aboutsummaryrefslogtreecommitdiff
path: root/winsup/cygwin/uinfo.cc
diff options
context:
space:
mode:
Diffstat (limited to 'winsup/cygwin/uinfo.cc')
-rw-r--r--winsup/cygwin/uinfo.cc21
1 files changed, 21 insertions, 0 deletions
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 27dc289..83883f9 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1983,6 +1983,27 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
break;
case SID_arg:
sid = *arg.sid;
+
+ /* SIDs we want to filter out before hitting LookupAccountSidW.
+ If the latency of the AD connection is high, LookupAccountSidW
+ might take a long time before returning with ERROR_NONE_MAPPED. */
+
+ /* Capability SIDs, just drop out, we don't handle them */
+ if (sid_id_auth (sid) == 15 /* SECURITY_APP_PACKAGE_AUTHORITY */
+ && sid_sub_auth (sid, 0) == SECURITY_CAPABILITY_BASE_RID)
+ return NULL;
+ /* IIS APPPOOL */
+ if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
+ && sid_sub_auth (sid, 0) == SECURITY_APPPOOL_ID_BASE_RID)
+ break;
+ /* AzureAD SIDs */
+ if (sid_id_auth (sid) == 12 /* AzureAD ID */
+ && sid_sub_auth (sid, 0) == 1 /* Azure ID base RID */)
+ break;
+ /* Samba user/group SIDs */
+ if (sid_id_auth (sid) == 22)
+ break;
+
ret = LookupAccountSidW (NULL, sid, name, &nlen, dom, &dlen, &acc_type);
if (!ret
&& cygheap->dom.member_machine ()
generated by cgit v1.1 at 2025-04-14 14:01:32 +0000