* autoload.cc: Add load statements for `LookupAccountNameW',

        `LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
        `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
        `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
        `NtCreateToken'.
        * ntdll.h: Add declaration for `NtCreateToken'.
        * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
        `well_known_network_sid', `well_known_batch_sid',
        `well_known_interactive_sid', `well_known_service_sid' and
        `well_known_authenticated_users_sid'.
        (cygsid::string): Define as const method.
        (cygsid::get_sid): Set psid to NO_SID on error.
        (cygsid::getfromstr): Ditto.
        (cygsid::getfrompw): Simplify.
        (cygsid::getfromgr): Check for gr == NULL.
        (legal_sid_type): Move to security.h.
        (set_process_privilege): Return -1 on error, otherwise 0 or 1 related
        to previous privilege setting.
        * security.cc (extract_nt_dom_user): Remove `static'.
        (lsa2wchar): New function.
        (open_local_policy): Ditto.
        (close_local_policy): Ditto.
        (get_lsa_srv_inf): Ditto.
        (get_logon_server): Ditto.
        (get_logon_server_and_user_domain): Ditto.
        (get_user_groups): Ditto.
        (is_group_member): Ditto.
        (get_user_local_groups): Ditto.
        (sid_in_token_groups): Ditto.
        (get_user_primary_group): Ditto.
        (get_group_sidlist): Ditto.
        (get_system_priv_list): Ditto.
        (get_priv_list): Ditto.
        (get_dacl): Ditto.
        (create_token): Ditto.
        (subauth): Return immediately if SE_TCB_NAME can't be assigned.
        Change all return statements in case of error to jumps to `out'
        label. Add `out' label to support cleanup.
        * security.h: Add extern declarations for `well_known_local_sid',
        `well_known_dialup_sid', `well_known_network_sid',
        `well_known_batch_sid', `well_known_interactive_sid',
        `well_known_service_sid' and `well_known_authenticated_users_sid'.
        Add extern declarations for functions `create_token',
        `extract_nt_dom_user' and `get_logon_server_and_user_domain'.
        (class cygsid): Add method `assign'. Change operator= to call new
        `assign' method. Add `debug_print' method.
        (class cygsidlist): New class.
        (legal_sid_type): Moved from sec_helper.cc to here.
        * spawn.cc (spawn_guts) Revert reversion of previous patch.
        Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
        again.
        * syscalls.cc (seteuid): Rearranged. Call `create_token' now when
        needed. Call `subauth' if `create_token' fails. Try setting token
        owner and primary group only if token was not explicitely created
        by `create_token'.
        * uinfo.cc (internal_getlogin): Try harder to generate correct user
        information. Especially don't trust return value of `GetUserName'.

1 files changed, 39 insertions, 12 deletions

diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index aea8fec..0bb947d 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -38,12 +38,15 @@ internal_getlogin (cygheap_user &user)
     user.set_name ("unknown");
   else
     user.set_name (username);
+  debug_printf ("GetUserName() = %s", user.name ());
 
   if (os_being_run == winNT)
     {
       LPWKSTA_USER_INFO_1 wui;
-      char buf[MAX_PATH], *env;
-      char *un = NULL;
+      NET_API_STATUS ret;
+      char buf[512];
+      char dom[INTERNET_MAX_HOST_NAME_LENGTH + 1];
+      char *env, *un = NULL;
 
       /* First trying to get logon info from environment */
       if ((env = getenv ("USERNAME")) != NULL)
@@ -58,10 +61,8 @@ internal_getlogin (cygheap_user &user)
 	debug_printf ("Domain: %s, Logon Server: %s",
 		      user.domain (), user.logsrv ());
       /* If that failed, try to get that info from NetBIOS */
-      else if (!NetWkstaUserGetInfo (NULL, 1, (LPBYTE *)&wui))
+      else if (!(ret = NetWkstaUserGetInfo (NULL, 1, (LPBYTE *)&wui)))
 	{
-	  char buf[512]; /* Bigger than each of the below defines. */
-
 	  sys_wcstombs (buf, wui->wkui1_username, UNLEN + 1);
 	  user.set_name (buf);
 	  sys_wcstombs (buf, wui->wkui1_logon_server,
@@ -112,6 +113,22 @@ internal_getlogin (cygheap_user &user)
 			user.domain (), user.logsrv (), user.name ());
 	  NetApiBufferFree (wui);
 	}
+      else
+        {
+	  /* If `NetWkstaUserGetInfo' failed, try to get default values known
+	     by local policy object.*/
+          debug_printf ("NetWkstaUserGetInfo() Err %d", ret);
+
+	  if (get_logon_server_and_user_domain (buf, dom))
+	    {
+	      user.set_logsrv (buf + 2);
+	      user.set_domain (dom);
+	      setenv ("LOGONSERVER", buf, 1);
+	      setenv ("USERDOMAIN", dom, 1);
+	    }
+	  else
+	    debug_printf ("get_logon_server_and_user_domain() failed");
+	}
       if (allow_ntsec)
 	{
 	  HANDLE ptok = user.token; /* Which is INVALID_HANDLE_VALUE if no
@@ -147,7 +164,7 @@ internal_getlogin (cygheap_user &user)
 	  /* If that fails, too, as a last resort try to get the SID from
 	     the logon server. */
 	  if (!ret && !(ret = lookup_name (user.name (), user.logsrv (),
-					  user.sid ())))
+					   user.sid ())))
 	    debug_printf ("Couldn't retrieve SID from '%s'!", user.logsrv ());
 
 	  /* If we have a SID, try to get the corresponding Cygwin user name
@@ -157,12 +174,6 @@ internal_getlogin (cygheap_user &user)
 	    {
 	      cygsid psid;
 
-	      if (!strcasematch (user.name (), "SYSTEM")
-		  && user.domain () && user.logsrv ())
-		{
-		  if (get_registry_hive_path (user.sid (), buf))
-		    setenv ("USERPROFILE", buf, 1);
-		}
 	      for (int pidx = 0; (pw = internal_getpwent (pidx)); ++pidx)
 		if (psid.getfrompw (pw) && EqualSid (user.sid (), psid))
 		  {
@@ -171,8 +182,24 @@ internal_getlogin (cygheap_user &user)
 		    if (gr)
 		      if (!gsid.getfromgr (gr))
 			  gsid = NO_SID;
+		    extract_nt_dom_user (pw, dom, buf);
+		    setenv ("USERNAME", buf, 1);
+		    if (*dom)
+		      user.set_domain (dom);
+		    else if (user.logsrv ())
+		      user.set_domain (user.logsrv ());
+		    if (user.domain ())
+		      setenv ("USERDOMAIN", user.domain (), 1);
 		    break;
 		  }
+	      if (!strcasematch (user.name (), "SYSTEM")
+		  && user.domain () && user.logsrv ())
+		{
+		  if (get_registry_hive_path (user.sid (), buf))
+		    setenv ("USERPROFILE", buf, 1);
+		  else
+		    unsetenv ("USERPROFILE");
+		}
 	    }
 
 	  /* If this process is started from a non Cygwin process,