https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=1acba497ee781564e079ec35187c236ad48b61cd
commit 1acba497ee781564e079ec35187c236ad48b61cd Author: Corinna Vinschen <[email protected]> AuthorDate: Mon Dec 15 22:18:37 2025 +0100 Commit: Corinna Vinschen <[email protected]> CommitDate: Mon Dec 22 12:38:33 2025 +0100 Cygwin: uinfo: fix overriding group from SAM comment on AD member machines When overriding the (localized) primary group "None" of a local SAM account via SAM comment entry (e.g. '<cygwin group="some_group"/>') on a Active Directory domain member machine, we have to take into account, that the local account domain (actually the machine name) is always prepended to local account names, i. e. MACHINE+account because the names without prepended domain are reserved for the primary AD domain accounts. Therefore commit cc332c9e271b added code to prepend the local account domain to the group name from the SAM comment, if the machine is a domain member. But here's the problem: If the group in the SAM comment entry is a real local group, prepending the local account domain is all nice and dandy. But if the account used in the SAM comment is a builtin like "Authenticated Users" (S-1-5-11) or an alias like "Users" (S-1-5-32-545), this falls flat. This patch keeps the check for "MACHINE+account" first. This avoids fetching the AD group rather than the local SAM group, if a local group has the same name as an AD group. But now, if the group prepended with the local account domain doesn't result in a valid group entry, try again with the naked group name, to allow aliases or builtin accounts to pass as primary group. Fixes: cc332c9e271b ("* uinfo.cc [...] (pwdgrp::fetch_account_from_windows): Drop outdated comment. Fix code fetching primary group gid of group setting in SAM description field.") Signed-off-by: Corinna Vinschen <[email protected]> Diff: --- winsup/cygwin/uinfo.cc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index fb4618b8a19e..1eb52f14578c 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -2563,7 +2563,11 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) if (pgrp) { /* Set primary group from the "Description" field. Prepend - account domain if this is a domain member machine. */ + account domain if this is a domain member machine. Do + this first, to find a local group even if a domain + group with this name exists. Only if that doesn't + result in a valid group, try the group name without prefix + to catch builtin and alias groups. */ char gname[2 * DNLEN + strlen (pgrp) + 1], *gp = gname; struct group *gr; @@ -2575,7 +2579,9 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) *gp++ = NSS_SEPARATOR_CHAR; } stpcpy (gp, pgrp); - if ((gr = internal_getgrnam (gname, cldap))) + if ((gr = internal_getgrnam (gname, cldap)) || + (cygheap->dom.member_machine () + && (gr = internal_getgrnam (pgrp, cldap)))) gid = gr->gr_gid; } char *e;
