https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=b5c80f5a59fda4e3890bf3cb515a67f420057e02
commit b5c80f5a59fda4e3890bf3cb515a67f420057e02 Author: Corinna Vinschen <cori...@vinschen.de> Date: Thu Jan 21 18:32:16 2016 +0100 cygwin_logon_user: Return non-privileged token as well If the calling process doesn't have sufficient privileges to fetch the linked token of an admin-user token, cygwin_logon_user fails. This patch changes that by returning the original, unprivileged token of the admin user to allow authentication and calling setuid for the current process. Signed-off-by: Corinna Vinschen <cori...@vinschen.de> Diff: --- winsup/cygwin/sec_auth.cc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index aef1319..d44cb2d 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -172,13 +172,17 @@ cygwin_logon_user (const struct passwd *pw, const char *password) } else { + HANDLE hPrivToken = NULL; + /* See the comment in get_full_privileged_inheritable_token for a description why we enable TCB privileges here. */ push_self_privilege (SE_TCB_PRIVILEGE, true); - hToken = get_full_privileged_inheritable_token (hToken); + hPrivToken = get_full_privileged_inheritable_token (hToken); pop_self_privilege (); - if (!hToken) - hToken = INVALID_HANDLE_VALUE; + if (!hPrivToken) + debug_printf ("Can't fetch linked token (%E), use standard token"); + else + hToken = hPrivToken; } RtlSecureZeroMemory (passwd, NT_MAX_PATH); cygheap->user.reimpersonate ();