NetUserGetInfo (pci->DomainControllerName, name,
> 24, (PBYTE *) &ui24);
> if (status != NERR_Success)
> printf ("NetUserGetInfo(%ls, 24): %u\n",
> pci->DomainControllerName, status);
> else
> {
> printf ("UserInfo %ls, 24:\n", pci->DomainControllerName);
> printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
> printf (" Flags: 0x%08x\n", ui24->usri24_flags);
> printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
> printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
> ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
> printf (" Sid: %s\n", str);
> LocalFree (str);
> NetApiBufferFree (ui24);
> }
> }
>
> return 0;
> }
Hi Corrina,
I've been trying your tests out of interest (no Axure accounts here), and they all worked except this last one which segfaults:
13:24:12$ gcc -g -o azure-check2 azure-check2.c -lnetapi32
13:24:21$ ./azure-check2
Sid: S-1-5-21-3870155988-15194067-1289216332-1002
Dom\Name: ROCKSTAR\Duncan
DsGetDcNameW: 0
Segmentation fault (core dumped)
13:24:28$ cat azure-check2.exe.stackdump
Exception: STATUS_ACCESS_VIOLATION at rip=001004012D6
rax=000000018027AB4C rbx=00000000FFFFCC60 rcx=0000000600000060
rdx=0000000000000000 rsi=000000018034A4D0 rdi=00000000FFFFCDF0
r8 =00000000FFFFC4AC r9 =00000001801523B0 r10=0000000100000000
r11=00000001004012D2 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
rbp=00000000FFFFC7F0 rsp=00000000FFFFC770
program=C:\cygwin64\home\dunc\tests\azure-check2.exe, pid 5824, thread main
cs=0033 ds=002B es=002B fs=0053 gs=002B ss=002B
Stack trace:
Frame Function Args
000FFFFC7F0 001004012D6 (00000000020, 30001000000FF00, 00180047B61, 000FFFFD680)
000FFFFCCC0 00180047BD2 (00000000000, 00000000000, 00000000000, 00000000000)
00000000000 0018004591C (00000000000, 00000000000, 00000000000, 00000000000)
000FFFFFFF0 001800459B4 (00000000000, 00000000000, 00000000000, 00000000000)
End of stack trace
Cheers ... Duncan.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-07 5:52 ` Duncan Roe
@ 2016-08-08 7:24 ` Corinna Vinschen
2016-08-08 12:42 ` Duncan Roe
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-08 7:24 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 1816 bytes --]
On Aug 7 13:27, Duncan Roe wrote:
> On Fri, Aug 05, 2016 at 12:27:51PM +0200, Corinna Vinschen wrote:
> > On Aug 4 09:00, Corinna Vinschen wrote:
> > > On Aug 3 15:05, rmora@aboutgolf.com wrote:
> > > > [...]
> > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > $ ./azure-check2
> > > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > Dom\Name: AzureAD\RussellMora
> > > > Primary Group:
> > > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > Dom\Name: AzureAD\RussellMora
> > > > NetUserGetInfo: 53
> > > >
> > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > $
> > > >
> > > > (As an aside, I assume that the fact that the permissions on the
> > > > compiled executable are totally messed up, and thus the executable
> > > > won't run until I fix them via Windows, is incidental to the fact that
> > > > I am running under "Unknown+User" and thus you don't want any
> > > > information on that as well.....)
> > >
> > > Good thinking :)
> > >
> > > Can you please try the attached testcase? Probably my last straw. If
> > > that doesn't work as desired, support for AzureAD accounts will be very
> > > limited.
> >
> > I guess you're already on vacation, but never mind.
> >
> > I improved my testcase a bit and attached it to this mail. Can you please
> > try this one when you're back?
> >[...]
> Hi Corrina,
s/rr/in/rinn/ :)
> I've been trying your tests out of interest (no Axure accounts here), and they all worked except this last one which segfaults:
That you, I think I see where I made the mistake. Can you try the
attached?
