6 files changed, 25 insertions, 3 deletions

diff --git a/winsup/cygwin/autoload.cc b/winsup/cygwin/autoload.cc
index 056fac7dc..c04e25c95 100644
--- a/winsup/cygwin/autoload.cc
+++ b/winsup/cygwin/autoload.cc
@@ -699,6 +699,7 @@ LoadDLLfuncEx (CreateEnvironmentBlock, 12, userenv, 1)
 LoadDLLfuncEx2 (CreateProfile, 16, userenv, 1, 1)
 LoadDLLfunc (DestroyEnvironmentBlock, 4, userenv)
 LoadDLLfunc (LoadUserProfileW, 8, userenv)
+LoadDLLfunc (UnloadUserProfile, 8, userenv)
 
 LoadDLLfuncEx3 (waveInAddBuffer, 12, winmm, 1, 0, 1)
 LoadDLLfuncEx3 (waveInClose, 4, winmm, 1, 0, 1)
diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h
index 8877cc358..5c5e3cd1e 100644
--- a/winsup/cygwin/cygheap.h
+++ b/winsup/cygwin/cygheap.h
@@ -106,6 +106,9 @@ public:
   HANDLE curr_primary_token;	 /* Just a copy of external or internal token */
   HANDLE curr_imp_token;	 /* impersonation token derived from primary
 				    token */
+  HANDLE imp_profile_token;	 /* Handle to the token used to load the
+				    user profile in "imp_profile" */
+  HANDLE imp_profile;		 /* Handle to the user profile */
   bool ext_token_is_restricted;  /* external_token is restricted token */
   bool curr_token_is_restricted; /* curr_primary_token is restricted token */
   bool setuid_to_restricted;     /* switch to restricted token by setuid () */
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index c96011d6d..59ee55339 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -306,6 +306,12 @@ load_user_profile (HANDLE token, struct passwd *pw, cygpsid &usersid)
   return pi.hProfile;
 }
 
+bool
+unload_user_profile (HANDLE token, HANDLE profile)
+{
+  return UnloadUserProfile (token, profile);
+}
+
 HANDLE
 lsa_open_policy (PWCHAR server, ACCESS_MASK access)
 {
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 483a527e7..0ce7e8d7a 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -502,6 +502,7 @@ PWCHAR get_user_profile_directory (PCWSTR sidstr, PWCHAR path, SIZE_T path_len);
 
 /* Load user profile if it's not already loaded. */
 HANDLE load_user_profile (HANDLE token, struct passwd *pw, cygpsid &sid);
+bool unload_user_profile (HANDLE token, HANDLE profile);
 
 HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access);
 void lsa_close_policy (HANDLE lsa);
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index 172b7c4f6..b1039762d 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -3603,8 +3603,17 @@ seteuid32 (uid_t uid)
     {
       NTSTATUS status;
 
-      if (!request_restricted_uid_switch)
-	load_user_profile (new_token, pw_new, usersid);
+      if (!request_restricted_uid_switch
+	  && new_token != cygheap->user.imp_profile_token)
+	{
+	  if (cygheap->user.imp_profile_token && cygheap->user.imp_profile)
+	    unload_user_profile (cygheap->user.imp_profile_token,
+				 cygheap->user.imp_profile);
+	  cygheap->user.imp_profile = load_user_profile (new_token, pw_new,
+							 usersid);
+	  if (cygheap->user.imp_profile)
+	    cygheap->user.imp_profile_token = new_token;
+	}
 
       /* Try setting owner to same value as user. */
       status = NtSetInformationToken (new_token, TokenOwner,
@@ -3634,7 +3643,7 @@ seteuid32 (uid_t uid)
   issamesid = (usersid == cygheap->user.sid ());
   cygheap->user.set_sid (usersid);
   cygheap->user.curr_primary_token = new_token == hProcToken ? NO_IMPERSONATION
-							: new_token;
+							     : new_token;
   cygheap->user.curr_token_is_restricted = false;
   cygheap->user.setuid_to_restricted = false;
   if (cygheap->user.curr_imp_token != NO_IMPERSONATION)
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index bfcce00da..49614cb45 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -239,6 +239,8 @@ uinfo_init ()
   cygheap->user.internal_token = NO_IMPERSONATION;
   cygheap->user.curr_primary_token = NO_IMPERSONATION;
   cygheap->user.curr_imp_token = NO_IMPERSONATION;
+  cygheap->user.imp_profile_token = NO_IMPERSONATION;
+  cygheap->user.imp_profile = NULL;
   cygheap->user.ext_token_is_restricted = false;
   cygheap->user.curr_token_is_restricted = false;
   cygheap->user.setuid_to_restricted = false;