This is the mail archive of the
mailing list for the Cygwin project.
Re: security.cc: bug report, question and suggestion
On Fri, Jan 25, 2002 at 11:44:03AM -0500, Pierre A. Humblet wrote:
> By the way, do you know why LookupAccountSid() returns different
> values when the sid is impersonated and when it isn't. Like:
> In impersonated token created in a process launched by Phumblet
> /******************* Token User */
> PHumblet WIRELESS SidTypeUser <==== ?????
> S-1-5-21-2127391503-1594901184-99485923-1004 <==== impersonated sid
> the (account) name PHumblet doesn't match the sid's username here.
> It would if the process was launched directly by the user
> (instead of being impersonated).
I wrote about that problem already in earlier postings on this
list. No, I don't know why that happens. I assume it's due
to the fact that the created token is still running in the
logon session of the calling user. The NT calls GetUserName()
and LookupAccountSid() seem to go a shortcut instead of really
looking for the values :-(
Actually it only happens in the impersonated and subsequent
processes. Looking from the outside everything's ok, even in
the NT task manager.
I tried to get a description or something on the microsoft
mailing lists but I got no answer.
> Instead of debugging DuplicateTokenEx() it may be simpler (but
> less efficient) to set the sd DACL in seteuid(), after the
> call to ImpersonateLoggedOnUser(). That's essentially what
> my call is doing when NULLing the DACL (see previous mail).
You could test using the sec_user call at that point before
I do it. You have the testcase trying to access the registry
> It would also take care of the subauthentication case.
> I haven't looked at that at all.
It doesn't matter. It works on W2K only. That's the reason
I never announced it here but only on the cygwin-develoepers
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:email@example.com
Red Hat, Inc.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html