-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use GetUserNameEx to get SID of current user to secure win32 files #166
Conversation
Found that the SID obtained when using GetUserName was causing permission issues because it wasn't the actual SID for the current user. By changing the call to use `GetUserNameEx` with a parameter of `NameSamCompatible`, the SID that was returned did indeed correspond to the current user. In addition, analysis of the file using Windows explorer also showed the SID being resolved to the current user's Windows ID, rather than a raw SID (as before). Co-authored-by: snapo <6347922+snapo@users.noreply.github.com>
I tested this in as many ways as I could, and the changes all seem to work.
One thing I was not able to test was:
|
@minrk - this is the last of the changes that are needed for 4.6.0. Could you please cut a release as soon as possible? |
@takluyver Do you have merge / release permissions? There's a lot of downstream issues being opened waiting on this fix. |
Thank you @rgbkrk! |
Check your email for an ask to get you both to have release permissions on |
Will do - thank you. Is this a "be careful what you wish for" moment? 😄 |
Just happy to enable you all to keep things moving. |
Thanks for getting this through, everyone! |
Found that the SID obtained when using GetUserName was causing permission
issues because it wasn't the actual SID for the current user. By changing
the call to use
GetUserNameEx
with a parameter ofNameSamCompatible
,the SID that was returned did indeed correspond to the current user. In
addition, analysis of the file using Windows explorer also showed the SID
being resolved to the current user's Windows ID, rather than a raw SID (as
before).
Co-authored-by: snapo 6347922+snapo@users.noreply.github.com