This is the mail archive of the
cygwin-patches@sourceware.cygnus.com
mailing list for the Cygwin project.
Re: [PATCH]: Changes in process startup code
- To: cygpatch <cygwin-patches at sourceware dot cygnus dot com>
- Subject: Re: [PATCH]: Changes in process startup code
- From: Corinna Vinschen <vinschen at cygnus dot com>
- Date: Wed, 28 Jun 2000 19:53:16 +0200
- References: <394E5E78.FC4D70F@vinschen.de> <3954F3AC.FA935179@cygnus.com>
- Reply-To: cygpatch <cygwin-patches at sourceware dot cygnus dot com>
I had to patch that patch another times.
For some reason you can't rely on the process token returning
the correct user information after ImpersonateLoggedOnUser()
is called. Strange thing: It worked for me if the impersonated
user is a simple user without administrator privileges. Not so,
if the impersonated user is member of the admins group.
Yeah, I know what you want to say, but: There's a difference
between the UserToken and the OwnerToken of a process. My user
`corinna' is member of admins and the user SID of my processes
is `corinna' while the owner SID is `administrators'. For some
reason this isn't valid anymore after an impersonation.
internal_getlogin() now uses the impersonation token if
impersonation took place and the process token otherwise.
Corinna
Corinna Vinschen wrote:
>
> I have just checked in a patch related to that patch:
>
> - On fork() and spawn() I have copied pointers(!) to SID's from
> parent to child process. This is corrected now.
> - Before calling LookupAccountName() I try to get the SID from
> the access token of the current process. This should work for
> 99.999% of all processes and should therefore speed up process
> startup with ntsec ON quite more. Nevertheless _if_ that fails,
> it would try the LookupAccountName, though.
--
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company