-2005-06-06 Corinna Vinschen <corinna@vinschen.de>
+2005-06-08 Corinna Vinschen <corinna@vinschen.de>
+
+ * security.cc (cygwin_logon_user): Run LogonUser in the primary
+ process token context. Fix potential handle leak.
+
+2005-06-07 Corinna Vinschen <corinna@vinschen.de>
* pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically.
extract_nt_dom_user (pw, nt_domain, nt_user);
debug_printf ("LogonUserA (%s, %s, %s, ...)", nt_user, nt_domain, password);
+ /* CV 2005-06-08: LogonUser should run under the primary process token,
+ otherwise it returns with ERROR_ACCESS_DENIED on W2K. Don't ask me why. */
+ RevertToSelf ();
if (!LogonUserA (nt_user, *nt_domain ? nt_domain : NULL, (char *) password,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
- &hToken)
- || !SetHandleInformation (hToken,
- HANDLE_FLAG_INHERIT,
- HANDLE_FLAG_INHERIT))
+ &hToken))
{
__seterrno ();
- return INVALID_HANDLE_VALUE;
+ hToken = INVALID_HANDLE_VALUE;
+ }
+ else if (!SetHandleInformation (hToken,
+ HANDLE_FLAG_INHERIT,
+ HANDLE_FLAG_INHERIT))
+ {
+ __seterrno ();
+ CloseHandle (hToken);
+ hToken = INVALID_HANDLE_VALUE;
}
+ cygheap->user.reimpersonate ();
debug_printf ("%d = logon_user(%s,...)", hToken, pw->pw_name);
return hToken;
}
OSDN Git Service
