OSDN Git Service

(root) / pf3gnuchains / sourceware.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5eefac4)
* security.h: Add third argument to set_process_privilege.
authorcorinna <corinna>
Mon, 3 Feb 2003 15:55:19 +0000 (15:55 +0000)
committercorinna <corinna>
Mon, 3 Feb 2003 15:55:19 +0000 (15:55 +0000)
* autoload.cc: Add OpenThreadToken.
* sec_helper.cc (set_process_privilege): Add and use use_thread
argument.
* security.cc (alloc_sd): Modify call to set_process_privilege.
Remember the result in each process. If failed and file owner is not
the user, fail.

winsup/cygwin/ChangeLog patch | blob | history
winsup/cygwin/autoload.cc patch | blob | history
winsup/cygwin/sec_helper.cc patch | blob | history
winsup/cygwin/security.cc patch | blob | history
winsup/cygwin/security.h patch | blob | history

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 884e169..918eb4d 100644 (file)
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,13 @@
+2003-02-03  Pierre Humblet  <pierre.humblet@ieee.org>
+
+       * security.h: Add third argument to set_process_privilege.
+       * autoload.cc: Add OpenThreadToken.
+       * sec_helper.cc (set_process_privilege): Add and use use_thread
+       argument.
+       * security.cc (alloc_sd): Modify call to set_process_privilege.
+       Remember the result in each process. If failed and file owner is not
+       the user, fail.
+
 2003-02-03  Corinna Vinschen  <corinna@vinschen.de>
 
        * fhandler_socket.cc (fhandler_socket::recvfrom): Return buffer
diff --git a/winsup/cygwin/autoload.cc b/winsup/cygwin/autoload.cc
index 9166940..3c21d1e 100644 (file)
--- a/winsup/cygwin/autoload.cc
+++ b/winsup/cygwin/autoload.cc
@@ -352,6 +352,7 @@ LoadDLLfunc (LsaOpenPolicy, 16, advapi32)
 LoadDLLfunc (LsaQueryInformationPolicy, 12, advapi32)
 LoadDLLfunc (MakeSelfRelativeSD, 12, advapi32)
 LoadDLLfunc (OpenProcessToken, 12, advapi32)
+LoadDLLfunc (OpenThreadToken, 16, advapi32)
 LoadDLLfunc (RegCloseKey, 4, advapi32)
 LoadDLLfunc (RegCreateKeyExA, 36, advapi32)
 LoadDLLfunc (RegDeleteKeyA, 8, advapi32)
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 86389da..9c49c0a 100644 (file)
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -294,7 +294,7 @@ got_it:
 #endif //unused
 
 int
-set_process_privilege (const char *privilege, BOOL enable)
+set_process_privilege (const char *privilege, bool enable, bool use_thread)
 {
   HANDLE hToken = NULL;
   LUID restore_priv;
@@ -302,8 +302,12 @@ set_process_privilege (const char *privilege, BOOL enable)
   int ret = -1;
   DWORD size;
 
-  if (!OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
-                        &hToken))
+  if ((use_thread
+       && !OpenThreadToken (GetCurrentThread (), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
+                           0, &hToken))
+      ||(!use_thread
+        && !OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
+                            &hToken)))
     {
       __seterrno ();
       goto out;
@@ -329,7 +333,6 @@ set_process_privilege (const char *privilege, BOOL enable)
      be enabled. GetLastError () returns an correct error code, though. */
   if (enable && GetLastError () == ERROR_NOT_ALL_ASSIGNED)
     {
-      debug_printf ("Privilege %s couldn't be assigned", privilege);
       __seterrno ();
       goto out;
     }
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 617ec46..224eff4 100644 (file)
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1563,9 +1563,20 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
     }
   owner_sid.debug_print ("alloc_sd: owner SID =");
 
-  /* Must have SE_RESTORE_NAME privilege to change owner */
-  if (cur_owner_sid && owner_sid != cur_owner_sid
-      && set_process_privilege (SE_RESTORE_NAME) < 0 )
+  /* Try turning privilege on, may not have WRITE_OWNER or WRITE_DAC access.
+     Must have privilege to set different owner, else BackupWrite misbehaves */
+  static int NO_COPY saved_res; /* 0: never, 1: failed, 2 & 3: OK */
+  int res;
+  if (!saved_res || cygheap->user.issetuid ())
+    {
+      res = 2 + set_process_privilege (SE_RESTORE_NAME, true,
+                                      cygheap->user.issetuid ());
+      if (!cygheap->user.issetuid ())
+       saved_res = res;
+    }
+  else
+    res = saved_res;
+  if (res == 1 && owner_sid != cygheap->user.sid ())
     return NULL;
 
   /* Get SID of new group. */
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 7ed0307..a2a46a4 100644 (file)
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -236,7 +236,7 @@ BOOL get_logon_server (const char * domain, char * server, WCHAR *wserver = NULL
 
 /* sec_helper.cc: Security helper functions. */
 BOOL __stdcall is_grp_member (__uid32_t uid, __gid32_t gid);
-int set_process_privilege (const char *privilege, BOOL enable = TRUE);
+int set_process_privilege (const char *privilege, bool enable = true, bool use_thread = false);
 
 /* shared.cc: */
 /* Retrieve a security descriptor that allows all access */
Yet another clone of sourceware.org.
About OSDN
Find Software
Develop Software
Help