libs/newlib-cygwin
libs/newlib-cygwin
4
0
Fork 0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-02-19 07:22:14 +08:00
Code Issues Projects Releases Wiki Activity

* cygheap.h: Move token' and impersonated' from class _pinfo

Browse Source 
to class cygheap_user.
        * pinfo.h: Ditto.
        * fork.cc (fork_child): Change usage of `token' and `impersonated'
        accordingly.
        (fork_parent): Ditto.
        * security.cc (cygwin_set_impersonation_token): Ditto.
        * sigproc.cc (proc_subproc): Ditto.
        * spawn.cc (spawn_guts): Ditto.
        * syscalls.cc (seteuid): Ditto.
        * uinfo.cc (uinfo_init): Ditto.
This commit is contained in:
Corinna Vinschen 2000-11-15 21:04:02 +00:00
parent e00449d657
commit 66c161baac
9 changed files with 55 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,17 @@
Wed Nov 15 21:56:00 2000 Corinna Vinschen <corinna@vinschen.de>
* cygheap.h: Move `token' and `impersonated' from class _pinfo
to class cygheap_user.
* pinfo.h: Ditto.
* fork.cc (fork_child): Change usage of `token' and `impersonated'
accordingly.
(fork_parent): Ditto.
* security.cc (cygwin_set_impersonation_token): Ditto.
* sigproc.cc (proc_subproc): Ditto.
* spawn.cc (spawn_guts): Ditto.
* syscalls.cc (seteuid): Ditto.
* uinfo.cc (uinfo_init): Ditto.
Wed Nov 15 9:59:00 2000 Corinna Vinschen <corinna@vinschen.de> Wed Nov 15 9:59:00 2000 Corinna Vinschen <corinna@vinschen.de>
* spawn.cc (spawn_guts): Revert patch to ignore chroot settings * spawn.cc (spawn_guts): Revert patch to ignore chroot settings

6
winsup/cygwin/cygheap.h
View File

@ -61,13 +61,17 @@ class cygheap_user {
char *plogsrv; /* Logon server, may be FQDN */ char *plogsrv; /* Logon server, may be FQDN */
char *pdomain; /* Logon domain of the user */ char *pdomain; /* Logon domain of the user */
PSID psid; /* buffer for user's SID */ PSID psid; /* buffer for user's SID */
public: public:
uid_t orig_uid; /* Remains intact even after impersonation */ uid_t orig_uid; /* Remains intact even after impersonation */
uid_t orig_gid; /* Ditto */ uid_t orig_gid; /* Ditto */
uid_t real_uid; /* Remains intact on seteuid, replaced by setuid */ uid_t real_uid; /* Remains intact on seteuid, replaced by setuid */
gid_t real_gid; /* Ditto */ gid_t real_gid; /* Ditto */
/* token is needed if set(e)uid should be called. It can be set by a call
to `set_impersonation_token()'. */
HANDLE token;
BOOL impersonated;
cygheap_user () : pname (NULL), plogsrv (NULL), pdomain (NULL), psid (NULL) {} cygheap_user () : pname (NULL), plogsrv (NULL), pdomain (NULL), psid (NULL) {}
~cygheap_user (); ~cygheap_user ();

15
winsup/cygwin/fork.cc
View File

@ -234,12 +234,12 @@ fork_child (HANDLE& hParent, dll *&first_dll, bool& load_dlls)
/* Restore the inheritance state as in parent /* Restore the inheritance state as in parent
Don't call setuid here! The flags are already set. */ Don't call setuid here! The flags are already set. */
if (myself->impersonated) if (cygheap->user.impersonated)
{ {
debug_printf ("Impersonation of child, token: %d", myself->token); debug_printf ("Impersonation of child, token: %d", cygheap->user.token);
if (myself->token == INVALID_HANDLE_VALUE) if (cygheap->user.token == INVALID_HANDLE_VALUE)
RevertToSelf (); // probably not needed RevertToSelf (); // probably not needed
else if (!ImpersonateLoggedOnUser (myself->token)) else if (!ImpersonateLoggedOnUser (cygheap->user.token))
system_printf ("Impersonate for forked child failed: %E"); system_printf ("Impersonate for forked child failed: %E");
} }
@ -434,7 +434,7 @@ fork_parent (void *stack_here, HANDLE& hParent, dll *&first_dll,
/* Remove impersonation */ /* Remove impersonation */
uid_t uid; uid_t uid;
uid = geteuid(); uid = geteuid();
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE)
seteuid (cygheap->user.orig_uid); seteuid (cygheap->user.orig_uid);
ch.parent = hParent; ch.parent = hParent;
@ -481,7 +481,8 @@ out:
ForceCloseHandle(subproc_ready); ForceCloseHandle(subproc_ready);
ForceCloseHandle(forker_finished); ForceCloseHandle(forker_finished);
/* Restore impersonation */ /* Restore impersonation */
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) if (cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
seteuid (uid); seteuid (uid);
return -1; return -1;
} }
@ -505,7 +506,7 @@ out:
strcpy(forked->progname, myself->progname); strcpy(forked->progname, myself->progname);
/* Restore impersonation */ /* Restore impersonation */
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE)
seteuid (uid); seteuid (uid);
ProtectHandle (pi.hThread); ProtectHandle (pi.hThread);