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 3401 bytes --]
#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>
int
main ()
{
HANDLE tok;
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
DWORD ret;
LPSTR str;
WCHAR name[256];
WCHAR dom[256];
DWORD nlen, dlen;
SID_NAME_USE type;
PDOMAIN_CONTROLLER_INFOW pci;
NET_API_STATUS status;
PUSER_INFO_3 ui3;
PUSER_INFO_24 ui24;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
printf ("OpenProcessToken: %u\n", GetLastError ());
return 1;
}
if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("GetTokenInformation(user): %u\n", GetLastError ());
return 1;
}
ConvertSidToStringSidA (tp->User.Sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
dom, &dlen, &type))
printf ("Dom\\Name: %ls\\%ls\n", dom, name);
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
ret = DsGetDcNameW (NULL, dom, NULL, NULL,
DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
if (ret != ERROR_SUCCESS)
{
printf ("DsGetDcNameW: %u\n", status);
pci = NULL;
}
status = NetUserGetInfo (NULL, name, 3, (PBYTE *) &ui3);
if (status != NERR_Success)
printf ("NetUserGetInfo(NULL, 3): %u\n", status);
else
{
printf ("UserInfo NULL, 3:\n");
printf (" Name: %ls\n", ui3->usri3_name);
NetApiBufferFree (ui3);
}
status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
if (status != NERR_Success)
printf ("NetUserGetInfo(NULL, 24): %u\n", status);
else
{
printf ("UserInfo NULL, 24:\n");
printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
printf (" Flags: 0x%08x\n", ui24->usri24_flags);
printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
NetApiBufferFree (ui24);
}
if (pci)
{
status = NetUserGetInfo (pci->DomainControllerName, name,
3, (PBYTE *) &ui3);
if (status != NERR_Success)
printf ("NetUserGetInfo(%ls, 3): %u\n", pci->DomainControllerName, status);
else
{
printf ("UserInfo %ls, 3:\n", pci->DomainControllerName);
printf (" Name: %ls\n", ui3->usri3_name);
NetApiBufferFree (ui3);
}
status = NetUserGetInfo (pci->DomainControllerName, name,
24, (PBYTE *) &ui24);
if (status != NERR_Success)
printf ("NetUserGetInfo(%ls, 24): %u\n",
pci->DomainControllerName, status);
else
{
printf ("UserInfo %ls, 24:\n", pci->DomainControllerName);
printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
printf (" Flags: 0x%08x\n", ui24->usri24_flags);
printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
NetApiBufferFree (ui24);
}
}
return 0;
}
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-08 7:24 ` Corinna Vinschen
@ 2016-08-08 12:42 ` Duncan Roe
2016-08-08 13:43 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: Duncan Roe @ 2016-08-08 12:42 UTC (permalink / raw)
To: cygwin
On Mon, Aug 08, 2016 at 09:05:27AM +0200, Corinna Vinschen wrote:
> On Aug 7 13:27, Duncan Roe wrote:
> > On Fri, Aug 05, 2016 at 12:27:51PM +0200, Corinna Vinschen wrote:
> > > On Aug 4 09:00, Corinna Vinschen wrote:
> > > > On Aug 3 15:05, rmora@aboutgolf.com wrote:
> > > > > [...]
> > > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > > $ ./azure-check2
> > > > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > > Dom\Name: AzureAD\RussellMora
> > > > > Primary Group:
> > > > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > > Dom\Name: AzureAD\RussellMora
> > > > > NetUserGetInfo: 53
> > > > >
> > > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > > $
> > > > >
> > > > > (As an aside, I assume that the fact that the permissions on the
> > > > > compiled executable are totally messed up, and thus the executable
> > > > > won't run until I fix them via Windows, is incidental to the fact that
> > > > > I am running under "Unknown+User" and thus you don't want any
> > > > > information on that as well.....)
> > > >
> > > > Good thinking :)
> > > >
> > > > Can you please try the attached testcase? Probably my last straw. If
> > > > that doesn't work as desired, support for AzureAD accounts will be very
> > > > limited.
> > >
> > > I guess you're already on vacation, but never mind.
> > >
> > > I improved my testcase a bit and attached it to this mail. Can you please
> > > try this one when you're back?
> > >[...]
> > Hi Corrina,
>
> s/rr/in/rinn/ :)
>
> > I've been trying your tests out of interest (no Axure accounts here), and they all worked except this last one which segfaults:
>
> That you, I think I see where I made the mistake. Can you try the
> attached?
>
>
> Thanks,
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Maintainer cygwin AT cygwin DOT com
> Red Hat
> #include <stdio.h>
> #include <wchar.h>
> #define _WIN32_WINNT 0x0a00
> #define WINVER 0x0a00
> #include <windows.h>
> #include <lm.h>
> #include <dsgetdc.h>
> #include <sddl.h>
>
> int
> main ()
> {
> HANDLE tok;
> PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
> DWORD ret;
> LPSTR str;
> WCHAR name[256];
> WCHAR dom[256];
> DWORD nlen, dlen;
> SID_NAME_USE type;
> PDOMAIN_CONTROLLER_INFOW pci;
> NET_API_STATUS status;
> PUSER_INFO_3 ui3;
> PUSER_INFO_24 ui24;
>
> if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
> {
> printf ("OpenProcessToken: %u\n", GetLastError ());
> return 1;
> }
> if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
> {
> printf ("GetTokenInformation(user): %u\n", GetLastError ());
> return 1;
> }
> ConvertSidToStringSidA (tp->User.Sid, &str);
> printf (" Sid: %s\n", str);
> LocalFree (str);
> nlen = dlen = 256;
> if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
> dom, &dlen, &type))
> printf ("Dom\\Name: %ls\\%ls\n", dom, name);
> else
> printf ("LookupAccountSidW: %u\n", GetLastError ());
>
> ret = DsGetDcNameW (NULL, dom, NULL, NULL,
> DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
> if (ret != ERROR_SUCCESS)
> {
> printf ("DsGetDcNameW: %u\n", status);
> pci = NULL;
> }
>
> status = NetUserGetInfo (NULL, name, 3, (PBYTE *) &ui3);
> if (status != NERR_Success)
> printf ("NetUserGetInfo(NULL, 3): %u\n", status);
> else
> {
> printf ("UserInfo NULL, 3:\n");
> printf (" Name: %ls\n", ui3->usri3_name);
> NetApiBufferFree (ui3);
> }
> status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
> if (status != NERR_Success)
> printf ("NetUserGetInfo(NULL, 24): %u\n", status);
> else
> {
> printf ("UserInfo NULL, 24:\n");
> printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
> printf (" Flags: 0x%08x\n", ui24->usri24_flags);
> printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
> printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
> ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
> printf (" Sid: %s\n", str);
> LocalFree (str);
> NetApiBufferFree (ui24);
> }
>
> if (pci)
> {
> status = NetUserGetInfo (pci->DomainControllerName, name,
> 3, (PBYTE *) &ui3);
> if (status != NERR_Success)
> printf ("NetUserGetInfo(%ls, 3): %u\n", pci->DomainControllerName, status);
> else
> {
> printf ("UserInfo %ls, 3:\n", pci->DomainControllerName);
> printf (" Name: %ls\n", ui3->usri3_name);
> NetApiBufferFree (ui3);
> }
>
> status = NetUserGetInfo (pci->DomainControllerName, name,
> 24, (PBYTE *) &ui24);
> if (status != NERR_Success)
> printf ("NetUserGetInfo(%ls, 24): %u\n",
> pci->DomainControllerName, status);
> else
> {
> printf ("UserInfo %ls, 24:\n", pci->DomainControllerName);
> printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
> printf (" Flags: 0x%08x\n", ui24->usri24_flags);
> printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
> printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
> ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
> printf (" Sid: %s\n", str);
> LocalFree (str);
> NetApiBufferFree (ui24);
> }
> }
>
> return 0;
> }
Runs to completion again,
Cheers ... Duncan.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-08 12:42 ` Duncan Roe
@ 2016-08-08 13:43 ` Corinna Vinschen
2016-08-15 16:49 ` rmora
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-08 13:43 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 627 bytes --]
On Aug 8 21:48, Duncan Roe wrote:
> On Mon, Aug 08, 2016 at 09:05:27AM +0200, Corinna Vinschen wrote:
> > On Aug 7 13:27, Duncan Roe wrote:
> > > I've been trying your tests out of interest (no Axure accounts here), and they all worked except this last one which segfaults:
> >
> > That you, I think I see where I made the mistake. Can you try the
> > attached?
