Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Fri, 11 Jul 2003 18:31:52 -0500
From: msg <michael DOT grigoni AT cybertheque DOT org>
Subject: Re: cygwin_logon_user() not working
To: cygwin AT cygwin DOT com
Message-id: <3F0F48E8.48C8D9C9@cybertheque.org>
Organization: Cybertheque Museum
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
X-Accept-Language: en
References: <3F0EEC29 DOT 447921AB AT cybertheque DOT org>
 <20030711195626 DOT GD12368 AT cygbert DOT vinschen DOT de>

Corinna, thanks much for your reply; please bear with me here
(in case I'm missing something):

> 
> On Fri, Jul 11, 2003 at 11:56:09AM -0500, msg wrote:
> > be owned by the new uid.  The code fails on the call to
> > cygwin_logon_user() which returns -1 (invalid HANDLE). The output
> > of 'strace' on this program shows cygwin_logon_user() extracting
> > the /etc/passwd information followed by a 'windows error 1314' which
> > is 'unknown' and converted to error 13.
> 
> But you did look what error 1314 means, right?
> 

Indeed:
1314 0x0522  A required privilege is not held by the client.


> > We've tried running the program from a bash shell logged-in as
> > user 'root' and again logged-in as user 'Administrator' with no
> > difference (Windows logins, not cygwin 'login' logins).
> 
> So it runs as expected.  Admin accounts don't have the right to call
> LogonUser up to W2K. This would only work on XP and 2003.

Are you saying it won't work regardless of the privilege settings
on Win2k (I presume you mean it won't work unless the needed
privileges are granted)?

> You have
> to add the SeTcpPrivilege to the user who should call LogonUser.  See
> http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID for the needed
> user privileges (up to W2K).

Yes, I carefully studied both the pdf users' guide and the online
version prior to posting and insured that all of the mentioned
privileges were granted to user 'root' and to user 'Administrator'
including SeTcpPrivilege (Act as part of the operating system).
These were all in place during testing.

We don't have any native Win2k/NT debugging or development tools;
what can we do to troubleshoot this?

Michael Grigoni
Cybertheque Museum

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/