* sec_auth.cc (get_token_group_sidlist): Add CONSOLE LOGON SID on

systems supporting it. Never add SERVICE SID but keep code in for future reference. Explain why. (get_priv_list): Add cygpsid pointer parameter. Point it to the mandatory integrity SID which matches account and privileges. (create_token): Fetch mandatory integrity SID from call to get_priv_list. (lsaauth): Call get_priv_list with additional NULL pointer. Change comment accordingly. * sec_helper.cc (well_known_console_logon_sid): New static SID. (cygpriv): Change to structure containing extra flag to store info about required integrity level. (privilege_luid): Accommodate changes to cygpriv. Return integrity level in new high_integrity parameter. (privilege_name): Accommodate changes to cygpriv. (set_privilege): Drop trailing \n from debug output. (set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore since it's just not needed, but keep code in for future reference. Change comment accordingly. * security.h (well_known_console_logon_sid): Declare. (privilege_luid): Align declaration to above change. * wincap.h (wincaps::has_console_logon_sid): New element. * wincap.cc: Implement above element throughout.
2011-10-15 16:31:57 +00:00
parent 551a3d64c9
commit c52fd6cd47
6 changed files with 130 additions and 67 deletions
--- a/winsup/cygwin/wincap.h
+++ b/winsup/cygwin/wincap.h
@@ -41,6 +41,7 @@ struct wincaps
  unsigned has_restricted_raw_disk_access		: 1;
  unsigned use_dont_resolve_hack			: 1;
  unsigned has_stack_size_param_is_a_reservation	: 1;
+  unsigned has_console_logon_sid			: 1;
 };

 class wincapc
@@ -90,6 +91,7 @@ public:
  bool	IMPLEMENT (has_restricted_raw_disk_access)
  bool	IMPLEMENT (use_dont_resolve_hack)
  bool	IMPLEMENT (has_stack_size_param_is_a_reservation)
+  bool	IMPLEMENT (has_console_logon_sid)

 #undef IMPLEMENT
 };