cygwin_logon_user: Return non-privileged token as well

If the calling process doesn't have sufficient privileges to
	fetch the linked token of an admin-user token, cygwin_logon_user
	fails.  This patch changes that by returning the original,
	unprivileged token of the admin user to allow authentication
	and calling setuid for the current process.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2016-01-21 18:32:16 +01:00
parent d44ec01ea1
commit b5c80f5a59

View File

@ -172,13 +172,17 @@ cygwin_logon_user (const struct passwd *pw, const char *password)
} }
else else
{ {
HANDLE hPrivToken = NULL;
/* See the comment in get_full_privileged_inheritable_token for a /* See the comment in get_full_privileged_inheritable_token for a
description why we enable TCB privileges here. */ description why we enable TCB privileges here. */
push_self_privilege (SE_TCB_PRIVILEGE, true); push_self_privilege (SE_TCB_PRIVILEGE, true);
hToken = get_full_privileged_inheritable_token (hToken); hPrivToken = get_full_privileged_inheritable_token (hToken);
pop_self_privilege (); pop_self_privilege ();
if (!hToken) if (!hPrivToken)
hToken = INVALID_HANDLE_VALUE; debug_printf ("Can't fetch linked token (%E), use standard token");
else
hToken = hPrivToken;
} }
RtlSecureZeroMemory (passwd, NT_MAX_PATH); RtlSecureZeroMemory (passwd, NT_MAX_PATH);
cygheap->user.reimpersonate (); cygheap->user.reimpersonate ();