This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] check_access()


This fixes problem # 3 in http://cygwin.com/ml/cygwin/2010-02/msg00330.html

Pierre

Index: ChangeLog
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/ChangeLog,v
retrieving revision 1.4845
diff -u -r1.4845 ChangeLog
--- ChangeLog   25 Feb 2010 16:55:01 -0000      1.4845
+++ ChangeLog   26 Feb 2010 01:29:30 -0000
@@ -1,3 +1,8 @@
+2010-02-26  Pierre Humblet <Pierre.Humblet@ieee.org>
+
+       * security.cc (check_access): Use user.imp_token if appropriate.
+        Set errno and return if DuplicateTokenEx fails .
+
 2010-02-25  Corinna Vinschen  <corinna@vinschen.de>

* lc_era.h (lc_era_t): Fix apparent glibc bug in ja_JP era definition.



Index: security.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/security.cc,v
retrieving revision 1.239
diff -u -p -r1.239 security.cc
--- security.cc 3 Nov 2009 09:31:45 -0000       1.239
+++ security.cc 26 Feb 2010 01:24:13 -0000
@@ -751,16 +751,17 @@ check_access (security_descriptor &sd, G
                ? cygheap->user.imp_token ()
                : hProcImpToken);

-  if (!tok && !DuplicateTokenEx (hProcToken, MAXIMUM_ALLOWED, NULL,
-                                SecurityImpersonation, TokenImpersonation,
-                                &hProcImpToken))
-#ifdef DEBUGGING
-       system_printf ("DuplicateTokenEx failed, %E");
-#else
-       syscall_printf ("DuplicateTokenEx failed, %E");
-#endif
-  else
-    tok = hProcImpToken;
+  if (!tok)
+    {
+      if (!DuplicateTokenEx (hProcToken, MAXIMUM_ALLOWED, NULL,
+                           SecurityImpersonation, TokenImpersonation,
+                           &hProcImpToken))
+         {
+            __seterrno ();
+            return ret;
+         }
+      tok = hProcImpToken;
+    }

if (!AccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted, &status))
__seterrno ();



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]