From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Tue, 19 Jun 2012 01:48:05 +0000 (-0400)
Subject: Windows: afslogon impersonate when deleting tickets
X-Git-Tag: upstream/1.8.0_pre1^2~2285
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=c8b1f007b530c072ee1f5654833f68e45a2eafd5;p=packages%2Fo%2Fopenafs.git

Windows: afslogon impersonate when deleting tickets

When tickets are obtained via the KFW_AFS interface the user
context is being impersonated.  Do the same when cleaning up.

Change-Id: Iba43db2e66d8f02e9fbf4e076f6429a53838edea
Reviewed-on: http://gerrit.openafs.org/7631
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index 3bddbe91d..ab7cbfbe9 100644
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -1153,11 +1153,21 @@ NPLogonNotify(
      */
 
     if (ISLOGONINTEGRATED(opt.LogonOption) && KFW_is_available()) {
+        CtxtHandle LogonContext;
+
+        LogonSSP(lpLogonId, &LogonContext);
+        ImpersonateSecurityContext(&LogonContext);
+
 #ifdef KFW_LOGON
 	sprintf(szLogonId,"%d.%d",lpLogonId->HighPart, lpLogonId->LowPart);
+        DebugEvent("copying cache for %s %s", uname, szLogonId);
 	KFW_AFS_copy_cache_to_system_file(uname, szLogonId);
 #endif
+        DebugEvent("Destroying tickets for %s", uname);
 	KFW_AFS_destroy_tickets_for_principal(uname);
+
+        RevertSecurityContext(&LogonContext);
+        DeleteSecurityContext(&LogonContext);
     }
 
     if (code) {