Handle WinFSP nobody account

Per discussion started at
https://cygwin.com/ml/cygwin/2016-06/msg00347.html

S-1-0-65534 == uid/gid 65534 == nodomain+nobody

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2016-06-29 17:12:38 +02:00
parent 642c48095c
commit 1a988fc6ba
1 changed files with 28 additions and 0 deletions

View File

@ -1894,6 +1894,14 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
} }
if (!ret) if (!ret)
{ {
if (!strcmp (arg.name, "nodomain+nobody"))
{
/* Special case "nobody" for reproducible construction of a
nobody SID for WinFsp and similar services. We use the
value 65534 which is -2 with 16 bit uid/gids. */
csid.create (0, 1, 0xfffe);
break;
}
debug_printf ("LookupAccountNameW (%W), %E", name); debug_printf ("LookupAccountNameW (%W), %E", name);
return NULL; return NULL;
} }
@ -2004,6 +2012,15 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
sid = logon_sid; sid = logon_sid;
break; break;
} }
else if (arg.id == 0xfffe)
{
/* Special case "nobody" for reproducible construction of a
nobody SID for WinFsp and similar services. We use the
value 65534 which is -2 with 16 bit uid/gids. */
csid.create (0, 1, 0xfffe);
sid = csid;
break;
}
else if (arg.id < 0x10000) else if (arg.id < 0x10000)
{ {
/* Nothing. */ /* Nothing. */
@ -2428,6 +2445,17 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
return NULL; return NULL;
} }
} }
else if (sid_id_auth (sid) == 0 && sid_sub_auth (sid, 0) == 0xfffe)
{
/* Special case "nobody" for reproducible construction of a
nobody SID for WinFsp and similar services. We use the
value 65534 which is -2 with 16 bit uid/gids. */
uid = gid = 0xfffe;
wcpcpy (dom, L"nodomain");
wcpcpy (name = namebuf, L"nobody");
fully_qualified_name = true;
acc_type = SidTypeUnknown;
}
else if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */ else if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
&& sid_sub_auth (sid, 0) == SECURITY_LOGON_IDS_RID) && sid_sub_auth (sid, 0) == SECURITY_LOGON_IDS_RID)
{ {