Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

os/user: on Windows, user.LookupId fails with special built-in SIDs #49509

Open
dblohm7 opened this issue Nov 10, 2021 · 2 comments
Open

os/user: on Windows, user.LookupId fails with special built-in SIDs #49509

dblohm7 opened this issue Nov 10, 2021 · 2 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Windows
Milestone
Backlog

Comments

@dblohm7
Copy link

dblohm7 commented Nov 10, 2021

AFICT the problem is here:
https://cs.opensource.google/go/go/+/refs/tags/go1.17.3:src/os/user/lookup_windows.go;l=237

syscall.SidTypeWellKnownGroup is returned for some SIDs that are built-in to the OS.

What version of Go are you using (go version)?

$ go version
go version go1.17.1 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/$USER/.cache/go-build"
GOENV="/home/$USER/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/$USER/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/$USER/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17.1"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/$USER/src/gotest/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1267267700=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Build this program for Windows and run it on Windows.

package main

import (
    "fmt"
    "os"
    "os/user"
)

func main() {
    // SID for `NT AUTHORITY\SYSTEM`
    u1, err := user.LookupId("S-1-5-18")
    if err != nil {
        fmt.Fprintf(os.Stderr, "LookupId error: %v\n", err)
        return
    }
    fmt.Printf("User from LookupId: %v\n", *u1)
}

What did you expect to see?

Successful output from the test program for NT AUTHORITY\SYSTEM

What did you see instead?

Error message:

LookupId error: user: should be user account type, not 5
@dblohm7 dblohm7 mentioned this issue Nov 10, 2021
Closed
@ianlancetaylor
Copy link
Contributor

CC @bufflig

@cagedmantis cagedmantis added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 11, 2021
@cagedmantis cagedmantis added this to the Backlog milestone Nov 11, 2021
@dblohm7 dblohm7 mentioned this issue Nov 22, 2021
Closed
dblohm7 added a commit to tailscale/go that referenced this issue Oct 27, 2022
@dblohm7
os/user: change Windows user lookup to treat accounts for well-known …
af4ad6b 
…groups as valid.

Some built-in Windows accounts such as `NT AUTHORITY\SYSTEM` are considered to
be users, but are classified by the OS as syscall.SidTypeWellKnownGroup, not as
syscall.SidTypeUser.

This change modifies account querying to consider both types to be valid.

Fixes golang#49509

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
dblohm7 added a commit to dblohm7/go that referenced this issue Nov 17, 2022
@dblohm7
os/user: make Windows user lookup treat well-known groups as valid ac…
7043824 
…counts

This change modifies account querying to consider both syscall.SidTypeUser
and syscall.SidTypeWellKnownGroup types to be valid for user accounts.

Some built-in Windows accounts such as 'NT AUTHORITY\SYSTEM' are treated by
the OS as users, but are internally classified by the OS as
syscall.SidTypeWellKnownGroup instead of syscall.SidTypeUser.

Fixes golang#49509
@dblohm7 dblohm7 mentioned this issue Nov 17, 2022
Closed
@gopherbot
Copy link

Change https://go.dev/cl/452497 mentions this issue: os/user: make Windows user lookup treat well-known groups as valid accounts

@dblohm7 dblohm7 mentioned this issue Nov 24, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Windows
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

os/user: make Windows user lookup treat well-known groups as valid ac… dblohm7/go
5 participants
@bradfitz @cagedmantis @dblohm7 @ianlancetaylor @gopherbot