libs/newlib-cygwin
libs/newlib-cygwin
4
0
Fork 0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-02-21 16:26:12 +08:00
Code Issues Projects Releases Wiki Activity

* cygheap.h (enum impersonation): New enum.

Browse Source 
(cygheap_user::token): Delete.
	(cygheap_user::impersonated): Delete.
	(cygheap_user::external_token): New member.
	(cygheap_user::internal_token): New member.
	(cygheap_user::impersonation_state): New member.
	(cygheap_user::issetuid): Modify.
	(cygheap_user::token): New method.
	(cygheap_user::deimpersonate): New method.
	(cygheap_user::reimpersonate): New method.
	(cygheap_user::has_impersonation_tokens): New method.
	(cygheap_user::close_impersonation_tokens): New method.
	* dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods.
	* fhandler_socket.cc (fhandler_socket::dup): Ditto.
	* fork.cc (fork_child): Ditto.
	(fork_parent): Ditto.
	* grp.cc (internal_getgroups): Ditto.
	* security.cc (verify_token): Ditto.
	(check_file_access): Ditto.
	(cygwin_set_impersonation_token): Detect conflicts. Set
	user.external_token.
	* spawn.cc (spawn_guts): Use new cygheap_user methods.
	* syscalls.cc (seteuid32): Rearrange to use the two tokens
	in cygheap_user.
	(setegid32): Use new cygheap_user methods.
	* uinfo.cc: (internal_getlogin): Ditto.
This commit is contained in:
Corinna Vinschen 2003-06-30 13:07:36 +00:00
parent 3fbdb70ec6
commit 70249d5687
10 changed files with 160 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,32 @@
2003-06-30 Pierre Humblet <pierre.humblet@ieee.org>
* cygheap.h (enum impersonation): New enum.
(cygheap_user::token): Delete.
(cygheap_user::impersonated): Delete.
(cygheap_user::external_token): New member.
(cygheap_user::internal_token): New member.
(cygheap_user::impersonation_state): New member.
(cygheap_user::issetuid): Modify.
(cygheap_user::token): New method.
(cygheap_user::deimpersonate): New method.
(cygheap_user::reimpersonate): New method.
(cygheap_user::has_impersonation_tokens): New method.
(cygheap_user::close_impersonation_tokens): New method.
* dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods.
* fhandler_socket.cc (fhandler_socket::dup): Ditto.
* fork.cc (fork_child): Ditto.
(fork_parent): Ditto.
* grp.cc (internal_getgroups): Ditto.
* security.cc (verify_token): Ditto.
(check_file_access): Ditto.
(cygwin_set_impersonation_token): Detect conflicts. Set
user.external_token.
* spawn.cc (spawn_guts): Use new cygheap_user methods.
* syscalls.cc (seteuid32): Rearrange to use the two tokens
in cygheap_user.
(setegid32): Use new cygheap_user methods.
* uinfo.cc: (internal_getlogin): Ditto.
2003-06-25 Doru Carastan <doru.carastan@mvista.com> 2003-06-25 Doru Carastan <doru.carastan@mvista.com>
* Makefile.in: Use INSTALL_PROGRAM to install the cygwin DLL. * Makefile.in: Use INSTALL_PROGRAM to install the cygwin DLL.

48
winsup/cygwin/cygheap.h
View File

@ -92,7 +92,13 @@ enum homebodies
CH_HOME CH_HOME
}; };
struct passwd; enum impersonation
{
IMP_BAD = -1,
IMP_NONE = 0,
IMP_EXTERNAL,
IMP_INTERNAL
};
class cygheap_user class cygheap_user
{ {
@ -117,8 +123,9 @@ public:
/* token is needed if set(e)uid should be called. It can be set by a call /* token is needed if set(e)uid should be called. It can be set by a call
to `set_impersonation_token()'. */ to `set_impersonation_token()'. */
HANDLE token; HANDLE external_token;
BOOL impersonated; HANDLE internal_token;
enum impersonation impersonation_state;
/* CGF 2002-06-27. I removed the initializaton from this constructor /* CGF 2002-06-27. I removed the initializaton from this constructor
since this class is always allocated statically. That means that everything since this class is always allocated statically. That means that everything
@ -165,7 +172,40 @@ public:
const char *ontherange (homebodies what, struct passwd * = NULL); const char *ontherange (homebodies what, struct passwd * = NULL);
bool issetuid () const bool issetuid () const
{ {
return impersonated && token != INVALID_HANDLE_VALUE; return impersonation_state > IMP_NONE;
}
HANDLE token ()
{
if (impersonation_state == IMP_EXTERNAL)
return external_token;
if (impersonation_state == IMP_INTERNAL)
return internal_token;
return INVALID_HANDLE_VALUE;
}
void deimpersonate ()
{
if (impersonation_state > IMP_NONE)
RevertToSelf ();
}
void reimpersonate ()
{
if (impersonation_state > IMP_NONE
&& !ImpersonateLoggedOnUser (token ()))
system_printf ("ImpersonateLoggedOnUser: %E");
}
bool has_impersonation_tokens () { return external_token || internal_token; }
void close_impersonation_tokens ()
{
if (external_token)
{
CloseHandle (external_token);
external_token = 0;
}
if (internal_token)
{
CloseHandle (internal_token);
internal_token = 0;
}
} }
const char *cygheap_user::test_uid (char *&, const char *, size_t) const char *cygheap_user::test_uid (char *&, const char *, size_t)
__attribute__ ((regparm (3))); __attribute__ ((regparm (3)));

