This is the mail archive of the cygwin-patches mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH 1/1] Cygwin: fix: seteuid32() must return EPERM if privileges are not held.

From: "J.H. van de Water" <houder at xs4all dot nl>
To: cygwin-patches at cygwin dot com
Cc: "J.H. van de Water" <houder at xs4all dot nl>
Date: Wed, 27 Mar 2019 17:01:03 +0100
Subject: [PATCH 1/1] Cygwin: fix: seteuid32() must return EPERM if privileges are not held.

Starting w/ the intro of S4U, seteuid32() calls lsaprivkeyauth(), then
s4uauth(). s4uauth calls LsaRegisterLogonProcess().
LsaRegisterLogonProcess fails w/ STATUS_PORT_CONNECTION_REFUSED, if the
proper privileges are not held.
Because of RtlNtStatusToDosError(), this status would be mapped to
ERROR_ACCESS_DENIED, which in turn would map to EACCES. Therefore it is
useless to add this status to errmap[] (errno.cc), as s4auauth() should
return EPERM as errno here (i.e. if process is not privileged).

Hence the kludge.

Before the intro of S4U, seteuid32() called lsaprivkeyauth(), then
lsaauth(), then create_token(). Before the intro of Vista, the latter
would have called NtCreateToken().
NtCreateToken() would have failed w/ STATUS_PRIVILEGE_NOT_HELD for a
process w/o the proper privileges. In that case, calling seteuid32()
would have returned EPERM (as required).

Since the intro of Vista, and if the process had been started from an
UNelevated shell, create_token() does NOT reach NtCreateToken()!
As create_token() failed to properly set errno in that case, calling
seteuid32() would return errno as set by lsaauth(), i.e. EACCES, not
in agreement w/ Posix (a bug which was present for years).
(lsaauth() called LsaRegisterLogonProcess() which would fail)
---
 winsup/cygwin/sec_auth.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index a76f453..7a1aa8e 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -1539,6 +1539,11 @@ s4uauth (bool logon, PCWSTR domain, PCWSTR user, NTSTATUS &ret_status)
     {
       debug_printf ("%s: %y", logon ? "LsaRegisterLogonProcess"
 				    : "LsaConnectUntrusted", status);
+      // kludge! (if the privilege is not held, return the proper errno)
+      if (status == STATUS_PORT_CONNECTION_REFUSED) // 0xC0000041 => EACCES
+        {
+          status = STATUS_PRIVILEGE_NOT_HELD; // 0xC0000061 => EPERM
+        }
       __seterrno_from_nt_status (status);
       goto out;
     }
-- 
2.7.5

Follow-Ups:
- Re: [PATCH 1/1] Cygwin: fix: seteuid32() must return EPERM if privileges are not held.
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]