Bug in csih

Charles Wilson cygwin@cwilson.fastmail.fm
Sun Feb 5 20:23:00 GMT 2012 

On 1/16/2012 5:14 AM, Corinna Vinschen wrote:
> Chuck?  Ping?
>

How's this?   (BTW, we do similar stuff in csih_create_privileged_user() 
but I didn't address that).


Index: cygwin-service-installation-helper.sh
===================================================================
RCS file: /cvs/cygwin-apps/csih/cygwin-service-installation-helper.sh,v
retrieving revision 1.28
diff -u -p -r1.28 cygwin-service-installation-helper.sh
--- cygwin-service-installation-helper.sh	13 Feb 2011 23:22:34 -0000	1.28
+++ cygwin-service-installation-helper.sh	5 Feb 2012 20:22:07 -0000
@@ -2244,7 +2244,6 @@ csih_account_has_necessary_privileges()
    $_csih_trace

    local user="$1"
-  local admingroup=
    if [ -n "${user}" ]
    then
      if csih_call_winsys32 net user "${user}" >/dev/null 2>&1
@@ -2255,23 +2254,14 @@ csih_account_has_necessary_privileges()
          csih_warning "Unable to ensure that '${user}' has the 
appropriate privileges."
          return 1
        else
-        admingroup=$(/usr/bin/mkgroup -l | /usr/bin/awk -F: '{if ( $2 
== "S-1-5-32-544" ) print $1;}')
-        if [ -z "${admingroup}" ]
-        then
-          csih_warning "Cannot obtain the Administrators group name 
from 'mkgroup -l'."
-          return 1
-        fi
-        if ! csih_call_winsys32 net localgroup "${admingroup}" | 
/usr/bin/grep -Eiq "^${user}.?$"
-        then
-          # user not in Administrators group
-          return 1
-        else
-          /usr/bin/editrights -u "${user}" -t 
SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
-          /usr/bin/editrights -u "${user}" -t SeCreateTokenPrivilege 
      >/dev/null 2>&1 &&
-          /usr/bin/editrights -u "${user}" -t SeTcbPrivilege 
      >/dev/null 2>&1 &&
-          /usr/bin/editrights -u "${user}" -t SeServiceLogonRight 
      >/dev/null 2>&1
-          return # status of previous command-list
-        fi
+	# Don't attempt to validate membership in Administrators group
+	# Instead, just try to set the appropriate rights; if it fails
+	# then handle that, instead.
+        /usr/bin/editrights -u "${user}" -t 
SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
+        /usr/bin/editrights -u "${user}" -t SeCreateTokenPrivilege 
    >/dev/null 2>&1 &&
+        /usr/bin/editrights -u "${user}" -t SeTcbPrivilege 
    >/dev/null 2>&1 &&
+        /usr/bin/editrights -u "${user}" -t SeServiceLogonRight 
    >/dev/null 2>&1
+        return # status of previous command-list
        fi
      fi
    fi

More information about the Cygwin-apps mailing list