* pinfo.cc (pinfo_init): Eliminate call to `set_process_privileges'.
* security.cc (write_sd): Call `set_process_privileges' on the first call to `write_sd'. (set_process_privileges): Eliminate adjusting SE_BACKUP_NAME privilege.
This commit is contained in:
parent
5693c8d55b
commit
b150b20cfd
|
@ -1,3 +1,10 @@
|
||||||
|
Sun Oct 22 12:07:00 2000 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* pinfo.cc (pinfo_init): Eliminate call to `set_process_privileges'.
|
||||||
|
* security.cc (write_sd): Call `set_process_privileges' on the first
|
||||||
|
call to `write_sd'.
|
||||||
|
(set_process_privileges): Eliminate adjusting SE_BACKUP_NAME privilege.
|
||||||
|
|
||||||
Sat Oct 21 16:57:23 2000 Christopher Faylor <cgf@cygnus.com>
|
Sat Oct 21 16:57:23 2000 Christopher Faylor <cgf@cygnus.com>
|
||||||
|
|
||||||
* pinfo.cc (pinfo::init): Make PID_EXECED signal creation as well as
|
* pinfo.cc (pinfo::init): Make PID_EXECED signal creation as well as
|
||||||
|
|
|
@ -109,11 +109,6 @@ pinfo_init (char **envp, int envc)
|
||||||
environ_init (NULL, 0); /* call after myself has been set up */
|
environ_init (NULL, 0); /* call after myself has been set up */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Allow backup semantics. It's better done only once on process start
|
|
||||||
instead of each time a file is opened. */
|
|
||||||
if (allow_ntsec)
|
|
||||||
set_process_privileges ();
|
|
||||||
|
|
||||||
debug_printf ("pid %d, pgid %d", myself->pid, myself->pgid);
|
debug_printf ("pid %d, pgid %d", myself->pid, myself->pgid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -540,6 +540,14 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* No need to be thread save. */
|
||||||
|
static BOOL first_time = TRUE;
|
||||||
|
if (first_time)
|
||||||
|
{
|
||||||
|
set_process_privileges ();
|
||||||
|
first_time = FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
HANDLE fh;
|
HANDLE fh;
|
||||||
fh = CreateFile (file,
|
fh = CreateFile (file,
|
||||||
WRITE_OWNER | WRITE_DAC,
|
WRITE_OWNER | WRITE_DAC,
|
||||||
|
@ -604,14 +612,10 @@ set_process_privileges ()
|
||||||
{
|
{
|
||||||
HANDLE hToken = NULL;
|
HANDLE hToken = NULL;
|
||||||
LUID restore_priv;
|
LUID restore_priv;
|
||||||
LUID backup_priv;
|
TOKEN_PRIVILEGES new_priv;
|
||||||
char buf[sizeof (TOKEN_PRIVILEGES) + 2 * sizeof (LUID_AND_ATTRIBUTES)];
|
|
||||||
TOKEN_PRIVILEGES *new_priv = (TOKEN_PRIVILEGES *) buf;
|
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
if (! OpenProcessToken (hMainProc,
|
if (! OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
|
||||||
TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
|
|
||||||
&hToken))
|
|
||||||
{
|
{
|
||||||
__seterrno ();
|
__seterrno ();
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -622,19 +626,12 @@ set_process_privileges ()
|
||||||
__seterrno ();
|
__seterrno ();
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
if (! LookupPrivilegeValue (NULL, SE_BACKUP_NAME, &backup_priv))
|
|
||||||
{
|
|
||||||
__seterrno ();
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
new_priv->PrivilegeCount = 2;
|
new_priv.PrivilegeCount = 1;
|
||||||
new_priv->Privileges[0].Luid = restore_priv;
|
new_priv.Privileges[0].Luid = restore_priv;
|
||||||
new_priv->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
new_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||||
new_priv->Privileges[1].Luid = backup_priv;
|
|
||||||
new_priv->Privileges[1].Attributes = SE_PRIVILEGE_ENABLED;
|
|
||||||
|
|
||||||
if (! AdjustTokenPrivileges (hToken, FALSE, new_priv, 0, NULL, NULL))
|
if (! AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
|
||||||
{
|
{
|
||||||
__seterrno ();
|
__seterrno ();
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -642,9 +639,6 @@ set_process_privileges ()
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
if (ret == -1)
|
|
||||||
__seterrno ();
|
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (hToken)
|
if (hToken)
|
||||||
CloseHandle (hToken);
|
CloseHandle (hToken);
|
||||||
|
|
Loading…
Reference in New Issue