This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: Corinna or Pierre please comment? [jason@tishler.net: Re: setuid
Pierre,
since your patch is applied, Cygwin handles user switches even when
the DC isn't available. Now, in another thread in the cygwin ml,
there's a report of a situation, where the DC *is* available but
it doesn't allow anonymous access to request the group list.
NetUserGetGroups() returns ERROR_ACCESS_DENIED. This can happen
on 2K and .NET servers according to
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netmgmt/ntlmapi2_10xf.asp
(see the Remarks section).
So we still have a problem, even if the DC is accessible. We could
solve that by not failing silently if the get_user_groups() function
fails:
Index: security.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/security.cc,v
retrieving revision 1.115
diff -u -p -r1.115 security.cc
--- security.cc 19 Jul 2002 23:48:17 -0000 1.115
+++ security.cc 23 Jul 2002 12:52:41 -0000
@@ -526,9 +526,8 @@ get_group_sidlist (cygsidlist &grp_list,
}
extract_nt_dom_user (pw, domain, user);
/* Fail silently if DC is not reachable */
- if (get_logon_server (domain, server, wserver) &&
- !get_user_groups (wserver, grp_list, user, domain))
- return FALSE;
+ if (get_logon_server (domain, server, wserver))
+ get_user_groups (wserver, grp_list, user, domain);
get_unix_group_sidlist (pw, grp_list);
if (!get_user_local_groups (grp_list, usersid))
return FALSE;
What do you think? Somehow I hate to soften the behaviour but it
seems to be inescapable...
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.