From 1a988fc6baa00ea157c743fc87a8c9b08ea79a46 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Wed, 29 Jun 2016 17:12:38 +0200 Subject: [PATCH] Handle WinFSP nobody account Per discussion started at https://cygwin.com/ml/cygwin/2016-06/msg00347.html S-1-0-65534 == uid/gid 65534 == nodomain+nobody Signed-off-by: Corinna Vinschen --- winsup/cygwin/uinfo.cc | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index 247131db0..bc2a2d821 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -1894,6 +1894,14 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) } if (!ret) { + if (!strcmp (arg.name, "nodomain+nobody")) + { + /* Special case "nobody" for reproducible construction of a + nobody SID for WinFsp and similar services. We use the + value 65534 which is -2 with 16 bit uid/gids. */ + csid.create (0, 1, 0xfffe); + break; + } debug_printf ("LookupAccountNameW (%W), %E", name); return NULL; } @@ -2004,6 +2012,15 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) sid = logon_sid; break; } + else if (arg.id == 0xfffe) + { + /* Special case "nobody" for reproducible construction of a + nobody SID for WinFsp and similar services. We use the + value 65534 which is -2 with 16 bit uid/gids. */ + csid.create (0, 1, 0xfffe); + sid = csid; + break; + } else if (arg.id < 0x10000) { /* Nothing. */ @@ -2428,6 +2445,17 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) return NULL; } } + else if (sid_id_auth (sid) == 0 && sid_sub_auth (sid, 0) == 0xfffe) + { + /* Special case "nobody" for reproducible construction of a + nobody SID for WinFsp and similar services. We use the + value 65534 which is -2 with 16 bit uid/gids. */ + uid = gid = 0xfffe; + wcpcpy (dom, L"nodomain"); + wcpcpy (name = namebuf, L"nobody"); + fully_qualified_name = true; + acc_type = SidTypeUnknown; + } else if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */ && sid_sub_auth (sid, 0) == SECURITY_LOGON_IDS_RID) {