* cygwin.din: Define symbols for `cygwin_logon_user' and

`cygwin_set_impersonation_token'.
        * dcrt0.cc (dll_crt0_1): Eliminate superfluous conditional
        statements.
        Add load statements for `ImpersonateLoggedOnUser', `LogonUserA'
        and `RevertToSelf'.
        * fork.cc (fork): Care for correct impersonation of parent
        and child process.
        * security.cc (cygwin_set_impersonation_token): New function.
        (cygwin_logon_user): Ditto.
        shared.h (class pinfo): New members `orig_uid', `orig_gid',
        `real_uid' nad `real_gid'.
        spawn.cc (spawn_guts): Care for impersonation when starting
        child process in a different user context.
        * syscalls.cc (setgid): Call `setegid' now. Set real_gid.
        (setuid): Call `seteuid' now. Set real_uid.
        (seteuid): Functionality moved from setuid to here. Care for
        correct impersonation.
        (setegid): Functionality moved from setgid to here.
        * uinfo.cc (uinfo_init): Initialization of additional pinfo
        members.
        (getuid): Return real uid.
        (getgid): Return real gid.
        (geteuid): Return effective uid.
        (getegid): Return effective gid.
        include/sys/cygwin.h: Add prototypes for `cygwin_logon_user' and
        `cygwin_set_impersonation_token'.
        include/cygwin/version.h: Bumb API minor version to 22.

winsup/cygwin/security.cc

@@ -374,6 +374,73 @@ got_it:
   return TRUE;
 }
 
+extern "C"
+void
+cygwin_set_impersonation_token (const HANDLE hToken)
+{
+  debug_printf ("set_impersonation_token (%d)", hToken);
+  if (myself->token != hToken)
+    {
+      if (myself->token != INVALID_HANDLE_VALUE)
+        CloseHandle (myself->token);
+      myself->token = hToken;
+      myself->impersonated = FALSE;
+    }
+}
+
+extern "C"
+HANDLE
+cygwin_logon_user (const struct passwd *pw, const char *password)
+{
+  if (os_being_run != winNT)
+    {
+      set_errno (ENOSYS);
+      return INVALID_HANDLE_VALUE;
+    }
+  if (!pw)
+    {
+      set_errno (EINVAL);
+      return INVALID_HANDLE_VALUE;
+    }
+
+  char *c, *nt_user, *nt_domain = NULL;
+  char usernamebuf[256];
+  HANDLE hToken;
+
+  strcpy (usernamebuf, pw->pw_name);
+  if (pw->pw_gecos)
+    {
+      if ((c = strstr (pw->pw_gecos, "U-")) != NULL &&
+          (c == pw->pw_gecos || c[-1] == ','))
+        {
+          usernamebuf[0] = '\0';
+          strncat (usernamebuf, c + 2, 255);
+          if ((c = strchr (usernamebuf, ',')) != NULL)
+            *c = '\0';
+        }
+    }
+  nt_user = usernamebuf;
+  if ((c = strchr (nt_user, '\\')) != NULL)
+    {
+      nt_domain = nt_user;
+      *c = '\0';
+      nt_user = c + 1;
+    }
+  if (! LogonUserA (nt_user, nt_domain, (char *) password,
+                    LOGON32_LOGON_INTERACTIVE,
+                    LOGON32_PROVIDER_DEFAULT,
+                    &hToken)
+      || !SetHandleInformation (hToken,
+                                HANDLE_FLAG_INHERIT,
+                                HANDLE_FLAG_INHERIT))
+    {
+      __seterrno ();
+      return INVALID_HANDLE_VALUE;
+    }
+  debug_printf ("%d = logon_user(%s,...)", hToken, pw->pw_name);
+  return hToken;
+}
+
 /* read_sd reads a security descriptor from a file.
    In case of error, -1 is returned and errno is set.
    If sd_buf is too small, 0 is returned and sd_size