libs/newlib-cygwin
libs
/
newlib-cygwin
mirror of git://sourceware.org/git/newlib-cygwin.git
4
0
Fork 0
Code Issues Projects Releases Wiki Activity

* fork.cc (fork): Eliminate superfluous call to getuid(). 

* security.h: New define `NO_SID'. Remove declarations of functions
        moved to methods into class cygsid.
        (class cygsid): Declare new methods `getfromstr', `get_sid',
        `getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
        and new constructors and operators =, == and !=.
        Declare new global cygsids `well_known_XXX_sid' substituting the
        corresponding `get_XXX_sid' functions. Remove declarations of
        these functions.
        * sec_helper.cc (well_known_admin_sid): New global variable.
        (well_known_system_sid): Ditto
        (well_known_creator_owner_sid): Ditto
        (well_known_world_sid): Ditto
        (cygsid::string): New method, substituting `convert_sid_to_string_sid'.
        (cygsid::get_sid): New method, substituting `get_sid'.
        (cygsid::getfromstr): New method, substituting
        `convert_string_sid_to_sid'.
        (cygsid::getfrompw): New method, substituting `get_pw_sid'.
        (cygsid::getfromgr): New method, substituting `get_gr_sid'.
        (cygsid::get_id): New method, substituting `get_id_from_sid'.
        (get_admin_sid): Eliminated.
        (get_system_sid): Ditto.
        (get_creator_owner_sid): Ditto.
        (get_world_sid): Ditto.
        * grp.cc: Use new cygsid methods and well known sids throughout.
        * registry.cc: Ditto.
        * sec_acl.cc: Ditto.
        * security.cc: Ditto.
        * shared.cc: Ditto.
        * syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
        * uinfo.cc (internal_getlogin): Ditto.
        * spawn.cc (spawn_guts) Revert previous patch.
This commit is contained in:
Corinna Vinschen 2001-05-15 19:23:31 +00:00
parent 75f9ca7b0c
commit 2b0a111fcf
12 changed files with 179 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,38 @@
Tue May 15 19:52:00 2001 Corinna Vinschen <corinna@vinschen.de>
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
Tue May 15 10:20:00 2001 Corinna Vinschen <corinna@vinschen.de>
* fhandler_socket.cc (fhandler_socket::ioctl): Convert s_addr

2
winsup/cygwin/fork.cc
View File

@ -433,8 +433,6 @@ fork_parent (void *stack_here, HANDLE& hParent, dll *&first_dll,
si.cbReserved2 = sizeof(ch);
/* Remove impersonation */
uid_t uid;
uid = geteuid();
if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE)
RevertToSelf ();

6
winsup/cygwin/grp.cc
View File

@ -125,8 +125,6 @@ add_grp_line (const char *line)
curr_lines++;
}
extern PSID get_admin_sid ();
/* Cygwin internal */
/* Read in /etc/group and save contents in the group cache */
/* This sets group_in_memory_p to 1 so functions in this file can
@ -176,7 +174,7 @@ read_etc_group ()
SID_NAME_USE acType;
debug_printf ("Emulating /etc/group");
if (! LookupAccountSidA (NULL ,
get_admin_sid () ,
well_known_admin_sid,
group_name,
&group_name_len,
domain_name,
@ -294,7 +292,7 @@ getgroups (int gidsetsize, gid_t *grouplist, gid_t gid, const char *username)
cygsid sid;
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
if (get_gr_sid (sid, gr))
if (sid.getfromgr (gr))
for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
if (sid == groups->Groups[pg].Sid)
{

8
winsup/cygwin/registry.cc
View File

@ -202,7 +202,8 @@ get_registry_hive_path (const PSID psid, char *path)
if (!psid || !path)
return NULL;
convert_sid_to_string_sid (psid, sid);
cygsid csid (psid);
csid.string (sid);
strcpy (key,"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\");
strcat (key, sid);
if (!RegOpenKeyExA (HKEY_LOCAL_MACHINE, key, 0, KEY_READ, &hkey))
@ -232,8 +233,9 @@ load_registry_hive (PSID psid)
if (!psid)
return;
/* Check if user hive is already loaded. */
if (!RegOpenKeyExA (HKEY_USERS, convert_sid_to_string_sid (psid, sid),
0, KEY_READ, &hkey))
cygsid csid (psid);
csid.string (sid);
if (!RegOpenKeyExA (HKEY_USERS, csid.string (sid), 0, KEY_READ, &hkey))
{
debug_printf ("User registry hive for %s already exists", sid);
RegCloseKey (hkey);

