2003-10-16 Pierre Humblet <pierre.humblet@ieee.org>

* syscalls.cc (seteuid32): Always construct a default DACL including
	the new sid, Admins and SYSTEM and copy it to the new thread token.
	* security.cc (create_token): Use a NULL default DACL in NtCreateToken.
This commit is contained in:
Pierre Humblet
2003-10-16 23:20:41 +00:00
parent abfc9c412c
commit 9808b5c420
2 changed files with 16 additions and 23 deletions

View File

@@ -815,8 +815,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
PTOKEN_PRIVILEGES privs = NULL;
TOKEN_OWNER owner;
TOKEN_PRIMARY_GROUP pgrp;
char acl_buf[MAX_DACL_LEN (5)];
TOKEN_DEFAULT_DACL dacl;
TOKEN_DEFAULT_DACL dacl = {};
TOKEN_SOURCE source;
TOKEN_STATISTICS stats;
memcpy (source.SourceName, "Cygwin.1", 8);
@@ -905,13 +904,6 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
if (!(privs = get_priv_list (lsa, usersid, tmp_gsids)))
goto out;
/* Create default dacl. */
if (!sec_acl ((PACL) acl_buf, false, false,
tmp_gsids.contains (well_known_admins_sid) ?
well_known_admins_sid : usersid))
goto out;
dacl.DefaultDacl = (PACL) acl_buf;
/* Let's be heroic... */
ret = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation,
&auth_luid, &exp, &user, new_tok_gsids, privs, &owner,