Bugzilla bug #42874: allow OpenProcessToken to fail with
authorwtc%netscape.com
Wed, 28 Jun 2000 01:13:33 +0000
changeset 1443 85c5c9f02a88ef4338751c61761eda5c772ab692
parent 1442 01d7301fb414005d25f77ef72d906c59e40a6e25
child 1444 aacfcb9998603a9b887b959f17bda476bf883d64
push idunknown
push userunknown
push dateunknown
bugs42874
Bugzilla bug #42874: allow OpenProcessToken to fail with ERROR_CALL_NOT_IMPLEMENTED (on non-NT systems) or ERROR_ACCESS_DENIED (processes with insufficient access permissions).
pr/src/md/windows/ntsec.c
--- a/pr/src/md/windows/ntsec.c
+++ b/pr/src/md/windows/ntsec.c
@@ -70,36 +70,36 @@ void _PR_NT_InitSids(void)
     HANDLE hToken;
     UCHAR infoBuffer[1024];
     PTOKEN_OWNER pTokenOwner = (PTOKEN_OWNER) infoBuffer;
     PTOKEN_PRIMARY_GROUP pTokenPrimaryGroup
             = (PTOKEN_PRIMARY_GROUP) infoBuffer;
     DWORD dwLength;
     BOOL rv;
 
-    /* Create a well-known SID for the Everyone group. */
-    if (!AllocateAndInitializeSid(&SIDAuthWorld, 1,
-            SECURITY_WORLD_RID,
-            0, 0, 0, 0, 0, 0, 0,
-            &_pr_nt_sids.everyone)) {
-        /*
-         * On non-NT systems, this function is not implemented,
-         * and neither are the other security functions. There
-         * is no point in going further.
-         */
-        PR_ASSERT(GetLastError() == ERROR_CALL_NOT_IMPLEMENTED);
-        return;
-    }
-
     /*
      * Look up and make a copy of the owner and primary group
      * SIDs in the access token of the calling process.
      */
     rv = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);
-    PR_ASSERT(rv != 0);
+    if (rv == 0) {
+        /*
+         * On non-NT systems, this function is not implemented
+         * (error code ERROR_CALL_NOT_IMPLEMENTED), and neither are
+         * the other security functions.  There is no point in
+         * going further.
+         *
+         * A process with insufficient access permissions may fail
+         * with the error code ERROR_ACCESS_DENIED.
+         */
+        PR_LOG(_pr_io_lm, PR_LOG_DEBUG,
+                ("_PR_NT_InitSids: OpenProcessToken() failed. Error: %d",
+                GetLastError()));
+        return;
+    }
 
     rv = GetTokenInformation(hToken, TokenOwner, infoBuffer,
             sizeof(infoBuffer), &dwLength);
     PR_ASSERT(rv != 0);
     dwLength = GetLengthSid(pTokenOwner->Owner);
     _pr_nt_sids.owner = (PSID) PR_Malloc(dwLength);
     PR_ASSERT(_pr_nt_sids.owner != NULL);
     rv = CopySid(dwLength, _pr_nt_sids.owner, pTokenOwner->Owner);
@@ -112,16 +112,23 @@ void _PR_NT_InitSids(void)
     _pr_nt_sids.group = (PSID) PR_Malloc(dwLength);
     PR_ASSERT(_pr_nt_sids.group != NULL);
     rv = CopySid(dwLength, _pr_nt_sids.group,
             pTokenPrimaryGroup->PrimaryGroup);
     PR_ASSERT(rv != 0);
 
     rv = CloseHandle(hToken);
     PR_ASSERT(rv != 0);
+
+    /* Create a well-known SID for the Everyone group. */
+    rv = AllocateAndInitializeSid(&SIDAuthWorld, 1,
+            SECURITY_WORLD_RID,
+            0, 0, 0, 0, 0, 0, 0,
+            &_pr_nt_sids.everyone);
+    PR_ASSERT(rv != 0);
 }
 
 /*
  * Free the SIDs for owner, primary group, and the Everyone group
  * in the _pr_nt_sids structure.
  *
  * This function needs to be called by NSPR cleanup.
  */