21
winsup/cygwin/sec_acl.cc
View File

@ -157,7 +157,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
case USER:
case DEF_USER:
if (!(pw = getpwuid (aclbufp[i].a_id))
|| !get_pw_sid (sid, pw)
|| !sid.getfrompw (pw)
|| !add_access_allowed_ace (acl, ace_off++, allow,
sid, acl_len, inheritance))
return -1;
@ -171,7 +171,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
case GROUP:
case DEF_GROUP:
if (!(gr = getgrgid (aclbufp[i].a_id))
|| !get_gr_sid (sid, gr)
|| !sid.getfromgr (gr)
|| !add_access_allowed_ace (acl, ace_off++, allow,
sid, acl_len, inheritance))
return -1;
@ -179,7 +179,8 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
case OTHER_OBJ:
case DEF_OTHER_OBJ:
if (!add_access_allowed_ace (acl, ace_off++, allow,
get_world_sid(), acl_len, inheritance))
well_known_world_sid,
acl_len, inheritance))
return -1;
break;
}
@ -261,7 +262,7 @@ getacl (const char *file, DWORD attr, int nentries, aclent_t *aclbufp)
__seterrno ();
return -1;
}
uid = get_uid_from_sid (owner_sid);
uid = cygsid (owner_sid).get_uid ();
if (!GetSecurityDescriptorGroup (psd, &group_sid, &dummy))
{
@ -269,7 +270,7 @@ getacl (const char *file, DWORD attr, int nentries, aclent_t *aclbufp)
__seterrno ();
return -1;
}
gid = get_gid_from_sid (group_sid);
gid = cygsid (group_sid).get_gid ();
aclent_t lacl[MAX_ACL_ENTRIES];
memset (&lacl, 0, MAX_ACL_ENTRIES * sizeof (aclent_t));
@ -321,18 +322,18 @@ getacl (const char *file, DWORD attr, int nentries, aclent_t *aclbufp)
type = GROUP_OBJ;
id = gid;
}
else if (ace_sid == get_world_sid ())
else if (ace_sid == well_known_world_sid)
{
type = OTHER_OBJ;
id = 0;
}
else
{
id = get_id_from_sid (ace_sid, FALSE, &type);
id = ace_sid.get_id (FALSE, &type);
if (type != GROUP)
{
int type2 = 0;
int id2 = get_id_from_sid (ace_sid, TRUE, &type2);
int id2 = ace_sid.get_id (TRUE, &type2);
if (type2 == GROUP)
{
id = id2;
@ -424,10 +425,10 @@ acl_access (const char *path, int flags)
struct group *gr = NULL;
if ((pw = getpwuid (acls[i].a_id)) != NULL
&& get_pw_sid (owner, pw))
&& owner.getfrompw (pw))
{
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
if (get_gr_sid (group, gr)
if (group.getfromgr (gr)
&& owner == group
&& is_grp_member (myself->uid, gr->gr_gid))
break;

