[newlib-cygwin] Cygwin: fix: seteuid32() must return EPERM if privileges are not held.

Corinna Vinschen corinna@sourceware.org
Wed Mar 27 16:13:00 GMT 2019 

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=f46c9ab46c46cd2bf02eb5e5af591e19b1c5a10a

commit f46c9ab46c46cd2bf02eb5e5af591e19b1c5a10a
Author: J.H. van de Water <houder@xs4all.nl>
Date:   Wed Mar 27 17:01:03 2019 +0100

    Cygwin: fix: seteuid32() must return EPERM if privileges are not held.
    
    Starting w/ the intro of S4U, seteuid32() calls lsaprivkeyauth(), then
    s4uauth(). s4uauth calls LsaRegisterLogonProcess().
    LsaRegisterLogonProcess fails w/ STATUS_PORT_CONNECTION_REFUSED, if the
    proper privileges are not held.
    Because of RtlNtStatusToDosError(), this status would be mapped to
    ERROR_ACCESS_DENIED, which in turn would map to EACCES. Therefore it is
    useless to add this status to errmap[] (errno.cc), as s4auauth() should
    return EPERM as errno here (i.e. if process is not privileged).
    
    Hence the kludge.
    
    Before the intro of S4U, seteuid32() called lsaprivkeyauth(), then
    lsaauth(), then create_token(). Before the intro of Vista, the latter
    would have called NtCreateToken().
    NtCreateToken() would have failed w/ STATUS_PRIVILEGE_NOT_HELD for a
    process w/o the proper privileges. In that case, calling seteuid32()
    would have returned EPERM (as required).
    
    Since the intro of Vista, and if the process had been started from an
    UNelevated shell, create_token() does NOT reach NtCreateToken()!
    As create_token() failed to properly set errno in that case, calling
    seteuid32() would return errno as set by lsaauth(), i.e. EACCES, not
    in agreement w/ Posix (a bug which was present for years).
    (lsaauth() called LsaRegisterLogonProcess() which would fail)

Diff:
---
 winsup/cygwin/sec_auth.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index a76f453..83fb39b 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -1539,6 +1539,9 @@ s4uauth (bool logon, PCWSTR domain, PCWSTR user, NTSTATUS &ret_status)
     {
       debug_printf ("%s: %y", logon ? "LsaRegisterLogonProcess"
 				    : "LsaConnectUntrusted", status);
+      /* If the privilege is not held, set the proper error code. */
+      if (status == STATUS_PORT_CONNECTION_REFUSED)
+	status = STATUS_PRIVILEGE_NOT_HELD;
       __seterrno_from_nt_status (status);
       goto out;
     }

More information about the Cygwin-cvs mailing list