mirror of
git://sourceware.org/git/newlib-cygwin.git
synced 2025-02-21 00:07:36 +08:00
2003-09-09 Pierre Humblet <pierre.humblet@ieee.org>
* shared_info.h: Include security.h. (open_shared): Add psa argument. (user_shared_initialize): New declaration. * security.h: Add _SECURITY_H guard. (sec_user): Use sec_none in the no ntsec case. * spawn.cc (spawn_guts): Remove call to load_registry_hive. * syscalls (seteuid32): If warranted, call load_registry_hive, user_shared_initialize and RegCloseKey(HKEY_CURRENT_USER). * shared.cc (user_shared_initialize): New. (open_shared): Add and use psa argument. (memory_init): Move mount table initialization to user_shared_initialize. Call it.
This commit is contained in:
parent
3a767b69fd
commit
7119fc0d0b
@ -1,3 +1,18 @@
|
|||||||
|
2003-09-09 Pierre Humblet <pierre.humblet@ieee.org>
|
||||||
|
|
||||||
|
* shared_info.h: Include security.h.
|
||||||
|
(open_shared): Add psa argument.
|
||||||
|
(user_shared_initialize): New declaration.
|
||||||
|
* security.h: Add _SECURITY_H guard.
|
||||||
|
(sec_user): Use sec_none in the no ntsec case.
|
||||||
|
* spawn.cc (spawn_guts): Remove call to load_registry_hive.
|
||||||
|
* syscalls (seteuid32): If warranted, call load_registry_hive,
|
||||||
|
user_shared_initialize and RegCloseKey(HKEY_CURRENT_USER).
|
||||||
|
* shared.cc (user_shared_initialize): New.
|
||||||
|
(open_shared): Add and use psa argument.
|
||||||
|
(memory_init): Move mount table initialization to
|
||||||
|
user_shared_initialize. Call it.
|
||||||
|
|
||||||
2003-09-09 Corinna Vinschen <corinna@vinschen.de>
|
2003-09-09 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
* mmap.cc (mmap64): Change address types from caddr_t to void *
|
* mmap.cc (mmap64): Change address types from caddr_t to void *
|
||||||
|
@ -8,6 +8,9 @@ This software is a copyrighted work licensed under the terms of the
|
|||||||
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
||||||
details. */
|
details. */
|
||||||
|
|
||||||
|
#ifndef _SECURITY_H
|
||||||
|
#define _SECURITY_H
|
||||||
|
|
||||||
#include <accctrl.h>
|
#include <accctrl.h>
|
||||||
|
|
||||||
#define DEFAULT_UID DOMAIN_USER_RID_ADMIN
|
#define DEFAULT_UID DOMAIN_USER_RID_ADMIN
|
||||||
@ -271,5 +274,6 @@ sec_user_nih (char sa_buf[], PSID sid = NULL)
|
|||||||
extern inline SECURITY_ATTRIBUTES *
|
extern inline SECURITY_ATTRIBUTES *
|
||||||
sec_user (char sa_buf[], PSID sid = NULL)
|
sec_user (char sa_buf[], PSID sid = NULL)
|
||||||
{
|
{
|
||||||
return allow_ntsec ? __sec_user (sa_buf, sid, TRUE) : &sec_none_nih;
|
return allow_ntsec ? __sec_user (sa_buf, sid, TRUE) : &sec_none;
|
||||||
}
|
}
|
||||||
|
#endif /*_SECURITY_H*/
|
||||||
|
@ -67,7 +67,8 @@ static char *offsets[] =
|
|||||||
};
|
};
|
||||||
|
|
||||||
void * __stdcall
|
void * __stdcall
|
||||||
open_shared (const char *name, int n, HANDLE &shared_h, DWORD size, shared_locations m)
|
open_shared (const char *name, int n, HANDLE &shared_h, DWORD size,
|
||||||
|
shared_locations m, PSECURITY_ATTRIBUTES psa)
|
||||||
{
|
{
|
||||||
void *shared;
|
void *shared;
|
||||||
|
|
||||||
@ -96,7 +97,7 @@ open_shared (const char *name, int n, HANDLE &shared_h, DWORD size, shared_locat
|
|||||||
TRUE, mapname);
|
TRUE, mapname);
|
||||||
}
|
}
|
||||||
if (!shared_h &&
|
if (!shared_h &&
|
||||||
!(shared_h = CreateFileMapping (INVALID_HANDLE_VALUE, &sec_all,
|
!(shared_h = CreateFileMapping (INVALID_HANDLE_VALUE, psa,
|
||||||
PAGE_READWRITE, 0, size, mapname)))
|
PAGE_READWRITE, 0, size, mapname)))
|
||||||
api_fatal ("CreateFileMapping, %E. Terminating.");
|
api_fatal ("CreateFileMapping, %E. Terminating.");
|
||||||
}
|
}
|
||||||
@ -144,6 +145,71 @@ open_shared (const char *name, int n, HANDLE &shared_h, DWORD size, shared_locat
|
|||||||
return shared;
|
return shared;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
user_shared_initialize ()
|
||||||
|
{
|
||||||
|
char name[UNLEN + 1] = "";