100
winsup/cygwin/sec_helper.cc
View File

@ -44,41 +44,46 @@ SID_IDENTIFIER_AUTHORITY sid_auth[] = {
{SECURITY_NT_AUTHORITY}
};
cygsid well_known_admin_sid ("S-1-5-32-544");
cygsid well_known_system_sid ("S-1-5-18");
cygsid well_known_creator_owner_sid ("S-1-3-0");
cygsid well_known_world_sid ("S-1-1-0");
char *
convert_sid_to_string_sid (PSID psid, char *sid_str)
cygsid::string (char *nsidstr)
{
char t[32];
DWORD i;
if (!psid || !sid_str)
if (!psid || !nsidstr)
return NULL;
strcpy (sid_str, "S-1-");
strcpy (nsidstr, "S-1-");
__small_sprintf(t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
strcat (sid_str, t);
strcat (nsidstr, t);
for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
{
__small_sprintf(t, "-%lu", *GetSidSubAuthority (psid, i));
strcat (sid_str, t);
strcat (nsidstr, t);
}
return sid_str;
return nsidstr;
}
PSID
get_sid (PSID psid, DWORD s, DWORD cnt, DWORD *r)
cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r)
{
DWORD i;
if (!psid || s > 5 || cnt < 1 || cnt > 8)
if (s > 5 || cnt < 1 || cnt > 8)
return NULL;
set ();
InitializeSid(psid, &sid_auth[s], cnt);
for (i = 0; i < cnt; ++i)
memcpy ((char *) psid + 8 + sizeof (DWORD) * i, &r[i], sizeof (DWORD));
return psid;
}
PSID
convert_string_sid_to_sid (PSID psid, const char *sid_str)
const PSID
cygsid::getfromstr (const char *nsidstr)
{
char sid_buf[256];
char *t, *lasts;
@ -86,10 +91,10 @@ convert_string_sid_to_sid (PSID psid, const char *sid_str)
DWORD s = 0;
DWORD i, r[8];
if (!sid_str || strncmp (sid_str, "S-1-", 4))
if (!nsidstr || strncmp (nsidstr, "S-1-", 4))
return NULL;
strcpy (sid_buf, sid_str);
strcpy (sid_buf, nsidstr);
for (t = sid_buf + 4, i = 0;
cnt < 8 && (t = strtok_r (t, "-", &lasts));
@ -99,68 +104,33 @@ convert_string_sid_to_sid (PSID psid, const char *sid_str)
else
r[cnt++] = strtoul (t, NULL, 10);
return get_sid (psid, s, cnt, r);
return get_sid (s, cnt, r);
}
BOOL
get_pw_sid (PSID sid, struct passwd *pw)
cygsid::getfrompw (struct passwd *pw)
{
char *sp = pw->pw_gecos ? strrchr (pw->pw_gecos, ',') : NULL;
if (!sp)
return FALSE;
return convert_string_sid_to_sid (sid, ++sp) != NULL;
return (*this = ++sp) != NULL;
}
BOOL
get_gr_sid (PSID sid, struct group *gr)
cygsid::getfromgr (struct group *gr)
{
return convert_string_sid_to_sid (sid, gr->gr_passwd) != NULL;
}
PSID
get_admin_sid ()
{
static NO_COPY cygsid admin_sid (NULL);
if (!admin_sid)
convert_string_sid_to_sid (admin_sid.set (), "S-1-5-32-544");
return admin_sid;
}
PSID
get_system_sid ()
{
static NO_COPY cygsid system_sid (NULL);
if (!system_sid)
convert_string_sid_to_sid (system_sid.set (), "S-1-5-18");
return system_sid;
}
PSID
get_creator_owner_sid ()
{
static NO_COPY cygsid owner_sid (NULL);
if (!owner_sid)
convert_string_sid_to_sid (owner_sid.set (), "S-1-3-0");
return owner_sid;
}
PSID
get_world_sid ()
{
static NO_COPY cygsid world_sid (NULL);
if (!world_sid)
convert_string_sid_to_sid (world_sid.set (), "S-1-1-0");
return world_sid;
return (*this = gr->gr_passwd) != NULL;
}
int
get_id_from_sid (PSID psid, BOOL search_grp, int *type)
cygsid::get_id (BOOL search_grp, int *type)
{
if (!psid)
{
set_errno (EINVAL);
return -1;
}
if (!IsValidSid (psid))
{
__seterrno ();
@ -179,7 +149,7 @@ get_id_from_sid (PSID psid, BOOL search_grp, int *type)
struct passwd *pw;
for (int pidx = 0; (pw = internal_getpwent (pidx)); ++pidx)
{
if (get_pw_sid (sid, pw) && sid == psid)
if (sid.getfrompw (pw) && sid == psid)
{
id = pw->pw_uid;
break;
@ -197,7 +167,7 @@ get_id_from_sid (PSID psid, BOOL search_grp, int *type)
struct group *gr;
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
{
if (get_gr_sid (sid, gr) && sid == psid)
if (sid.getfromgr (gr) && sid == psid)
{
id = gr->gr_gid;
break;
@ -268,13 +238,7 @@ get_id_from_sid (PSID psid, BOOL search_grp, int *type)
return id;
}
int
get_id_from_sid (PSID psid, BOOL search_grp)
{
return get_id_from_sid (psid, search_grp, NULL);
}
BOOL
static BOOL
legal_sid_type (SID_NAME_USE type)
{
return type == SidTypeUser || type == SidTypeGroup

