[GOLDSTAR] Re: [PATCH] setup: allow running as non-admin
Corinna Vinschen
corinna-cygwin@cygwin.com
Thu Nov 7 13:15:00 GMT 2013
Hi Shaddy,
On Nov 7 11:39, Shaddy Baddah wrote:
> 2013-11-06 Shaddy Baddah <lithium-cygwin at shaddybaddah dot name>
>
> * LogFile.cc (LogFile::flushAll): New function to flush log all logging to
> files without exiting (as LogFile::exit does).
> * LogFile.h: Declare new method closeAll.
> * main.cc (NoAdminOption): Add new CLI options -B/--no-admin. This option
> allows the user to suppress privilege elevation (in tandem with
> "asInvoker" requestedExecutionLevel changes to exe manifests).
> (WinMain): check if setup run with Administrator privilege and if the
> NoAdminOption has not been specified, attempt to elevate privilege to an
> Administrator via WINAPI ShellExecuteEx().
> * setup.exe.manifest: Add requestedExecutionLevel of asInvoker to allow
> suppression of privilege elevation.
> * setup64.exe.manifest: Modify requestedExecutionLevel from
> requireAdministrator to asInvoker to allow suppression of privilege
> elevation. Continuity of privilege elevation attempt on startup is
> implemented by main.cc changes to WinMain().
> * win32.cc (NTSecurity::isRunAsAdmin): New function to allow main.cc to
> check if setup.exe has been run with privilege elevated to Administrator
> level.
> * win32.h: Declare new method isRunAsAdmin.
Thanks a lot for this patch. I applied it with a few minor tweaks.
First of all, this comment was a bit misleading now, given that the
code doesn't run on pre-Vista anyway:
> + // Note, this is necessary to avoid an infinite loop.
> + // The understanding is that pre-Vista, the runas verb will not
> + // result in a privilege elevated process. Therefore we need to
> + // indicate to the forked process that it should be happy with
> + // whatever privileges it is run with.
> + std::string command_line_cs (command_line);
> + command_line_cs += " -";
> + command_line_cs += NoAdminOption.shortOption();
> + sei.lpParameters = command_line_cs.c_str ();
I shortened the comment to a simple one-liner:
// Avoid another isRunAsAdmin check in the child.
I also added a small change for the sake of starting setup from the
command line. While the log to the logfiles has been stopped, the
log to stdout persist up to the call of theLog->exit. I added a
bit of code to stop printing
Ending cygwin install
if the elevation was successful. In that case the stdout log now prints
note: Hand installation over to elevated child process.
Thanks again for this patch, it's highly appreciated and is worth
a gold star, I think.
Chris, do your worst ;)
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20131107/321ab184/attachment.sig>
More information about the Cygwin-apps
mailing list