6
winsup/cygwin/dtable.cc
View File

@ -634,8 +634,7 @@ dtable::vfork_child_dup ()
int res = 1; int res = 1;
/* Remove impersonation */ /* Remove impersonation */
if (cygheap->user.issetuid ()) cygheap->user.deimpersonate ();
RevertToSelf ();
for (size_t i = 0; i < size; i++) for (size_t i = 0; i < size; i++)
if (not_open (i)) if (not_open (i))
@ -654,8 +653,7 @@ dtable::vfork_child_dup ()
out: out:
/* Restore impersonation */ /* Restore impersonation */
if (cygheap->user.issetuid ()) cygheap->user.reimpersonate ();
ImpersonateLoggedOnUser (cygheap->user.token);
ReleaseResourceLock (LOCK_FD_LIST, WRITE_LOCK | READ_LOCK, "dup"); ReleaseResourceLock (LOCK_FD_LIST, WRITE_LOCK | READ_LOCK, "dup");
return 1; return 1;

6
winsup/cygwin/fhandler_socket.cc
View File

@ -330,12 +330,10 @@ fhandler_socket::dup (fhandler_base *child)
If WSADuplicateSocket() still fails for some reason, we fall back If WSADuplicateSocket() still fails for some reason, we fall back
to DuplicateHandle(). */ to DuplicateHandle(). */
WSASetLastError (0); WSASetLastError (0);
if (cygheap->user.issetuid ()) cygheap->user.deimpersonate ();
RevertToSelf ();
fhs->set_io_handle (get_io_handle ()); fhs->set_io_handle (get_io_handle ());
fhs->fixup_before_fork_exec (GetCurrentProcessId ()); fhs->fixup_before_fork_exec (GetCurrentProcessId ());
if (cygheap->user.issetuid ()) cygheap->user.reimpersonate ();
ImpersonateLoggedOnUser (cygheap->user.token);
if (!WSAGetLastError ()) if (!WSAGetLastError ())
{ {
fhs->fixup_after_fork (hMainProc); fhs->fixup_after_fork (hMainProc);

18
winsup/cygwin/fork.cc
View File

@ -236,14 +236,7 @@ fork_child (HANDLE& hParent, dll *&first_dll, bool& load_dlls)
/* Restore the inheritance state as in parent /* Restore the inheritance state as in parent
Don't call setuid here! The flags are already set. */ Don't call setuid here! The flags are already set. */
if (cygheap->user.impersonated) cygheap->user.reimpersonate ();
{
debug_printf ("Impersonation of child, token: %d", cygheap->user.token);
if (cygheap->user.token == INVALID_HANDLE_VALUE)
RevertToSelf (); // probably not needed
else if (!ImpersonateLoggedOnUser (cygheap->user.token))
system_printf ("Impersonate for forked child failed: %E");
}
sync_with_parent ("after longjmp.", TRUE); sync_with_parent ("after longjmp.", TRUE);
sigproc_printf ("hParent %p, child 1 first_dll %p, load_dlls %d", hParent, sigproc_printf ("hParent %p, child 1 first_dll %p, load_dlls %d", hParent,
@ -436,8 +429,7 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
si.cbReserved2 = sizeof (ch); si.cbReserved2 = sizeof (ch);
/* Remove impersonation */ /* Remove impersonation */
if (cygheap->user.issetuid ()) cygheap->user.deimpersonate ();
RevertToSelf ();
ch.parent = hParent; ch.parent = hParent;
#ifdef DEBUGGING #ifdef DEBUGGING
@ -485,8 +477,7 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
ForceCloseHandle (subproc_ready); ForceCloseHandle (subproc_ready);
ForceCloseHandle (forker_finished); ForceCloseHandle (forker_finished);
/* Restore impersonation */ /* Restore impersonation */
if (cygheap->user.issetuid ()) cygheap->user.reimpersonate ();
ImpersonateLoggedOnUser (cygheap->user.token);
cygheap_setup_for_child_cleanup (newheap, &ch, 0); cygheap_setup_for_child_cleanup (newheap, &ch, 0);
return -1; return -1;
} }
@ -513,8 +504,7 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
strcpy (forked->progname, myself->progname); strcpy (forked->progname, myself->progname);
/* Restore impersonation */ /* Restore impersonation */
if (cygheap->user.issetuid ()) cygheap->user.reimpersonate ();
ImpersonateLoggedOnUser (cygheap->user.token);
ProtectHandle (pi.hThread); ProtectHandle (pi.hThread);
/* Protect the handle but name it similarly to the way it will /* Protect the handle but name it similarly to the way it will