|
||||||
|
|
||||||
|
/* Temporary code. Will be cleaned up later */
|
||||||
|
if (wincap.has_security ())
|
||||||
|
{
|
||||||
|
HANDLE ptok = NULL;
|
||||||
|
DWORD siz;
|
||||||
|
cygsid tu;
|
||||||
|
|
||||||
|
if (cygwin_mount_h) /* Reinit */
|
||||||
|
tu = cygheap->user.sid ();
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
|
||||||
|
&ptok))
|
||||||
|
system_printf ("OpenProcessToken(): %E");
|
||||||
|
else if (!GetTokenInformation (ptok, TokenUser, &tu, sizeof tu, &siz))
|
||||||
|
system_printf ("GetTokenInformation (TokenUser): %E");
|
||||||
|
else
|
||||||
|
tu.string (name);
|
||||||
|
if (ptok)
|
||||||
|
CloseHandle (ptok);
|
||||||
|
}
|
||||||
|
tu.string (name);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
strcpy (name, cygheap->user.name ());
|
||||||
|
|
||||||
|
if (cygwin_mount_h)
|
||||||
|
{
|
||||||
|
if (!UnmapViewOfFile (mount_table))
|
||||||
|
debug_printf("UnmapViewOfFile %E");
|
||||||
|
if (!ForceCloseHandle (cygwin_mount_h))
|
||||||
|
debug_printf("CloseHandle %E");
|
||||||
|
cygwin_mount_h = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
mount_table = (mount_info *) open_shared (name, MOUNT_VERSION,
|
||||||
|
cygwin_mount_h, sizeof (mount_info),
|
||||||
|
SH_MOUNT_TABLE, &sec_none);
|
||||||
|
debug_printf ("opening mount table for '%s' at %p", name,
|
||||||
|
mount_table);
|
||||||
|
ProtectHandleINH (cygwin_mount_h);
|
||||||
|
debug_printf ("mount table version %x at %p", mount_table->version, mount_table);
|
||||||
|
|
||||||
|
/* Initialize the Cygwin per-user mount table, if necessary */
|
||||||
|
if (!mount_table->version)
|
||||||
|
{
|
||||||
|
mount_table->version = MOUNT_VERSION_MAGIC;
|
||||||
|
debug_printf ("initializing mount table");
|
||||||
|
mount_table->cb = sizeof (*mount_table);
|
||||||
|
if (mount_table->cb != MOUNT_INFO_CB)
|
||||||
|
system_printf ("size of mount table region changed from %u to %u",
|
||||||
|
MOUNT_INFO_CB, mount_table->cb);
|
||||||
|
mount_table->init (); /* Initialize the mount table. */
|
||||||
|
}
|
||||||
|
else if (mount_table->version != MOUNT_VERSION_MAGIC)
|
||||||
|
multiple_cygwin_problem ("mount", mount_table->version, MOUNT_VERSION);
|
||||||
|
else if (mount_table->cb != MOUNT_INFO_CB)
|
||||||
|
multiple_cygwin_problem ("mount table size", mount_table->cb, MOUNT_INFO_CB);
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
shared_info::initialize (const char *user_name)
|
shared_info::initialize (const char *user_name)
|
||||||
{
|
{
|
||||||
@ -208,31 +274,7 @@ memory_init ()
|
|||||||
cygheap->shared_h = shared_h;
|
cygheap->shared_h = shared_h;
|
||||||
ProtectHandleINH (cygheap->shared_h);
|
ProtectHandleINH (cygheap->shared_h);
|
||||||
|
|
||||||
/* Allocate memory for the per-user mount table */
|
user_shared_initialize ();
|
||||||
mount_table = (mount_info *) open_shared (user_name, MOUNT_VERSION,
|
|
||||||
cygwin_mount_h, sizeof (mount_info),
|
|
||||||
SH_MOUNT_TABLE);
|
|
||||||
debug_printf ("opening mount table for '%s' at %p", cygheap->user.name (),
|
|
||||||
mount_table);
|
|
||||||
ProtectHandleINH (cygwin_mount_h);
|
|
||||||
debug_printf ("mount table version %x at %p", mount_table->version, mount_table);
|
|
||||||
|
|
||||||
/* Initialize the Cygwin per-user mount table, if necessary */
|
|
||||||
if (!mount_table->version)
|
|
||||||
{
|
|
||||||
mount_table->version = MOUNT_VERSION_MAGIC;
|
|
||||||
debug_printf ("initializing mount table");
|
|
||||||
mount_table->cb = sizeof (*mount_table);
|
|
||||||
if (mount_table->cb != MOUNT_INFO_CB)
|
|
||||||
system_printf ("size of mount table region changed from %u to %u",
|
|
||||||
MOUNT_INFO_CB, mount_table->cb);
|
|
||||||
mount_table->init (); /* Initialize the mount table. */
|
|
||||||
}
|
|
||||||
else if (mount_table->version != MOUNT_VERSION_MAGIC)
|
|
||||||
multiple_cygwin_problem ("mount", mount_table->version, MOUNT_VERSION);
|
|