> >[...]
>
> Runs to completion again,
>
> Cheers ... Duncan.
Thanks for testing!
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-08 13:43 ` Corinna Vinschen
@ 2016-08-15 16:49 ` rmora
2016-08-15 18:54 ` rmora
0 siblings, 1 reply; 33+ messages in thread
From: rmora @ 2016-08-15 16:49 UTC (permalink / raw)
To: cygwin; +Cc: cygwin
On Monday, August 8, 2016 07:58, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> On Aug 8 21:48, Duncan Roe wrote:
>> On Mon, Aug 08, 2016 at 09:05:27AM +0200, Corinna Vinschen wrote:
>> > On Aug 7 13:27, Duncan Roe wrote:
>> > > I've been trying your tests out of interest (no Axure accounts here), and
>> they all worked except this last one which segfaults:
>> >
>> > That you, I think I see where I made the mistake. Can you try the
>> > attached?
>> >[...]
>>
>> Runs to completion again,
>>
>> Cheers ... Duncan.
>
> Thanks for testing!
>
Hi
Sorry for the delay in getting back to this. Here is the output I get:
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ gcc -W azure-check3.c -l Netapi32 -o azure-check3
azure-check3.c: In function ‘main’:
azure-check3.c:50:1: warning: ‘status’ may be used uninitialized in this function [-Wmaybe-uninitialized]
printf ("DsGetDcNameW: %u\n", status);
^
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check3
Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
DsGetDcNameW: 0
NetUserGetInfo(NULL, 3): 2221
NetUserGetInfo(NULL, 24): 2221
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$
Does that help at all?
Cheers,
Russell.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-05 17:52 ` Corinna Vinschen
@ 2016-08-15 18:34 ` rmora
0 siblings, 0 replies; 33+ messages in thread
From: rmora @ 2016-08-15 18:34 UTC (permalink / raw)
To: cygwin; +Cc: cygwin
On Friday, August 5, 2016 11:34, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> On Aug 5 12:27, Corinna Vinschen wrote:
>> On Aug 4 09:00, Corinna Vinschen wrote:
>> > On Aug 3 15:05, rmora@aboutgolf.com wrote:
>> > > [...]
>> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>> > > $ ./azure-check2
>> > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>> > > Dom\Name: AzureAD\RussellMora
>> > > Primary Group:
>> > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>> > > Dom\Name: AzureAD\RussellMora
>> > > NetUserGetInfo: 53
>> > >
>> > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>> > > $
>> > >
>> > > (As an aside, I assume that the fact that the permissions on the
>> > > compiled executable are totally messed up, and thus the executable
>> > > won't run until I fix them via Windows, is incidental to the fact that
>> > > I am running under "Unknown+User" and thus you don't want any
>> > > information on that as well.....)
>> >
>> > Good thinking :)
>> >
>> > Can you please try the attached testcase? Probably my last straw. If
>> > that doesn't work as desired, support for AzureAD accounts will be very
>> > limited.
>>
>> I guess you're already on vacation, but never mind.
>>
>> I improved my testcase a bit and attached it to this mail. Can you please
>> try this one when you're back?
>
> Oh, and while you're at it, can you please check your registry for a key
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\ProfileList\S-1-12-1-2043906341-1249388050-2635137163-399631282
>
> It should have a value called "ProfileImagePath" which contains something
> along the lines of "C:\Users\RussellMora".
>
Yes it does, exactly as you described.
