X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=mdkXNu7vyc4E9ktaUWdaITLekeNcR+Dt68djyunh7oGbQXHd1ANd/
	kWBB/3ASUDKI/HG5acB3Pp7nSj4MnVziXA6N+nTWFHXIH3wbRaT6dAoVYpsX367A
	vSYABFgjh6cOe5cOPep+utq7IjppLZC97LLbp9dGwzn1avN9rXq76c=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=D0gF0zDA/dy0nYA5oS/MSVl/BDw=; b=wPuwtupYJMcITjrAcKK18gYGi/7T
	Kiotm7m5and9HbAkbFzZ/YQh1IyOrvTp5eJR1PSrKuMFX76EVcJ9kQOEBWhdPUPc
	PxWggYU3K+5tX5D+U36rCQDOva57wRT0/oSBTD+r22U4FHJz5PP0rGJ6PK3NFMQb
	MtNJ3YjOdmemcmo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-95.0 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC autolearn=ham version=3.3.2 spammy=tpg, Administrator, administrator, prepared
X-HELO: calimero.vinschen.de
Date: Wed, 3 Aug 2016 20:16:49 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: /dev/ptmx fails with Azure accounts
Message-ID: <20160803181649.GD25811@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <1470156870 DOT 684316691 AT apps DOT rackspace DOT com> <20160803143207 DOT GB17526 AT calimero DOT vinschen DOT de> <1470243211 DOT 01868925 AT apps DOT rackspace DOT com> <20160803180012 DOT GC25811 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="O98KdSgI27dgYlM5"
Content-Disposition: inline
In-Reply-To: <20160803180012.GC25811@calimero.vinschen.de>
User-Agent: Mutt/1.6.2 (2016-07-01)

--O98KdSgI27dgYlM5
Content-Type: multipart/mixed; boundary="qFgkTsE6LiHkLPZw"
Content-Disposition: inline


--qFgkTsE6LiHkLPZw
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Aug  3 20:00, Corinna Vinschen wrote:
> On Aug  3 12:53, rmora AT aboutgolf DOT com wrote:
> >=20
> >=20
> > On Wednesday, August 3, 2016 10:32, "Corinna Vinschen" <corinna-cygwin@=
cygwin.com> said:
> > >=20
> > > In the meantime I prepared my test application.  Can you please fetch
> > > the attached source and store it as, e.g., azure-check.c.  Then build
> > > and run it like this:
> > >=20
> > >   $ gcc -g -o azure-check azure-check.c -lnetapi32
> > >   $ ./azure-check
> > >=20
> > > Then run it and paste the complete output into your reply.
> > >=20
> > > I have an idea for an extension of this testcase, but I think I have
> > > to see the output of this one first.
> >=20
> > The output is as below. This was without Run As Administrator - with
> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> > *seems* appropriate....
>=20
> It is.  Thanks for this test, the result is as horrifying as I imagined.
> Can you please try the testcase attached to this mail, too?  It should
> be built and run the same way:
>=20
>   $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
>   $ ./azure-check2

Pleae use the one attached in this mail.  I noticed I forgot to print
primary group info.  It's not unimportant to see it as well.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--qFgkTsE6LiHkLPZw
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="azure-check2.c"
Content-Transfer-Encoding: quoted-printable

#include <stdio.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <sddl.h>

int
main ()
{
  HANDLE tok;
  PTOKEN_USER tp =3D (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;
  NET_API_STATUS status;
  PUSER_INFO_24 ui24;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
    {
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
    }
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
    {
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
    }
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);
  nlen =3D dlen =3D 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen,=20
			 dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
  else
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  PTOKEN_PRIMARY_GROUP tpg =3D (PTOKEN_PRIMARY_GROUP) malloc (65536);
  if (GetTokenInformation (tok, TokenPrimaryGroup, tpg, 65536, &ret))
    {
      printf ("Primary Group:\n");
      ConvertSidToStringSidA (tpg->PrimaryGroup, &str);
      printf ("  Sid: %s\n", str);
      LocalFree (str);

      nlen =3D dlen =3D 256;
      if (LookupAccountSidW (NULL, tpg->PrimaryGroup, name, &nlen,=20
			     dom, &dlen, &type))
	printf ("  Dom\\Name: %ls\\%ls\n", dom, name);
      else
	printf ("  LookupAccountSidW: %u\n", GetLastError ());
    }
  else
    printf ("GetTokenInformation(primary): %u\n", GetLastError ());
  free (tpg);

  status =3D NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
  if (status !=3D NERR_Success)
    {
      status =3D NetUserGetInfo (dom, name, 24, (PBYTE *) &ui24);
      if (status !=3D NERR_Success)
	{
	  printf ("NetUserGetInfo: %u\n", status);
	  return 1;
	}
    }
  printf ("UserInfo:\n");
  printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
  printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
  printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
  printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
  ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);

  return 0;
}

--qFgkTsE6LiHkLPZw--

--O98KdSgI27dgYlM5
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXojUQAAoJEPU2Bp2uRE+g+3UP/2cyM9+2YWaAJ/dl6b2A7/NV
PXocnnzNbAX2kwLeEg8KxWPON4F456Eun+6va6YXPJqrItLdTnhIGZtbuTH5Sav3
QquQjGJYkVQaAxVD1GALOLVchhvfyQ+gqDnErlmB2GYeNSIMwCS9ealwFVmpywDe
m9YZeuvqlvlk4p8idONmObuDLuksekVB4n/hsz0SUQYjYgY52zS9VDqpZLsQluEq
temlU3sh/0AwkUcLGiHCWdudLHpDLk+f/TppnWwrt9jrbiFcnElBGyrsuPlC9D+/
O1RSyIB93pJ87iQH6p14zVGWSX7i6kjQ79KTh4ILlEFzYJyRGfs/e/8bh0Eamxo6
55H3eawEhEc0/rqN1KLOedttw3TgkEAjrEECK+aY2D9RLFmaSQvMR8pKsECEiKZW
4CAC+oRI+b/iZd28m9g8vxbnMJPqRb/LSnk20UsOeGgvUX+K3d4ZM0oT/iYc97d2
qmWdF5MtG0EQ8Vmzp94VQm0c0Jbf3n0DiHs5qlwlvCul0GkuJu6aL9lbRp/ChHhL
QwpT5wFLf6wRQMqPwZT1XyVNV01TBLImqrDRsHxpPEkklxGyG0RZazrza+St0vl1
HLEnAJgULkmJAq/NV/b0eXuG0REmx3emHoSrJeM9apY+5U0gvcscfAUjBszVWHS2
UiHeop4Oe7iPZlab610Q
=NUHx
-----END PGP SIGNATURE-----

--O98KdSgI27dgYlM5--