2002-03-15 Corinna Vinschen <corinna@vinschen.de>

	* mkgroup.c (main): When generating group 513, check for computer's
	primary domain instead of current user's domain.

2002-03-14  Corinna Vinschen  <corinna@vinschen.de>

	* mkgroup.c (main): When generating group 513, check for domain SID
	if computer name isn't mapped to a SID.

1 files changed, 44 insertions, 16 deletions

diff --git a/winsup/utils/mkgroup.c b/winsup/utils/mkgroup.c
index 9644b1842..55b250568 100644
--- a/winsup/utils/mkgroup.c
+++ b/winsup/utils/mkgroup.c
@@ -17,6 +17,8 @@
 #include <getopt.h>
 #include <lmaccess.h>
 #include <lmapibuf.h>
+#include <ntsecapi.h>
+#include <ntdef.h>
 
 SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY};
 SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY};
@@ -447,9 +449,15 @@ main (int argc, char **argv)
 
   char name[256], dom[256];
   DWORD len, len2;
-  PSID csid;
+  char buf[1024];
+  PSID psid = NULL;
   SID_NAME_USE use;
 
+  LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
+  LSA_HANDLE lsa = INVALID_HANDLE_VALUE;
+  NTSTATUS ret;
+  PPOLICY_PRIMARY_DOMAIN_INFO pdi;
+
   if (GetVersion () < 0x80000000)
     {
       if (argc == 1)
@@ -530,23 +538,43 @@ main (int argc, char **argv)
       */
       len = 256;
       GetComputerName (name, &len);
-      csid = (PSID) malloc (1024);
       len = 1024;
       len2 = 256;
-      LookupAccountName (NULL, name,
-			 csid, &len,
-			 dom, &len,
-			 &use);
-      print_special (print_sids, GetSidIdentifierAuthority (csid), 5,
-				 *GetSidSubAuthority (csid, 0),
-				 *GetSidSubAuthority (csid, 1),
-				 *GetSidSubAuthority (csid, 2),
-				 *GetSidSubAuthority (csid, 3),
-				 513,
-				 0,
-				 0,
-				 0);
-      free (csid);
+      if (LookupAccountName (NULL, name, (PSID) buf, &len, dom, &len, &use))
+	psid = (PSID) buf;
+      else
+        {
+	  ret = LsaOpenPolicy(NULL, &oa, POLICY_VIEW_LOCAL_INFORMATION, &lsa);
+	  if (ret == STATUS_SUCCESS && lsa != INVALID_HANDLE_VALUE)
+	    {
+	      ret = LsaQueryInformationPolicy (lsa,
+					       PolicyPrimaryDomainInformation,
+					       (PVOID *) &pdi);
+	      if (ret == STATUS_SUCCESS)
+	        {
+		  if (pdi->Sid)
+		    {
+		      CopySid (1024, (PSID) buf, pdi->Sid);
+		      psid = (PSID) buf;
+		    }
+		  LsaFreeMemory (pdi);
+		}
+	      LsaClose (lsa);
+	    }
+	}
+      if (!psid)
+        fprintf (stderr,
+	        "WARNING: Group 513 couldn't get retrieved.  Try mkgroup -d\n");
+      else
+	print_special (print_sids, GetSidIdentifierAuthority (psid), 5,
+				   *GetSidSubAuthority (psid, 0),
+				   *GetSidSubAuthority (psid, 1),
+				   *GetSidSubAuthority (psid, 2),
+				   *GetSidSubAuthority (psid, 3),
+				   513,
+				   0,
+				   0,
+				   0);
     }
 
   if (print_domain)