Cheers,
Russell.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-15 16:49 ` rmora
@ 2016-08-15 18:54 ` rmora
2016-08-16 10:32 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: rmora @ 2016-08-15 18:54 UTC (permalink / raw)
To: rmora; +Cc: cygwin, cygwin
On Monday, August 15, 2016 12:29, "rmora@aboutgolf.com" <rmora@aboutgolf.com> said:
>
>
> Hi
>
> Sorry for the delay in getting back to this. Here is the output I get:
>
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ gcc -W azure-check3.c -l Netapi32 -o azure-check3
> azure-check3.c: In function ‘main’:
> azure-check3.c:50:1: warning: ‘status’ may be used uninitialized in
> this function [-Wmaybe-uninitialized]
> printf ("DsGetDcNameW: %u\n", status);
> ^
>
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ ./azure-check3
> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> DsGetDcNameW: 0
> NetUserGetInfo(NULL, 3): 2221
> NetUserGetInfo(NULL, 24): 2221
>
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $
>
Oops - I fixed the warning. Now I get this:
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ diff -u azure-check3.c__ORIG azure-check3.c
--- azure-check3.c__ORIG 2016-08-15 12:48:06.682783600 -0400
+++ azure-check3.c 2016-08-15 12:45:57.266928000 -0400
@@ -42,8 +42,8 @@
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
- ret = DsGetDcNameW (NULL, dom, NULL, NULL, DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
- if (ret != ERROR_SUCCESS)
+ status = DsGetDcNameW (NULL, dom, NULL, NULL, DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
+ if (status != ERROR_SUCCESS)
{
printf ("DsGetDcNameW: %u\n", status);
pci = NULL;
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check3
Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
DsGetDcNameW: 1355
NetUserGetInfo(NULL, 3): 2221
NetUserGetInfo(NULL, 24): 2221
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-15 18:54 ` rmora
@ 2016-08-16 10:32 ` Corinna Vinschen
2016-08-16 15:50 ` rmora
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-16 10:32 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 1621 bytes --]
Hi Russell,
On Aug 15 12:48, rmora@aboutgolf.com wrote:
> $ ./azure-check3
> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> DsGetDcNameW: 1355
> NetUserGetInfo(NULL, 3): 2221
> NetUserGetInfo(NULL, 24): 2221
This is as bad as I feared. Apart from the username and the Windows
home dir, there are no other information which could be fetched by
the usual means. Quite apart from the fact that there are no means to
*store* this information somewhere, other than creating an explicit
/etc/passwd and matching /etc/group entry.
But, anyway, I prepared some code for the Cygwin DLL to handle these
accounts even if no /etc/passwd and /etc/group entries are present. It
still needs some work, though, and for that I'd ask you to perform a
last test.
I attached a short testcase. We know that LookupAccountSid from the
user SID in the user token returns a name (RussellMora) and a domain
(AzureAD). However, the open question is if the reverse operation
LookupAccountName works as desired when feeding it the domain name
and the user name. Actually, for completeness the testcase tries it
two ways: Once only with the username, once with dom\username.
The reason for testing this is, if the reverse lookup works with only
the name we *could* go ahead and omit the domain from the Cygwin
username. I'm not yet sure if that's feasible, but it's certainly worth
a try.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #1.2: azure-check2.c --]
[-- Type: text/plain, Size: 1713 bytes --]
#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>
int
main ()
{
HANDLE tok;
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
DWORD ret;
LPSTR str;
WCHAR name[256];
WCHAR dom[256];
WCHAR aname[513];
PSID rsid = (PSID) malloc (128);
DWORD nlen, dlen, rlen;
SID_NAME_USE type;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
printf ("OpenProcessToken: %u\n", GetLastError ());
return 1;
}
if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("GetTokenInformation(user): %u\n", GetLastError ());
return 1;
}
ConvertSidToStringSidA (tp->User.Sid, &str);
printf ("Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, dom, &dlen, &type))
printf ("Dom\\Name: %ls\\%ls\n", dom, name);
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
rlen = 128;
dlen = 256;
if (LookupAccountNameW (NULL, name, rsid, &rlen, dom, &dlen, &type))
{
ConvertSidToStringSidA (rsid, &str);
printf ("Reverse Sid (%ls): %s\n", name, str);
LocalFree (str);
}
else
printf ("LookupAccountNameW (%ls): %u\n", name, GetLastError ());
wcpcpy (wcpcpy (wcpcpy (aname, dom), L"\\"), name);
rlen = 128;
dlen = 256;
if (LookupAccountNameW (NULL, aname, rsid, &rlen, dom, &dlen, &type))
{
ConvertSidToStringSidA (rsid, &str);
printf ("Reverse Sid (%ls): %s\n", aname, str);
LocalFree (str);
}
else
printf ("LookupAccountNameW (%ls): %u\n", aname, GetLastError ());
return 0;
}
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-16 10:32 ` Corinna Vinschen
@ 2016-08-16 15:50 ` rmora
2016-08-16 16:07 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: rmora @ 2016-08-16 15:50 UTC (permalink / raw)
To: cygwin; +Cc: cygwin
Hi Corinna
On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> Hi Russell,
>
> This is as bad as I feared. Apart from the username and the Windows
> home dir, there are no other information which could be fetched by
> the usual means. Quite apart from the fact that there are no means to
> *store* this information somewhere, other than creating an explicit
> /etc/passwd and matching /etc/group entry.
>
> But, anyway, I prepared some code for the Cygwin DLL to handle these
> accounts even if no /etc/passwd and /etc/group entries are present. It
> still needs some work, though, and for that I'd ask you to perform a
> last test.
>
> I attached a short testcase. We know that LookupAccountSid from the
> user SID in the user token returns a name (RussellMora) and a domain
> (AzureAD). However, the open question is if the reverse operation
> LookupAccountName works as desired when feeding it the domain name
> and the user name. Actually, for completeness the testcase tries it
> two ways: Once only with the username, once with dom\username.
>
> The reason for testing this is, if the reverse lookup works with only
> the name we *could* go ahead and omit the domain from the Cygwin
> username. I'm not yet sure if that's feasible, but it's certainly worth
> a try.
