Cygwin: getgrent: don't skip SAM-only builtin-accounts

Since commit 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration
on domain member machines") we skip enumerating local BUILTIN accounts
if we also enumerate AD.  However, there are two local accounts which
are only available in local SAM, not in AD.  Don't skip enumerating
those.

Fixes: 15e82eef3a40b ("Cygwin: getgrent: fix local SAM enumeration on domain member machines")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/grp.cc

@@ -428,10 +428,15 @@ gr_ent::enumerate_local ()
 				 ((PLOCALGROUP_INFO_0) buf)[cnt++].lgrpi0_name,
 				 sid, &slen, dom, &dlen, &acc_type))
 	    continue;
-	  if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
+	  /* Skip builtin groups if we're enumerating AD as well to avoid
+	     duplication. Don't skip "Power Users" and "Device Owners"
+	     accounts, they don't show up in AD enumeration. */
+	  if (cygheap->dom.member_machine ()
+	      && nss_db_enum_primary ()
+	      && sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
 	      && sid_sub_auth (sid, 0) == SECURITY_BUILTIN_DOMAIN_RID
-	      && cygheap->dom.member_machine ()
-	      && nss_db_enum_primary ())
+	      && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_POWER_USERS
+	      && sid_sub_auth (sid, 1) != DOMAIN_ALIAS_RID_DEVICE_OWNERS)
 	    continue;
 	  fetch_user_arg_t arg;
 	  arg.type = SID_arg;

winsup/cygwin/local_includes/winlean.h

@@ -104,6 +104,10 @@ details. */
 #define FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS	0x00400000
 #endif
 
+#ifndef DOMAIN_ALIAS_RID_DEVICE_OWNERS
+#define DOMAIN_ALIAS_RID_DEVICE_OWNERS		(__MSABI_LONG(0x00000247))
+#endif
+
 /* So-called "Microsoft Account" SIDs (S-1-11-...) have a netbios domain name
    "MicrosoftAccounts".  The new "Application Container SIDs" (S-1-15-...)
    have a netbios domain name "APPLICATION PACKAGE AUTHORITY"