* sec_auth.cc (get_token_group_sidlist): Add CONSOLE LOGON SID on

systems supporting it. Never add SERVICE SID but keep code in for future reference. Explain why. (get_priv_list): Add cygpsid pointer parameter. Point it to the mandatory integrity SID which matches account and privileges. (create_token): Fetch mandatory integrity SID from call to get_priv_list. (lsaauth): Call get_priv_list with additional NULL pointer. Change comment accordingly. * sec_helper.cc (well_known_console_logon_sid): New static SID. (cygpriv): Change to structure containing extra flag to store info about required integrity level. (privilege_luid): Accommodate changes to cygpriv. Return integrity level in new high_integrity parameter. (privilege_name): Accommodate changes to cygpriv. (set_privilege): Drop trailing \n from debug output. (set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore since it's just not needed, but keep code in for future reference. Change comment accordingly. * security.h (well_known_console_logon_sid): Declare. (privilege_luid): Align declaration to above change. * wincap.h (wincaps::has_console_logon_sid): New element. * wincap.cc: Implement above element throughout.
2011-10-15 16:31:57 +00:00
parent 551a3d64c9
commit c52fd6cd47
6 changed files with 130 additions and 67 deletions
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@@ -51,6 +51,7 @@ wincaps wincap_2000 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_restricted_raw_disk_access:false,
  use_dont_resolve_hack:false,
  has_stack_size_param_is_a_reservation:false,
+  has_console_logon_sid:false,
 };

 wincaps wincap_2000sp4 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -81,6 +82,7 @@ wincaps wincap_2000sp4 __attribute__((section (".cygwin_dll_common"), shared)) =
  has_restricted_raw_disk_access:false,
  use_dont_resolve_hack:false,
  has_stack_size_param_is_a_reservation:false,
+  has_console_logon_sid:false,
 };

 wincaps wincap_xp __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -111,6 +113,7 @@ wincaps wincap_xp __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_restricted_raw_disk_access:false,
  use_dont_resolve_hack:true,
  has_stack_size_param_is_a_reservation:true,
+  has_console_logon_sid:false,
 };

 wincaps wincap_xpsp1 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -141,6 +144,7 @@ wincaps wincap_xpsp1 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_restricted_raw_disk_access:false,
  use_dont_resolve_hack:true,
  has_stack_size_param_is_a_reservation:true,
+  has_console_logon_sid:false,
 };

 wincaps wincap_xpsp2 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -171,6 +175,7 @@ wincaps wincap_xpsp2 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_restricted_raw_disk_access:false,
  use_dont_resolve_hack:true,
  has_stack_size_param_is_a_reservation:true,
+  has_console_logon_sid:false,
 };

 wincaps wincap_2003 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -201,6 +206,7 @@ wincaps wincap_2003 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_restricted_raw_disk_access:false,
  use_dont_resolve_hack:true,
  has_stack_size_param_is_a_reservation:true,
+  has_console_logon_sid:false,
 };

 wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -231,6 +237,7 @@ wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_restricted_raw_disk_access:true,
  use_dont_resolve_hack:false,
  has_stack_size_param_is_a_reservation:true,
+  has_console_logon_sid:false,
 };

 wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -261,6 +268,7 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_restricted_raw_disk_access:true,
  use_dont_resolve_hack:false,
  has_stack_size_param_is_a_reservation:true,
+  has_console_logon_sid:true,
 };

 wincapc wincap __attribute__((section (".cygwin_dll_common"), shared));