search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
122.92k stars 17.52k forks source link

os/user: on Windows, user.LookupId fails with special built-in SIDs #49509

Open dblohm7 opened 2 years ago

dblohm7 commented 2 years ago

AFICT the problem is here: https://cs.opensource.google/go/go/+/refs/tags/go1.17.3:src/os/user/lookup_windows.go;l=237

syscall.SidTypeWellKnownGroup is returned for some SIDs that are built-in to the OS.

What version of Go are you using (go version)?

$ go version
go version go1.17.1 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/$USER/.cache/go-build"
GOENV="/home/$USER/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/$USER/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/$USER/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17.1"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/$USER/src/gotest/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1267267700=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Build this program for Windows and run it on Windows.

package main

import (
    "fmt"
    "os"
    "os/user"
)

func main() {
    // SID for `NT AUTHORITY\SYSTEM`
    u1, err := user.LookupId("S-1-5-18")
    if err != nil {
        fmt.Fprintf(os.Stderr, "LookupId error: %v\n", err)
        return
    }
    fmt.Printf("User from LookupId: %v\n", *u1)
}

What did you expect to see?

Successful output from the test program for NT AUTHORITY\SYSTEM

What did you see instead?

Error message:

LookupId error: user: should be user account type, not 5
ianlancetaylor commented 2 years ago

CC @bufflig

gopherbot commented 1 year ago

Change https://go.dev/cl/452497 mentions this issue: os/user: make Windows user lookup treat well-known groups as valid accounts