On Tue, Jul 10, 2001 at 12:49:38AM +0200, Sander Striker wrote: > > > > so there's no means to obtain _current_ user id of running > > > > process, only a lookup from a username (or userid). > > > > > > Not yet. Nobody has needed that ability so far. Feel free to implement > > > it though. APR follows a VERY simple rule. We don't implement > > a feature > > > until it is needed. :-) > > > > ack! > > > > > One warning, I have no idea how this would work on Windows. In > > order for > > > this to really be useful, we have to figure that piece out. > > > > yep. > > > > i mean, i can get away with getenv('USER') and to be honest, it > > doesn't bother me. it might bother other people though. > > > > btw, just so you know: i know it _is_ possible else how would > > cygwin work? > > > > .... and i do know that jeremy had a hell of a time getting setuid() > > to work. it's almost impossible: none of the published APIs > > describe how to do it. you can 'impersonate' an existing context > > e.g. ImpersonateNamedPipeClient or similar but you can't > > actually do a sudo. okay, it's been done, recently, and there > > does exist SU.EXE, but still.... :) > > Check out: > > LogonUser - > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh > /winbase/accclsrv_9cfm.asp > > ImpersonateLoggedOnUser - > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh > /winbase/accclsrv_0jle.asp > > > Maybe that can do the trick?
don't know about LogonUser. yes i do: it has to have a password. ImpersonateLoggedOnUser? same thing as ImpersonateNamedPipeClient. i.e. you can only impersonate an existing user IF you have a handle to that user. there is no published public API to *create* a new user context. it's buried. i think the ntinternals, the bindview or other security people have probably found an 'undocumented' API, but that's not the sort of thing you put into soemthing like APR. luke