Cygwin: fetch_account_from_windows: skip LookupAccountSid for SIDs known to fail

LookupAccountSid might take a long time if an SID cannot be resolved.
While we know some SIDs never resolved by LookupAccountSid, we call it
anyway and only handle them after it returned with error.

(Partially?) fix this latency problem by skipping the LookupAccountSid
call for SID groups never resolved anyway.

Reported-by: Lluís Batlle i Rossell <[email protected]>
Fixes: 1ca20a1 ("Introduce reading passwd/group entries from SAM/AD.")
Signed-off-by: Corinna Vinschen <[email protected]>
(cherry picked from commit 008a02bc722569fc492b757a2cb2f6ef1c17a6a3)

Author: github-cygwin

winsup/cygwin/release/3.6.2

@@ -0,0 +1,6 @@
+Fixes:
+------
+
+- Fix a high latency problem when trying to fetch SID info for SIDs
+  not resolved by Windows functions anyway.
+  Addresses: https://cygwin.com/pipermail/cygwin/2025-April/257916.html

winsup/cygwin/uinfo.cc

@@ -1983,6 +1983,27 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
       break;
     case SID_arg:
       sid = *arg.sid;
+
+      /* SIDs we want to filter out before hitting LookupAccountSidW.
+	 If the latency of the AD connection is high, LookupAccountSidW
+	 might take a long time before returning with ERROR_NONE_MAPPED. */
+
+      /* Capability SIDs, just drop out, we don't handle them */
+      if (sid_id_auth (sid) == 15 /* SECURITY_APP_PACKAGE_AUTHORITY */
+	  && sid_sub_auth (sid, 0) == SECURITY_CAPABILITY_BASE_RID)
+	return NULL;
+      /* IIS APPPOOL */
+      if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
+	  && sid_sub_auth (sid, 0) == SECURITY_APPPOOL_ID_BASE_RID)
+	break;
+      /* AzureAD SIDs */
+      if (sid_id_auth (sid) == 12 /* AzureAD ID */
+	  && sid_sub_auth (sid, 0) == 1 /* Azure ID base RID */)
+	break;
+      /* Samba user/group SIDs */
+      if (sid_id_auth (sid) == 22)
+	break;
+
       ret = LookupAccountSidW (NULL, sid, name, &nlen, dom, &dlen, &acc_type);
       if (!ret
 	  && cygheap->dom.member_machine ()