>
Both seem to work. I guess what you are proposing makes sense - the AzureAD domain is like a single domain with multiple tenants (yeah, I don't really know what I'm talking about with respect to AD....). Anyway, let me know if you want me to do any more testing, I'm still very willing to be a Guinea Pig (squeek squeek) - thanks for figuring this out for me!
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ gcc -W azure-check5.c -l Netapi32 -o azure-check5
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$ ./azure-check5
Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
Dom\Name: AzureAD\RussellMora
Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
$
HTH
Cheers,
Russell.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-16 15:50 ` rmora
@ 2016-08-16 16:07 ` Corinna Vinschen
2016-08-18 10:04 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-16 16:07 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 2566 bytes --]
Hi Russell,
On Aug 16 11:27, rmora@aboutgolf.com wrote:
> Hi Corinna
>
> On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
>
> > Hi Russell,
> >
> > This is as bad as I feared. Apart from the username and the Windows
> > home dir, there are no other information which could be fetched by
> > the usual means. Quite apart from the fact that there are no means to
> > *store* this information somewhere, other than creating an explicit
> > /etc/passwd and matching /etc/group entry.
> >
> > But, anyway, I prepared some code for the Cygwin DLL to handle these
> > accounts even if no /etc/passwd and /etc/group entries are present. It
> > still needs some work, though, and for that I'd ask you to perform a
> > last test.
> >
> > I attached a short testcase. We know that LookupAccountSid from the
> > user SID in the user token returns a name (RussellMora) and a domain
> > (AzureAD). However, the open question is if the reverse operation
> > LookupAccountName works as desired when feeding it the domain name
> > and the user name. Actually, for completeness the testcase tries it
> > two ways: Once only with the username, once with dom\username.
> >
> > The reason for testing this is, if the reverse lookup works with only
> > the name we *could* go ahead and omit the domain from the Cygwin
> > username. I'm not yet sure if that's feasible, but it's certainly worth
> > a try.
> >
>
> Both seem to work. I guess what you are proposing makes sense - the
> AzureAD domain is like a single domain with multiple tenants (yeah, I
> don't really know what I'm talking about with respect to AD....).
> Anyway, let me know if you want me to do any more testing, I'm still
> very willing to be a Guinea Pig (squeek squeek) - thanks for figuring
> this out for me!
>
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
>
> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> $ ./azure-check5
> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
Good to know, thank you. Give me a bit and I'll come up with a Cygwin
DLL for testing.
Stay tuned,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-16 16:07 ` Corinna Vinschen
@ 2016-08-18 10:04 ` Corinna Vinschen
2016-08-19 9:09 ` Thomas Wolff
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-18 10:04 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1664 bytes --]
On Aug 16 17:45, Corinna Vinschen wrote:
> On Aug 16 11:27, rmora@aboutgolf.com wrote:
> > Hi Corinna
> >
> > On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> >
> > > Hi Russell,
> > >
> > > This is as bad as I feared. Apart from the username and the Windows
> > > home dir, there are no other information which could be fetched by
> > > the usual means. Quite apart from the fact that there are no means to
> > > *store* this information somewhere, other than creating an explicit
> > > /etc/passwd and matching /etc/group entry.
> > >
> > > But, anyway, I prepared some code for the Cygwin DLL to handle these
> > > accounts even if no /etc/passwd and /etc/group entries are present. It
> > > still needs some work, though, and for that I'd ask you to perform a
> > > last test.
> > > [...]
> > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
> >
> > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > $ ./azure-check5
> > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > Dom\Name: AzureAD\RussellMora
> > Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> > Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>
> Good to know, thank you. Give me a bit and I'll come up with a Cygwin
> DLL for testing.
FTR, this has been kinked out off-list. The resulting patch is in git
master now.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-18 10:04 ` Corinna Vinschen
@ 2016-08-19 9:09 ` Thomas Wolff
2016-08-19 12:28 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: Thomas Wolff @ 2016-08-19 9:09 UTC (permalink / raw)
To: cygwin
Am 18.08.2016 um 11:35 schrieb Corinna Vinschen:
> On Aug 16 17:45, Corinna Vinschen wrote:
>> On Aug 16 11:27, rmora@aboutgolf.com wrote:
>>> Hi Corinna
>>>
>>> On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
>>>
>>>> Hi Russell,
>>>>
>>>> This is as bad as I feared. Apart from the username and the Windows
>>>> home dir, there are no other information which could be fetched by
>>>> the usual means. Quite apart from the fact that there are no means to
>>>> *store* this information somewhere, other than creating an explicit
>>>> /etc/passwd and matching /etc/group entry.
>>>>
>>>> But, anyway, I prepared some code for the Cygwin DLL to handle these
>>>> accounts even if no /etc/passwd and /etc/group entries are present. It
>>>> still needs some work, though, and for that I'd ask you to perform a
>>>> last test.
>>>> [...]
>>> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>>> $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
>>>
>>> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>>> $ ./azure-check5
>>> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>>> Dom\Name: AzureAD\RussellMora
>>> Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>>> Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>> Good to know, thank you. Give me a bit and I'll come up with a Cygwin
>> DLL for testing.
> FTR, this has been kinked out off-list. The resulting patch is in git master now.
Sounds great. Would it be an option to release this fix in a 2.5.3
version to have a final XP release for all users?
