On Aug 3 15:05, [email protected] wrote: > On Wednesday, August 3, 2016 14:16, "Corinna Vinschen" > <[email protected]> said: > > > On Aug 3 20:00, Corinna Vinschen wrote: > >> On Aug 3 12:53, [email protected] wrote: > >> > > >> > > >> > The output is as below. This was without Run As Administrator - with > >> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which > >> > *seems* appropriate.... > >> > >> It is. Thanks for this test, the result is as horrifying as I imagined. > >> Can you please try the testcase attached to this mail, too? It should > >> be built and run the same way: > >> > >> $ gcc -g -o azure-check2 azure-check2.c -lnetapi32 > >> $ ./azure-check2 > > > > Pleae use the one attached in this mail. I noticed I forgot to print > > primary group info. It's not unimportant to see it as well. > > > > Here it is: > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64 > $ ./azure-check2 > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282 > Dom\Name: AzureAD\RussellMora > Primary Group: > Sid: S-1-12-1-2043906341-1249388050-2635137163-399631282 > Dom\Name: AzureAD\RussellMora > NetUserGetInfo: 53 > > Unknown+User@Lenovo-PC /cygdrive/c/cygwin64 > $ > > (As an aside, I assume that the fact that the permissions on the > compiled executable are totally messed up, and thus the executable > won't run until I fix them via Windows, is incidental to the fact that > I am running under "Unknown+User" and thus you don't want any > information on that as well.....)
Good thinking :) Can you please try the attached testcase? Probably my last straw. If that doesn't work as desired, support for AzureAD accounts will be very limited. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
#include <stdio.h>
#include <wchar.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <dsgetdc.h>
#include <sddl.h>
int
main ()
{
HANDLE tok;
PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
DWORD ret;
LPSTR str;
WCHAR name[256];
WCHAR dom[256];
DWORD nlen, dlen;
SID_NAME_USE type;
PDOMAIN_CONTROLLER_INFOW pci;
NET_API_STATUS status;
PUSER_INFO_3 ui3;
PUSER_INFO_24 ui24;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
{
printf ("OpenProcessToken: %u\n", GetLastError ());
return 1;
}
if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
{
printf ("GetTokenInformation(user): %u\n", GetLastError ());
return 1;
}
ConvertSidToStringSidA (tp->User.Sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
nlen = dlen = 256;
if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,
dom, &dlen, &type))
printf ("Dom\\Name: %ls\\%ls\n", dom, name);
else
printf ("LookupAccountSidW: %u\n", GetLastError ());
ret = DsGetDcNameW (NULL, dom, NULL, NULL,
DS_IS_FLAT_NAME | DS_RETURN_DNS_NAME, &pci);
if (ret != ERROR_SUCCESS)
{
printf ("DsGetDcNameW: %u\n", status);
return 1;
}
printf ("domain controller: %ls\n", pci->DomainControllerName);
status = NetUserGetInfo (pci->DomainControllerName, name,
3, (PBYTE *) &ui3);
if (status != NERR_Success)
printf ("NetUserGetInfo(3): %u\n", status);
else
{
printf ("UserInfo 3:\n");
printf (" Name: %ls\n", ui3->usri3_name);
}
status = NetUserGetInfo (pci->DomainControllerName, name,
24, (PBYTE *) &ui24);
if (status != NERR_Success)
printf ("NetUserGetInfo(24): %u\n", status);
else
{
printf ("UserInfo 24:\n");
printf (" InternetIdentity: %d\n", ui24->usri24_internet_identity);
printf (" Flags: 0x%08x\n", ui24->usri24_flags);
printf (" ProviderName: %ls\n", ui24->usri24_internet_provider_name);
printf (" PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
printf (" Sid: %s\n", str);
LocalFree (str);
}
return 0;
}
signature.asc
Description: PGP signature
