delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2026/04/24/08:25:38

DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 63OCPbsj2790828
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 63OCPbsj2790828
Authentication-Results: delorie.com;
dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=cHQFIygB
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D8F004B9700B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1777033536;
bh=9k4fegnQRXSG7a+m+fTsmTETZYBLsh36TQA5wqcc+2U=;
h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
From;
b=cHQFIygBloWJ+XCCvtabnGb2rYsd6gAqxeylAVH6PdhVlLbjDfcaq4iK0xxwRqpfE
Sfh2sbJjLOTi5aByTXbXr2Pd2eq5woywimQ6oHx2qjxJaQCwWN0WDVjve6jRfi+iJr
bP0CHRcEJ0RkYUshOdmbrAcO+Dq33wUeWeMnclFo=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 15D1C4BA902E
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 15D1C4BA902E
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777033516; cv=none;
b=sKDM4bpV4qscMge8oWcIrVLoLwuhfCU7GpaSj5NLo+bqO2ExEOfIFzodmBxPwxfoVOWCf0emSd3N1EE+MKWGWdF5K5kqQYQoVXAz0fiLS5gO1acwHr+ag11kWebjvUt4TLm1YubpsWOa+BK/GfbrYWAyW13womBU30Q4qgVxPWw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
t=1777033516; c=relaxed/simple;
bh=x79u9uXxWWmUdybyH6QEB11kux9ZfGSpB1h2fUUN+Wo=;
h=DKIM-Signature:Subject:To:From:Message-ID:Date:MIME-Version;
b=b2ipvCnQGYQK9blpIGAVFKANGB1O6+E7y98N/N9JyrfnCGFVs3jrY2HqWeGvEStt7faSEvcaU0mQV4Q/hkGPPJ/qAfBYlBZyFfT/tD0ADO8ks1G5s1OEvf9yUTF0s+XF2RgSZQHVeMxpc3oLoD6PyhcRkjfHGcrHYtDwH+P5MJw=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 15D1C4BA902E
Subject: Re: Getting Windows "MACHINE SID" without fork() & exec()?
To: cygwin AT cygwin DOT com
References: <CALWcw=HNsScw6AcFU5-g1nvy7g+NRWZ-B2LMFFaHAoTWkkN17g AT mail DOT gmail DOT com>
<a5a7e6dc-eb6d-4bf9-b7cb-a2971a3d72aa AT gmail DOT com>
<c528f22b-1279-4d31-a99d-d868a20b51c8 AT SystematicSW DOT ab DOT ca>
Organization: WiseMo A/S
Message-ID: <cda860b7-d062-f575-2a21-bc15827c23ab@wisemo.com>
Date: Fri, 24 Apr 2026 14:25:10 +0200
X-Mailer: Epyrus/2.2.0
MIME-Version: 1.0
In-Reply-To: <c528f22b-1279-4d31-a99d-d868a20b51c8@SystematicSW.ab.ca>
X-Content-Filtered-By: Mailman/MimeDel 2.1.30
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Jakob Bohm via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Jakob Bohm <jb AT wisemo DOT com>
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 63OCPbsj2790828 

