From 5684cfebba943eb10d16216a16793d464c1b2a1d Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 12 Dec 2006 16:27:32 +0000
Subject: 	Partially revert change from 2005-04-03, always running under
 an 	impersonation token, which collides with Vista UAC. 	* cygheap.h
 (deimpersonate): revert to self instead of impersonating 	hProcImpToken.
 	(reimpersonate): Only impersonate if setuid. 	* dcrt0.cc
 (dll_crt0_0): Don't initialize hProcImpToken here. 	(dll_crt0_1): Set
 privileges on hProcToken. 	* fork.cc (frok::child): Set privileges on
 hProcToken.  Close handle to 	hProcImpToken. 	* grp.cc (internal_getgroups):
 Use hProcToken instead of hProcImpToken. 	* security.cc (check_access):
 Create hProcImpToken on demand here. 	* security.h (set_process_privilege):
 Set privileges on hProcToken. 	(_push_thread_privilege): Use hProcToken
 instead of hProcImpToken. 	(pop_thread_privilege): If not setuid'ed,
 revert to self. 	* syscalls.cc (setegid32): Drop setting primary group
 on hProcImpToken. 	Close handle to hProcImpToken. 	* uinfo.cc
 (internal_getlogin): Ditto. 	* winsup.h (clear_procimptoken): New inline
 function.

---
 winsup/cygwin/security.h | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'winsup/cygwin/security.h')

diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 9823ca2b4..dec066009 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -396,14 +396,14 @@ bool get_logon_server (const char * domain, char * server, WCHAR *wserver,
 int set_privilege (HANDLE token, enum cygpriv_idx privilege, bool enable);
 void set_cygwin_privileges (HANDLE token);
 
-#define set_process_privilege(p,v) set_privilege (hProcImpToken, (p), (v))
+#define set_process_privilege(p,v) set_privilege (hProcToken, (p), (v))
 
 #define _push_thread_privilege(_priv, _val, _check) { \
     HANDLE _token = NULL, _dup_token = NULL; \
     if (wincap.has_security ()) \
       { \
 	_token = (cygheap->user.issetuid () && (_check)) \
-		 ? cygheap->user.token () : hProcImpToken; \
+		 ? cygheap->user.token () : hProcToken; \
 	if (!DuplicateTokenEx (_token, MAXIMUM_ALLOWED, NULL, \
 			       SecurityImpersonation, TokenImpersonation, \
 			       &_dup_token)) \
@@ -419,7 +419,10 @@ void set_cygwin_privileges (HANDLE token);
 #define pop_thread_privilege() \
     if (_dup_token) \
       { \
-	ImpersonateLoggedOnUser (_token); \
+	if (_token == hProcToken) \
+	  RevertToSelf (); \
+	else \
+	  ImpersonateLoggedOnUser (_token); \
 	CloseHandle (_dup_token); \
       } \
   }
-- 
cgit v1.2.3