Mail Archives: cygwin-developers/2002/07/15/05:07:40
> ----- Forwarded message from Jason Tishler <jason AT tishler DOT net> -----
> 2305210 2457011 [main] setuid 2672 seterrno_from_win_error: ../../../../src/winsup/cygwin/security.cc:278 windows error 2453
> 384 2457395 [main] setuid 2672 geterrno_from_win_error: unknown windows error 2453, setting errno to 13
> Note that the Windows error 2453 corresponds to NERR_DCNotFound.
> if ((ret = NetGetDCName (NULL, wdomain, (LPBYTE *) &buf)) == STATUS_SUCCESS)
Since 1.3.10 this function asked the Lsa for the PDC but that returned
the DC of the machine rather than the DC of the account. So that would
have been correct only if the machine and the user are in the same
domain. Another difference is, if the user exists as a local and as a
domain account, the old way to do things would have returned information
for the local account when the DC wasn't available while the current
implementation returns an error now.
So, basically the current implementation is more correct than the old
implementation. I don't see how to make it better. Except if you're
willing to turn down the need for the correct group membership when
logging in to the machine. If we ignore the error, you could get a
user token with all groups mentioned as primary or supplemantary
group of your account in /etc/passwd and /etc/group. What I mean is,
the current code is basically creating the group list in your token
if (!has_primary_group) <- from setgid()
We *could* change it this way to succeed more often:
That could leave you with a somewhat restricted token, though.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
- Raw text -