6
winsup/cygwin/grp.cc
View File

@ -261,7 +261,7 @@ internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygpsid * srchsid)
{ {
/* If impersonated, use impersonation token. */ /* If impersonated, use impersonation token. */
if (cygheap->user.issetuid ()) if (cygheap->user.issetuid ())
hToken = cygheap->user.token; hToken = cygheap->user.token ();
else if (!OpenProcessToken (hMainProc, TOKEN_QUERY, &hToken)) else if (!OpenProcessToken (hMainProc, TOKEN_QUERY, &hToken))
hToken = NULL; hToken = NULL;
} }
@ -295,7 +295,7 @@ internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygpsid * srchsid)
++cnt; ++cnt;
if (gidsetsize && cnt > gidsetsize) if (gidsetsize && cnt > gidsetsize)
{ {
if (hToken != cygheap->user.token) if (!cygheap->user.issetuid ())
CloseHandle (hToken); CloseHandle (hToken);
goto error; goto error;
} }
@ -305,7 +305,7 @@ internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygpsid * srchsid)
} }
else else
debug_printf ("%d = GetTokenInformation(NULL) %E", size); debug_printf ("%d = GetTokenInformation(NULL) %E", size);
if (hToken != cygheap->user.token) if (!cygheap->user.issetuid ())
CloseHandle (hToken); CloseHandle (hToken);
return cnt; return cnt;
} }

18
winsup/cygwin/security.cc
View File

@ -70,10 +70,16 @@ extern "C" void
cygwin_set_impersonation_token (const HANDLE hToken) cygwin_set_impersonation_token (const HANDLE hToken)
{ {
debug_printf ("set_impersonation_token (%d)", hToken); debug_printf ("set_impersonation_token (%d)", hToken);
if (cygheap->user.token != hToken) if (cygheap->user.impersonation_state == IMP_EXTERNAL
&& cygheap->user.external_token != hToken)
{ {
cygheap->user.token = hToken; set_errno (EPERM);
cygheap->user.impersonated = FALSE; return;
}
else
{
cygheap->user.external_token = hToken;
return;
} }
} }
@ -717,7 +723,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
if (pintern) if (pintern)
{ {
TOKEN_SOURCE ts; TOKEN_SOURCE ts;
if (!GetTokenInformation (cygheap->user.token, TokenSource, if (!GetTokenInformation (token, TokenSource,
&ts, sizeof ts, &size)) &ts, sizeof ts, &size))
debug_printf ("GetTokenInformation(): %E"); debug_printf ("GetTokenInformation(): %E");
else else
@ -1906,7 +1912,7 @@ check_file_access (const char *fn, int flags)
goto done; goto done;
if (cygheap->user.issetuid ()) if (cygheap->user.issetuid ())
hToken = cygheap->user.token; hToken = cygheap->user.token ();
else if (!OpenProcessToken (hMainProc, TOKEN_DUPLICATE, &hToken)) else if (!OpenProcessToken (hMainProc, TOKEN_DUPLICATE, &hToken))
{ {
__seterrno (); __seterrno ();
@ -1914,7 +1920,7 @@ check_file_access (const char *fn, int flags)
} }
if (!(status = DuplicateToken (hToken, SecurityIdentification, &hIToken))) if (!(status = DuplicateToken (hToken, SecurityIdentification, &hIToken)))
__seterrno (); __seterrno ();
if (hToken != cygheap->user.token) if (!cygheap->user.issetuid ())
CloseHandle (hToken); CloseHandle (hToken);
if (!status) if (!status)
goto done; goto done;

