Do Not Decorate Local System Account

- Do not decorate local system account in get_passwd() since it is not a domain account.
NoMoreFood · Feb 16, 2020 · 64d4c84 · 64d4c84 · bkatyl · Feb 24, 2021
1 parent ee11c8e
commit 64d4c84
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/contrib/win32/win32compat/pwd.c b/contrib/win32/win32compat/pwd.c
@@ -236,8 +236,11 @@ get_passwd(const wchar_t * user_utf16, PSID sid)
 		goto cleanup;
 	}
 
-	/* If standard local user name, just use name without decoration */
-	if ((_wcsicmp(domain_name, computer_name) == 0) && (_wcsicmp(computer_name, user_name) != 0))
+	/* if standard local user name or system account, just use name without decoration */
+	const SID_IDENTIFIER_AUTHORITY nt_authority = SECURITY_NT_AUTHORITY;
+	if ((_wcsicmp(domain_name, computer_name) == 0) && (_wcsicmp(computer_name, user_name) != 0) ||
+		memcmp(&nt_authority, GetSidIdentifierAuthority((PSID) binary_sid), sizeof(SID_IDENTIFIER_AUTHORITY)) == 0 && (
+		((SID*)binary_sid)->SubAuthority[0] == SECURITY_LOCAL_SYSTEM_RID))
 		wcscpy_s(user_resolved, ARRAYSIZE(user_resolved), user_name);
 
 	/* put any other format in sam compatible format */