From 3c8e92d9fc43e7b8c8e5ad4a0235599d7b285274 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Fri, 20 Apr 2001 20:36:13 +0000
Subject:         * security.cc (set_process_privileges): Swap out.         *
 sec_helper.cc (set_process_privilege): Rename from        
 `set_process_privileges'. Takes the privilege to enable or disable         as
 parameter now.         * security.h: Add prototype for
 `set_process_privileges'.

---
 winsup/cygwin/ChangeLog     |  8 ++++++++
 winsup/cygwin/sec_helper.cc | 40 ++++++++++++++++++++++++++++++++++++++++
 winsup/cygwin/security.cc   | 42 +-----------------------------------------
 winsup/cygwin/security.h    |  1 +
 4 files changed, 50 insertions(+), 41 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index a00eba8b2..56751a2e7 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,11 @@
+Fri Apr 20 22:25:00 2001  Corinna Vinschen <corinna@vinschen.de>
+
+	* security.cc (set_process_privileges): Swap out.
+	* sec_helper.cc (set_process_privilege): Rename from
+	`set_process_privileges'. Takes the privilege to enable or disable
+	as parameter now.
+	* security.h: Add prototype for `set_process_privileges'.
+
 2001-04-19  Egor Duda  <deo@logos-m.ru>
   
 	* path.cc (path_conv::check): Always initialize member variables.
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 1771d934c..19ab47115 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -397,3 +397,43 @@ got_it:
 
   return TRUE;
 }
+
+int
+set_process_privilege (const char *privilege, BOOL enable)
+{
+  HANDLE hToken = NULL;
+  LUID restore_priv;
+  TOKEN_PRIVILEGES new_priv;
+  int ret = -1;
+
+  if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
+    {
+      __seterrno ();
+      goto out;
+    }
+
+  if (!LookupPrivilegeValue (NULL, privilege, &restore_priv))
+    {
+      __seterrno ();
+      goto out;
+    }
+
+  new_priv.PrivilegeCount = 1;
+  new_priv.Privileges[0].Luid = restore_priv;
+  new_priv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;
+
+  if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
+    {
+      __seterrno ();
+      goto out;
+    }
+
+  ret = 0;
+
+out:
+  if (hToken)
+    CloseHandle (hToken);
+
+  syscall_printf ("%d = set_process_privilege (%s, %d)",ret, privilege, enable);
+  return ret;
+}
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 38c741fa2..0a89b8dd6 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -182,7 +182,7 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
   static BOOL first_time = TRUE;
   if (first_time)
     {
-      set_process_privileges ();
+      set_process_privilege (SE_RESTORE_NAME);
       first_time = FALSE;
     }
 
@@ -245,46 +245,6 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
   return 0;
 }
 
-int
-set_process_privileges ()
-{
-  HANDLE hToken = NULL;
-  LUID restore_priv;
-  TOKEN_PRIVILEGES new_priv;
-  int ret = -1;
-
-  if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
-    {
-      __seterrno ();
-      goto out;
-    }
-
-  if (!LookupPrivilegeValue (NULL, SE_RESTORE_NAME, &restore_priv))
-    {
-      __seterrno ();
-      goto out;
-    }
-
-  new_priv.PrivilegeCount = 1;
-  new_priv.Privileges[0].Luid = restore_priv;
-  new_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-
-  if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
-    {
-      __seterrno ();
-      goto out;
-    }
-
-  ret = 0;
-
-out:
-  if (hToken)
-    CloseHandle (hToken);
-
-  syscall_printf ("%d = set_process_privileges ()", ret);
-  return ret;
-}
-
 static int
 get_nt_attribute (const char *file, int *attribute,
 		  uid_t *uidret, gid_t *gidret)
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index b83e3101b..3c1f75f49 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -45,6 +45,7 @@ BOOL __stdcall is_grp_member (uid_t uid, gid_t gid);
  * logsrv may be NULL, in this case only the local system is used for lookup.
  * The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */
 BOOL __stdcall lookup_name (const char *, const char *, PSID);
+int set_process_privilege (const char *privilege, BOOL enable = TRUE);
 
 extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);}
 extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); }
-- 
cgit v1.2.3