From c68cb84e880db21841e85ae40533c904f7a95d23 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Thu, 10 Jul 2008 18:01:25 +0000 Subject: * cyglsa.h (SECURITY_STRING): Define. (enum _SECPKG_NAME_TYPE): Define. (struct _SECPKG_CALL_INFO): Define. (struct _LSA_SECPKG_FUNCS): Extend to full size. Define unused functions lazily. (cygprf_t): Define. * sec_auth.cc (lsaauth): Use actual primary group if no admins group. Add (disabled) code to fetch token from profil data. --- winsup/cygwin/sec_auth.cc | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'winsup/cygwin/sec_auth.cc') diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index db76fcd79..99fe7076c 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -1016,10 +1016,13 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) authinf_size += gsize; /* Groups + Group SIDs */ /* When trying to define the admins group as primary group on Vista, LsaLogonUser fails with error STATUS_INVALID_OWNER. As workaround - we define "Local" as primary group here. First, this adds the otherwise - missing "Local" group to the group list and second, seteuid32 - sets the primary group to the group set in /etc/passwd anyway. */ - pgrpsid = well_known_local_sid; + we define "Local" as primary group here. Seteuid32 sets the primary + group to the group set in /etc/passwd anyway. */ + if (new_groups.pgsid == well_known_admins_sid) + pgrpsid = well_known_local_sid; + else + pgrpsid = new_groups.pgsid; + authinf_size += GetLengthSid (pgrpsid); /* Primary Group SID */ authinf_size += psize; /* Privileges */ @@ -1104,7 +1107,20 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) goto out; } if (profile) - LsaFreeReturnBuffer (profile); + { +#ifdef JUST_ANOTHER_NONWORKING_SOLUTION + /* See ../lsaauth/cyglsa.c. */ + cygprf_t *prf = (cygprf_t *) profile; + if (prf->magic_pre == MAGIC_PRE && prf->magic_post == MAGIC_POST + && prf->token) + { + CloseHandle (user_token); + user_token = prf->token; + system_printf ("Got token through profile: %p", user_token); + } +#endif /* JUST_ANOTHER_NONWORKING_SOLUTION */ + LsaFreeReturnBuffer (profile); + } if (wincap.has_mandatory_integrity_control ()) { -- cgit v1.2.3