Thomas
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-19 9:09 ` Thomas Wolff
@ 2016-08-19 12:28 ` Corinna Vinschen
2016-08-19 20:04 ` Thomas Wolff
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-19 12:28 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 2034 bytes --]
On Aug 18 21:52, Thomas Wolff wrote:
> Am 18.08.2016 um 11:35 schrieb Corinna Vinschen:
> > On Aug 16 17:45, Corinna Vinschen wrote:
> > > On Aug 16 11:27, rmora@aboutgolf.com wrote:
> > > > Hi Corinna
> > > >
> > > > On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
> > > >
> > > > > Hi Russell,
> > > > >
> > > > > This is as bad as I feared. Apart from the username and the Windows
> > > > > home dir, there are no other information which could be fetched by
> > > > > the usual means. Quite apart from the fact that there are no means to
> > > > > *store* this information somewhere, other than creating an explicit
> > > > > /etc/passwd and matching /etc/group entry.
> > > > >
> > > > > But, anyway, I prepared some code for the Cygwin DLL to handle these
> > > > > accounts even if no /etc/passwd and /etc/group entries are present. It
> > > > > still needs some work, though, and for that I'd ask you to perform a
> > > > > last test.
> > > > > [...]
> > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
> > > >
> > > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
> > > > $ ./azure-check5
> > > > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > Dom\Name: AzureAD\RussellMora
> > > > Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > > Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
> > > Good to know, thank you. Give me a bit and I'll come up with a Cygwin
> > > DLL for testing.
> > FTR, this has been kinked out off-list. The resulting patch is in git master now.
> Sounds great. Would it be an option to release this fix in a 2.5.3 version
> to have a final XP release for all users?
I'm not planning to release a 2.5.3.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-19 12:28 ` Corinna Vinschen
@ 2016-08-19 20:04 ` Thomas Wolff
2016-08-19 21:28 ` Erik Soderquist
0 siblings, 1 reply; 33+ messages in thread
From: Thomas Wolff @ 2016-08-19 20:04 UTC (permalink / raw)
To: cygwin
Am 19.08.2016 um 11:09 schrieb Corinna Vinschen:
> On Aug 18 21:52, Thomas Wolff wrote:
>> Am 18.08.2016 um 11:35 schrieb Corinna Vinschen:
>>> On Aug 16 17:45, Corinna Vinschen wrote:
>>>> On Aug 16 11:27, rmora@aboutgolf.com wrote:
>>>>> Hi Corinna
>>>>>
>>>>> On Tuesday, August 16, 2016 05:12, "Corinna Vinschen" <corinna-cygwin@cygwin.com> said:
>>>>>
>>>>>> Hi Russell,
>>>>>>
>>>>>> This is as bad as I feared. Apart from the username and the Windows
>>>>>> home dir, there are no other information which could be fetched by
>>>>>> the usual means. Quite apart from the fact that there are no means to
>>>>>> *store* this information somewhere, other than creating an explicit
>>>>>> /etc/passwd and matching /etc/group entry.
>>>>>>
>>>>>> But, anyway, I prepared some code for the Cygwin DLL to handle these
>>>>>> accounts even if no /etc/passwd and /etc/group entries are present. It
>>>>>> still needs some work, though, and for that I'd ask you to perform a
>>>>>> last test.
>>>>>> [...]
>>>>> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>>>>> $ gcc -W azure-check5.c -l Netapi32 -o azure-check5
>>>>>
>>>>> Unknown+User@Lenovo-PC /cygdrive/c/cygwin64
>>>>> $ ./azure-check5
>>>>> Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
>>>>> Dom\Name: AzureAD\RussellMora
>>>>> Reverse Sid (RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>>>>> Reverse Sid (AzureAD\RussellMora): S-1-12-1-2043906341-1249388050-2635137163-399631282
>>>> Good to know, thank you. Give me a bit and I'll come up with a Cygwin
>>>> DLL for testing.
>>> FTR, this has been kinked out off-list. The resulting patch is in git master now.
>> Sounds great. Would it be an option to release this fix in a 2.5.3 version
>> to have a final XP release for all users?
> I'm not planning to release a 2.5.3.
I didn't think so. I meant to kindly attempt to nag you to modify the
plan and add such a release so that cygwin or standalone packages based
on cygwin would work for Azure users that happen to be still running XP.
------
Thomas
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-19 20:04 ` Thomas Wolff
@ 2016-08-19 21:28 ` Erik Soderquist
2016-08-22 3:28 ` Thomas Wolff
0 siblings, 1 reply; 33+ messages in thread
From: Erik Soderquist @ 2016-08-19 21:28 UTC (permalink / raw)
To: cygwin
On Fri, Aug 19, 2016 at 3:02 PM, Thomas Wolff wrote:
... Azure users that happen to be still running XP.
Is that actually possible? I thought Azure's minimum requirements
would not accept XP...
--- Erik
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-19 21:28 ` Erik Soderquist
@ 2016-08-22 3:28 ` Thomas Wolff
2016-08-22 14:23 ` cyg Simple
2016-08-22 18:51 ` Achim Gratz
0 siblings, 2 replies; 33+ messages in thread
From: Thomas Wolff @ 2016-08-22 3:28 UTC (permalink / raw)
To: cygwin
Am 19.08.2016 um 22:24 schrieb Erik Soderquist:
> On Fri, Aug 19, 2016 at 3:02 PM, Thomas Wolff wrote:
> ... Azure users that happen to be still running XP.
>
> Is that actually possible? I thought Azure's minimum requirements
> would not accept XP...
OK, so a solution for users having both is irrelevant but still a
solution (for standalone packages) that works alike with either XP users
or Azure users would be useful, to avoid this conflict just for the
timing of a few weeks that this issue got resolved after preparing 2.6.
