From b5c80f5a59fda4e3890bf3cb515a67f420057e02 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 21 Jan 2016 18:32:16 +0100
Subject: [PATCH] cygwin_logon_user: Return non-privileged token as well

	If the calling process doesn't have sufficient privileges to
	fetch the linked token of an admin-user token, cygwin_logon_user
	fails.  This patch changes that by returning the original,
	unprivileged token of the admin user to allow authentication
	and calling setuid for the current process.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/cygwin/sec_auth.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index aef13191d..d44cb2d81 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -172,13 +172,17 @@ cygwin_logon_user (const struct passwd *pw, const char *password)
     }
   else
     {
+      HANDLE hPrivToken = NULL;
+
       /* See the comment in get_full_privileged_inheritable_token for a
       description why we enable TCB privileges here. */
       push_self_privilege (SE_TCB_PRIVILEGE, true);
-      hToken = get_full_privileged_inheritable_token (hToken);
+      hPrivToken = get_full_privileged_inheritable_token (hToken);
       pop_self_privilege ();
-      if (!hToken)
-	hToken = INVALID_HANDLE_VALUE;
+      if (!hPrivToken)
+	debug_printf ("Can't fetch linked token (%E), use standard token");
+      else
+	hToken = hPrivToken;
     }
   RtlSecureZeroMemory (passwd, NT_MAX_PATH);
   cygheap->user.reimpersonate ();