Corinna,
Here is a chown related patch, fixing one old and one recent bug.
2003/02/03 Pierre Humblet <[EMAIL PROTECTED]>
* security.h: Add third argument to set_process_privilege.
* autoload.cc: Add OpenThreadToken.
* sec_helper.cc (set_process_privilege): Add and use use_thread argument.
* security.cc (alloc_sd): Modify call to set_process_privilege. Remember
the result in each process. If failed and file owner is not the user, fail.
Index: security.h
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/security.h,v
retrieving revision 1.36
diff -u -p -r1.36 security.h
--- security.h 14 Dec 2002 17:23:42 -0000 1.36
+++ security.h 3 Feb 2003 14:16:39 -0000
@@ -236,7 +236,7 @@ BOOL get_logon_server (const char * doma
/* sec_helper.cc: Security helper functions. */
BOOL __stdcall is_grp_member (__uid32_t uid, __gid32_t gid);
-int set_process_privilege (const char *privilege, BOOL enable = TRUE);
+int set_process_privilege (const char *privilege, bool enable = true, bool use_thread
+= false);
/* shared.cc: */
/* Retrieve a security descriptor that allows all access */
Index: sec_helper.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/sec_helper.cc,v
retrieving revision 1.32
diff -u -p -r1.32 sec_helper.cc
--- sec_helper.cc 26 Jan 2003 06:42:40 -0000 1.32
+++ sec_helper.cc 3 Feb 2003 14:21:24 -0000
@@ -294,7 +294,7 @@ got_it:
#endif //unused
int
-set_process_privilege (const char *privilege, BOOL enable)
+set_process_privilege (const char *privilege, bool enable, bool use_thread)
{
HANDLE hToken = NULL;
LUID restore_priv;
@@ -302,8 +302,12 @@ set_process_privilege (const char *privi
int ret = -1;
DWORD size;
- if (!OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
- &hToken))
+ if ((use_thread
+ && !OpenThreadToken (GetCurrentThread (), TOKEN_QUERY |
+TOKEN_ADJUST_PRIVILEGES,
+ 0, &hToken))
+ ||(!use_thread
+ && !OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
+ &hToken)))
{
__seterrno ();
goto out;
@@ -329,7 +333,6 @@ set_process_privilege (const char *privi
be enabled. GetLastError () returns an correct error code, though. */
if (enable && GetLastError () == ERROR_NOT_ALL_ASSIGNED)
{
- debug_printf ("Privilege %s couldn't be assigned", privilege);
__seterrno ();
goto out;
}
Index: security.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/security.cc,v
retrieving revision 1.132
diff -u -p -r1.132 security.cc
--- security.cc 26 Jan 2003 06:42:40 -0000 1.132
+++ security.cc 3 Feb 2003 14:27:36 -0000
@@ -1563,9 +1563,20 @@ alloc_sd (__uid32_t uid, __gid32_t gid,
}
owner_sid.debug_print ("alloc_sd: owner SID =");
- /* Must have SE_RESTORE_NAME privilege to change owner */
- if (cur_owner_sid && owner_sid != cur_owner_sid
- && set_process_privilege (SE_RESTORE_NAME) < 0 )
+ /* Try turning privilege on, may not have WRITE_OWNER or WRITE_DAC access.
+ Must have privilege to set different owner, else BackupWrite misbehaves */
+ static int NO_COPY saved_res; /* 0: never, 1: failed, 2 & 3: OK */
+ int res;
+ if (!saved_res || cygheap->user.issetuid ())
+ {
+ res = 2 + set_process_privilege (SE_RESTORE_NAME, true,
+ cygheap->user.issetuid ());
+ if (!cygheap->user.issetuid ())
+ saved_res = res;
+ }
+ else
+ res = saved_res;
+ if (res == 1 && owner_sid != cygheap->user.sid ())
return NULL;
/* Get SID of new group. */
Index: autoload.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/autoload.cc,v
retrieving revision 1.59
diff -u -p -r1.59 autoload.cc
--- autoload.cc 15 Jan 2003 10:21:23 -0000 1.59
+++ autoload.cc 3 Feb 2003 14:33:17 -0000
@@ -352,6 +352,7 @@ LoadDLLfunc (LsaOpenPolicy, 16, advapi32
LoadDLLfunc (LsaQueryInformationPolicy, 12, advapi32)
LoadDLLfunc (MakeSelfRelativeSD, 12, advapi32)
LoadDLLfunc (OpenProcessToken, 12, advapi32)
+LoadDLLfunc (OpenThreadToken, 16, advapi32)
LoadDLLfunc (RegCloseKey, 4, advapi32)
LoadDLLfunc (RegCreateKeyExA, 36, advapi32)
LoadDLLfunc (RegDeleteKeyA, 8, advapi32)
