From 153e83c605ece91e9b7e6b15a30591ca218fb9c9 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Mon, 3 Feb 2003 15:55:20 +0000
Subject: [PATCH] 	* security.h: Add third argument to
 set_process_privilege. 	* autoload.cc: Add OpenThreadToken. 	*
 sec_helper.cc (set_process_privilege): Add and use use_thread 	argument. 
 * security.cc (alloc_sd): Modify call to set_process_privilege. 
 Remember the result in each process. If failed and file owner is not 	the
 user, fail.

---
 winsup/cygwin/ChangeLog     | 10 ++++++++++
 winsup/cygwin/autoload.cc   |  1 +
 winsup/cygwin/sec_helper.cc | 11 +++++++----
 winsup/cygwin/security.cc   | 17 ++++++++++++++---
 winsup/cygwin/security.h    |  2 +-
 5 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 884e169c7..918eb4d3b 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,13 @@
+2003-02-03  Pierre Humblet  <pierre.humblet@ieee.org>
+
+	* security.h: Add third argument to set_process_privilege.
+	* autoload.cc: Add OpenThreadToken.
+	* sec_helper.cc (set_process_privilege): Add and use use_thread
+	argument.
+	* security.cc (alloc_sd): Modify call to set_process_privilege.
+	Remember the result in each process. If failed and file owner is not
+	the user, fail.
+
 2003-02-03  Corinna Vinschen  <corinna@vinschen.de>
 
 	* fhandler_socket.cc (fhandler_socket::recvfrom): Return buffer
diff --git a/winsup/cygwin/autoload.cc b/winsup/cygwin/autoload.cc
index 916694056..3c21d1e29 100644
--- a/winsup/cygwin/autoload.cc
+++ b/winsup/cygwin/autoload.cc
@@ -352,6 +352,7 @@ LoadDLLfunc (LsaOpenPolicy, 16, advapi32)
 LoadDLLfunc (LsaQueryInformationPolicy, 12, advapi32)
 LoadDLLfunc (MakeSelfRelativeSD, 12, advapi32)
 LoadDLLfunc (OpenProcessToken, 12, advapi32)
+LoadDLLfunc (OpenThreadToken, 16, advapi32)
 LoadDLLfunc (RegCloseKey, 4, advapi32)
 LoadDLLfunc (RegCreateKeyExA, 36, advapi32)
 LoadDLLfunc (RegDeleteKeyA, 8, advapi32)
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 86389da74..9c49c0a59 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -294,7 +294,7 @@ got_it:
 #endif //unused
 
 int
-set_process_privilege (const char *privilege, BOOL enable)
+set_process_privilege (const char *privilege, bool enable, bool use_thread)
 {
   HANDLE hToken = NULL;
   LUID restore_priv;
@@ -302,8 +302,12 @@ set_process_privilege (const char *privilege, BOOL enable)
   int ret = -1;
   DWORD size;
 
-  if (!OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
-			 &hToken))
+  if ((use_thread
+       && !OpenThreadToken (GetCurrentThread (), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
+			    0, &hToken))
+      ||(!use_thread
+	 && !OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
+			     &hToken)))
     {
       __seterrno ();
       goto out;
@@ -329,7 +333,6 @@ set_process_privilege (const char *privilege, BOOL enable)
      be enabled. GetLastError () returns an correct error code, though. */
   if (enable && GetLastError () == ERROR_NOT_ALL_ASSIGNED)
     {
-      debug_printf ("Privilege %s couldn't be assigned", privilege);
       __seterrno ();
       goto out;
     }
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 617ec4612..224eff438 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1563,9 +1563,20 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
     }
   owner_sid.debug_print ("alloc_sd: owner SID =");
 
-  /* Must have SE_RESTORE_NAME privilege to change owner */
-  if (cur_owner_sid && owner_sid != cur_owner_sid
-      && set_process_privilege (SE_RESTORE_NAME) < 0 )
+  /* Try turning privilege on, may not have WRITE_OWNER or WRITE_DAC access.
+     Must have privilege to set different owner, else BackupWrite misbehaves */
+  static int NO_COPY saved_res; /* 0: never, 1: failed, 2 & 3: OK */
+  int res;
+  if (!saved_res || cygheap->user.issetuid ())
+    {
+      res = 2 + set_process_privilege (SE_RESTORE_NAME, true,
+				       cygheap->user.issetuid ());
+      if (!cygheap->user.issetuid ())
+	saved_res = res;
+    }
+  else
+    res = saved_res;
+  if (res == 1 && owner_sid != cygheap->user.sid ())
     return NULL;
 
   /* Get SID of new group. */
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 7ed0307ce..a2a46a433 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -236,7 +236,7 @@ BOOL get_logon_server (const char * domain, char * server, WCHAR *wserver = NULL
 
 /* sec_helper.cc: Security helper functions. */
 BOOL __stdcall is_grp_member (__uid32_t uid, __gid32_t gid);
-int set_process_privilege (const char *privilege, BOOL enable = TRUE);
+int set_process_privilege (const char *privilege, bool enable = true, bool use_thread = false);
 
 /* shared.cc: */
 /* Retrieve a security descriptor that allows all access */