X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=K/EyfQpfpD9BdZwHLD1UfArnwxf90SqaKQMNO8UPGFmwfhsxN42Pi
	JXC3kmKc9wsM6s3Ziowcjqha+CYHNS602C2bX1nDoc76dXquQEddj6kmzfIOTa4c
	3SIlKE3EJwTc60KoqH36lcUWIzCo1pY2UrOaDAuBPiE/tn6OXpgGoM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=ba2QX45p8Y+bvgNnnjX7nwy+8xw=; b=sq604GlUQlWmzc5Hi86zLg8t/Gjv
	6koJW0xVG+721PqKLorrCzqbpQ73P78sQX6ImviOKRIg/+bTA0SkfHqrUqxoR6vK
	yNwQd9ELKBNl8ENUYoST7DlS3Km/PRqofM1xmD45WggWVF1alq86wTmdLUimoAwP
	z6uIjou9iS0Op2A=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-95.1 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC autolearn=ham version=3.3.2 spammy=completeness, H*i:sk:1471279, H*MI:sk:1471279, H*f:sk:1471279
X-HELO: calimero.vinschen.de
Date: Tue, 16 Aug 2016 11:12:36 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: /dev/ptmx fails with Azure accounts
Message-ID: <20160816091236.yws3hk3o5fihlbe7@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20160803181649 DOT GD25811 AT calimero DOT vinschen DOT de> <1470251109 DOT 311822327 AT apps DOT rackspace DOT com> <20160804070058 DOT GA2333 AT calimero DOT vinschen DOT de> <20160805102751 DOT GK25811 AT calimero DOT vinschen DOT de> <20160807032711 DOT GC31990 AT dimstar DOT local DOT net> <20160808070527 DOT GB32150 AT calimero DOT vinschen DOT de> <20160808114807 DOT GD31990 AT dimstar DOT local DOT net> <20160808115840 DOT GG32150 AT calimero DOT vinschen DOT de> <1471278569 DOT 482829599 AT apps DOT rackspace DOT com> <1471279732 DOT 794730680 AT apps DOT rackspace DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="pjaw7uwdsgdfluph"
Content-Disposition: inline
In-Reply-To: <1471279732.794730680@apps.rackspace.com>
User-Agent: Mutt/1.6.2-neo (2016-07-23)

--pjaw7uwdsgdfluph
Content-Type: multipart/mixed; boundary="4c3nesa32a6sqjdb"
Content-Disposition: inline


--4c3nesa32a6sqjdb
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Russell,

On Aug 15 12:48, rmora AT aboutgolf DOT com wrote:
> $ ./azure-check3
>  Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282
> Dom\Name: AzureAD\RussellMora
> DsGetDcNameW: 1355
> NetUserGetInfo(NULL, 3): 2221
> NetUserGetInfo(NULL, 24): 2221

This is as bad as I feared.  Apart from the username and the Windows
home dir, there are no other information which could be fetched by
the usual means.  Quite apart from the fact that there are no means to
*store* this information somewhere, other than creating an explicit
/etc/passwd and matching /etc/group entry.

But, anyway, I prepared some code for the Cygwin DLL to handle these
accounts even if no /etc/passwd and /etc/group entries are present.  It
still needs some work, though, and for that I'd ask you to perform a
last test.

I attached a short testcase.  We know that LookupAccountSid from the
user SID in the user token returns a name (RussellMora) and a domain
(AzureAD).  However, the open question is if the reverse operation
LookupAccountName works as desired when feeding it the domain name
and the user name.  Actually, for completeness the testcase tries it
two ways:  Once only with the username, once with dom\username.

The reason for testing this is, if the reverse lookup works with only
the name we *could* go ahead and omit the domain from the Cygwin
username.  I'm not yet sure if that's feasible, but it's certainly worth
a try.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--4c3nesa32a6sqjdb
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="azure-check2.c"

#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  WCHAR aname[513];
  PSID rsid = (PSID) malloc (128);
  DWORD nlen, dlen, rlen;
  SID_NAME_USE type;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  rlen = 128;
  dlen = 256;
  if (LookupAccountNameW (NULL, name, rsid, &rlen, dom, &dlen, &type))
    {
      ConvertSidToStringSidA (rsid, &str);
      printf ("Reverse Sid (%ls): %s\n", name, str);
      LocalFree (str);
    }
  else
    printf ("LookupAccountNameW (%ls): %u\n", name, GetLastError ());

  wcpcpy (wcpcpy (wcpcpy (aname, dom), L"\\"), name);
  rlen = 128;
  dlen = 256;
  if (LookupAccountNameW (NULL, aname, rsid, &rlen, dom, &dlen, &type))
    {
      ConvertSidToStringSidA (rsid, &str);
      printf ("Reverse Sid (%ls): %s\n", aname, str);
      LocalFree (str);
    }
  else
    printf ("LookupAccountNameW (%ls): %u\n", aname, GetLastError ());

  return 0;
}

--4c3nesa32a6sqjdb--

--pjaw7uwdsgdfluph
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXstkEAAoJEPU2Bp2uRE+gh80P/2PK8U8Q2hcR6jqPoO4Uw2OZ
zB5Z/xNZLsqbPcR4cPoslc3PrgZpx5XoOGJRvAZ2V1xiI7uhGcfwXG9SY3HRzQ9E
ZxJ9zpJo6IsW42YNEKsA54N4BpTmdldDoKS6doYdrmBZIIzwAJ/Tnd8J8fGmyCdV
r0vnjrFjhogrCuqd2IJfP8PJmtrHObGHADgSeUJPyFnIWCpBZKKXs+NVtbAAhABY
tXdAcD9/35yfJPef83krllMOud+CIiCSNuNeVOLj4OWBiKQp+WUCvMOTuOjEupFv
uiujFPZo2lNoyYnGvg/kwRvTeJpLCe24vkWGrtkOOWTUdqEtp8Z+/UjUvZdIQ6Z5
uQXx6+0mm/PONI2Myp8P6+n+9pQiuXrEu3p3yskeG613wKXpHXP/SXGqCM+bLQDw
JtxcgD++PmCW5t4W3FZKBqrjsiQbmAQjjafmd2vGvfOiL0pFA319NSAI7hZl5oZ5
QCXDH1QN6YxukQzUJbJDgkiqVsUuOVW+JZ4QcneeFm6LjYXn14zyBgKhSd0DpOzl
QhY+Q4HMDK+JgULAILo9BW6q+o2jcGbEk/nUyCF0c8CFDUcHC5XjMZtGh9CX8iMb
/3Loy4BhRhBUo1YRuAzW6fmni+/6TmhLuong8bCVHF4SZta6Ca35EQaVE1FyhSTg
IrWM/ShZ0IuzHBhk0ddn
=x1LW
-----END PGP SIGNATURE-----

--pjaw7uwdsgdfluph--