* pinfo.cc (pinfo_init): Eliminate call to `set_process_privileges'.

        * security.cc (write_sd): Call `set_process_privileges' on the first
        call to `write_sd'.
        (set_process_privileges): Eliminate adjusting SE_BACKUP_NAME privilege.

3 files changed, 21 insertions, 25 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index f9ab77e7f..f5324a36c 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,10 @@
+Sun Oct 22 12:07:00 2000  Corinna Vinschen <corinna@vinschen.de>
+
+	* pinfo.cc (pinfo_init): Eliminate call to `set_process_privileges'.
+	* security.cc (write_sd): Call `set_process_privileges' on the first
+	call to `write_sd'.
+	(set_process_privileges): Eliminate adjusting SE_BACKUP_NAME privilege.
+
 Sat Oct 21 16:57:23 2000  Christopher Faylor <cgf@cygnus.com>
 
 	* pinfo.cc (pinfo::init): Make PID_EXECED signal creation as well as
diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc
index 6e69cbaf8..f50982833 100644
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@@ -109,11 +109,6 @@ pinfo_init (char **envp, int envc)
       environ_init (NULL, 0);	/* call after myself has been set up */
     }
 
-  /* Allow backup semantics. It's better done only once on process start
-     instead of each time a file is opened. */
-  if (allow_ntsec)
-    set_process_privileges ();
-
   debug_printf ("pid %d, pgid %d", myself->pid, myself->pgid);
 }
 
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 10379b66f..0df0c09c2 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -540,6 +540,14 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
       return -1;
     }
 
+  /* No need to be thread save. */
+  static BOOL first_time = TRUE;
+  if (first_time)
+    {
+      set_process_privileges ();
+      first_time = FALSE;
+    }
+
   HANDLE fh;
   fh = CreateFile (file,
 		   WRITE_OWNER | WRITE_DAC,
@@ -604,14 +612,10 @@ set_process_privileges ()
 {
   HANDLE hToken = NULL;
   LUID restore_priv;
-  LUID backup_priv;
-  char buf[sizeof (TOKEN_PRIVILEGES) + 2 * sizeof (LUID_AND_ATTRIBUTES)];
-  TOKEN_PRIVILEGES *new_priv = (TOKEN_PRIVILEGES *) buf;
+  TOKEN_PRIVILEGES new_priv;
   int ret = -1;
 
-  if (! OpenProcessToken (hMainProc,
-			  TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
-			  &hToken))
+  if (! OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
     {
       __seterrno ();
       goto out;
@@ -622,19 +626,12 @@ set_process_privileges ()
       __seterrno ();
       goto out;
     }
-  if (! LookupPrivilegeValue (NULL, SE_BACKUP_NAME, &backup_priv))
-    {
-      __seterrno ();
-      goto out;
-    }
 
-  new_priv->PrivilegeCount = 2;
-  new_priv->Privileges[0].Luid = restore_priv;
-  new_priv->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-  new_priv->Privileges[1].Luid = backup_priv;
-  new_priv->Privileges[1].Attributes = SE_PRIVILEGE_ENABLED;
+  new_priv.PrivilegeCount = 1;
+  new_priv.Privileges[0].Luid = restore_priv;
+  new_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
 
-  if (! AdjustTokenPrivileges (hToken, FALSE, new_priv, 0, NULL, NULL))
+  if (! AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
     {
       __seterrno ();
       goto out;
@@ -642,9 +639,6 @@ set_process_privileges ()
 
   ret = 0;
 
-  if (ret == -1)
-    __seterrno ();
-
 out:
   if (hToken)
     CloseHandle (hToken);