[PATCH 1/1] Cygwin: fix: seteuid32() must return EPERM if privileges are not held.
Corinna Vinschen
corinna-cygwin@cygwin.com
Wed Mar 27 16:14:00 GMT 2019
On Mar 27 17:01, J.H. van de Water wrote:
> Starting w/ the intro of S4U, seteuid32() calls lsaprivkeyauth(), then
> s4uauth(). s4uauth calls LsaRegisterLogonProcess().
> LsaRegisterLogonProcess fails w/ STATUS_PORT_CONNECTION_REFUSED, if the
> proper privileges are not held.
> Because of RtlNtStatusToDosError(), this status would be mapped to
> ERROR_ACCESS_DENIED, which in turn would map to EACCES. Therefore it is
> useless to add this status to errmap[] (errno.cc), as s4auauth() should
> return EPERM as errno here (i.e. if process is not privileged).
>
> Hence the kludge.
>
> Before the intro of S4U, seteuid32() called lsaprivkeyauth(), then
> lsaauth(), then create_token(). Before the intro of Vista, the latter
> would have called NtCreateToken().
> NtCreateToken() would have failed w/ STATUS_PRIVILEGE_NOT_HELD for a
> process w/o the proper privileges. In that case, calling seteuid32()
> would have returned EPERM (as required).
>
> Since the intro of Vista, and if the process had been started from an
> UNelevated shell, create_token() does NOT reach NtCreateToken()!
> As create_token() failed to properly set errno in that case, calling
> seteuid32() would return errno as set by lsaauth(), i.e. EACCES, not
> in agreement w/ Posix (a bug which was present for years).
> (lsaauth() called LsaRegisterLogonProcess() which would fail)
> ---
Pushed with a minor style tweak.
Thanks a lot,
Corinna
--
Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20190327/44e8a3ca/attachment.sig>
More information about the Cygwin-patches
mailing list