* cygheap.cc (cygheap_init): Accomodate set_process_privilege change.

* cygheap.h (cygheap_user::curr_primary_token): New member.
	(cygheap_user::primary_token): New method.
	(cygheap_user::deimpersonate): Always revert to processes'
	impersonation token.
	(cygheap_user::reimpersonate): Set processes' or setuid token as
	necessary.
	(cygheap_user::has_impersonation_tokens): Look for curr_primary_token
	value.
	(cygheap_user::close_impersonation_tokens): Close curr_primary_token
	here if necessary.  Don't reset token values to NO_IMPERSONATION since
	that's done in uinfo_init anyway.
	(init_cygheap::luid): New LUID array keeping privilege LUIDs.
	* cygtls.cc (_cygtls::init_thread): Call cygheap->user.reimpersonate.
	* dcrt0.cc (hProcToken): New global variable to keep process token.
	(hProcImpToken): Ditto for process impersonation token.
	(dll_crt0_0): Open process token here once.  Duplicate to create
	hProcImpToken.
	(dll_crt0_1): Call set_cygwin_privileges.
	* environ.cc (allow_ntea): Drop duplicate declaration.
	(allow_smbntsec): Ditto.
	(set_traverse): Only set allow_traverse here.
	(environ_init): Ditto.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Drop call to
	enable_restore_privilege.
	(fhandler_disk_file::fchown): Ditto.
	(fhandler_disk_file::facl): Ditto.
	* fork.cc (fork_child): Move call to cygheap->user.reimpersonate after
	syn with parent. Call set_cygwin_privileges.
	* grp.cc (internal_getgroups): Use hProcImpToken instead of opening
	process token.
	* path.cc (fs_info::update): Bypass traverse checking when retrieving
	volume information using push/pop_thread_privileges.
	* registry.cc (load_registry_hive): Drop setting restore privilege
	since it's already set if available.
	* sec_helper.cc: Include cygtls.h.
	(cygpriv): Privilege string array.
	(privilege_luid): New function, evaluate LUID from cygpriv_idx.
	(privilege_luid_by_name): New function, evaluate LUID from privilege
	string.
	(privilege_name): New function, evaluate privilege string from
	cygpriv_idx.
	(set_privilege): New static function called by set_process_privilege
	and set_thread_privilege.  Call privilege_luid to get privilege LUID.
	Fix bug in return value evaluation. Improve debug output.
	(set_cygwin_privileges): New function.
	(set_process_privilege): Remove.
	(enable_restore_privilege): Remove.
	* security.cc (allow_traverse): New global variable.
	(sys_privs): Change type to cygpriv_idx and store privilege indices
	instead of strings.
	(SYSTEM_PRIVILEGES_COUNT): Renamed from SYSTEM_PERMISSION_COUNT.
	(get_system_priv_list): Don't use numerical constant in malloc call.
	Use privilege_luid to get privilege LUIDs.
	(get_priv_list): Call privilege_luid_by_name to get LUIDs. Improve
	inner privilege LUID comparison loop.
	(create_token): Enable create token privilege using
	push/pop_self_privileges. Use hProcToken instead of opening process
	token. Use default DACL when duplicating token.
	(subauth): Enable tcb privilege using push/pop_self_privileges.
	Use sec_none instead of homw made security attributes when duplicating
	token.
	(check_file_access): Don't duplicate access token, use active
	impersonation token as is.
	* security.h (enum cygpriv_idx): New enumeration type enumerating
	possible privileges.
	(privilege_luid): Declare new function.
	(privilege_luid_by_name): Ditto.
	(privilege_name): Ditto.
	(allow_traverse): Declare.
	(set_privilege): Declare function.
	(set_process_privilege): Define as macro.
	(enable_restore_privilege): Remove declaration.
	(_push_thread_privilege): Define macro.
	(push_thread_privilege): Ditto.
	(pop_thread_privilege): Ditto.
	(pop_self_privilege): Ditto.
	* spawn.cc (spawn_guts): Use cygheap->user.primary_token instead of
	cygheap->user.token.
	* syscalls.cc (statvfs): Bypass traverse checking when retrieving
	volume information using push/pop_thread_privileges. Rearrange code
	to simplify push/pop bracketing.
	(seteuid32): Use hProcToken instead of opening process token. Call
	cygheap->user.deimpersonate instead of RevertToSelf.  Create
	impersonation token from primary internal or external token.  Set
	cygheap->user.curr_primary_token and cygheap->user.current_token
	privileges once here.  Drop "failed" and "failed_ptok" labels.
	Drop setting DefaultDacl of process token.
	(setegid32): Use hProcToken and hProcImpToken instead of opening
	process token. Always reimpersonate afterwards.
	* uinfo.cc (cygheap_user::init): Use hProcToken instead of opening
	process token.
	(internal_getlogin): Ditto. Set hProcImpToken, too.
	(uinfo_init): Initialize cygheap->user.curr_primary_token.
	* winsup.h (hProcToken): Declare.
	(hProcImpToken): Declare.