||||||
else if (mount_table->cb != MOUNT_INFO_CB)
|
|
||||||
multiple_cygwin_problem ("mount table size", mount_table->cb, MOUNT_INFO_CB);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned
|
unsigned
|
||||||
|
@ -9,6 +9,7 @@ Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
|||||||
details. */
|
details. */
|
||||||
|
|
||||||
#include "tty.h"
|
#include "tty.h"
|
||||||
|
#include "security.h"
|
||||||
|
|
||||||
/* Mount table entry */
|
/* Mount table entry */
|
||||||
|
|
||||||
@ -189,4 +190,7 @@ struct console_state
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
char *__stdcall shared_name (char *, const char *, int);
|
char *__stdcall shared_name (char *, const char *, int);
|
||||||
void *__stdcall open_shared (const char *name, int n, HANDLE &shared_h, DWORD size, shared_locations);
|
void *__stdcall open_shared (const char *name, int n, HANDLE &shared_h, DWORD size,
|
||||||
|
shared_locations, PSECURITY_ATTRIBUTES psa = &sec_all);
|
||||||
|
extern void user_shared_initialize ();
|
||||||
|
|
||||||
|
@ -654,9 +654,6 @@ spawn_guts (const char * prog_arg, const char *const *argv,
|
|||||||
/* Set security attributes with sid */
|
/* Set security attributes with sid */
|
||||||
PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);
|
PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);
|
||||||
|
|
||||||
/* Load users registry hive. */
|
|
||||||
load_registry_hive (sid);
|
|
||||||
|
|
||||||
/* allow the child to interact with our window station/desktop */
|
/* allow the child to interact with our window station/desktop */
|
||||||
HANDLE hwst, hdsk;
|
HANDLE hwst, hdsk;
|
||||||
SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
|
SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
|
||||||
|
@ -2076,9 +2076,9 @@ seteuid32 (__uid32_t uid)
|
|||||||
user_groups &groups = cygheap->user.groups;
|
user_groups &groups = cygheap->user.groups;
|
||||||
HANDLE ptok, new_token = INVALID_HANDLE_VALUE;
|
HANDLE ptok, new_token = INVALID_HANDLE_VALUE;
|
||||||
struct passwd * pw_new;
|
struct passwd * pw_new;
|
||||||
PSID origpsid, psid2 = NO_SID;
|
cygpsid origpsid, psid2 (NO_SID);
|
||||||
BOOL token_is_internal;
|
BOOL token_is_internal, issamesid;
|
||||||
|
|
||||||
pw_new = internal_getpwuid (uid);
|
pw_new = internal_getpwuid (uid);
|
||||||
if (!wincap.has_security () && pw_new)
|
if (!wincap.has_security () && pw_new)
|
||||||
goto success_9x;
|
goto success_9x;
|
||||||
@ -2154,6 +2154,9 @@ seteuid32 (__uid32_t uid)
|
|||||||
}
|
}
|
||||||
else if (new_token != ptok)
|
else if (new_token != ptok)
|
||||||
{
|
{
|
||||||
|
/* Avoid having HKCU use default user */
|
||||||
|
load_registry_hive (usersid);
|
||||||
|
|
||||||
/* Try setting owner to same value as user. */
|
/* Try setting owner to same value as user. */
|
||||||
if (!SetTokenInformation (new_token, TokenOwner,
|
if (!SetTokenInformation (new_token, TokenOwner,
|
||||||
&usersid, sizeof usersid))
|
&usersid, sizeof usersid))
|
||||||
@ -2168,10 +2171,16 @@ seteuid32 (__uid32_t uid)
|
|||||||
}
|
}
|
||||||
|
|
||||||
CloseHandle (ptok);
|
CloseHandle (ptok);
|
||||||
|
issamesid = (usersid == (psid2 = cygheap->user.sid ()));
|
||||||
cygheap->user.set_sid (usersid);
|
cygheap->user.set_sid (usersid);
|
||||||
cygheap->user.current_token = new_token == ptok ? INVALID_HANDLE_VALUE
|
cygheap->user.current_token = new_token == ptok ? INVALID_HANDLE_VALUE
|
||||||
: new_token;
|
: new_token;
|
||||||
|
if (!issamesid) /* MS KB 199190 */
|
||||||
|
RegCloseKey(HKEY_CURRENT_USER);
|
||||||
cygheap->user.reimpersonate ();
|
cygheap->user.reimpersonate ();
|
||||||
|
if (!issamesid)
|
||||||
|
user_shared_initialize ();
|
||||||
|
|
||||||
success_9x:
|
success_9x:
|
||||||
cygheap->user.set_name (pw_new->pw_name);
|
cygheap->user.set_name (pw_new->pw_name);
|
||||||
myself->uid = uid;
|
myself->uid = uid;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user