On Tue, 3 Jun 2025, Johannes Schindelin wrote: > In e04891d67a (Cygwin: fetch_account_from_windows: skip LookupAccountSid > for SIDs known to fail, 2025-04-10), several SIDs acquired a shortcut > where a potentially expensive `LookupAccountSid()` call is avoided for > SIDs that "cannot be resolved".
> The most likely reason why AzureAD SIDs were included in above-mentioned > commit is that special AzureAD _group_ SIDs are not recognized by > `LookupAccountSid()`, as per the code comment for the `azure_grp_sid` > variable. It is plausible that this fact was mistaken to extend to all > AzureAD SIDs, a notion disproved by the counter example of my personal > experience with my own AzureAD user account. Unfortunately, the only way > to find out whether `LookupAccountSid()` works with a given AzureAD SID > or not is to call that function. > > To make regular AzureAD user accounts work again, let's just drop the > AzureAD part from that special shortcut. > > diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc > index 83883f9f65..ffe71ee072 100644 > --- a/winsup/cygwin/uinfo.cc > +++ b/winsup/cygwin/uinfo.cc > @@ -1996,10 +1996,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t > &arg, cyg_ldap *pldap) > if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */ > && sid_sub_auth (sid, 0) == SECURITY_APPPOOL_ID_BASE_RID) > break; > - /* AzureAD SIDs */ > - if (sid_id_auth (sid) == 12 /* AzureAD ID */ > - && sid_sub_auth (sid, 0) == 1 /* Azure ID base RID */) > - break; > /* Samba user/group SIDs */ > if (sid_id_auth (sid) == 22) > break; > This LGTM, I'd like to push it to main and get a test/snapshot build of cygwin out there for users experiencing these issues to test.
