From c8b1f007b530c072ee1f5654833f68e45a2eafd5 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Mon, 18 Jun 2012 21:48:05 -0400
Subject: [PATCH] Windows: afslogon impersonate when deleting tickets

When tickets are obtained via the KFW_AFS interface the user
context is being impersonated.  Do the same when cleaning up.

Change-Id: Iba43db2e66d8f02e9fbf4e076f6429a53838edea
Reviewed-on: http://gerrit.openafs.org/7631
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/WINNT/afsd/afslogon.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index 3bddbe91de..ab7cbfbe94 100644
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -1153,11 +1153,21 @@ NPLogonNotify(
      */
 
     if (ISLOGONINTEGRATED(opt.LogonOption) && KFW_is_available()) {
+        CtxtHandle LogonContext;
+
+        LogonSSP(lpLogonId, &LogonContext);
+        ImpersonateSecurityContext(&LogonContext);
+
 #ifdef KFW_LOGON
 	sprintf(szLogonId,"%d.%d",lpLogonId->HighPart, lpLogonId->LowPart);
+        DebugEvent("copying cache for %s %s", uname, szLogonId);
 	KFW_AFS_copy_cache_to_system_file(uname, szLogonId);
 #endif
+        DebugEvent("Destroying tickets for %s", uname);
 	KFW_AFS_destroy_tickets_for_principal(uname);
+
+        RevertSecurityContext(&LogonContext);
+        DeleteSecurityContext(&LogonContext);
     }
 
     if (code) {