9
winsup/cygwin/spawn.cc
View File

@ -621,8 +621,7 @@ spawn_guts (const char * prog_arg, const char *const *argv,
cygbench ("spawn-guts"); cygbench ("spawn-guts");
cygheap->fdtab.set_file_pointers_for_exec (); cygheap->fdtab.set_file_pointers_for_exec ();
if (cygheap->user.issetuid ()) cygheap->user.deimpersonate ();
RevertToSelf ();
/* When ruid != euid we create the new process under the current original /* When ruid != euid we create the new process under the current original
account and impersonate in child, this way maintaining the different account and impersonate in child, this way maintaining the different
effective vs. real ids. effective vs. real ids.
@ -678,7 +677,7 @@ spawn_guts (const char * prog_arg, const char *const *argv,
ciresrv.moreinfo->envp = build_env (envp, envblock, ciresrv.moreinfo->envc, ciresrv.moreinfo->envp = build_env (envp, envblock, ciresrv.moreinfo->envc,
real_path.iscygexec ()); real_path.iscygexec ());
newheap = cygheap_setup_for_child (&ciresrv, cygheap->fdtab.need_fixup_before ()); newheap = cygheap_setup_for_child (&ciresrv, cygheap->fdtab.need_fixup_before ());
rc = CreateProcessAsUser (cygheap->user.token, rc = CreateProcessAsUser (cygheap->user.token (),
runpath, /* image name - with full path */ runpath, /* image name - with full path */
one_line.buf, /* what was passed to exec */ one_line.buf, /* what was passed to exec */
sec_attribs, /* process security attrs */ sec_attribs, /* process security attrs */
@ -692,8 +691,8 @@ spawn_guts (const char * prog_arg, const char *const *argv,
} }
/* Restore impersonation. In case of _P_OVERLAY this isn't /* Restore impersonation. In case of _P_OVERLAY this isn't
allowed since it would overwrite child data. */ allowed since it would overwrite child data. */
if (mode != _P_OVERLAY && cygheap->user.issetuid ()) if (mode != _P_OVERLAY)
ImpersonateLoggedOnUser (cygheap->user.token); cygheap->user.reimpersonate ();
MALLOC_CHECK; MALLOC_CHECK;
if (envblock) if (envblock)