winsup/cygwin/uinfo.cc

@@ -44,51 +44,45 @@ cygheap_user::init ()
   if (!wincap.has_security ())
     return;
 
-  HANDLE ptok;
   DWORD siz;
   PSECURITY_DESCRIPTOR psd;
 
-  if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
-			 &ptok))
-    {
-      system_printf ("OpenProcessToken(), %E");
-      return;
-    }
-  if (!GetTokenInformation (ptok, TokenPrimaryGroup,
+  if (!GetTokenInformation (hProcToken, TokenPrimaryGroup,
 			    &groups.pgsid, sizeof (cygsid), &siz))
     system_printf ("GetTokenInformation (TokenPrimaryGroup), %E");
 
   /* Get the SID from current process and store it in effec_cygsid */
-  if (!GetTokenInformation (ptok, TokenUser, &effec_cygsid, sizeof (cygsid), &siz))
+  if (!GetTokenInformation (hProcToken, TokenUser, &effec_cygsid,
+			    sizeof (cygsid), &siz))
     {
       system_printf ("GetTokenInformation (TokenUser), %E");
-      goto out;
+      return;
     }
 
   /* Set token owner to the same value as token user */
-  if (!SetTokenInformation (ptok, TokenOwner, &effec_cygsid, sizeof (cygsid)))
+  if (!SetTokenInformation (hProcToken, TokenOwner, &effec_cygsid,
+			    sizeof (cygsid)))
     debug_printf ("SetTokenInformation(TokenOwner), %E");
 
   /* Standard way to build a security descriptor with the usual DACL */
   char sa_buf[1024];
-  psd = (PSECURITY_DESCRIPTOR) (sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
+  psd = (PSECURITY_DESCRIPTOR)
+  		(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
 
   BOOL acl_exists, dummy;
   TOKEN_DEFAULT_DACL dacl;
-  if (GetSecurityDescriptorDacl (psd, &acl_exists,
-				 &dacl.DefaultDacl, &dummy)
+  if (GetSecurityDescriptorDacl (psd, &acl_exists, &dacl.DefaultDacl, &dummy)
       && acl_exists && dacl.DefaultDacl)
     {
       /* Set the default DACL and the process DACL */
-      if (!SetTokenInformation (ptok, TokenDefaultDacl, &dacl, sizeof (dacl)))
+      if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl,
+      				sizeof (dacl)))
 	system_printf ("SetTokenInformation (TokenDefaultDacl), %E");
       if (!SetKernelObjectSecurity (hMainProc, DACL_SECURITY_INFORMATION, psd))
 	system_printf ("SetKernelObjectSecurity, %E");
     }
   else
     system_printf("Cannot get dacl, %E");
- out:
-  CloseHandle (ptok);
 }
 
 void
@@ -115,17 +109,17 @@ internal_getlogin (cygheap_user &user)
 	  cygsid gsid;
 	  if (gsid.getfromgr (internal_getgrgid (pw->pw_gid)))
 	    {
-	      HANDLE ptok;
-	      if (gsid != user.groups.pgsid
-		  && OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT, &ptok))
+	      if (gsid != user.groups.pgsid)
 		{
 		  /* Set primary group to the group in /etc/passwd. */
-		  if (!SetTokenInformation (ptok, TokenPrimaryGroup,
+		  if (!SetTokenInformation (hProcToken, TokenPrimaryGroup,
+					    &gsid, sizeof gsid))
+		    debug_printf ("SetTokenInformation(TokenPrimaryGroup), %E");
+		  if (!SetTokenInformation (hProcImpToken, TokenPrimaryGroup,
 					    &gsid, sizeof gsid))
 		    debug_printf ("SetTokenInformation(TokenPrimaryGroup), %E");
 		  else
 		    user.groups.pgsid = gsid;
-		  CloseHandle (ptok);
 		}
 	    }
 	  else
@@ -162,6 +156,7 @@ uinfo_init ()
   cygheap->user.saved_gid = cygheap->user.real_gid = myself->gid;
   cygheap->user.external_token = NO_IMPERSONATION;
   cygheap->user.internal_token = NO_IMPERSONATION;
+  cygheap->user.curr_primary_token = NO_IMPERSONATION;
   cygheap->user.current_token = NO_IMPERSONATION;
   cygheap->user.set_saved_sid ();	/* Update the original sid */
 }