[Patch]: Create Global Privilege
Christopher Faylor
cgf@redhat.com
Wed Nov 26 02:13:00 GMT 2003
On Tue, Nov 25, 2003 at 08:55:33PM -0500, Pierre A. Humblet wrote:
>This patch will stop the "CreateFileMapping, Win32 error 5. Terminating."
>complaints.
>
>It changes shared_name() to avoid setting the Global\ prefix on file mappings
>when the Create Global Object privilege may be required but the user doesn't
>have it.
>
>Note that when running from the console or as a service, the names are
>looked up
>in the global name space by default (with or without privilege), thus it
>doesn't
>matter if the prefix is Global\ or "".
>In other words, there is no need to determine if the user is running from
>Terminal Services.
>
>As a side effect, the cygheap must be initialized earlier in the startup
>sequence because it is needed for CloseHandle when debugging is enabled
>(thus the changes in memory_init and shared_info::initialize).
>
>I don't have access to Terminal Services to test the patch, but Fabrice
>Larribe
>reports that it works fine on a system where he needed, but couldn't get, the
>privilege.
>
>Pierre
>
>2003-11-25 Pierre Humblet <pierre.humblet@ieee.org>
>
> * shared.cc (shared_name): Take into account the SE_CREATE_GLOBAL_NAME
> privilege when building the name string.
> (open_shared): Remove the call to OpenFileMapping.
> (shared_info::initialize): Move cygheap initialization to ...
> (memory_init): ... here. Suppress now useless shared_h variable.
> (user_shared_initialize): Make tu a cygpsid.
> * sec_helper.cc (set_process_privilege): Call LookupPrivilegeValue
> before opening the token.
>Index: shared.cc
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/shared.cc,v
>retrieving revision 1.78
>diff -u -p -r1.78 shared.cc
>--- shared.cc 14 Nov 2003 23:40:05 -0000 1.78
>+++ shared.cc 26 Nov 2003 01:37:57 -0000
>@@ -35,9 +35,14 @@ char * __stdcall
> shared_name (char *ret_buf, const char *str, int num)
> {
> extern bool _cygwin_testing;
>+ static const char * prefix = NULL;
>
>- __small_sprintf (ret_buf, "%s%s.%s.%d",
>- wincap.has_terminal_services () ? "Global\\" : "",
>+ if (!prefix)
>+ prefix = wincap.has_terminal_services ()
>+ && ( set_process_privilege (SE_CREATE_GLOBAL_NAME, true) >= 0
>+ || GetLastError () == ERROR_NO_SUCH_PRIVILEGE) ? "Global\\" : "";
>+
Do you really have to check prefix every time shared_name is called like
this? Couldn't you just initialize prefix prior to calling shared_name?
Other than that minor point, this looks ok.
cgf
More information about the Cygwin-patches
mailing list