Just pondering for consideration...
------
Thomas
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-22 3:28 ` Thomas Wolff
@ 2016-08-22 14:23 ` cyg Simple
2016-08-22 18:51 ` Achim Gratz
1 sibling, 0 replies; 33+ messages in thread
From: cyg Simple @ 2016-08-22 14:23 UTC (permalink / raw)
To: cygwin
On 8/21/2016 7:33 PM, Thomas Wolff wrote:
> Am 19.08.2016 um 22:24 schrieb Erik Soderquist:
>> On Fri, Aug 19, 2016 at 3:02 PM, Thomas Wolff wrote:
>> ... Azure users that happen to be still running XP.
>>
>> Is that actually possible? I thought Azure's minimum requirements
>> would not accept XP...
> OK, so a solution for users having both is irrelevant but still a
> solution (for standalone packages) that works alike with either XP users
> or Azure users would be useful, to avoid this conflict just for the
> timing of a few weeks that this issue got resolved after preparing 2.6.
> Just pondering for consideration...
This topic has been exhaustively discussed. XP is dead for future work.
Let's move on and let it die. If someone wants to maintain a fork for
XP users then perhaps Corinna would be willing for a git branch to
exist, maybe? But someone has to be responsible for maintaining it and
it will not be the maintainers of the official release branches. So
Thomas are you volunteering to do that if Corinna allows it?
--
cyg Simple
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-22 3:28 ` Thomas Wolff
2016-08-22 14:23 ` cyg Simple
@ 2016-08-22 18:51 ` Achim Gratz
1 sibling, 0 replies; 33+ messages in thread
From: Achim Gratz @ 2016-08-22 18:51 UTC (permalink / raw)
To: cygwin
Thomas Wolff writes:
> OK, so a solution for users having both is irrelevant but still a
> solution (for standalone packages) that works alike with either XP
> users or Azure users would be useful, to avoid this conflict just for
> the timing of a few weeks that this issue got resolved after preparing
> 2.6. Just pondering for consideration...
Anyone still using XP really shouldn't be connected in any way to the
internet, so that'd rule out Azure as well.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
SD adaptation for Waldorf microQ V2.22R2:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-02 15:45 rmora
2016-08-02 16:29 ` rmora
@ 2016-08-02 16:54 ` Corinna Vinschen
1 sibling, 0 replies; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-02 16:54 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 2888 bytes --]
Hi,
On Aug 2 11:44, rmora@aboutgolf.com wrote:
> <squeek squeek>
Thank you! Just a small request, please don't cc the corinna-cygwin
account, just send to the list. Thank you.
> C:\Users\RussellMora>whoami /all
>
> USER INFORMATION
> ----------------
>
> User Name SID
> =================== ===================================================
> azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
>
>
> GROUP INFORMATION
> -----------------
>
> Group Name Type SID Attributes
> ========================================= ================ ==================================================== ==================================================
> Mandatory Label\Medium Mandatory Level Label S-1-16-8192
> Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
> BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only
> BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
> CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
> LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
> Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Yuk!
This is not nice. Can you try to repeat this call to `whoami /all'
in an elevated shell? I doubt it will chnage the outcome in terms
of this "Unknown SID", but let's at least try...
I think I will have to come up with a test application as well,
but this might take a day or two...
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-02 15:45 rmora
@ 2016-08-02 16:29 ` rmora
2016-08-02 16:54 ` Corinna Vinschen
1 sibling, 0 replies; 33+ messages in thread
From: rmora @ 2016-08-02 16:29 UTC (permalink / raw)
To: corinna-cygwin, cygwin; +Cc: towo
<squeek squeek>
Though I am going on vacation in a couple of days until the 15th....
C:\Users\RussellMora>whoami
azuread\russellmora
C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
logged-on user is not a domain user.
C:\Users\RussellMora>whoami /all
USER INFORMATION
----------------
User Name SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================= ================ ==================================================== ==================================================
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36 Mandatory group, Enabled by default, Enabled group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
C:\Users\RussellMora>
On Aug 1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
y()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>=20
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>=20
> I have no idea how to establish a working startup of mintty for those use=
rs.
The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts. I like it
how Microsoft screws up otherwise working software with this
strange domain handling.
To fix this we have to be able to come up with a working user and group
account for these cases. For that I need at least output from `whoami
/all'. I wonder why supposedly nobody tried that after /fqdn didn't
work.
This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows(). There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).
Alternatively I need at least a guinea pig with such an account,
Corinna
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
@ 2016-08-02 15:45 rmora
2016-08-02 16:29 ` rmora
2016-08-02 16:54 ` Corinna Vinschen
0 siblings, 2 replies; 33+ messages in thread
From: rmora @ 2016-08-02 15:45 UTC (permalink / raw)
To: corinna-cygwin, cygwin; +Cc: towo
<squeek squeek>
Though I am going on vacation in a couple of days until the 15th....
C:\Users\RussellMora>whoami
azuread\russellmora
C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
logged-on user is not a domain user.
C:\Users\RussellMora>whoami /all
USER INFORMATION
----------------
User Name SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================= ================ ==================================================== ==================================================
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36 Mandatory group, Enabled by default, Enabled group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
C:\Users\RussellMora>
On Aug 1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
y()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>=20
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>=20
> I have no idea how to establish a working startup of mintty for those use=
rs.
The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts. I like it
how Microsoft screws up otherwise working software with this
strange domain handling.
