Cygwin: fix: seteuid32() must return EPERM if privileges are not held.
Starting w/ the intro of S4U, seteuid32() calls lsaprivkeyauth(), then s4uauth(). s4uauth calls LsaRegisterLogonProcess(). LsaRegisterLogonProcess fails w/ STATUS_PORT_CONNECTION_REFUSED, if the proper privileges are not held. Because of RtlNtStatusToDosError(), this status would be mapped to ERROR_ACCESS_DENIED, which in turn would map to EACCES. Therefore it is useless to add this status to errmap[] (errno.cc), as s4auauth() should return EPERM as errno here (i.e. if process is not privileged). Hence the kludge. Before the intro of S4U, seteuid32() called lsaprivkeyauth(), then lsaauth(), then create_token(). Before the intro of Vista, the latter would have called NtCreateToken(). NtCreateToken() would have failed w/ STATUS_PRIVILEGE_NOT_HELD for a process w/o the proper privileges. In that case, calling seteuid32() would have returned EPERM (as required). Since the intro of Vista, and if the process had been started from an UNelevated shell, create_token() does NOT reach NtCreateToken()! As create_token() failed to properly set errno in that case, calling seteuid32() would return errno as set by lsaauth(), i.e. EACCES, not in agreement w/ Posix (a bug which was present for years). (lsaauth() called LsaRegisterLogonProcess() which would fail)
This commit is contained in:
parent
d1be0a59d4
commit
7b06893f93
|
@ -1539,6 +1539,9 @@ s4uauth (bool logon, PCWSTR domain, PCWSTR user, NTSTATUS &ret_status)
|
|||
{
|
||||
debug_printf ("%s: %y", logon ? "LsaRegisterLogonProcess"
|
||||
: "LsaConnectUntrusted", status);
|
||||
/* If the privilege is not held, set the proper error code. */
|
||||
if (status == STATUS_PORT_CONNECTION_REFUSED)
|
||||
status = STATUS_PRIVILEGE_NOT_HELD;
|
||||
__seterrno_from_nt_status (status);
|
||||
goto out;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue