* sec_auth.cc (get_user_local_groups): Retrieve name of well known

	builtin group from system.  Explain why.
	* sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
	* security.h (well_known_builtin_sid): Declare.

4 files changed, 40 insertions, 12 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index a9bec45ce..955e256b3 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,10 @@
+2010-02-12  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_auth.cc (get_user_local_groups): Retrieve name of well known
+	builtin group from system.  Explain why.
+	* sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
+	* security.h (well_known_builtin_sid): Declare.
+
 2010-02-11  Pierre Humblet <Pierre.Humblet@ieee.org>
 
 	* registry.c (get_registry_hive_path): Add space in string.
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index 2cdf35235..940483b4a 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -320,20 +320,19 @@ get_user_local_groups (PWCHAR logonserver, PWCHAR domain,
     }
 
   WCHAR domlocal_grp[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
-  WCHAR builtin_grp[sizeof ("BUILTIN\\") + GNLEN + 2];
-  PWCHAR dg_ptr, bg_ptr;
+  WCHAR builtin_grp[2 * GNLEN + 2];
+  PWCHAR dg_ptr, bg_ptr = NULL;
   SID_NAME_USE use;
 
   dg_ptr = wcpcpy (domlocal_grp, domain);
   *dg_ptr++ = L'\\';
-  bg_ptr = wcpcpy (builtin_grp, L"BUILTIN\\");
 
   for (DWORD i = 0; i < cnt; ++i)
     {
       cygsid gsid;
       DWORD glen = MAX_SID_LEN;
       WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
-      DWORD domlen = sizeof (dom);
+      DWORD domlen = MAX_DOMAIN_NAME_LEN + 1;
 
       use = SidTypeInvalid;
       wcscpy (dg_ptr, buf[i].lgrpi0_name);
@@ -348,17 +347,36 @@ get_user_local_groups (PWCHAR logonserver, PWCHAR domain,
       else if (GetLastError () == ERROR_NONE_MAPPED)
 	{
 	  /* Check if it's a builtin group. */
-	  wcscpy (bg_ptr, dg_ptr);
-	  if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
-				  dom, &domlen, &use))
+	  if (!bg_ptr)
 	    {
-	      if (!legal_sid_type (use))
-		debug_printf ("Rejecting local %W. use: %d", dg_ptr, use);
+	      /* Retrieve name of builtin group from system since it's
+	         localized. */
+	      glen = 2 * GNLEN + 2;
+	      if (!LookupAccountSidW (NULL, well_known_builtin_sid,
+				      builtin_grp, &glen, domain, &domlen, &use))
+		debug_printf ("LookupAccountSid(BUILTIN), %E");
 	      else
-		grp_list *= gsid;
+		{
+		  bg_ptr = builtin_grp + wcslen (builtin_grp);
+		  bg_ptr = wcpcpy (builtin_grp, L"\\");
+		}
+	    }
+	  if (bg_ptr)
+	    {
+	      wcscpy (bg_ptr, dg_ptr);
+	      glen = MAX_SID_LEN;
+	      domlen = MAX_DOMAIN_NAME_LEN + 1;
+	      if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
+				      dom, &domlen, &use))
+		{
+		  if (!legal_sid_type (use))
+		    debug_printf ("Rejecting local %W. use: %d", dg_ptr, use);
+		  else
+		    grp_list *= gsid;
+		}
+	      else
+		debug_printf ("LookupAccountName(%W), %E", builtin_grp);
 	    }
-	  else
-	    debug_printf ("LookupAccountName(%W), %E", builtin_grp);
 	}
       else
 	debug_printf ("LookupAccountName(%W), %E", domlocal_grp);
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 38f4901f2..dc7b89fba 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -57,6 +57,8 @@ MKSID (well_known_this_org_sid, "S-1-5-15",
        SECURITY_NT_AUTHORITY, 1, 15);
 MKSID (well_known_system_sid, "S-1-5-18",
        SECURITY_NT_AUTHORITY, 1, SECURITY_LOCAL_SYSTEM_RID);
+MKSID (well_known_builtin_sid, "S-1-5-32",
+       SECURITY_NT_AUTHORITY, 1, SECURITY_BUILTIN_DOMAIN_RID);
 MKSID (well_known_admins_sid, "S-1-5-32-544",
        SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID,
 				 DOMAIN_ALIAS_RID_ADMINS);
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index f9538c129..d239d0714 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -327,6 +327,7 @@ extern cygpsid well_known_service_sid;
 extern cygpsid well_known_authenticated_users_sid;
 extern cygpsid well_known_this_org_sid;
 extern cygpsid well_known_system_sid;
+extern cygpsid well_known_builtin_sid;
 extern cygpsid well_known_admins_sid;
 extern cygpsid well_known_users_sid;
 extern cygpsid fake_logon_sid;