* cygserver_setpwd.h (setlsapwd): Add username parameter to declaration.

	* external.cc (cygwin_internal): In the CW_SET_PRIV_KEY case, fetch
	additional username parameter.
	* setlsapwd.cc (setlsapwd): Add username parameter.  Allow admin to
	set the hidden password for other users.

4 files changed, 32 insertions, 9 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 936e24f5e..6f4063265 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,13 @@
 2011-04-04  Corinna Vinschen  <corinna@vinschen.de>
 
+	* cygserver_setpwd.h (setlsapwd): Add username parameter to declaration.
+	* external.cc (cygwin_internal): In the CW_SET_PRIV_KEY case, fetch
+	additional username parameter.
+	* setlsapwd.cc (setlsapwd): Add username parameter.  Allow admin to
+	set the hidden password for other users.
+
+2011-04-04  Corinna Vinschen  <corinna@vinschen.de>
+
 	* sec_auth.cc (get_user_groups): Mark well-known groups as well-known.
 	(get_user_local_groups): Ditto.
 	(verify_token): Drop useless label.
diff --git a/winsup/cygwin/cygserver_setpwd.h b/winsup/cygwin/cygserver_setpwd.h
index 94ee2998d..8fa34793b 100644
--- a/winsup/cygwin/cygserver_setpwd.h
+++ b/winsup/cygwin/cygserver_setpwd.h
@@ -1,6 +1,6 @@
 /* cygserver_setpwd.h: Set LSA private data password for current user.
 
-   Copyright 2008 Red Hat, Inc.
+   Copyright 2008, 2011 Red Hat, Inc.
 
 This file is part of Cygwin.
 
@@ -47,7 +47,7 @@ public:
 };
 
 #ifdef __INSIDE_CYGWIN__
-unsigned long setlsapwd (const char *passwd);
+unsigned long setlsapwd (const char *passwd, const char *username);
 #endif
 
 #endif /* __CYGSERVER_SETPWD_H__ */
diff --git a/winsup/cygwin/external.cc b/winsup/cygwin/external.cc
index 93fc2b331..8aeb22108 100644
--- a/winsup/cygwin/external.cc
+++ b/winsup/cygwin/external.cc
@@ -1,7 +1,7 @@
 /* external.cc: Interface to Cygwin internals from external programs.
 
    Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
-   2006, 2007, 2008, 2009, 2010 Red Hat, Inc.
+   2006, 2007, 2008, 2009, 2010, 2011 Red Hat, Inc.
 
    Written by Christopher Faylor <cgf@cygnus.com>
 
@@ -435,7 +435,8 @@ cygwin_internal (cygwin_getinfo_types t, ...)
       case CW_SET_PRIV_KEY:
 	{
 	  const char *passwd = va_arg (arg, const char *);
-	  res = setlsapwd (passwd);
+	  const char *username = va_arg (arg, const char *);
+	  res = setlsapwd (passwd, username);
 	}
 	break;
       case CW_SETERRNO:
diff --git a/winsup/cygwin/setlsapwd.cc b/winsup/cygwin/setlsapwd.cc
index 7622de370..8e1baa9bb 100644
--- a/winsup/cygwin/setlsapwd.cc
+++ b/winsup/cygwin/setlsapwd.cc
@@ -1,6 +1,6 @@
 /* setlsapwd.cc: Set LSA private data password for current user.
 
-   Copyright 2008, 2009 Red Hat, Inc.
+   Copyright 2008, 2009, 2011 Red Hat, Inc.
 
 This file is part of Cygwin.
 
@@ -17,6 +17,7 @@ details. */
 #include "cygheap.h"
 #include "security.h"
 #include "cygserver_setpwd.h"
+#include "pwdgrp.h"
 #include "ntdll.h"
 #include <ntsecapi.h>
 #include <stdlib.h>
@@ -37,7 +38,7 @@ client_request_setpwd::client_request_setpwd (PUNICODE_STRING passwd)
 }
 
 unsigned long
-setlsapwd (const char *passwd)
+setlsapwd (const char *passwd, const char *username)
 {
   unsigned long ret = (unsigned long) -1;
   HANDLE lsa = INVALID_HANDLE_VALUE;
@@ -47,8 +48,21 @@ setlsapwd (const char *passwd)
   UNICODE_STRING key;
   UNICODE_STRING data;
 
-  wcpcpy (wcpcpy (key_name, CYGWIN_LSA_KEY_PREFIX),
-	  cygheap->user.get_windows_id (sid));
+  if (username)
+    {
+      cygsid psid;
+      struct passwd *pw = internal_getpwnam (username, false);
+
+      if (!pw || !psid.getfrompw (pw))
+	{
+	  set_errno (ENOENT);
+	  return ret;
+	}
+      wcpcpy (wcpcpy (key_name, CYGWIN_LSA_KEY_PREFIX), psid.string (sid));
+    }
+  else
+    wcpcpy (wcpcpy (key_name, CYGWIN_LSA_KEY_PREFIX),
+	    cygheap->user.get_windows_id (sid));
   RtlInitUnicodeString (&key, key_name);
   if (!passwd || ! *passwd
       || sys_mbstowcs_alloc (&data_buf, HEAP_NOTHEAP, passwd))
@@ -71,7 +85,7 @@ setlsapwd (const char *passwd)
 	    __seterrno_from_nt_status (status);
 	  LsaClose (lsa);
 	}
-      else if (ret)
+      else if (ret && !username)
 	{
 	  client_request_setpwd request (&data);
 	  if (request.make_request () == -1 || request.error_code ())