126
winsup/cygwin/syscalls.cc
View File

@ -2057,66 +2057,52 @@ seteuid32 (__uid32_t uid)
sigframe thisframe (mainthread); sigframe thisframe (mainthread);
cygsid usersid; cygsid usersid;
user_groups &groups = cygheap->user.groups; user_groups &groups = cygheap->user.groups;
HANDLE ptok, sav_token; HANDLE ptok, new_token = INVALID_HANDLE_VALUE;
BOOL sav_impersonated, sav_token_is_internal_token;
BOOL process_ok, explicitly_created_token = FALSE;
struct passwd * pw_new; struct passwd * pw_new;
PSID origpsid, psid2 = NO_SID; PSID origpsid, psid2 = NO_SID;
enum impersonation new_state = IMP_BAD;
BOOL token_is_internal;
pw_new = internal_getpwuid (uid); pw_new = internal_getpwuid (uid);
if (!wincap.has_security () && pw_new) if (!wincap.has_security () && pw_new)
goto success; goto success_9x;
if (!usersid.getfrompw (pw_new)) if (!usersid.getfrompw (pw_new))
{ {
set_errno (EINVAL); set_errno (EINVAL);
return -1; return -1;
} }
/* Save current information */
sav_token = cygheap->user.token;
sav_impersonated = cygheap->user.impersonated;
RevertToSelf (); RevertToSelf ();
if (!OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_DEFAULT, &ptok)) if (!OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_DEFAULT, &ptok))
{ {
__seterrno (); __seterrno ();
goto failed; goto failed_ptok;;
}
/* Verify if the process token is suitable.
Currently we do not try to differentiate between
internal tokens and others */
process_ok = verify_token (ptok, usersid, groups);
debug_printf ("Process token %sverified", process_ok ? "" : "not ");
if (process_ok)
{
if (cygheap->user.issetuid ())
cygheap->user.impersonated = FALSE;
else
{
CloseHandle (ptok);
goto success; /* No change */
}
} }
if (!process_ok && cygheap->user.token != INVALID_HANDLE_VALUE) /* Verify if the process token is suitable. */
if (verify_token (ptok, usersid, groups))
new_state = IMP_NONE;
/* Verify if a current token is suitable */
else if (cygheap->user.external_token
&& verify_token (cygheap->user.external_token, usersid, groups))
{ {
/* Verify if the current tokem is suitable */ new_token = cygheap->user.external_token;
BOOL token_ok = verify_token (cygheap->user.token, usersid, groups, new_state = IMP_EXTERNAL;
&sav_token_is_internal_token); }
debug_printf ("Thread token %d %sverified", else if (cygheap->user.internal_token
cygheap->user.token, token_ok?"":"not "); && verify_token (cygheap->user.internal_token, usersid, groups,
if (!token_ok) &token_is_internal))
cygheap->user.token = INVALID_HANDLE_VALUE; {
else new_token = cygheap->user.internal_token;
{ new_state = IMP_INTERNAL;
/* Return if current token is valid */ }
if (cygheap->user.impersonated)
{ debug_printf ("New token %d, state %d", new_token, new_state);
CloseHandle (ptok); /* Return if current token is valid */
if (!ImpersonateLoggedOnUser (cygheap->user.token)) if (cygheap->user.impersonation_state == new_state)
system_printf ("Impersonating in seteuid failed: %E"); {
goto success; /* No change */ cygheap->user.reimpersonate ();
} goto success; /* No change */
}
} }
/* Set process def dacl to allow access to impersonated token */ /* Set process def dacl to allow access to impersonated token */
@ -2132,72 +2118,72 @@ seteuid32 (__uid32_t uid)
debug_printf ("SetTokenInformation" debug_printf ("SetTokenInformation"
"(TokenDefaultDacl): %E"); "(TokenDefaultDacl): %E");
} }
CloseHandle (ptok);
if (!process_ok && cygheap->user.token == INVALID_HANDLE_VALUE) if (new_state == IMP_BAD)
{ {
/* If no impersonation token is available, try to /* If no impersonation token is available, try to
authenticate using NtCreateToken () or subauthentication. */ authenticate using NtCreateToken () or subauthentication. */
cygheap->user.token = create_token (usersid, groups, pw_new); new_token = create_token (usersid, groups, pw_new);
if (cygheap->user.token != INVALID_HANDLE_VALUE) if (new_token == INVALID_HANDLE_VALUE)
explicitly_created_token = TRUE;
else
{ {
/* create_token failed. Try subauthentication. */ /* create_token failed. Try subauthentication. */
debug_printf ("create token failed, try subauthentication."); debug_printf ("create token failed, try subauthentication.");
cygheap->user.token = subauth (pw_new); new_token = subauth (pw_new);
if (cygheap->user.token == INVALID_HANDLE_VALUE) if (new_token == INVALID_HANDLE_VALUE)
goto failed; goto failed;
} }
new_state = IMP_INTERNAL;
} }
/* If using the token, set info and impersonate */ /* If using the token, set info and impersonate */
if (!process_ok) if (new_state != IMP_NONE)
{ {
/* If the token was explicitly created, all information has /* If the token was explicitly created, all information has
already been set correctly. */ already been set correctly. */
if (!explicitly_created_token) if (new_state == IMP_EXTERNAL)
{ {
/* Try setting owner to same value as user. */ /* Try setting owner to same value as user. */
if (!SetTokenInformation (cygheap->user.token, TokenOwner, if (!SetTokenInformation (new_token, TokenOwner,
&usersid, sizeof usersid)) &usersid, sizeof usersid))
debug_printf ("SetTokenInformation(user.token, " debug_printf ("SetTokenInformation(user.token, "
"TokenOwner): %E"); "TokenOwner): %E");
/* Try setting primary group in token to current group */ /* Try setting primary group in token to current group */
if (!SetTokenInformation (cygheap->user.token, if (!SetTokenInformation (new_token,
TokenPrimaryGroup, TokenPrimaryGroup,
&groups.pgsid, sizeof (cygsid))) &groups.pgsid, sizeof (cygsid)))
debug_printf ("SetTokenInformation(user.token, " debug_printf ("SetTokenInformation(user.token, "
"TokenPrimaryGroup): %E"); "TokenPrimaryGroup): %E");
} }
/* Now try to impersonate. */ /* Try to impersonate. */
if (!ImpersonateLoggedOnUser (cygheap->user.token)) if (!ImpersonateLoggedOnUser (new_token))
{ {
debug_printf ("ImpersonateLoggedOnUser %E"); debug_printf ("ImpersonateLoggedOnUser %E");
__seterrno (); __seterrno ();
goto failed; goto failed;
} }
cygheap->user.impersonated = TRUE; /* Keep at most one internal token */
if (new_state == IMP_INTERNAL)
{
if (cygheap->user.internal_token)
CloseHandle (cygheap->user.internal_token);
cygheap->user.internal_token = new_token;
}
} }
/* If sav_token was internally created and is replaced, destroy it. */
if (sav_token != INVALID_HANDLE_VALUE &&
sav_token != cygheap->user.token &&
sav_token_is_internal_token)
CloseHandle (sav_token);
cygheap->user.set_sid (usersid); cygheap->user.set_sid (usersid);
success: success:
CloseHandle (ptok);
cygheap->user.impersonation_state = new_state;
success_9x:
cygheap->user.set_name (pw_new->pw_name); cygheap->user.set_name (pw_new->pw_name);
myself->uid = uid; myself->uid = uid;
groups.ischanged = FALSE; groups.ischanged = FALSE;
return 0; return 0;
failed: failed:
cygheap->user.token = sav_token; CloseHandle (ptok);
cygheap->user.impersonated = sav_impersonated; failed_ptok:
if (cygheap->user.issetuid () cygheap->user.reimpersonate ();
&& !ImpersonateLoggedOnUser (cygheap->user.token))
system_printf ("Impersonating in seteuid failed: %E");
return -1; return -1;
} }
@ -2278,7 +2264,7 @@ setegid32 (__gid32_t gid)
/* If impersonated, update primary group and revert */ /* If impersonated, update primary group and revert */
if (cygheap->user.issetuid ()) if (cygheap->user.issetuid ())
{ {
if (!SetTokenInformation (cygheap->user.token, if (!SetTokenInformation (cygheap->user.token (),
TokenPrimaryGroup, TokenPrimaryGroup,
&gsid, sizeof gsid)) &gsid, sizeof gsid))
debug_printf ("SetTokenInformation(thread, " debug_printf ("SetTokenInformation(thread, "
@ -2296,7 +2282,7 @@ setegid32 (__gid32_t gid)
CloseHandle (ptok); CloseHandle (ptok);
} }
if (cygheap->user.issetuid () if (cygheap->user.issetuid ()
&& !ImpersonateLoggedOnUser (cygheap->user.token)) && !ImpersonateLoggedOnUser (cygheap->user.token ()))
system_printf ("Impersonating in setegid failed: %E"); system_printf ("Impersonating in setegid failed: %E");
return 0; return 0;
} }