16
winsup/cygwin/security.cc
View File

@ -428,8 +428,8 @@ get_nt_attribute (const char *file, int *attribute,
return -1;
}
uid_t uid = get_uid_from_sid (owner_sid);
gid_t gid = get_gid_from_sid (group_sid);
uid_t uid = cygsid(owner_sid).get_uid ();
gid_t gid = cygsid(group_sid).get_gid ();
if (uidret)
*uidret = uid;
if (gidret)
@ -498,7 +498,7 @@ get_nt_attribute (const char *file, int *attribute,
*flags |= S_IXGRP
| ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
}
else if (ace_sid == get_world_sid ())
else if (ace_sid == well_known_world_sid)
{
if (ace->Mask & FILE_READ_DATA)
*flags |= S_IROTH
@ -615,7 +615,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
cygsid owner_sid;
struct passwd *pw = getpwuid (uid);
strcpy (owner, pw ? pw->pw_name : getlogin ());
if ((!pw || !get_pw_sid (owner_sid, pw))
if ((!pw || !owner_sid.getfrompw (pw))
&& !lookup_name (owner, logsrv, owner_sid))
return NULL;
debug_printf ("owner: %s [%d]", owner,
@ -623,11 +623,11 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
*GetSidSubAuthorityCount(owner_sid) - 1));
/* Get SID and name of new group. */
cygsid group_sid (NULL);
cygsid group_sid (NO_SID);
struct group *grp = getgrgid (gid);
if (grp)
{
if ((!grp || !get_gr_sid (group_sid.set (), grp))
if ((!grp || !group_sid.getfromgr (grp))
&& !lookup_name (grp->gr_name, logsrv, group_sid))
return NULL;
}
@ -767,7 +767,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
/* Set allow ACE for everyone. */
if (!add_access_allowed_ace (acl, ace_off++, other_allow,
get_world_sid (), acl_len, inherit))
well_known_world_sid, acl_len, inherit))
return NULL;
/* Get owner and group from current security descriptor. */
@ -793,7 +793,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
|| (owner_sid && ace_sid == owner_sid)
|| (cur_group_sid && ace_sid == cur_group_sid)
|| (group_sid && ace_sid == group_sid)
|| (ace_sid == get_world_sid ()))
|| (ace_sid == well_known_world_sid))
continue;
/*
* Add unrelated ACCESS_DENIED_ACE to the beginning but

59
winsup/cygwin/security.h
View File

@ -12,21 +12,37 @@ details. */
#define INHERIT_ALL (CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE)
#define INHERIT_ONLY (INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE)
#define MAX_SID_LEN 40
#define DEFAULT_UID DOMAIN_USER_RID_ADMIN
#define DEFAULT_GID DOMAIN_ALIAS_RID_ADMINS
#define MAX_SID_LEN 40
#define NO_SID ((PSID)NULL)
class cygsid {
PSID psid;
char sbuf[MAX_SID_LEN];
const PSID getfromstr (const char *nsidstr);
PSID get_sid (DWORD s, DWORD cnt, DWORD *r);
public:
inline cygsid () : psid ((PSID) sbuf) {}
inline cygsid (PSID nsid) { *this = nsid; }
inline cygsid (const PSID nsid) { *this = nsid; }
inline cygsid (const char *nstrsid) { *this = nstrsid; }
inline PSID set () { return psid = (PSID) sbuf; }
inline const PSID operator= (PSID nsid)
BOOL getfrompw (struct passwd *pw);
BOOL getfromgr (struct group *gr);
int get_id (BOOL search_grp, int *type = NULL);
inline int get_uid () { return get_id (FALSE); }
inline int get_gid () { return get_id (TRUE); }
char *string (char *nsidstr);
inline const PSID operator= (const PSID nsid)
{
if (!nsid)
psid = NULL;
@ -37,15 +53,33 @@ public:
}
return psid;
}
inline BOOL operator== (PSID nsid)
inline const PSID operator= (const char *nsidstr)
{ return getfromstr (nsidstr); }
inline BOOL operator== (const PSID nsid) const
{
if (!psid || !nsid)
return nsid == psid;
return EqualSid (psid, nsid);
}
inline BOOL operator== (const char *nsidstr) const
{
cygsid nsid (nsidstr);
return *this == nsid;
}
inline BOOL operator!= (const PSID nsid) const
{ return !(*this == nsid); }
inline BOOL operator!= (const char *nsidstr) const
{ return !(*this == nsidstr); }
inline operator const PSID () { return psid; }
};
extern cygsid well_known_admin_sid;
extern cygsid well_known_system_sid;
extern cygsid well_known_creator_owner_sid;
extern cygsid well_known_world_sid;
extern BOOL allow_ntsec;
extern BOOL allow_smbntsec;
@ -70,18 +104,6 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS
HANDLE subauth (struct passwd *pw);
/* sec_helper.cc: Security helper functions. */
char *__stdcall convert_sid_to_string_sid (PSID psid, char *sid_str);
PSID __stdcall convert_string_sid_to_sid (PSID psid, const char *sid_str);
PSID __stdcall get_sid (PSID psid, DWORD s, DWORD cnt, DWORD *r);
BOOL __stdcall get_pw_sid (PSID sid, struct passwd *pw);
BOOL __stdcall get_gr_sid (PSID sid, struct group *gr);
PSID __stdcall get_admin_sid ();
PSID __stdcall get_system_sid ();
PSID __stdcall get_creator_owner_sid ();
PSID __stdcall get_world_sid ();
int get_id_from_sid (PSID psid, BOOL search_grp, int *type);
int __stdcall get_id_from_sid (PSID psid, BOOL search_grp);
BOOL __stdcall legal_sid_type (SID_NAME_USE type);
BOOL __stdcall is_grp_member (uid_t uid, gid_t gid);
/* `lookup_name' should be called instead of LookupAccountName.
* logsrv may be NULL, in this case only the local system is used for lookup.
@ -89,9 +111,6 @@ BOOL __stdcall is_grp_member (uid_t uid, gid_t gid);
BOOL __stdcall lookup_name (const char *, const char *, PSID);
int set_process_privilege (const char *privilege, BOOL enable = TRUE);
extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);}
extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); }
/* shared.cc: */
/* Retrieve a security descriptor that allows all access */
SECURITY_DESCRIPTOR *__stdcall get_null_sd (void);

