On Fri, Jan 25, 2002 at 11:44:03AM -0500, Pierre A. Humblet wrote: > By the way, do you know why LookupAccountSid() returns different > values when the sid is impersonated and when it isn't. Like: > > In impersonated token created in a process launched by Phumblet > /******************* Token User */ > PHumblet WIRELESS SidTypeUser <==== ????? > S-1-5-21-2127391503-1594901184-99485923-1004 <==== impersonated sid > > the (account) name PHumblet doesn't match the sid's username here. > It would if the process was launched directly by the user > (instead of being impersonated).
I wrote about that problem already in earlier postings on this list. No, I don't know why that happens. I assume it's due to the fact that the created token is still running in the logon session of the calling user. The NT calls GetUserName() and LookupAccountSid() seem to go a shortcut instead of really looking for the values :-( Actually it only happens in the impersonated and subsequent processes. Looking from the outside everything's ok, even in the NT task manager. I tried to get a description or something on the microsoft mailing lists but I got no answer. > Instead of debugging DuplicateTokenEx() it may be simpler (but > less efficient) to set the sd DACL in seteuid(), after the > call to ImpersonateLoggedOnUser(). That's essentially what > my call is doing when NULLing the DACL (see previous mail). You could test using the sec_user call at that point before I do it. You have the testcase trying to access the registry keys handy. > It would also take care of the subauthentication case. > I haven't looked at that at all. It doesn't matter. It works on W2K only. That's the reason I never announced it here but only on the cygwin-develoepers list. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
