Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com Message-ID: <01ad01c0d4a2$bf6a2950$0200a8c0@lifelesswks> From: "Robert Collins" To: "cygdev" References: <20010504160025 DOT E24200 AT cygbert DOT vinschen DOT de> Subject: Re: New subdirectory in winsup Date: Sat, 5 May 2001 00:01:40 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-OriginalArrivalTime: 04 May 2001 13:56:25.0404 (UTC) FILETIME=[0241EFC0:01C0D4A2] Wow! Thank you for this!!! I recall it being a big task :] I do hope it wasn't _too_ big. Rob ----- Original Message ----- From: "Corinna Vinschen" To: "cygdev" Sent: Saturday, May 05, 2001 12:00 AM Subject: New subdirectory in winsup > Hi, > > I have just added a new subdirectory to winsup called "subauth". > To update your local sandbox you'll have to change to your > $(cygwinsrcdir)/winsup directory and call `cvs up -d'. > > That new subdirectory contains the code to generate a subauthentication > DLL which allows the new code in cygwin/security.cc to change the > user context without providing a password on NT/W2K systems. > > The installation is somewhat tricky. When you've successfully build > the DLL, you'll have to copy it into your $SYSTEMROOT/system32 > directory. It's unfortunately not enough to add for example > C:\cygwin\bin to the system environment PATH variable so that > subauth DLLs are searched there, too. > > Then you'll have to add a registry entry to > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 > > The new value should be named "Auth255", type REG_SZ, and should contain > the string "CYGSUBA". If for some reason your system already contains > an "Auth255" value, create an "Auth254" or so (NEVER "Auth0"!!!) and > add the following to your CYGWIN variable: > > CYGWIN= ... subauth_id:254 ... > > The default value of "subauth_id" is 255 according to the above > description and the recommendation of Microsoft. > > Then be sure to have an account with the SE_TCB_NAME "Act as part > of the operating system" privilege active since it's needed to > be able to contact the LSA subsystem which manages the user > authentication in NT/W2K. That right is by default only given to > LocalSystem. That's of course no advice to always create such an > account but it's only for testing purposes! > > Then reboot as you should be used to as a Windows user. > > After logging in as the user which has the SE_TCB_NAME privilege, > you should be able to use the good old `su' which you probably > still have on your system to change the user context. > > If you don't have `su', just try the following test app: > > ========================= > #include > #include > #include > #include > > int > main(int argc, char **argv) > { > uid_t uid; > gid_t gid; > int pid, s; > > if (argc < 3) > { > fprintf (stderr, "usage: %s uid gid\n", argv[0]); > return 1; > } > gid = getegid (); > uid = geteuid (); > printf ("BEFORE: uid: %d, gid: %d\n", geteuid (), getegid ()); > setegid (atoi (argv[2])); > seteuid (atoi (argv[1])); > printf ("AFTER: uid: %d, gid: %d\n", geteuid (), getegid ()); > switch (pid = fork ()) > { > case -1: > fprintf (stderr, "fork failed\n"); > break; > case 0: > printf ("CHILD: uid: %d, gid: %d\n", geteuid (), getegid ()); > execlp ("bash", "bash", "--login", NULL); > fprintf (stderr, "exec failed\n"); > break; > default: > wait (&s); > break; > } > setegid (gid); > seteuid (uid); > printf ("BACK: uid: %d, gid: %d\n", geteuid (), getegid ()); > return 0; > } > ========================= > > Corinna > > -- > Corinna Vinschen Please, send mails regarding Cygwin to > Cygwin Developer mailto:cygwin AT cygwin DOT com > Red Hat, Inc. >