* uinfo.cc (pwdgrp::fetch_account_from_windows): Handle APPLICATION

PACKAGE AUTHORITY SIDs. * winlean.h (DNLEN): Raise to 31. Explain why.
2014-09-05 09:46:26 +00:00 · 2014-09-05 09:46:26 +00:00 · acc511d184
parent e7565f1088
commit acc511d184
3 changed files with 26 additions and 7 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,9 @@
+2014-09-05  Corinna Vinschen  <corinna@vinschen.de>
+
+	* uinfo.cc (pwdgrp::fetch_account_from_windows): Handle APPLICATION
+	PACKAGE AUTHORITY SIDs.
+	* winlean.h (DNLEN): Raise to 31.  Explain why.
+
 2014-09-03  Corinna Vinschen  <corinna@vinschen.de>

 	* sec_acl.cc (aclcheck32): Check for required default entries as well.
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@ -1411,6 +1411,11 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 	{
 	  /* Well-Known Group */
 	  arg.id -= 0x10000;
+	  /* SECURITY_APP_PACKAGE_AUTHORITY */
+	  if (arg.id >= 0xf20 && arg.id <= 0xf3f)
+	    __small_swprintf (sidstr, L"S-1-15-%u-%u", (arg.id >> 4) & 0xf,
+						       arg.id & 0xf);
+	  else
 	    __small_swprintf (sidstr, L"S-1-%u-%u", arg.id >> 8, arg.id & 0xff);
 	}
      else if (arg.id >= 0x30000 && arg.id < 0x40000)
@ -1794,7 +1799,11 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 	    uid = 0x10000 + 0x100 * sid_id_auth (sid)
 		  + (sid_sub_auth_rid (sid) & 0xff);
 #else
-	  if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */)
+	  if (sid_id_auth (sid) == 15 /* SECURITY_APP_PACKAGE_AUTHORITY */)
+	    uid = 0x10000 + 0x100 * sid_id_auth (sid)
+		  + 0x10 * sid_sub_auth (sid, 0)
+		  + (sid_sub_auth_rid (sid) & 0xf);
+	  else if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */)
 	    uid = 0x10000 + 0x100 * sid_id_auth (sid)
 		  + (sid_sub_auth_rid (sid) & 0xff);
 	  else if (sid_sub_auth (sid, 0) < SECURITY_PACKAGE_BASE_RID
--- a/winsup/cygwin/winlean.h
+++ b/winsup/cygwin/winlean.h
@ -74,12 +74,16 @@ details. */
 #undef CRITICAL
 #endif

-/* So-called "Microsoft Account" SIDs have a netbios domain name
-   "MicrosoftAccounts".  The problem is, while DNLEN is 15, that domain
-   name is 16 chars :-P  So we override DNLEN here to be 16, so that calls
-   to LookupAccountSid/Name don't fail if the buffer is based on DNLEN. */
+/* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name
+   "MicrosoftAccounts".  The new "Application Container SIDs" (S-1-15-...)
+   have a netbios domain name "APPLICATION PACKAGE AUTHORITY"
+   
+   The problem is, DNLEN is 15, but these domain names have a length of 16
+   resp. 29 chars :-P  So we override DNLEN here to be 31, so that calls
+   to LookupAccountSid/Name don't fail if the buffer is based on DNLEN.
+   Hope that's enough for a while... */
 #undef DNLEN
-#define DNLEN 16
+#define DNLEN 31

 /* When Terminal Services are installed, the GetWindowsDirectory function
   does not return the system installation dir, but a user specific directory