* pinfo.cc (pinfo_init): Eliminate call to `set_process_privileges'.

* security.cc (write_sd): Call `set_process_privileges' on the first
        call to `write_sd'.
        (set_process_privileges): Eliminate adjusting SE_BACKUP_NAME privilege.
This commit is contained in:
Corinna Vinschen 2000-10-22 10:13:30 +00:00
parent 5693c8d55b
commit b150b20cfd
3 changed files with 21 additions and 25 deletions

View File

@ -1,3 +1,10 @@
Sun Oct 22 12:07:00 2000 Corinna Vinschen <corinna@vinschen.de>
* pinfo.cc (pinfo_init): Eliminate call to `set_process_privileges'.
* security.cc (write_sd): Call `set_process_privileges' on the first
call to `write_sd'.
(set_process_privileges): Eliminate adjusting SE_BACKUP_NAME privilege.
Sat Oct 21 16:57:23 2000 Christopher Faylor <cgf@cygnus.com> Sat Oct 21 16:57:23 2000 Christopher Faylor <cgf@cygnus.com>
* pinfo.cc (pinfo::init): Make PID_EXECED signal creation as well as * pinfo.cc (pinfo::init): Make PID_EXECED signal creation as well as

View File

@ -109,11 +109,6 @@ pinfo_init (char **envp, int envc)
environ_init (NULL, 0); /* call after myself has been set up */ environ_init (NULL, 0); /* call after myself has been set up */
} }
/* Allow backup semantics. It's better done only once on process start
instead of each time a file is opened. */
if (allow_ntsec)
set_process_privileges ();
debug_printf ("pid %d, pgid %d", myself->pid, myself->pgid); debug_printf ("pid %d, pgid %d", myself->pid, myself->pgid);
} }

View File

@ -540,6 +540,14 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
return -1; return -1;
} }
/* No need to be thread save. */
static BOOL first_time = TRUE;
if (first_time)
{
set_process_privileges ();
first_time = FALSE;
}
HANDLE fh; HANDLE fh;
fh = CreateFile (file, fh = CreateFile (file,
WRITE_OWNER | WRITE_DAC, WRITE_OWNER | WRITE_DAC,
@ -604,14 +612,10 @@ set_process_privileges ()
{ {
HANDLE hToken = NULL; HANDLE hToken = NULL;
LUID restore_priv; LUID restore_priv;
LUID backup_priv; TOKEN_PRIVILEGES new_priv;
char buf[sizeof (TOKEN_PRIVILEGES) + 2 * sizeof (LUID_AND_ATTRIBUTES)];
TOKEN_PRIVILEGES *new_priv = (TOKEN_PRIVILEGES *) buf;
int ret = -1; int ret = -1;
if (! OpenProcessToken (hMainProc, if (! OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
&hToken))
{ {
__seterrno (); __seterrno ();
goto out; goto out;
@ -622,19 +626,12 @@ set_process_privileges ()
__seterrno (); __seterrno ();
goto out; goto out;
} }
if (! LookupPrivilegeValue (NULL, SE_BACKUP_NAME, &backup_priv))
{
__seterrno ();
goto out;
}
new_priv->PrivilegeCount = 2; new_priv.PrivilegeCount = 1;
new_priv->Privileges[0].Luid = restore_priv; new_priv.Privileges[0].Luid = restore_priv;
new_priv->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; new_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
new_priv->Privileges[1].Luid = backup_priv;
new_priv->Privileges[1].Attributes = SE_PRIVILEGE_ENABLED;
if (! AdjustTokenPrivileges (hToken, FALSE, new_priv, 0, NULL, NULL)) if (! AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
{ {
__seterrno (); __seterrno ();
goto out; goto out;
@ -642,9 +639,6 @@ set_process_privileges ()
ret = 0; ret = 0;
if (ret == -1)
__seterrno ();
out: out:
if (hToken) if (hToken)
CloseHandle (hToken); CloseHandle (hToken);