12
winsup/cygwin/shared.cc
View File

@ -249,9 +249,9 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
size_t acl_len = sizeof (ACL)
+ 4 * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD))
+ GetLengthSid (sid)
+ GetLengthSid (get_admin_sid ())
+ GetLengthSid (get_system_sid ())
+ GetLengthSid (get_creator_owner_sid ());
+ GetLengthSid (well_known_admin_sid)
+ GetLengthSid (well_known_system_sid)
+ GetLengthSid (well_known_creator_owner_sid);
if (sid2)
acl_len += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD)
+ GetLengthSid (sid2);
@ -266,17 +266,17 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
if (! AddAccessAllowedAce (acl, ACL_REVISION,
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
get_admin_sid ()))
well_known_admin_sid))
debug_printf ("AddAccessAllowedAce(admin) %E");
if (! AddAccessAllowedAce (acl, ACL_REVISION,
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
get_system_sid ()))
well_known_system_sid))
debug_printf ("AddAccessAllowedAce(system) %E");
if (! AddAccessAllowedAce (acl, ACL_REVISION,
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
get_creator_owner_sid ()))
well_known_creator_owner_sid))
debug_printf ("AddAccessAllowedAce(creator_owner) %E");
if (sid2)

8
winsup/cygwin/spawn.cc
View File

@ -612,10 +612,9 @@ skip_arg_parsing:
DWORD ret_len;
if (!GetTokenInformation (hToken, TokenUser, &sid, sizeof sid, &ret_len))
{
sid = NULL;
sid = NO_SID;
system_printf ("GetTokenInformation: %E");
}
/* Retrieve security attributes before setting psid to NULL
since it's value is needed by `sec_user'. */
PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid
@ -623,9 +622,10 @@ skip_arg_parsing:
: &sec_all_nih;
/* Remove impersonation */
uid_t uid = geteuid ();
if (cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
RevertToSelf ();
seteuid (cygheap->user.orig_uid);
/* Load users registry hive. */
load_registry_hive (sid);
@ -664,7 +664,7 @@ skip_arg_parsing:
if (mode != _P_OVERLAY && mode != _P_VFORK
&& cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
ImpersonateLoggedOnUser (cygheap->user.token);
seteuid (uid);
}
MALLOC_CHECK;

