diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 08fb92d72..1192a06f4 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,8 @@ +2005-01-08 Pierre Humblet + + * syscalls.cc (seteuid32): Only change the default dacl when + seteuid succeeds. Do not close HKCU. + 2005-01-06 Corinna Vinschen * fhandler_process.cc: Use strcasematch instead of strcasecmp diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index 167b14dad..a9583ed1e 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -2066,7 +2066,7 @@ seteuid32 (__uid32_t uid) if (!wincap.has_security () && pw_new) { load_registry_hive (pw_new->pw_name); - goto success_9x; + goto success_9x; } if (!usersid.getfrompw (pw_new)) { @@ -2103,16 +2103,6 @@ seteuid32 (__uid32_t uid) debug_printf ("Found token %d", new_token); - /* Set process def dacl to allow access to impersonated token */ - if (sec_acl ((PACL) dacl_buf, true, true, usersid)) - { - tdacl.DefaultDacl = (PACL) dacl_buf; - if (!SetTokenInformation (ptok, TokenDefaultDacl, - &tdacl, sizeof dacl_buf)) - debug_printf ("SetTokenInformation" - "(TokenDefaultDacl), %E"); - } - /* If no impersonation token is available, try to authenticate using NtCreateToken () or subauthentication. */ if (new_token == INVALID_HANDLE_VALUE) @@ -2132,6 +2122,16 @@ seteuid32 (__uid32_t uid) cygheap->user.internal_token = new_token; } + /* Set process def dacl to allow access to impersonated token */ + if (sec_acl ((PACL) dacl_buf, true, true, usersid)) + { + tdacl.DefaultDacl = (PACL) dacl_buf; + if (!SetTokenInformation (ptok, TokenDefaultDacl, + &tdacl, sizeof dacl_buf)) + debug_printf ("SetTokenInformation" + "(TokenDefaultDacl), %E"); + } + if (new_token != ptok) { /* Avoid having HKCU use default user */ @@ -2166,11 +2166,8 @@ success_9x: cygheap->user.set_name (pw_new->pw_name); myself->uid = uid; groups.ischanged = FALSE; - if (!issamesid) /* MS KB 199190 */ - { - RegCloseKey (HKEY_CURRENT_USER); - user_shared_initialize (true); - } + if (!issamesid) + user_shared_initialize (true); return 0; failed: