cygwin_logon_user: Return non-privileged token as well
If the calling process doesn't have sufficient privileges to fetch the linked token of an admin-user token, cygwin_logon_user fails. This patch changes that by returning the original, unprivileged token of the admin user to allow authentication and calling setuid for the current process. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
parent
d44ec01ea1
commit
b5c80f5a59
@ -172,13 +172,17 @@ cygwin_logon_user (const struct passwd *pw, const char *password)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
HANDLE hPrivToken = NULL;
|
||||||
|
|
||||||
/* See the comment in get_full_privileged_inheritable_token for a
|
/* See the comment in get_full_privileged_inheritable_token for a
|
||||||
description why we enable TCB privileges here. */
|
description why we enable TCB privileges here. */
|
||||||
push_self_privilege (SE_TCB_PRIVILEGE, true);
|
push_self_privilege (SE_TCB_PRIVILEGE, true);
|
||||||
hToken = get_full_privileged_inheritable_token (hToken);
|
hPrivToken = get_full_privileged_inheritable_token (hToken);
|
||||||
pop_self_privilege ();
|
pop_self_privilege ();
|
||||||
if (!hToken)
|
if (!hPrivToken)
|
||||||
hToken = INVALID_HANDLE_VALUE;
|
debug_printf ("Can't fetch linked token (%E), use standard token");
|
||||||
|
else
|
||||||
|
hToken = hPrivToken;
|
||||||
}
|
}
|
||||||
RtlSecureZeroMemory (passwd, NT_MAX_PATH);
|
RtlSecureZeroMemory (passwd, NT_MAX_PATH);
|
||||||
cygheap->user.reimpersonate ();
|
cygheap->user.reimpersonate ();
|
||||||
|
Loading…
Reference in New Issue
Block a user