On Tue, Jul 10, 2001 at 12:49:38AM +0200, Sander Striker wrote:
> > > > so there's no means to obtain _current_ user id of running
> > > > process, only a lookup from a username (or userid).
> > >
> > > Not yet. Nobody has needed that ability so far. Feel free to implement
> > > it though. APR follows a VERY simple rule. We don't implement
> > a feature
> > > until it is needed. :-)
> >
> > ack!
> >
> > > One warning, I have no idea how this would work on Windows. In
> > order for
> > > this to really be useful, we have to figure that piece out.
> >
> > yep.
> >
> > i mean, i can get away with getenv('USER') and to be honest, it
> > doesn't bother me. it might bother other people though.
> >
> > btw, just so you know: i know it _is_ possible else how would
> > cygwin work?
> >
> > .... and i do know that jeremy had a hell of a time getting setuid()
> > to work. it's almost impossible: none of the published APIs
> > describe how to do it. you can 'impersonate' an existing context
> > e.g. ImpersonateNamedPipeClient or similar but you can't
> > actually do a sudo. okay, it's been done, recently, and there
> > does exist SU.EXE, but still.... :)
>
> Check out:
>
> LogonUser -
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh
> /winbase/accclsrv_9cfm.asp
>
> ImpersonateLoggedOnUser -
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh
> /winbase/accclsrv_0jle.asp
>
>
> Maybe that can do the trick?
don't know about LogonUser. yes i do: it has to have a password.
ImpersonateLoggedOnUser? same thing as ImpersonateNamedPipeClient.
i.e. you can only impersonate an existing user IF you have a handle
to that user.
there is no published public API to *create* a new user context.
it's buried. i think the ntinternals, the bindview or other
security people have probably found an 'undocumented' API, but
that's not the sort of thing you put into soemthing like APR.
luke
