diff options
Diffstat (limited to 'winsup')
-rw-r--r-- | winsup/cygwin/ChangeLog | 8 | ||||
-rw-r--r-- | winsup/cygwin/sec_helper.cc | 40 | ||||
-rw-r--r-- | winsup/cygwin/security.cc | 42 | ||||
-rw-r--r-- | winsup/cygwin/security.h | 1 |
4 files changed, 50 insertions, 41 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index a00eba8..56751a2 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,11 @@ +Fri Apr 20 22:25:00 2001 Corinna Vinschen <corinna@vinschen.de> + + * security.cc (set_process_privileges): Swap out. + * sec_helper.cc (set_process_privilege): Rename from + `set_process_privileges'. Takes the privilege to enable or disable + as parameter now. + * security.h: Add prototype for `set_process_privileges'. + 2001-04-19 Egor Duda <deo@logos-m.ru> * path.cc (path_conv::check): Always initialize member variables. diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index 1771d93..19ab471 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -397,3 +397,43 @@ got_it: return TRUE; } + +int +set_process_privilege (const char *privilege, BOOL enable) +{ + HANDLE hToken = NULL; + LUID restore_priv; + TOKEN_PRIVILEGES new_priv; + int ret = -1; + + if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken)) + { + __seterrno (); + goto out; + } + + if (!LookupPrivilegeValue (NULL, privilege, &restore_priv)) + { + __seterrno (); + goto out; + } + + new_priv.PrivilegeCount = 1; + new_priv.Privileges[0].Luid = restore_priv; + new_priv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0; + + if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL)) + { + __seterrno (); + goto out; + } + + ret = 0; + +out: + if (hToken) + CloseHandle (hToken); + + syscall_printf ("%d = set_process_privilege (%s, %d)",ret, privilege, enable); + return ret; +} diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 38c741f..0a89b8d 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -182,7 +182,7 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size) static BOOL first_time = TRUE; if (first_time) { - set_process_privileges (); + set_process_privilege (SE_RESTORE_NAME); first_time = FALSE; } @@ -245,46 +245,6 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size) return 0; } -int -set_process_privileges () -{ - HANDLE hToken = NULL; - LUID restore_priv; - TOKEN_PRIVILEGES new_priv; - int ret = -1; - - if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken)) - { - __seterrno (); - goto out; - } - - if (!LookupPrivilegeValue (NULL, SE_RESTORE_NAME, &restore_priv)) - { - __seterrno (); - goto out; - } - - new_priv.PrivilegeCount = 1; - new_priv.Privileges[0].Luid = restore_priv; - new_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; - - if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL)) - { - __seterrno (); - goto out; - } - - ret = 0; - -out: - if (hToken) - CloseHandle (hToken); - - syscall_printf ("%d = set_process_privileges ()", ret); - return ret; -} - static int get_nt_attribute (const char *file, int *attribute, uid_t *uidret, gid_t *gidret) diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index b83e310..3c1f75f 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -45,6 +45,7 @@ BOOL __stdcall is_grp_member (uid_t uid, gid_t gid); * logsrv may be NULL, in this case only the local system is used for lookup. * The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */ BOOL __stdcall lookup_name (const char *, const char *, PSID); +int set_process_privilege (const char *privilege, BOOL enable = TRUE); extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);} extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); } |