2004-10-28 Pierre Humblet <pierre.humblet@ieee.org>
* path.cc (mount_info::from_registry): Deimpersonate while
accessing HKLM.
(mount_info::read_cygdrive_info_from_registry): Ditto.
* cygheap.h: Define NO_IMPERSONATION.
(cygheap_user::issetuid): Replace INVALID_HANDLE_VALUE by
NO_IMPERSONATION.
(cygheap_user::has_impersonation_tokens): Ditto.
(cygheap_user::close_impersonation_tokens): Ditto.
* uinfo.cc (uinfo_init): Ditto.
* syscalls.cc (seteuid32): Ditto.
* security.cc (set_impersonation_token): Ditto.
This commit is contained in:
Pierre Humblet
parent
3905510834
commit
531979231d
|
|
@ -1,3 +1,17 @@
|
|||
2004-10-28 Pierre Humblet <pierre.humblet@ieee.org>
|
||||
|
||||
* path.cc (mount_info::from_registry): Deimpersonate while
|
||||
accessing HKLM.
|
||||
(mount_info::read_cygdrive_info_from_registry): Ditto.
|
||||
* cygheap.h: Define NO_IMPERSONATION.
|
||||
(cygheap_user::issetuid): Replace INVALID_HANDLE_VALUE by
|
||||
NO_IMPERSONATION.
|
||||
(cygheap_user::has_impersonation_tokens): Ditto.
|
||||
(cygheap_user::close_impersonation_tokens): Ditto.
|
||||
* uinfo.cc (uinfo_init): Ditto.
|
||||
* syscalls.cc (seteuid32): Ditto.
|
||||
* security.cc (set_impersonation_token): Ditto.
|
||||
|
||||
2004-10-26 Christopher Faylor <cgf@timesys.com>
|
||||
|
||||
* cygtls.cc (_cygtls::fixup_after_fork): Wipe out exitsock local since
|
||||
|
|
|
|||
|
|
@ -169,7 +169,8 @@ public:
|
|||
PSID sid () { return effec_cygsid; }
|
||||
PSID saved_sid () { return saved_cygsid; }
|
||||
const char *ontherange (homebodies what, struct passwd * = NULL);
|
||||
bool issetuid () const { return current_token != INVALID_HANDLE_VALUE; }
|
||||
#define NO_IMPERSONATION NULL
|
||||
bool issetuid () const { return current_token != NO_IMPERSONATION; }
|
||||
HANDLE token () { return current_token; }
|
||||
void deimpersonate ()
|
||||
{
|
||||
|
|
@ -183,26 +184,26 @@ public:
|
|||
system_printf ("ImpersonateLoggedOnUser: %E");
|
||||
}
|
||||
bool has_impersonation_tokens ()
|
||||
{ return external_token != INVALID_HANDLE_VALUE
|
||||
|| internal_token != INVALID_HANDLE_VALUE
|
||||
|| current_token != INVALID_HANDLE_VALUE; }
|
||||
{ return external_token != NO_IMPERSONATION
|
||||
|| internal_token != NO_IMPERSONATION
|
||||
|| current_token != NO_IMPERSONATION; }
|
||||
void close_impersonation_tokens ()
|
||||
{
|
||||
if (current_token != INVALID_HANDLE_VALUE)
|
||||
if (current_token != NO_IMPERSONATION)
|
||||
{
|
||||
if( current_token != external_token && current_token != internal_token)
|
||||
CloseHandle (current_token);
|
||||
current_token = INVALID_HANDLE_VALUE;
|
||||
current_token = NO_IMPERSONATION;
|
||||
}
|
||||
if (external_token != INVALID_HANDLE_VALUE)
|
||||
if (external_token != NO_IMPERSONATION)
|
||||
{
|
||||
CloseHandle (external_token);
|
||||
external_token = INVALID_HANDLE_VALUE;
|
||||
external_token = NO_IMPERSONATION;
|
||||
}
|
||||
if (internal_token != INVALID_HANDLE_VALUE)
|
||||
if (internal_token != NO_IMPERSONATION)
|
||||
{
|
||||
CloseHandle (internal_token);
|
||||
internal_token = INVALID_HANDLE_VALUE;
|
||||
internal_token = NO_IMPERSONATION;
|
||||
}
|
||||
}
|
||||
const char *cygheap_user::test_uid (char *&, const char *, size_t)
|
||||
|
|
|
|||
|
|
@ -1802,11 +1802,13 @@ mount_info::from_registry ()
|
|||
read_mounts (r);
|
||||
|
||||
/* Then read mounts from system-wide mount table. */
|
||||
cygheap->user.deimpersonate ();
|
||||
reg_key r1 (HKEY_LOCAL_MACHINE, KEY_READ, "SOFTWARE",
|
||||
CYGWIN_INFO_CYGNUS_REGISTRY_NAME, CYGWIN_REGNAME,
|
||||
CYGWIN_INFO_CYGWIN_MOUNT_REGISTRY_NAME,
|
||||
NULL);
|
||||
read_mounts (r1);
|
||||
cygheap->user.reimpersonate ();
|
||||
}
|
||||
|
||||
/* add_reg_mount: Add mount item to registry. Return zero on success,
|
||||
|
|
@ -1922,16 +1924,16 @@ mount_info::read_cygdrive_info_from_registry ()
|
|||
{
|
||||
/* reg_key for user path prefix in HKEY_CURRENT_USER. */
|
||||
