Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
CVSROOT: /usr/local/cvs Module name: cvsnt Repository: cvsnt/windows-NT/setuid/setuid/ Changes by: tmh at betty.magenta-netlogic.com. 04/01/17 22:14:44 Modified files: cvsnt/src/: Tag: CVSNT_2_0_x subr.c cvsnt/tonys\/: Tag: CVSNT_2_0_x test\ server.bat cvsnt/windows-NT/: Tag: CVSNT_2_0_x setuid.c win32.c cvsnt/windows-NT/setuid/setuid/: Tag: CVSNT_2_0_x LsaSetuid.cpp LsaSetuid.h setuid.cpp stdafx.h Log message: Damned hard to find this one, but under a checked build I found... 1. The documented way to generate a token (LSA_TOKEN_INFORMATION_V1) is totally broken on XP - LSASS.EXE tries to free the memory from the wrong heap and dies - this is only actually documented on Google Groups, and not fixed even on a fully patched XP... You have to use the undocumented LSA_TOKEN_INFORMATION_V2 instead [It's sufficient to search for the latter in Google to find the only documentation about this bug]. 2. S4U *is* implemented on XP, but it's disabled - it bombs out early in its processing complaining that it's not running on a server edition (XP Server == Win2003, basically) [a possibly interesting aside to this is when the LSA heap is corrupted by (1), then it sometimes fluffs the check and starts looking for an Active Directory to do its validation with.. this means I guess that the 'server/workstation' flag is in memory somewhere, and if someone could find the right byte to write to then you could re-enable server features like S4U on XP].