diff options
| author | Pierre Humblet <phumblet@phumblet.no-ip.org> | 2010-02-26 14:51:59 +0000 |
|---|---|---|
| committer | Pierre Humblet <phumblet@phumblet.no-ip.org> | 2010-02-26 14:51:59 +0000 |
| commit | a90dc29d18218ebe753b0c5a1df39223c2ea152b (patch) | |
| tree | 9852ba3f9e56990ed4f0f902b356886a5adf193b | |
| parent | e5ddf94aa175606d7e9ef2657ea7280199a1b4f4 (diff) | |
| download | cygnal-a90dc29d18218ebe753b0c5a1df39223c2ea152b.tar.gz cygnal-a90dc29d18218ebe753b0c5a1df39223c2ea152b.tar.bz2 cygnal-a90dc29d18218ebe753b0c5a1df39223c2ea152b.zip | |
2010-02-26 Pierre Humblet <Pierre.Humblet@ieee.org>
* security.cc (check_access): Use user.imp_token if appropriate.
Set errno and return if DuplicateTokenEx fails .
| -rw-r--r-- | winsup/cygwin/ChangeLog | 5 | ||||
| -rw-r--r-- | winsup/cygwin/security.cc | 21 |
2 files changed, 16 insertions, 10 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 21984cae5..64d60feff 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,8 @@ +2010-02-26 Pierre Humblet <Pierre.Humblet@ieee.org> + + * security.cc (check_access): Use user.imp_token if appropriate. + Set errno and return if DuplicateTokenEx fails . + 2010-02-26 Corinna Vinschen <corinna@vinschen.de> Remove all traces of __CYGWIN_USE_BIG_TYPES__. diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index a8a251297..b09a719f3 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -751,16 +751,17 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, ? cygheap->user.imp_token () : hProcImpToken); - if (!tok && !DuplicateTokenEx (hProcToken, MAXIMUM_ALLOWED, NULL, - SecurityImpersonation, TokenImpersonation, - &hProcImpToken)) -#ifdef DEBUGGING - system_printf ("DuplicateTokenEx failed, %E"); -#else - syscall_printf ("DuplicateTokenEx failed, %E"); -#endif - else - tok = hProcImpToken; + if (!tok) + { + if (!DuplicateTokenEx (hProcToken, MAXIMUM_ALLOWED, NULL, + SecurityImpersonation, TokenImpersonation, + &hProcImpToken)) + { + __seterrno (); + return ret; + } + tok = hProcImpToken; + } if (!AccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted, &status)) __seterrno (); |