cygwin_logon_user: Return non-privileged token as well

If the calling process doesn't have sufficient privileges to
	fetch the linked token of an admin-user token, cygwin_logon_user
	fails.  This patch changes that by returning the original,
	unprivileged token of the admin user to allow authentication
	and calling setuid for the current process.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2016-01-21 18:32:16 +01:00
parent d44ec01ea1
commit b5c80f5a59

View File

@ -172,13 +172,17 @@ cygwin_logon_user (const struct passwd *pw, const char *password)
}
else
{
HANDLE hPrivToken = NULL;
/* See the comment in get_full_privileged_inheritable_token for a
description why we enable TCB privileges here. */
push_self_privilege (SE_TCB_PRIVILEGE, true);
hToken = get_full_privileged_inheritable_token (hToken);
hPrivToken = get_full_privileged_inheritable_token (hToken);
pop_self_privilege ();
if (!hToken)
hToken = INVALID_HANDLE_VALUE;
if (!hPrivToken)
debug_printf ("Can't fetch linked token (%E), use standard token");
else
hToken = hPrivToken;
}
RtlSecureZeroMemory (passwd, NT_MAX_PATH);
cygheap->user.reimpersonate ();