This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Bug in csih


On 1/16/2012 5:14 AM, Corinna Vinschen wrote:
Chuck? Ping?


How's this? (BTW, we do similar stuff in csih_create_privileged_user() but I didn't address that).



Index: cygwin-service-installation-helper.sh =================================================================== RCS file: /cvs/cygwin-apps/csih/cygwin-service-installation-helper.sh,v retrieving revision 1.28 diff -u -p -r1.28 cygwin-service-installation-helper.sh --- cygwin-service-installation-helper.sh 13 Feb 2011 23:22:34 -0000 1.28 +++ cygwin-service-installation-helper.sh 5 Feb 2012 20:22:07 -0000 @@ -2244,7 +2244,6 @@ csih_account_has_necessary_privileges() $_csih_trace

local user="$1"
- local admingroup=
if [ -n "${user}" ]
then
if csih_call_winsys32 net user "${user}" >/dev/null 2>&1
@@ -2255,23 +2254,14 @@ csih_account_has_necessary_privileges()
csih_warning "Unable to ensure that '${user}' has the appropriate privileges."
return 1
else
- admingroup=$(/usr/bin/mkgroup -l | /usr/bin/awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}')
- if [ -z "${admingroup}" ]
- then
- csih_warning "Cannot obtain the Administrators group name from 'mkgroup -l'."
- return 1
- fi
- if ! csih_call_winsys32 net localgroup "${admingroup}" | /usr/bin/grep -Eiq "^${user}.?$"
- then
- # user not in Administrators group
- return 1
- else
- /usr/bin/editrights -u "${user}" -t SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
- /usr/bin/editrights -u "${user}" -t SeCreateTokenPrivilege >/dev/null 2>&1 &&
- /usr/bin/editrights -u "${user}" -t SeTcbPrivilege >/dev/null 2>&1 &&
- /usr/bin/editrights -u "${user}" -t SeServiceLogonRight >/dev/null 2>&1
- return # status of previous command-list
- fi
+ # Don't attempt to validate membership in Administrators group
+ # Instead, just try to set the appropriate rights; if it fails
+ # then handle that, instead.
+ /usr/bin/editrights -u "${user}" -t SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
+ /usr/bin/editrights -u "${user}" -t SeCreateTokenPrivilege >/dev/null 2>&1 &&
+ /usr/bin/editrights -u "${user}" -t SeTcbPrivilege >/dev/null 2>&1 &&
+ /usr/bin/editrights -u "${user}" -t SeServiceLogonRight >/dev/null 2>&1
+ return # status of previous command-list
fi
fi
fi



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]