On 24/04/2026 00:55, Brian Inglis via Cygwin wrote:
> On 2026-04-23 13:27, René Berber via Cygwin wrote:
>> On 4/23/2026 11:07 AM, Takeshi Nishimura via Cygwin wrote:
>>
>>> Does Cygwin have a secret shell variable or /proc file which contains
>>> the current machine's MACHINE SID, without having to resort to calling
>>> an external program (no fork(), no exec(), please)?
>>
>> Create your own environment variable.  Store it once per bash session 
>> with .bashrc for example, or permanently with all the other Windows 
>> variables.
>>
>> Use PsGetSid to get the value into that variable (i.e. no super user 
>> access needed like with regtool.)
>
> No regtool or superuser access needed for most queries and regtool 
> accepts paths:
>
> $ l /proc/registry*/
> /proc/registry/:
> HKEY_CLASSES_ROOT/  HKEY_CURRENT_CONFIG/  HKEY_CURRENT_USER/ 
> HKEY_LOCAL_MACHINE/  HKEY_PERFORMANCE_DATA/  HKEY_USERS/
>
> /proc/registry32/:
> HKEY_CLASSES_ROOT/  HKEY_CURRENT_CONFIG/  HKEY_CURRENT_USER/ 
> HKEY_LOCAL_MACHINE/  HKEY_PERFORMANCE_DATA/  HKEY_USERS/
>
> /proc/registry64/:
> HKEY_CLASSES_ROOT/  HKEY_CURRENT_CONFIG/  HKEY_CURRENT_USER/ 
> HKEY_LOCAL_MACHINE/  HKEY_PERFORMANCE_DATA/  HKEY_USERS/
>
>> Ref: https://learn.microsoft.com/en-us/sysinternals/downloads/psgetsid
>>
>> Caveat: The first time you run PsGetSid it shows a popup with the 
>> license agreement.
>>
>> Example:
>> XPS-8930: ~
>> $ /home/reneb/bin/SysinternalsSuite/PsGetsid
>>
>> PsGetSid v1.44 - Translates SIDs to names and vice versa
>> Copyright (C) 1999-2008 Mark Russinovich
>> Sysinternals - www.sysinternals.com
>>
>> SID for \\XPS-8930:
>> S-1-5-21-3651791898-1415975337-2452924111
>>
>> XPS-8930: ~
>> $ /home/reneb/bin/SysinternalsSuite/PsGetsid |& tail -n 3
>> S-1-5-21-3651791898-1415975337-2452924111
>
> Do you mean like these values replaced by '*'?
>
> $ regtool list -v /proc/registry/HKEY_USERS/
> .DEFAULT\ ()
> S-1-5-18\ ()
> S-1-5-19\ ()
> S-1-5-20\ ()
> S-1-5-21-**********-**********-**********-1001\ ()
> S-1-5-21-**********-**********-**********-1001_Classes\ ()
> ...
>
> Of course, if the info is not yours, you probably will need elevated 
> access!
>
That particular list is only for users with a local home directory
(called "profile dir"in windows), and for which the per user
config registry are currently cached in memory due to use by one or
more processes.

There are Win32 functions which return the value directly from the
Windows component that owns it, for example this sequence, which
does not require any user to have recently logged on.  Wrapping in
cygwin-compatible code is left as an exercise for the reader.

// Note: On domain controllers, the machine sid is actually the
//   sid of thedomain for which this domain controller is the
//   Kerberos KDC.  This isa historical consequence of NT
//   versions before 5.00 stored the domainuser database with
//   the same code as the local user database of othermachines.
// Note: This code uses the NT OS API conventions, where each API
//    returns asigned 32 bit error code where < 0 is error,
//    >= 0 is success, see WinSDK/include/shared/ntstatus.h
// Note: This sample prefixes Win32 API names with the DLL that
//    exports them, adjust to how your code otherwise accesses
//    system calls
// Note: Most LsaXxxx() APIs exported by ADVAPI32 are actually
//    local RPC calls to the secure process that is the equivalent
//    of logind on Systemd/Linux.
// Note: The policy handle temporarily used by this code could be
//    shared with other tasks, such as looking up the local names
//    of accounts, listing trusted AD/Kerberos domains etc.  For
//    simplicity, it is just opened and closed by this self-contained
//    sample.

// Implement this function yourself, similar to strdup() from ANSI C,
//   But using ADVAPI32.GetLengthSid() instead of strlen()
PSID SampleDuplicateSid(PSID pSid0);

NTSTATUS STDCALL SampleGetMachineSid(PSID *ppMachineSid) {
   LSA_HANDLE                  hLsaPolicy = NULL;
   POLICY_ACCOUNT_DOMAIN_INFO *pAccountDomainInfo = NULL
   LSA_OBJECT_ATTRIBUTES       oattr;
   NTSTATUS                    ntStatus;

   bzero(&oattr, sizeof(oattr)
   ntStatus = ADVAPI32.LsaOpenPolicy(
NULL,
     &oattr,
     POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES,
     &hLsaPolicy)
if (ntStatus < 0)
     return ntStatus;

   ntStatus = ADVAPI32.LsaQueryInformationPolicy(
     hLsaPolicy,
     PolicyAccountDomainInformation,
     (PdwVOID*)(&pAccountDomainInfo))
(void)ADVAPI32.LsaClose(hLsaPolicy);
   if (ntStatus < 0)
     return ntStatus;

   ppMachineSid = SampleDuplicateSid(pAccountDomainInfo->DomainSid);
   if (!pMachineSid)
     ntStatus = STATUS_NO_MEMORY;
   ADVAPI32.LsaFreeMemory(pAccountDomainInfo)
   return ntStatus;
}



-- 
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10 
<tel:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019