This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: I can't find command su.exe


On Tue, Jul 10, 2001 at 03:52:36PM -0400, Phillip Susi wrote:
> At 07:53 AM 7/9/2001 +0200, you wrote:
> >But authentication DLL's are actually running in TCB context as well.
> >So the process connecting the authDLL would still need that privilege,
> >right?
> >
> >Corinna
> They are called by lsass.exe afaik.  The standard authentication dll 
> performs the authentication, and builds the token for the user, so I 
> thought why not install a hook to intercept specially formed logon 
> requests, call the original package to authenticate the user trying to su, 
> and if that succeeds, manually build a token for the user they are trying 
> to su to.  For standard logon requests, just pass them on to the original 
> package.
> 
> The difficulty with this is that the win2k ddk does not have any 
> documentation on authentication packages that I can find, and the NT4 DDK 
> documentation is sketchy at best.

Did you have a look into the Cygwin sources? There are two functions
(plus various helper functions) in security.cc.

create_token() creates a token manually using the undocumented
NtCreateToken() function. Unfortunately this needs the CREATE_TOKEN
privilege which is only granted to LocalSystem by default and which
actually is a very dangerous privilege.

subauth() is the client code to call a Subauthentication DLL which
is part of the Cygwin source tree but had never made it into the
official release due to it's complex installation procedure and
the fact that it only works with W2K, not with NT4. Calling the
LSA client functions of course need the TCB privilege again...

However, that's all I could tweak out of the Microsoft API so far.
I would love to have a real authentication DLL in Cygwin but that
needs further knowledge of the LSA interface which I can't get from
the MSDN. As you aforementioned, the LSA documentation is really
crap^H^H^H^Hsketchy.

AFAICS, we will never get the full functionality w/o a server
process running under LocalSystem.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]