9
winsup/cygwin/uinfo.cc
View File

@ -102,7 +102,7 @@ internal_getlogin (cygheap_user &user)
void void
uinfo_init () uinfo_init ()
{ {
if (child_proc_info && cygheap->user.token == INVALID_HANDLE_VALUE) if (child_proc_info && !cygheap->user.has_impersonation_tokens ())
return; return;
if (!child_proc_info) if (!child_proc_info)
@ -114,17 +114,16 @@ uinfo_init ()
&& cygheap->user.orig_gid == cygheap->user.real_gid && cygheap->user.orig_gid == cygheap->user.real_gid
&& !cygheap->user.groups.issetgroups ()) && !cygheap->user.groups.issetgroups ())
{ {
if (!ImpersonateLoggedOnUser (cygheap->user.token)) cygheap->user.reimpersonate ();
system_printf ("ImpersonateLoggedOnUser: %E");
return; return;
} }
else else
CloseHandle (cygheap->user.token); cygheap->user.close_impersonation_tokens ();
cygheap->user.orig_uid = cygheap->user.real_uid = myself->uid; cygheap->user.orig_uid = cygheap->user.real_uid = myself->uid;
cygheap->user.orig_gid = cygheap->user.real_gid = myself->gid; cygheap->user.orig_gid = cygheap->user.real_gid = myself->gid;
cygheap->user.impersonation_state = IMP_NONE;
cygheap->user.set_orig_sid (); /* Update the original sid */ cygheap->user.set_orig_sid (); /* Update the original sid */
cygheap->user.token = INVALID_HANDLE_VALUE; /* No token present */
} }
extern "C" char * extern "C" char *