aboutsummaryrefslogtreecommitdiff
path: root/winsup
diff options
context:
space:
mode:
Diffstat (limited to 'winsup')
-rw-r--r--winsup/cygwin/ChangeLog8
-rw-r--r--winsup/cygwin/sec_helper.cc40
-rw-r--r--winsup/cygwin/security.cc42
-rw-r--r--winsup/cygwin/security.h1
4 files changed, 50 insertions, 41 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index a00eba8..56751a2 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,11 @@
+Fri Apr 20 22:25:00 2001 Corinna Vinschen <corinna@vinschen.de>
+
+ * security.cc (set_process_privileges): Swap out.
+ * sec_helper.cc (set_process_privilege): Rename from
+ `set_process_privileges'. Takes the privilege to enable or disable
+ as parameter now.
+ * security.h: Add prototype for `set_process_privileges'.
+
2001-04-19 Egor Duda <deo@logos-m.ru>
* path.cc (path_conv::check): Always initialize member variables.
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 1771d93..19ab471 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -397,3 +397,43 @@ got_it:
return TRUE;
}
+
+int
+set_process_privilege (const char *privilege, BOOL enable)
+{
+ HANDLE hToken = NULL;
+ LUID restore_priv;
+ TOKEN_PRIVILEGES new_priv;
+ int ret = -1;
+
+ if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
+ {
+ __seterrno ();
+ goto out;
+ }
+
+ if (!LookupPrivilegeValue (NULL, privilege, &restore_priv))
+ {
+ __seterrno ();
+ goto out;
+ }
+
+ new_priv.PrivilegeCount = 1;
+ new_priv.Privileges[0].Luid = restore_priv;
+ new_priv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;
+
+ if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
+ {
+ __seterrno ();
+ goto out;
+ }
+
+ ret = 0;
+
+out:
+ if (hToken)
+ CloseHandle (hToken);
+
+ syscall_printf ("%d = set_process_privilege (%s, %d)",ret, privilege, enable);
+ return ret;
+}
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 38c741f..0a89b8d 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -182,7 +182,7 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
static BOOL first_time = TRUE;
if (first_time)
{
- set_process_privileges ();
+ set_process_privilege (SE_RESTORE_NAME);
first_time = FALSE;
}
@@ -245,46 +245,6 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
return 0;
}
-int
-set_process_privileges ()
-{
- HANDLE hToken = NULL;
- LUID restore_priv;
- TOKEN_PRIVILEGES new_priv;
- int ret = -1;
-
- if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
- {
- __seterrno ();
- goto out;
- }
-
- if (!LookupPrivilegeValue (NULL, SE_RESTORE_NAME, &restore_priv))
- {
- __seterrno ();
- goto out;
- }
-
- new_priv.PrivilegeCount = 1;
- new_priv.Privileges[0].Luid = restore_priv;
- new_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-
- if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
- {
- __seterrno ();
- goto out;
- }
-
- ret = 0;
-
-out:
- if (hToken)
- CloseHandle (hToken);
-
- syscall_printf ("%d = set_process_privileges ()", ret);
- return ret;
-}
-
static int
get_nt_attribute (const char *file, int *attribute,
uid_t *uidret, gid_t *gidret)
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index b83e310..3c1f75f 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -45,6 +45,7 @@ BOOL __stdcall is_grp_member (uid_t uid, gid_t gid);
* logsrv may be NULL, in this case only the local system is used for lookup.
* The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */
BOOL __stdcall lookup_name (const char *, const char *, PSID);
+int set_process_privilege (const char *privilege, BOOL enable = TRUE);
extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);}
extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); }