5
winsup/cygwin/pinfo.h
View File

@ -72,11 +72,6 @@ public:
int ctty; /* Control tty */ int ctty; /* Control tty */
bool has_pgid_children;/* True if we've forked or spawned children with our GID. */ bool has_pgid_children;/* True if we've forked or spawned children with our GID. */
/* token is needed if sexec should be called. It can be set by a call
to `set_impersonation_token()'. */
HANDLE token;
BOOL impersonated;
/* Resources used by process. */ /* Resources used by process. */
long start_time; long start_time;
struct rusage rusage_self; struct rusage rusage_self;

10
winsup/cygwin/security.cc
View File

@ -422,12 +422,12 @@ void
cygwin_set_impersonation_token (const HANDLE hToken) cygwin_set_impersonation_token (const HANDLE hToken)
{ {
debug_printf ("set_impersonation_token (%d)", hToken); debug_printf ("set_impersonation_token (%d)", hToken);
if (myself->token != hToken) if (cygheap->user.token != hToken)
{ {
if (myself->token != INVALID_HANDLE_VALUE) if (cygheap->user.token != INVALID_HANDLE_VALUE)
CloseHandle (myself->token); CloseHandle (cygheap->user.token);
myself->token = hToken; cygheap->user.token = hToken;
myself->impersonated = FALSE; cygheap->user.impersonated = FALSE;
} }
} }

2
winsup/cygwin/sigproc.cc
View File

@ -263,8 +263,6 @@ proc_subproc (DWORD what, DWORD val)
vchild->pgid = myself->pgid; vchild->pgid = myself->pgid;
vchild->sid = myself->sid; vchild->sid = myself->sid;
vchild->ctty = myself->ctty; vchild->ctty = myself->ctty;
vchild->impersonated = myself->impersonated;
vchild->token = myself->token;
vchild->process_state |= PID_INITIALIZING | (myself->process_state & PID_USETTY); vchild->process_state |= PID_INITIALIZING | (myself->process_state & PID_USETTY);
sigproc_printf ("added pid %d to wait list, slot %d, winpid %p, handle %p", sigproc_printf ("added pid %d to wait list, slot %d, winpid %p, handle %p",

12
winsup/cygwin/spawn.cc
View File

@ -562,8 +562,8 @@ skip_arg_parsing:
/* Preallocated buffer for `sec_user' call */ /* Preallocated buffer for `sec_user' call */
char sa_buf[1024]; char sa_buf[1024];
if (!hToken && myself->token != INVALID_HANDLE_VALUE) if (!hToken && cygheap->user.token != INVALID_HANDLE_VALUE)
hToken = myself->token; hToken = cygheap->user.token;
const char *runpath = null_app_name ? NULL : (const char *) real_path; const char *runpath = null_app_name ? NULL : (const char *) real_path;
@ -624,7 +624,8 @@ skip_arg_parsing:
/* Remove impersonation */ /* Remove impersonation */
uid_t uid = geteuid(); uid_t uid = geteuid();
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) if (cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
seteuid (cygheap->user.orig_uid); seteuid (cygheap->user.orig_uid);
/* Load users registry hive. */ /* Load users registry hive. */
@ -644,7 +645,8 @@ skip_arg_parsing:
/* Restore impersonation. In case of _P_OVERLAY this isn't /* Restore impersonation. In case of _P_OVERLAY this isn't
allowed since it would overwrite child data. */ allowed since it would overwrite child data. */
if (mode != _P_OVERLAY && mode != _P_VFORK if (mode != _P_OVERLAY && mode != _P_VFORK
&& myself->impersonated && myself->token != INVALID_HANDLE_VALUE) && cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
seteuid (uid); seteuid (uid);
} }
@ -717,7 +719,7 @@ skip_arg_parsing:
sigproc_printf ("spawned windows pid %d", pi.dwProcessId); sigproc_printf ("spawned windows pid %d", pi.dwProcessId);
if (hToken && hToken != myself->token) if (hToken && hToken != cygheap->user.token)
CloseHandle (hToken); CloseHandle (hToken);
DWORD res; DWORD res;

