From: tmh AT netfusion DOT co DOT uk (Tony Hoyle) Subject: FIX: Administrators need to appear as root user for some users 3 Apr 1998 07:42:12 -0800 Message-ID: <3.0.5.32.19980402183505.00926480.cygnus.gnu-win32@liverpool.netfusion.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: gnu-win32 AT cygnus DOT com I have been porting sendmail 8.8.8 & in compiles with very little change (!). Now I've just got to get it to run :-) I've changed getuid,geteuid, etc. to return UID=0 when the process is in the Administrators group. Specifically I had to make getuid return 0 and geteuid return the real uid (I had to do it this way round because of the way sendmail checks who the invoking user is). Code follows: (I just tacked this code in its own file rather than recompiling cygwin, so it could, and probably should, be structured better) #define DEFAULT_GID 100 #define DEFAULT_UID 500 static uid_t myuid=UINT_MAX; static gid_t mygid=UINT_MAX; uid_t getuid() { if(IsAdministrator()) return 0; else return geteuid(); } gid_t getgid() { if(IsAdministrator()) return 0; else return getegid(); } uid_t geteuid() { struct passwd *p; if(myuid==UINT_MAX) { if((p = getpwnam (getlogin ())) != NULL) myuid=p->pw_uid; else myuid = DEFAULT_UID; } return myuid; } gid_t getegid() { struct passwd *p; if(mygid==UINT_MAX) { if((p = getpwnam (getlogin ())) != NULL) mygid=p->pw_gid; else mygid = DEFAULT_GID; } return mygid; } #define MAX_NAME 256 BOOL IsAdministrator() { DWORD i, dwSize = 0, dwResult = 0; HANDLE hToken; PTOKEN_GROUPS pGroupInfo; SID_NAME_USE SidType; char lpName[MAX_NAME]; char lpDomain[MAX_NAME]; BYTE sidBuffer[100]; PSID pSID = (PSID)&sidBuffer; SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY; BOOL bIsAdmin = FALSE; // Open a handle to the access token for the calling process. if (!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken )) return FALSE; // Call GetTokenInformation to get the buffer size. if(!GetTokenInformation(hToken, TokenGroups, NULL, dwSize, &dwSize)) { dwResult = GetLastError(); if( dwResult != ERROR_INSUFFICIENT_BUFFER ) return FALSE; } // Allocate the buffer. pGroupInfo = (PTOKEN_GROUPS)malloc(dwSize); // Call GetTokenInformation again to get the group information. if(! GetTokenInformation(hToken, TokenGroups, pGroupInfo, dwSize, &dwSize ) ) { return FALSE; } // Create a SID for the BUILTIN\Administrators group. if(! AllocateAndInitializeSid( &SIDAuth, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSID) ) { return FALSE; } // Loop through the group SIDs looking for the administrator SID. for(i=0; iGroupCount; i++) { if(EqualSid(pSID, pGroupInfo->Groups[i].Sid)) { // Lookup the account name and print it. dwSize = MAX_NAME; if( !LookupAccountSid( NULL, pGroupInfo->Groups[i].Sid, lpName, &dwSize, lpDomain, &dwSize, &SidType ) ) { break; } // Find out if the SID is enabled in the token if (pGroupInfo->Groups[i].Attributes & SE_GROUP_ENABLED) { bIsAdmin=TRUE; break; } } } if (pSID) FreeSid(pSID); if (pGroupInfo) free(pGroupInfo); return bIsAdmin; } ----------------------------------------------------------------------------- 'toH qo' muSHa'qu'mo joH'a', wa' puqloDDaj nobpu' ghaH 'wj ghaH Harchugh vay', vaj not Hegh ghaH, 'ach yIn jub ghajbej ghaH.' Home: (+44) 161 737 0008 Work: (+44) 161 278 2463 http://sale.netfusion.co.uk - My C++ chalkboard (Last update 30/3/98) ----------------------------------------------------------------------------- - For help on using this list (especially unsubscribing), send a message to "gnu-win32-request AT cygnus DOT com" with one line of text: "help".