diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2006-12-12 16:27:32 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2006-12-12 16:27:32 +0000 |
| commit | 5684cfebba943eb10d16216a16793d464c1b2a1d (patch) | |
| tree | f88d165d561e9ad345c8893c32a422d1ac3a0f3a /winsup/cygwin/security.h | |
| parent | 815122d8428527e170c0090ed134d18081d1054d (diff) | |
| download | cygnal-5684cfebba943eb10d16216a16793d464c1b2a1d.tar.gz cygnal-5684cfebba943eb10d16216a16793d464c1b2a1d.tar.bz2 cygnal-5684cfebba943eb10d16216a16793d464c1b2a1d.zip | |
Partially revert change from 2005-04-03, always running under an
impersonation token, which collides with Vista UAC.
* cygheap.h (deimpersonate): revert to self instead of impersonating
hProcImpToken.
(reimpersonate): Only impersonate if setuid.
* dcrt0.cc (dll_crt0_0): Don't initialize hProcImpToken here.
(dll_crt0_1): Set privileges on hProcToken.
* fork.cc (frok::child): Set privileges on hProcToken. Close handle to
hProcImpToken.
* grp.cc (internal_getgroups): Use hProcToken instead of hProcImpToken.
* security.cc (check_access): Create hProcImpToken on demand here.
* security.h (set_process_privilege): Set privileges on hProcToken.
(_push_thread_privilege): Use hProcToken instead of hProcImpToken.
(pop_thread_privilege): If not setuid'ed, revert to self.
* syscalls.cc (setegid32): Drop setting primary group on hProcImpToken.
Close handle to hProcImpToken.
* uinfo.cc (internal_getlogin): Ditto.
* winsup.h (clear_procimptoken): New inline function.
Diffstat (limited to 'winsup/cygwin/security.h')
| -rw-r--r-- | winsup/cygwin/security.h | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index 9823ca2b4..dec066009 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -396,14 +396,14 @@ bool get_logon_server (const char * domain, char * server, WCHAR *wserver, int set_privilege (HANDLE token, enum cygpriv_idx privilege, bool enable); void set_cygwin_privileges (HANDLE token); -#define set_process_privilege(p,v) set_privilege (hProcImpToken, (p), (v)) +#define set_process_privilege(p,v) set_privilege (hProcToken, (p), (v)) #define _push_thread_privilege(_priv, _val, _check) { \ HANDLE _token = NULL, _dup_token = NULL; \ if (wincap.has_security ()) \ { \ _token = (cygheap->user.issetuid () && (_check)) \ - ? cygheap->user.token () : hProcImpToken; \ + ? cygheap->user.token () : hProcToken; \ if (!DuplicateTokenEx (_token, MAXIMUM_ALLOWED, NULL, \ SecurityImpersonation, TokenImpersonation, \ &_dup_token)) \ @@ -419,7 +419,10 @@ void set_cygwin_privileges (HANDLE token); #define pop_thread_privilege() \ if (_dup_token) \ { \ - ImpersonateLoggedOnUser (_token); \ + if (_token == hProcToken) \ + RevertToSelf (); \ + else \ + ImpersonateLoggedOnUser (_token); \ CloseHandle (_dup_token); \ } \ } |