20
winsup/cygwin/syscalls.cc
View File

@ -1833,34 +1833,34 @@ seteuid (uid_t uid)
if (uid == cygheap->user.orig_uid) if (uid == cygheap->user.orig_uid)
{ {
debug_printf ("RevertToSelf() (uid == orig_uid, token=%d)", debug_printf ("RevertToSelf() (uid == orig_uid, token=%d)",
myself->token); cygheap->user.token);
RevertToSelf(); RevertToSelf();
if (myself->token != INVALID_HANDLE_VALUE) if (cygheap->user.token != INVALID_HANDLE_VALUE)
myself->impersonated = FALSE; cygheap->user.impersonated = FALSE;
} }
else if (!myself->impersonated) else if (!cygheap->user.impersonated)
{ {
debug_printf ("Impersonate(uid == %d)", uid); debug_printf ("Impersonate(uid == %d)", uid);
RevertToSelf(); RevertToSelf();
if (myself->token != INVALID_HANDLE_VALUE) if (cygheap->user.token != INVALID_HANDLE_VALUE)
if (!ImpersonateLoggedOnUser (myself->token)) if (!ImpersonateLoggedOnUser (cygheap->user.token))
system_printf ("Impersonate(%d) in set(e)uid failed: %E", system_printf ("Impersonate(%d) in set(e)uid failed: %E",
myself->token); cygheap->user.token);
else else
myself->impersonated = TRUE; cygheap->user.impersonated = TRUE;
} }
cygheap_user user; cygheap_user user;
/* token is used in internal_getlogin() to determine if /* token is used in internal_getlogin() to determine if
impersonation is active. If so, the token is used for impersonation is active. If so, the token is used for
retrieving user's SID. */ retrieving user's SID. */
HANDLE token = myself->impersonated ? myself->token HANDLE token = cygheap->user.impersonated ? cygheap->user.token
: INVALID_HANDLE_VALUE; : INVALID_HANDLE_VALUE;
struct passwd *pw_cur = getpwnam (internal_getlogin (user, token)); struct passwd *pw_cur = getpwnam (internal_getlogin (user, token));
if (pw_cur != pw_new) if (pw_cur != pw_new)
{ {
debug_printf ("Diffs!!! token: %d, cur: %d, new: %d, orig: %d", debug_printf ("Diffs!!! token: %d, cur: %d, new: %d, orig: %d",
myself->token, pw_cur->pw_uid, cygheap->user.token, pw_cur->pw_uid,
pw_new->pw_uid, cygheap->user.orig_uid); pw_new->pw_uid, cygheap->user.orig_uid);
set_errno (EPERM); set_errno (EPERM);
return -1; return -1;

4
winsup/cygwin/uinfo.cc
View File

@ -184,8 +184,8 @@ uinfo_init ()
Setting `impersonated' to TRUE seems to be wrong but it Setting `impersonated' to TRUE seems to be wrong but it
isn't. Impersonated is thought as "Current User and `token' isn't. Impersonated is thought as "Current User and `token'
are coincident". See seteuid() for the mechanism behind that. */ are coincident". See seteuid() for the mechanism behind that. */
myself->token = INVALID_HANDLE_VALUE; cygheap->user.token = INVALID_HANDLE_VALUE;
myself->impersonated = TRUE; cygheap->user.impersonated = TRUE;
/* If uid is USHRT_MAX, the process is started from a non cygwin /* If uid is USHRT_MAX, the process is started from a non cygwin
process or the user context was changed in spawn.cc */ process or the user context was changed in spawn.cc */