56
winsup/cygwin/syscalls.cc
View File

@ -1984,9 +1984,12 @@ seteuid (uid_t uid)
if (!GetTokenInformation (cygheap->user.token, TokenUser,
&tsid, sizeof tsid, &siz))
debug_printf ("GetTokenInformation(): %E");
else if (get_pw_sid (psid, pw_new) && tsid != psid)
else if (psid.getfrompw (pw_new) && tsid != psid)
{
/* If not, RevertToSelf and close old token. */
char tstr[256], pstr[256];
debug_printf ("tsid (%s) != psid (%s)",
tsid.string (tstr), psid.string (pstr));
RevertToSelf ();
cygwin_set_impersonation_token (INVALID_HANDLE_VALUE);
}
@ -2003,36 +2006,35 @@ seteuid (uid_t uid)
}
/* If no impersonation is active but an impersonation
token is available, try to impersonate. */
if (!cygheap->user.impersonated)
if (cygheap->user.token != INVALID_HANDLE_VALUE &&
!cygheap->user.impersonated)
{
debug_printf ("Impersonate (uid == %d)", uid);
RevertToSelf ();
if (cygheap->user.token != INVALID_HANDLE_VALUE)
{
struct group *gr;
/* Try setting owner to same value as user. */
if (!SetTokenInformation (cygheap->user.token,
TokenOwner,
&tsid, sizeof tsid))
debug_printf ("SetTokenInformation(user.token, "
"TokenOwner): %E");
/* Try setting primary group in token to current group. */
if ((gr = getgrgid (myself->gid)) &&
get_gr_sid (gsid, gr) &&
!SetTokenInformation (cygheap->user.token,
TokenPrimaryGroup,
&gsid, sizeof gsid))
debug_printf ("SetTokenInformation(user.token, "
"TokenPrimaryGroup): %E");
struct group *gr;
/* Now try to impersonate. */
if (!ImpersonateLoggedOnUser (cygheap->user.token))
system_printf ("Impersonating (%d) in set(e)uid "
"failed: %E", cygheap->user.token);
else
cygheap->user.impersonated = TRUE;
}
/* Try setting owner to same value as user. */
if (!SetTokenInformation (cygheap->user.token,
TokenOwner,
&tsid, sizeof tsid))
debug_printf ("SetTokenInformation(user.token, "
"TokenOwner): %E");
/* Try setting primary group in token to current group. */
if ((gr = getgrgid (myself->gid)) &&
gsid.getfromgr (gr) &&
!SetTokenInformation (cygheap->user.token,
TokenPrimaryGroup,
&gsid, sizeof gsid))
debug_printf ("SetTokenInformation(user.token, "
"TokenPrimaryGroup): %E");
/* Now try to impersonate. */
if (!ImpersonateLoggedOnUser (cygheap->user.token))
system_printf ("Impersonating (%d) in set(e)uid "
"failed: %E", cygheap->user.token);
else
cygheap->user.impersonated = TRUE;
}
}
@ -2084,7 +2086,7 @@ setegid (gid_t gid)
cygsid gsid;
HANDLE ptok;
if (get_gr_sid (gsid, gr))
if (gsid.getfromgr (gr))
{
if (!OpenProcessToken (GetCurrentProcess (),
TOKEN_ADJUST_DEFAULT,

17
winsup/cygwin/uinfo.cc
View File

@ -34,11 +34,10 @@ internal_getlogin (cygheap_user &user)
DWORD username_len = UNLEN + 1;
struct passwd *pw = NULL;
if (!user.name ())
if (!GetUserName (username, &username_len))
user.set_name ("unknown");
else
user.set_name (username);
if (!GetUserName (username, &username_len))
user.set_name ("unknown");
else
user.set_name (username);
if (os_being_run == winNT)
{
@ -153,7 +152,7 @@ internal_getlogin (cygheap_user &user)
/* If we have a SID, try to get the corresponding Cygwin user name
which can be different from the Windows user name. */
cygsid gsid (NULL);
cygsid gsid (NO_SID);
if (ret)
{
cygsid psid;
@ -165,13 +164,13 @@ internal_getlogin (cygheap_user &user)
setenv ("USERPROFILE", buf, 1);
}
for (int pidx = 0; (pw = internal_getpwent (pidx)); ++pidx)
if (get_pw_sid (psid, pw) && EqualSid (user.sid (), psid))
if (psid.getfrompw (pw) && EqualSid (user.sid (), psid))
{
user.set_name (pw->pw_name);
struct group *gr = getgrgid (pw->pw_gid);
if (gr)
if (!get_gr_sid (gsid.set (), gr))
gsid = NULL;
if (!gsid.getfromgr (gr))
gsid = NO_SID;
break;
}
}