diff options
Diffstat (limited to 'winsup/cygwin/syscalls.cc')
-rw-r--r-- | winsup/cygwin/syscalls.cc | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index 978bd424e..8a995e8fb 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -3494,7 +3494,7 @@ seteuid32 (uid_t uid) order, the setgroups group list is still active when calling seteuid and verify_token treats the original token of the privileged user as insufficient. This in turn results in creating a new user token for - the privileged user instead of using the orignal token. This can have + the privileged user instead of using the original token. This can have unfortunate side effects. The created token has different group memberships, different user rights, and misses possible network credentials. @@ -3542,17 +3542,31 @@ seteuid32 (uid_t uid) } if (!new_token) { +#if 1 + debug_printf ("lsaprivkeyauth failed, try s4uauth."); + if (!(new_token = s4uauth (pw_new))) + { + debug_printf ("s4uauth failed, bail out"); + cygheap->user.reimpersonate (); + return -1; + } +#else debug_printf ("lsaprivkeyauth failed, try lsaauth."); if (!(new_token = lsaauth (usersid, groups))) { - debug_printf ("lsaauth failed, try create_token."); - if (!(new_token = create_token (usersid, groups))) + debug_printf ("lsaauth failed, try s4uauth."); + if (!(new_token = s4uauth (pw_new))) { - debug_printf ("create_token failed, bail out"); - cygheap->user.reimpersonate (); - return -1; + debug_printf ("s4uauth failed, try create_token."); + if (!(new_token = create_token (usersid, groups))) + { + debug_printf ("create_token failed, bail out"); + cygheap->user.reimpersonate (); + return -1; + } } } +#endif } /* Keep at most one internal token */ |