Re: Bug in csih

[Charles Wilson]

On 1/16/2012 5:14 AM, Corinna Vinschen wrote:
Chuck?  Ping?

How's this?   (BTW, we do similar stuff in csih_create_privileged_user() 
but I didn't address that).


Index: cygwin-service-installation-helper.sh
===================================================================
RCS file: /cvs/cygwin-apps/csih/cygwin-service-installation-helper.sh,v
retrieving revision 1.28
diff -u -p -r1.28 cygwin-service-installation-helper.sh
--- cygwin-service-installation-helper.sh       13 Feb 2011 23:22:34 -0000      
1.28
+++ cygwin-service-installation-helper.sh       5 Feb 2012 20:22:07 -0000
@@ -2244,7 +2244,6 @@ csih_account_has_necessary_privileges()
   $_csih_trace

   local user="$1"
-  local admingroup=
   if [ -n "${user}" ]
   then
     if csih_call_winsys32 net user "${user}" >/dev/null 2>&1
@@ -2255,23 +2254,14 @@ csih_account_has_necessary_privileges()
         csih_warning "Unable to ensure that '${user}' has the 
appropriate privileges."
         return 1
       else
-        admingroup=$(/usr/bin/mkgroup -l | /usr/bin/awk -F: '{if ( $2 
== "S-1-5-32-544" ) print $1;}')
-        if [ -z "${admingroup}" ]
-        then
-          csih_warning "Cannot obtain the Administrators group name 
from 'mkgroup -l'."
-          return 1
-        fi
-        if ! csih_call_winsys32 net localgroup "${admingroup}" | 
/usr/bin/grep -Eiq "^${user}.?$"
-        then
-          # user not in Administrators group
-          return 1
-        else
-          /usr/bin/editrights -u "${user}" -t 
SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
-          /usr/bin/editrights -u "${user}" -t SeCreateTokenPrivilege 
     >/dev/null 2>&1 &&
-          /usr/bin/editrights -u "${user}" -t SeTcbPrivilege 
     >/dev/null 2>&1 &&
-          /usr/bin/editrights -u "${user}" -t SeServiceLogonRight 
     >/dev/null 2>&1
-          return # status of previous command-list
-        fi
+       # Don't attempt to validate membership in Administrators group
+       # Instead, just try to set the appropriate rights; if it fails
+       # then handle that, instead.
+        /usr/bin/editrights -u "${user}" -t 
SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
+        /usr/bin/editrights -u "${user}" -t SeCreateTokenPrivilege 
   >/dev/null 2>&1 &&
+        /usr/bin/editrights -u "${user}" -t SeTcbPrivilege 
   >/dev/null 2>&1 &&
+        /usr/bin/editrights -u "${user}" -t SeServiceLogonRight 
   >/dev/null 2>&1
+        return # status of previous command-list
       fi
     fi
   fi