[PATCH 1/1] Cygwin: fix: seteuid32() must return EPERM if privileges are not held.

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Mar 27 16:14:00 GMT 2019

On Mar 27 17:01, J.H. van de Water wrote:
> Starting w/ the intro of S4U, seteuid32() calls lsaprivkeyauth(), then
> s4uauth(). s4uauth calls LsaRegisterLogonProcess().
> LsaRegisterLogonProcess fails w/ STATUS_PORT_CONNECTION_REFUSED, if the
> proper privileges are not held.
> Because of RtlNtStatusToDosError(), this status would be mapped to
> ERROR_ACCESS_DENIED, which in turn would map to EACCES. Therefore it is
> useless to add this status to errmap[] (errno.cc), as s4auauth() should
> return EPERM as errno here (i.e. if process is not privileged).
> Hence the kludge.
> Before the intro of S4U, seteuid32() called lsaprivkeyauth(), then
> lsaauth(), then create_token(). Before the intro of Vista, the latter
> would have called NtCreateToken().
> NtCreateToken() would have failed w/ STATUS_PRIVILEGE_NOT_HELD for a
> process w/o the proper privileges. In that case, calling seteuid32()
> would have returned EPERM (as required).
> Since the intro of Vista, and if the process had been started from an
> UNelevated shell, create_token() does NOT reach NtCreateToken()!
> As create_token() failed to properly set errno in that case, calling
> seteuid32() would return errno as set by lsaauth(), i.e. EACCES, not
> in agreement w/ Posix (a bug which was present for years).
> (lsaauth() called LsaRegisterLogonProcess() which would fail)
> ---

Pushed with a minor style tweak.

Thanks a lot,

Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20190327/44e8a3ca/attachment.sig>

More information about the Cygwin-patches mailing list