Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
Message-ID: <cc67648e04082709194ad2571c@mail.gmail.com>
Date: Fri, 27 Aug 2004 12:19:57 -0400
From: Jeff Trawick <trawick@gmail.com>
Reply-To: Jeff Trawick <trawick@gmail.com>
To: dev@apr.apache.org
Subject: Re: [PATCH] set process attribute uid (WAS: [PATCH] WIN32
 CreateProcessAsUser)
In-Reply-To: <412F1437.5040508@apache.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <412EF119.8090503@apache.org>
 <cc67648e0408270327723289d4@mail.gmail.com> <412F1437.5040508@apache.org>

On Fri, 27 Aug 2004 13:00:07 +0200, Mladen Turk <mturk@apache.org> wrote:
> Jeff Trawick wrote:
> 
> >>The win version now makes sure that the calling tread does
> >>not remain under impersonated user if something goes wrong.
> >
> >
> > it seems very uncool for apr_procattr_FOO_set to modify any
> > characteristics of the calling thread/process...  is that happening on
> > Win32?  there's quite a bit of interesting logic in
> > apr_procattr_user_set for Win32
> >
> 
> That's the only way AFAICT to enable the 'RunAs'.
> The calling thread is switching to a different account only to call
> the single API function and then reverts. Other threads are not
> affected, even if this is a main thread.

okay, just me being ignorant; sorry

> >>+APR_DECLARE(apr_status_t) apr_procattr_user_set(apr_procattr_t *attr,
> >>+                                                const char *username,
> >>+                                                const char *password);
> >
> >
> > maybe this should allow specifying a group too, in case on Unix you
> > don't want to require that the identity change to the default group of
> > the specified user?
> >
> 
> OK. Any suggestons for the name of the second param?
> Perhaps grp_or_pwd?

I was thinking along the lines of a third parameter instead of
overloading the second parameter.  Any comments from the crowd on that
choice?