* security.cc (cygwin_logon_user): Run LogonUser in the primary

process token context. Fix potential handle leak.
2005-06-08 10:06:17 +00:00 · 2005-06-08 10:06:17 +00:00 · ce132d0ffd
parent 30798c5a11
commit ce132d0ffd
2 changed files with 20 additions and 6 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,4 +1,9 @@
-2005-06-06  Corinna Vinschen  <corinna@vinschen.de>
+2005-06-08  Corinna Vinschen  <corinna@vinschen.de>
+
+	* security.cc (cygwin_logon_user): Run LogonUser in the primary
+	process token context.  Fix potential handle leak.
+
+2005-06-07  Corinna Vinschen  <corinna@vinschen.de>

 	* pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and
 	allocate dynamically.
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@ -124,17 +124,26 @@ cygwin_logon_user (const struct passwd *pw, const char *password)

  extract_nt_dom_user (pw, nt_domain, nt_user);
  debug_printf ("LogonUserA (%s, %s, %s, ...)", nt_user, nt_domain, password);
+  /* CV 2005-06-08: LogonUser should run under the primary process token,
+     otherwise it returns with ERROR_ACCESS_DENIED on W2K. Don't ask me why. */
+  RevertToSelf ();
  if (!LogonUserA (nt_user, *nt_domain ? nt_domain : NULL, (char *) password,
 		   LOGON32_LOGON_INTERACTIVE,
 		   LOGON32_PROVIDER_DEFAULT,
-		   &hToken)
-      || !SetHandleInformation (hToken,
+		   &hToken))
+    {
+      __seterrno ();
+      hToken = INVALID_HANDLE_VALUE;
+    }
+  else if (!SetHandleInformation (hToken,
 				  HANDLE_FLAG_INHERIT,
 				  HANDLE_FLAG_INHERIT))
    {
      __seterrno ();
-      return INVALID_HANDLE_VALUE;
+      CloseHandle (hToken);
+      hToken = INVALID_HANDLE_VALUE;
    }
+  cygheap->user.reimpersonate ();
  debug_printf ("%d = logon_user(%s,...)", hToken, pw->pw_name);
  return hToken;
 }