reg_key r;
|
||||
|
||||
/* First read cygdrive from user's registry. */
|
||||
if (r.get_string (CYGWIN_INFO_CYGDRIVE_PREFIX, cygdrive, sizeof (cygdrive), "") != 0)
|
||||
{
|
||||
/* Didn't find the user path prefix so check the system path prefix. */
|
||||
|
||||
/* reg_key for system path prefix in HKEY_LOCAL_MACHINE. */
|
||||
/* Then read cygdrive from system-wide registry. */
|
||||
cygheap->user.deimpersonate ();
|
||||
reg_key r2 (HKEY_LOCAL_MACHINE, KEY_READ, "SOFTWARE",
|
||||
CYGWIN_INFO_CYGNUS_REGISTRY_NAME, CYGWIN_REGNAME,
|
||||
CYGWIN_INFO_CYGWIN_MOUNT_REGISTRY_NAME,
|
||||
NULL);
|
||||
cygheap->user.reimpersonate ();
|
||||
|
||||
if (r2.get_string (CYGWIN_INFO_CYGDRIVE_PREFIX, cygdrive,
|
||||
sizeof (cygdrive), ""))
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ extern "C" void
|
|||
cygwin_set_impersonation_token (const HANDLE hToken)
|
||||
{
|
||||
debug_printf ("set_impersonation_token (%d)", hToken);
|
||||
cygheap->user.external_token = hToken;
|
||||
cygheap->user.external_token = hToken == INVALID_HANDLE_VALUE ? NO_IMPERSONATION : hToken;
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2032,17 +2032,17 @@ seteuid32 (__uid32_t uid)
|
|||
if (verify_token (ptok, usersid, groups))
|
||||
new_token = ptok;
|
||||
/* Verify if the external token is suitable */
|
||||
else if (cygheap->user.external_token != INVALID_HANDLE_VALUE
|
||||
else if (cygheap->user.external_token != NO_IMPERSONATION
|
||||
&& verify_token (cygheap->user.external_token, usersid, groups))
|
||||
new_token = cygheap->user.external_token;
|
||||
/* Verify if the current token (internal or former external) is suitable */
|
||||
else if (cygheap->user.current_token != INVALID_HANDLE_VALUE
|
||||
else if (cygheap->user.current_token != NO_IMPERSONATION
|
||||
&& cygheap->user.current_token != cygheap->user.external_token
|
||||
&& verify_token (cygheap->user.current_token, usersid, groups,
|
||||
&token_is_internal))
|
||||
new_token = cygheap->user.current_token;
|
||||
/* Verify if the internal token is suitable */
|
||||
else if (cygheap->user.internal_token != INVALID_HANDLE_VALUE
|
||||
else if (cygheap->user.internal_token != NO_IMPERSONATION
|
||||
&& cygheap->user.internal_token != cygheap->user.current_token
|
||||
&& verify_token (cygheap->user.internal_token, usersid, groups,
|
||||
&token_is_internal))
|
||||
|
|
@ -2074,10 +2074,11 @@ seteuid32 (__uid32_t uid)
|
|||
goto failed;
|
||||
}
|
||||
/* Keep at most one internal token */
|
||||
if (cygheap->user.internal_token != INVALID_HANDLE_VALUE)
|
||||
if (cygheap->user.internal_token != NO_IMPERSONATION)
|
||||
CloseHandle (cygheap->user.internal_token);
|
||||
cygheap->user.internal_token = new_token;
|
||||
}
|
||||
|
||||
if (new_token != ptok)
|
||||
{
|
||||
/* Avoid having HKCU use default user */
|
||||
|
|
@ -2103,7 +2104,7 @@ seteuid32 (__uid32_t uid)
|
|||
CloseHandle (ptok);
|
||||
issamesid = (usersid == cygheap->user.sid ());
|
||||
cygheap->user.set_sid (usersid);
|
||||
cygheap->user.current_token = new_token == ptok ? INVALID_HANDLE_VALUE
|
||||
cygheap->user.current_token = new_token == ptok ? NO_IMPERSONATION
|
||||
: new_token;
|
||||
if (!issamesid) /* MS KB 199190 */
|
||||
RegCloseKey (HKEY_CURRENT_USER);
|
||||
|
|
|
|||
|
|
@ -160,9 +160,9 @@ uinfo_init ()
|
|||
|
||||
cygheap->user.saved_uid = cygheap->user.real_uid = myself->uid;
|
||||
cygheap->user.saved_gid = cygheap->user.real_gid = myself->gid;
|
||||
cygheap->user.external_token = INVALID_HANDLE_VALUE;
|
||||
cygheap->user.internal_token = INVALID_HANDLE_VALUE;
|
||||
cygheap->user.current_token = INVALID_HANDLE_VALUE;
|
||||
cygheap->user.external_token = NO_IMPERSONATION;
|
||||
cygheap->user.internal_token = NO_IMPERSONATION;
|
||||
cygheap->user.current_token = NO_IMPERSONATION;
|
||||
cygheap->user.set_saved_sid (); /* Update the original sid */
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue