diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2005-06-08 10:06:17 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2005-06-08 10:06:17 +0000 |
| commit | ce132d0ffdcaac7a94e55c9fb9e84f8de134a97d (patch) | |
| tree | 2b6bccece83ed2d799428df5c9115eff437f6561 /winsup/cygwin/security.cc | |
| parent | 30798c5a11870c3ee92d13e1d88c4ac56c0dcd07 (diff) | |
| download | cygnal-ce132d0ffdcaac7a94e55c9fb9e84f8de134a97d.tar.gz cygnal-ce132d0ffdcaac7a94e55c9fb9e84f8de134a97d.tar.bz2 cygnal-ce132d0ffdcaac7a94e55c9fb9e84f8de134a97d.zip | |
* security.cc (cygwin_logon_user): Run LogonUser in the primary
process token context. Fix potential handle leak.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index aa961c90c..c589513ae 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -124,17 +124,26 @@ cygwin_logon_user (const struct passwd *pw, const char *password) extract_nt_dom_user (pw, nt_domain, nt_user); debug_printf ("LogonUserA (%s, %s, %s, ...)", nt_user, nt_domain, password); + /* CV 2005-06-08: LogonUser should run under the primary process token, + otherwise it returns with ERROR_ACCESS_DENIED on W2K. Don't ask me why. */ + RevertToSelf (); if (!LogonUserA (nt_user, *nt_domain ? nt_domain : NULL, (char *) password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, - &hToken) - || !SetHandleInformation (hToken, - HANDLE_FLAG_INHERIT, - HANDLE_FLAG_INHERIT)) + &hToken)) { __seterrno (); - return INVALID_HANDLE_VALUE; + hToken = INVALID_HANDLE_VALUE; + } + else if (!SetHandleInformation (hToken, + HANDLE_FLAG_INHERIT, + HANDLE_FLAG_INHERIT)) + { + __seterrno (); + CloseHandle (hToken); + hToken = INVALID_HANDLE_VALUE; } + cygheap->user.reimpersonate (); debug_printf ("%d = logon_user(%s,...)", hToken, pw->pw_name); return hToken; } |