- /*
- * The only authentication which is able to change the user
- * context on NT systems is the password authentication. So
- * we deny all requsts for changing the user context if another
- * authentication method is used.
- *
- * This doesn't apply to Cygwin versions >= 1.3.2 anymore which
- * uses the undocumented NtCreateToken() call to create a user
- * token if the process has the appropriate privileges and if
- * CYGWIN ntsec setting is on.
- */
- static int has_create_token = -1;
-
- if (pw == NULL)
- return 0;
- if (is_winnt) {
- if (has_create_token < 0) {
- struct utsname uts;
- int major_high = 0, major_low = 0, minor = 0;
- char *cygwin = getenv("CYGWIN");
-
- has_create_token = 0;
- if (ntsec_on(cygwin) && !uname(&uts)) {
- sscanf(uts.release, "%d.%d.%d",
- &major_high, &major_low, &minor);
- if (major_high > 1 ||
- (major_high == 1 && (major_low > 3 ||
- (major_low == 3 && minor >= 2))))
- has_create_token = 1;
- }
- }
- if (has_create_token < 1 &&
- !pwd_authenticated && geteuid() != pw->pw_uid)
- return 0;
- }
- return 1;