To fix this we have to be able to come up with a working user and group
account for these cases. For that I need at least output from `whoami
/all'. I wonder why supposedly nobody tried that after /fqdn didn't
work.
This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows(). There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).
Alternatively I need at least a guinea pig with such an account,
Corinna
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-02 9:54 ` Corinna Vinschen
@ 2016-08-02 13:50 ` Corinna Vinschen
0 siblings, 0 replies; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-02 13:50 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 2216 bytes --]
On Aug 2 11:54, Corinna Vinschen wrote:
> On Aug 1 22:24, Thomas Wolff wrote:
> > For Azure Domain users (and I do not really know what that means),
> > pts handling does not seem to work, at least not for mintty, where forkpty()
> > fails.
> > Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> > and my comment
> > https://github.com/mintty/mintty/issues/563#issuecomment-235310199
> >
> > Also, there has been a similar report here:
> > https://sourceware.org/ml/cygwin/2016-02/msg00046.html
> >
> > I have no idea how to establish a working startup of mintty for those users.
>
> The problem here is that it's impossible to generate access
> permissions for the pty with those weird accounts. I like it
> how Microsoft screws up otherwise working software with this
> strange domain handling.
>
> To fix this we have to be able to come up with a working user and group
> account for these cases. For that I need at least output from `whoami
> /all'. I wonder why supposedly nobody tried that after /fqdn didn't
> work.
>
> This may be fixable by somebody with such an account and willing to hack
> on the Cygwin function pwdgrp::fetch_account_from_windows(). There's
> already some code for the so-called "Windows accounts" which seem to
> work in a similar fashion (albeit in this case the user has a local
> account SID).
>
> Alternatively I need at least a guinea pig with such an account,
There's another problem with those accounts. If they act like a domain
account, but there's no valid domain info on the machine (*), then who
should Cygwin ask for shell and home dir?
(*) That's the cause of the "Unknown domain AzureAD". Usually the local
machine has a list of domains which is refreshed once in a while.
Even the local machine SAM is a domain in this view.
However, while the LookupAccountSid function seems to return
"AzureAD" as the domain name for this account, the domain list on
the local machine does not contain this domain.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: /dev/ptmx fails with Azure accounts
2016-08-01 20:25 Thomas Wolff
@ 2016-08-02 9:54 ` Corinna Vinschen
2016-08-02 13:50 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: Corinna Vinschen @ 2016-08-02 9:54 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1527 bytes --]
On Aug 1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpty()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>
> I have no idea how to establish a working startup of mintty for those users.
The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts. I like it
how Microsoft screws up otherwise working software with this
strange domain handling.
To fix this we have to be able to come up with a working user and group
account for these cases. For that I need at least output from `whoami
/all'. I wonder why supposedly nobody tried that after /fqdn didn't
work.
This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows(). There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).
Alternatively I need at least a guinea pig with such an account,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* /dev/ptmx fails with Azure accounts
@ 2016-08-01 20:25 Thomas Wolff
2016-08-02 9:54 ` Corinna Vinschen
0 siblings, 1 reply; 33+ messages in thread
From: Thomas Wolff @ 2016-08-01 20:25 UTC (permalink / raw)
To: cygwin
For Azure Domain users (and I do not really know what that means),
pts handling does not seem to work, at least not for mintty, where
forkpty() fails.
Please check https://github.com/mintty/mintty/issues/563 for a discussion,
and my comment
https://github.com/mintty/mintty/issues/563#issuecomment-235310199
Also, there has been a similar report here:
https://sourceware.org/ml/cygwin/2016-02/msg00046.html
I have no idea how to establish a working startup of mintty for those users.
------
Thomas
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 33+ messages in thread
end of thread, other threads:[~2016-08-22 17:24 UTC | newest]
Thread overview: 33+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-03 6:19 /dev/ptmx fails with Azure accounts rmora
2016-08-03 18:00 ` Corinna Vinschen
2016-08-03 18:17 ` rmora
2016-08-03 19:05 ` Corinna Vinschen
2016-08-03 19:47 ` Corinna Vinschen
2016-08-03 19:47 ` rmora
2016-08-04 9:13 ` Corinna Vinschen
2016-08-05 11:24 ` Corinna Vinschen
2016-08-05 17:52 ` Corinna Vinschen
2016-08-15 18:34 ` rmora
2016-08-07 5:52 ` Duncan Roe
2016-08-08 7:24 ` Corinna Vinschen
2016-08-08 12:42 ` Duncan Roe
2016-08-08 13:43 ` Corinna Vinschen
2016-08-15 16:49 ` rmora
2016-08-15 18:54 ` rmora
2016-08-16 10:32 ` Corinna Vinschen
2016-08-16 15:50 ` rmora
2016-08-16 16:07 ` Corinna Vinschen
2016-08-18 10:04 ` Corinna Vinschen
2016-08-19 9:09 ` Thomas Wolff
2016-08-19 12:28 ` Corinna Vinschen
2016-08-19 20:04 ` Thomas Wolff
2016-08-19 21:28 ` Erik Soderquist
2016-08-22 3:28 ` Thomas Wolff
2016-08-22 14:23 ` cyg Simple
2016-08-22 18:51 ` Achim Gratz
-- strict thread matches above, loose matches on Subject: below --
2016-08-02 15:45 rmora
2016-08-02 16:29 ` rmora
2016-08-02 16:54 ` Corinna Vinschen
2016-08-01 20:25 Thomas Wolff
2016-08-02 9:54 ` Corinna Vinschen
2016-08-02 13:50 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).