This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

FIX: Administrators need to appear as root user for some users


I have been porting sendmail 8.8.8 & in compiles with very little change
(!).  Now I've just got to get
it to run :-)

I've changed getuid,geteuid, etc. to return UID=0 when the process is in
the Administrators group.  Specifically
I had to make getuid return 0 and geteuid return the real uid (I had to do
it this way round because of the way
sendmail checks who the invoking user is).  Code follows:

(I just tacked this code in its own file rather than recompiling cygwin, so
it could, and probably should, be structured better)

#define DEFAULT_GID 100
#define DEFAULT_UID 500

static uid_t myuid=UINT_MAX;
static gid_t mygid=UINT_MAX;

uid_t getuid()
{
    if(IsAdministrator()) return 0;
    else return geteuid();
}

gid_t getgid()
{
    if(IsAdministrator()) return 0;
    else return getegid();
}

uid_t geteuid()
{
  struct passwd *p;

  if(myuid==UINT_MAX)
  {
    if((p = getpwnam (getlogin ())) != NULL)
        myuid=p->pw_uid;
    else
        myuid = DEFAULT_UID;
  }
  return myuid;
}

gid_t getegid()
{
  struct passwd *p;

  if(mygid==UINT_MAX)
  {
    if((p = getpwnam (getlogin ())) != NULL)
        mygid=p->pw_gid;
    else
        mygid = DEFAULT_GID;
  }
  return mygid;
}

#define MAX_NAME 256
BOOL IsAdministrator()
{
DWORD i, dwSize = 0, dwResult = 0;
HANDLE hToken;
PTOKEN_GROUPS pGroupInfo;
SID_NAME_USE SidType;
char lpName[MAX_NAME];
char lpDomain[MAX_NAME];
BYTE sidBuffer[100];
PSID pSID = (PSID)&sidBuffer;
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;   
BOOL bIsAdmin = FALSE;

// Open a handle to the access token for the calling process.
if (!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken )) 
    return FALSE;

// Call GetTokenInformation to get the buffer size.
if(!GetTokenInformation(hToken, TokenGroups, NULL, dwSize, &dwSize))
{
    dwResult = GetLastError();
    if( dwResult != ERROR_INSUFFICIENT_BUFFER )
        return FALSE;
}

// Allocate the buffer.
pGroupInfo = (PTOKEN_GROUPS)malloc(dwSize);

// Call GetTokenInformation again to get the group information.
if(! GetTokenInformation(hToken, TokenGroups, pGroupInfo, 
                        dwSize, &dwSize ) ) 
{
    return FALSE;
}

// Create a SID for the BUILTIN\Administrators group.
if(! AllocateAndInitializeSid( &SIDAuth, 2,
                 SECURITY_BUILTIN_DOMAIN_RID,
                 DOMAIN_ALIAS_RID_ADMINS,
                 0, 0, 0, 0, 0, 0,
                 &pSID) )
{
    return FALSE;
}

// Loop through the group SIDs looking for the administrator SID.
for(i=0; i<pGroupInfo->GroupCount; i++)
{
    if(EqualSid(pSID, pGroupInfo->Groups[i].Sid))
    {
        // Lookup the account name and print it.
        dwSize = MAX_NAME;
        if( !LookupAccountSid( NULL, pGroupInfo->Groups[i].Sid,
                              lpName, &dwSize, lpDomain, 
                              &dwSize, &SidType ) )
	{
            break;
        }
        // Find out if the SID is enabled in the token
        if (pGroupInfo->Groups[i].Attributes & SE_GROUP_ENABLED)
	{
	    bIsAdmin=TRUE;
	    break;
	}
    }
}

if (pSID) FreeSid(pSID);
if (pGroupInfo)  free(pGroupInfo);

return bIsAdmin;
}


-----------------------------------------------------------------------------
'toH qo' muSHa'qu'mo joH'a', wa' puqloDDaj nobpu' ghaH 'wj
ghaH Harchugh vay', vaj not Hegh ghaH, 'ach yIn jub ghajbej
ghaH.'

Home: (+44) 161 737 0008
Work: (+44) 161 278 2463
					
http://sale.netfusion.co.uk - My C++ chalkboard (Last update 30/3/98)
-----------------------------------------------------------------------------


-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]