Windows: afslogon impersonate when deleting tickets

When tickets are obtained via the KFW_AFS interface the user
context is being impersonated.  Do the same when cleaning up.

Change-Id: Iba43db2e66d8f02e9fbf4e076f6429a53838edea
Reviewed-on: http://gerrit.openafs.org/7631
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index 3bddbe91de994b55f7cbef1a14b1289b3000ae50..ab7cbfbe944d3aad9b86bace610557ae56307b2d 100644 (file)
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -1153,11 +1153,21 @@ NPLogonNotify(
      */
 
     if (ISLOGONINTEGRATED(opt.LogonOption) && KFW_is_available()) {
+        CtxtHandle LogonContext;
+
+        LogonSSP(lpLogonId, &LogonContext);
+        ImpersonateSecurityContext(&LogonContext);
+
 #ifdef KFW_LOGON
        sprintf(szLogonId,"%d.%d",lpLogonId->HighPart, lpLogonId->LowPart);
+        DebugEvent("copying cache for %s %s", uname, szLogonId);
        KFW_AFS_copy_cache_to_system_file(uname, szLogonId);
 #endif
+        DebugEvent("Destroying tickets for %s", uname);
        KFW_AFS_destroy_tickets_for_principal(uname);
+
+        RevertSecurityContext(&LogonContext);
+        DeleteSecurityContext(&LogonContext);
     }
 
     if (code) {