* security.h: Add third argument to set_process_privilege.

* autoload.cc: Add OpenThreadToken. * sec_helper.cc (set_process_privilege): Add and use use_thread argument. * security.cc (alloc_sd): Modify call to set_process_privilege. Remember the result in each process. If failed and file owner is not the user, fail.
2003-02-03 15:55:20 +00:00
parent f0f3ea68f3
commit 153e83c605
5 changed files with 33 additions and 8 deletions
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -294,7 +294,7 @@ got_it:
 #endif //unused

 int
-set_process_privilege (const char *privilege, BOOL enable)
+set_process_privilege (const char *privilege, bool enable, bool use_thread)
 {
  HANDLE hToken = NULL;
  LUID restore_priv;
@@ -302,8 +302,12 @@ set_process_privilege (const char *privilege, BOOL enable)
  int ret = -1;
  DWORD size;

-  if (!OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
-			 &hToken))
+  if ((use_thread
+       && !OpenThreadToken (GetCurrentThread (), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
+			    0, &hToken))
+      ||(!use_thread
+	 && !OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
+			     &hToken)))
    {
      __seterrno ();
      goto out;
@@ -329,7 +333,6 @@ set_process_privilege (const char *privilege, BOOL enable)
     be enabled. GetLastError () returns an correct error code, though. */
  if (enable && GetLastError () == ERROR_NOT_ALL_ASSIGNED)
    {
-      debug_printf ("Privilege %s couldn't be assigned", privilege);
      __seterrno ();
      goto out;
    }