cygwin_logon_user: Return non-privileged token as well
If the calling process doesn't have sufficient privileges to fetch the linked token of an admin-user token, cygwin_logon_user fails. This patch changes that by returning the original, unprivileged token of the admin user to allow authentication and calling setuid for the current process. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
parent
d44ec01ea1
commit
b5c80f5a59
@ -172,13 +172,17 @@ cygwin_logon_user (const struct passwd *pw, const char *password)
|
||||
}
|
||||
else
|
||||
{
|
||||
HANDLE hPrivToken = NULL;
|
||||
|
||||
/* See the comment in get_full_privileged_inheritable_token for a
|
||||
description why we enable TCB privileges here. */
|
||||
push_self_privilege (SE_TCB_PRIVILEGE, true);
|
||||
hToken = get_full_privileged_inheritable_token (hToken);
|
||||
hPrivToken = get_full_privileged_inheritable_token (hToken);
|
||||
pop_self_privilege ();
|
||||
if (!hToken)
|
||||
hToken = INVALID_HANDLE_VALUE;
|
||||
if (!hPrivToken)
|
||||
debug_printf ("Can't fetch linked token (%E), use standard token");
|
||||
else
|
||||
hToken = hPrivToken;
|
||||
}
|
||||
RtlSecureZeroMemory (passwd, NT_MAX_PATH);
|
||||
cygheap->user.reimpersonate ();
|
||||
|
Loading…
Reference in New Issue
Block a user