This is the mail archive of the cygwin-patches mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Mar 27 17:01, J.H. van de Water wrote: > Starting w/ the intro of S4U, seteuid32() calls lsaprivkeyauth(), then > s4uauth(). s4uauth calls LsaRegisterLogonProcess(). > LsaRegisterLogonProcess fails w/ STATUS_PORT_CONNECTION_REFUSED, if the > proper privileges are not held. > Because of RtlNtStatusToDosError(), this status would be mapped to > ERROR_ACCESS_DENIED, which in turn would map to EACCES. Therefore it is > useless to add this status to errmap[] (errno.cc), as s4auauth() should > return EPERM as errno here (i.e. if process is not privileged). > > Hence the kludge. > > Before the intro of S4U, seteuid32() called lsaprivkeyauth(), then > lsaauth(), then create_token(). Before the intro of Vista, the latter > would have called NtCreateToken(). > NtCreateToken() would have failed w/ STATUS_PRIVILEGE_NOT_HELD for a > process w/o the proper privileges. In that case, calling seteuid32() > would have returned EPERM (as required). > > Since the intro of Vista, and if the process had been started from an > UNelevated shell, create_token() does NOT reach NtCreateToken()! > As create_token() failed to properly set errno in that case, calling > seteuid32() would return errno as set by lsaauth(), i.e. EACCES, not > in agreement w/ Posix (a bug which was present for years). > (lsaauth() called LsaRegisterLogonProcess() which would fail) > --- Pushed with a minor style tweak. Thanks a lot, Corinna -- Corinna Vinschen Cygwin Maintainer
Attachment:
signature.asc
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |