* cygheap.cc (cygheap_init): Fix formatting. Remove comment. Set
shared_prefix depending only on terminal service capability. * dcrt0.cc (dll_crt0_1): Don't call set_cygwin_privileges here. * fhandler_fifo.cc (fhandler_fifo::open): Create the mutex as global object. * posix_ipc.cc (ipc_mutex_init): Use cygheap->shared_prefix. (ipc_cond_init): Ditto. * sec_helper.cc (privilege_name): Make static. Use LookupPrivilegeName directly to be independent of the state of cygheap. (set_privilege): Take a LUID as parameter instead of an index value. Only print debug output in case of failure. (set_cygwin_privileges): Add comment. Use LookupPrivilegeValue to get privilege LUIDs. (init_global_security): Call set_cygwin_privileges here. * security.h (privilege_name): Drop declaration. (set_privilege): Declare according to above change. (set_process_privilege): Call privilege_luid to get LUID. (_push_thread_privilege): Ditto. * shared.cc (open_shared): Add comment. On systems supporting the SeCreateGlobalPrivilege, try to create/open global shared memory first. Fall back to local shared memory if that fails. * thread.cc (semaphore::semaphore): Use cygheap->shared_prefix. * wincap.h (wincapc::has_create_global_privilege): New element. * wincap.cc: Implement above element throughout.
This commit is contained in:
@@ -427,23 +427,22 @@ privilege_luid_by_name (const char *pname)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *
|
||||
privilege_name (cygpriv_idx idx)
|
||||
static const char *
|
||||
privilege_name (const LUID *priv_luid, char *buf, DWORD *size)
|
||||
{
|
||||
if (idx < 0 || idx >= SE_NUM_PRIVS)
|
||||
if (!priv_luid || !LookupPrivilegeName (NULL, (LUID *) priv_luid, buf, size))
|
||||
return "<unknown privilege>";
|
||||
return cygpriv[idx];
|
||||
return buf;
|
||||
}
|
||||
|
||||
int
|
||||
set_privilege (HANDLE token, cygpriv_idx privilege, bool enable)
|
||||
set_privilege (HANDLE token, const LUID *priv_luid, bool enable)
|
||||
{
|
||||
int ret = -1;
|
||||
const LUID *priv_luid;
|
||||
TOKEN_PRIVILEGES new_priv, orig_priv;
|
||||
DWORD size;
|
||||
|
||||
if (!(priv_luid = privilege_luid (privilege)))
|
||||
if (!priv_luid)
|
||||
{
|
||||
__seterrno ();
|
||||
goto out;
|
||||
@@ -474,16 +473,29 @@ set_privilege (HANDLE token, cygpriv_idx privilege, bool enable)
|
||||
ret = (orig_priv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) ? 1 : 0;
|
||||
|
||||
out:
|
||||
syscall_printf ("%d = set_privilege ((token %x) %s, %d)",
|
||||
ret, token, privilege_name (privilege), enable);
|
||||
if (ret < 0)
|
||||
{
|
||||
DWORD siz = 256;
|
||||
char buf[siz];
|
||||
debug_printf ("%d = set_privilege ((token %x) %s, %d)",
|
||||
ret, token, privilege_name (priv_luid, buf, &siz), enable);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* This is called very early in process initialization. The code must
|
||||
not depend on anything. */
|
||||
void
|
||||
set_cygwin_privileges (HANDLE token)
|
||||
{
|
||||
set_privilege (token, SE_RESTORE_PRIV, true);
|
||||
set_privilege (token, SE_BACKUP_PRIV, true);
|
||||
LUID priv_luid;
|
||||
|
||||
if (LookupPrivilegeValue (NULL, SE_RESTORE_NAME, &priv_luid))
|
||||
set_privilege (token, &priv_luid, true);
|
||||
if (LookupPrivilegeValue (NULL, SE_BACKUP_NAME, &priv_luid))
|
||||
set_privilege (token, &priv_luid, true);
|
||||
if (LookupPrivilegeValue (NULL, SE_CREATE_GLOBAL_NAME, &priv_luid))
|
||||
set_privilege (token, &priv_luid, true);
|
||||
}
|
||||
|
||||
/* Function to return a common SECURITY_DESCRIPTOR that
|
||||
@@ -518,6 +530,8 @@ init_global_security ()
|
||||
sec_none.lpSecurityDescriptor = sec_none_nih.lpSecurityDescriptor = NULL;
|
||||
sec_all.lpSecurityDescriptor = sec_all_nih.lpSecurityDescriptor =
|
||||
get_null_sd ();
|
||||
|
||||
set_cygwin_privileges (hProcToken);
|
||||
}
|
||||
|
||||
bool
|
||||
|
Reference in New Issue
Block a user