* cygheap.cc (cygheap_init): Fix formatting. Remove comment. Set

shared_prefix depending only on terminal service capability.
	* dcrt0.cc (dll_crt0_1): Don't call set_cygwin_privileges here.
	* fhandler_fifo.cc (fhandler_fifo::open): Create the mutex as global
	object.
	* posix_ipc.cc (ipc_mutex_init): Use cygheap->shared_prefix.
	(ipc_cond_init): Ditto.
	* sec_helper.cc (privilege_name): Make static.  Use LookupPrivilegeName
	directly to be independent of the state of cygheap.
	(set_privilege): Take a LUID as parameter instead of an index value.
	Only print debug output in case of failure.
	(set_cygwin_privileges): Add comment.  Use LookupPrivilegeValue to
	get privilege LUIDs.
	(init_global_security): Call set_cygwin_privileges here.
	* security.h (privilege_name): Drop declaration.
	(set_privilege): Declare according to above change.
	(set_process_privilege): Call privilege_luid to get LUID.
	(_push_thread_privilege): Ditto.
	* shared.cc (open_shared): Add comment.  On systems supporting the
	SeCreateGlobalPrivilege, try to create/open global shared memory first.
	Fall back to local shared memory if that fails.
	* thread.cc (semaphore::semaphore): Use cygheap->shared_prefix.
	* wincap.h (wincapc::has_create_global_privilege): New element.
	* wincap.cc: Implement above element throughout.
This commit is contained in:
Corinna Vinschen
2007-03-29 16:37:36 +00:00
parent 519aec5d59
commit e6fbf13e48
11 changed files with 111 additions and 58 deletions

View File

@@ -427,23 +427,22 @@ privilege_luid_by_name (const char *pname)
return NULL;
}
const char *
privilege_name (cygpriv_idx idx)
static const char *
privilege_name (const LUID *priv_luid, char *buf, DWORD *size)
{
if (idx < 0 || idx >= SE_NUM_PRIVS)
if (!priv_luid || !LookupPrivilegeName (NULL, (LUID *) priv_luid, buf, size))
return "<unknown privilege>";
return cygpriv[idx];
return buf;
}
int
set_privilege (HANDLE token, cygpriv_idx privilege, bool enable)
set_privilege (HANDLE token, const LUID *priv_luid, bool enable)
{
int ret = -1;
const LUID *priv_luid;
TOKEN_PRIVILEGES new_priv, orig_priv;
DWORD size;
if (!(priv_luid = privilege_luid (privilege)))
if (!priv_luid)
{
__seterrno ();
goto out;
@@ -474,16 +473,29 @@ set_privilege (HANDLE token, cygpriv_idx privilege, bool enable)
ret = (orig_priv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) ? 1 : 0;
out:
syscall_printf ("%d = set_privilege ((token %x) %s, %d)",
ret, token, privilege_name (privilege), enable);
if (ret < 0)
{
DWORD siz = 256;
char buf[siz];
debug_printf ("%d = set_privilege ((token %x) %s, %d)",
ret, token, privilege_name (priv_luid, buf, &siz), enable);
}
return ret;
}
/* This is called very early in process initialization. The code must
not depend on anything. */
void
set_cygwin_privileges (HANDLE token)
{
set_privilege (token, SE_RESTORE_PRIV, true);
set_privilege (token, SE_BACKUP_PRIV, true);
LUID priv_luid;
if (LookupPrivilegeValue (NULL, SE_RESTORE_NAME, &priv_luid))
set_privilege (token, &priv_luid, true);
if (LookupPrivilegeValue (NULL, SE_BACKUP_NAME, &priv_luid))
set_privilege (token, &priv_luid, true);
if (LookupPrivilegeValue (NULL, SE_CREATE_GLOBAL_NAME, &priv_luid))
set_privilege (token, &priv_luid, true);
}
/* Function to return a common SECURITY_DESCRIPTOR that
@@ -518,6 +530,8 @@ init_global_security ()
sec_none.lpSecurityDescriptor = sec_none_nih.lpSecurityDescriptor = NULL;
sec_all.lpSecurityDescriptor = sec_all_nih.lpSecurityDescriptor =
get_null_sd ();
set_cygwin_privileges (hProcToken);
}
bool