Corinna or Pierre please comment? [jason@tishler.net: Re: setuid
Pierre A. Humblet
Pierre.Humblet@ieee.org
Tue Jul 23 06:53:00 GMT 2002
Corinna Vinschen wrote:
>
> it doesn't allow anonymous access to request the group list.
> NetUserGetGroups() returns ERROR_ACCESS_DENIED. This can happen
> on 2K and .NET servers according to
Yep, I had seen that. I have even observed it at work where I can't
access domains servers in remote sites, other than the DCs of the
local site where I work.
> So we still have a problem, even if the DC is accessible. We could
> solve that by not failing silently if the get_user_groups() function
*** <= you don't mean that!
> fails:
> What do you think? Somehow I hate to soften the behaviour but it
> seems to be inescapable...
It's inescapable.
What I don't understand is how mkpasswd/group work in that case (do they work?).
See NetUserEnum
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netmgmt/ntlmapi2_10xf.asp
If they don't, how does one enter the relevant sids in /etc/passwd
and group? That's really where I got stuck at work. I never got to
the point where I could setuid, because I can't get the sids.
Pierre
More information about the Cygwin-patches
mailing list