From 76e4f83fc6c68cfe319df5cad0ab7e65cd6eb4e9 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Thu, 23 Jan 2014 17:02:30 +0000 Subject: [PATCH] * security.h (open_local_policy): Remove declaration. (lsa_open_policy): Declare. (lsa_close_policy): Declare. * sec_auth.cc (lsa_open_policy): Rename from open_local_policy. Take server name as parameter. Return NULL in case of error, rather than INVALID_HANDLE_VALUE. (lsa_close_policy): Rename from close_local_policy. Make externally available. Get handle by value. (create_token): Convert call to open_local_policy/close_local_policy according to aforementioned changes. (lsaauth): Ditto. (lsaprivkeyauth): Ditto. * setlsapwd.cc (setlsapwd): Ditto. --- winsup/cygwin/ChangeLog | 16 +++++++++++++++ winsup/cygwin/sec_auth.cc | 41 ++++++++++++++++++++------------------ winsup/cygwin/security.h | 5 +++-- winsup/cygwin/setlsapwd.cc | 7 +++---- 4 files changed, 44 insertions(+), 25 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index fcfe757c1..c79b6bfd0 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,19 @@ +2014-01-23 Corinna Vinschen + + * security.h (open_local_policy): Remove declaration. + (lsa_open_policy): Declare. + (lsa_close_policy): Declare. + * sec_auth.cc (lsa_open_policy): Rename from open_local_policy. Take + server name as parameter. Return NULL in case of error, rather than + INVALID_HANDLE_VALUE. + (lsa_close_policy): Rename from close_local_policy. Make externally + available. Get handle by value. + (create_token): Convert call to open_local_policy/close_local_policy + according to aforementioned changes. + (lsaauth): Ditto. + (lsaprivkeyauth): Ditto. + * setlsapwd.cc (setlsapwd): Ditto. + 2014-01-22 Corinna Vinschen * path.cc (etc::test_file_change): In case of NtQueryFullAttributesFile diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index d6f3bb5d8..dfec53ca9 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -1,7 +1,7 @@ /* sec_auth.cc: NT authentication functions Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc. + 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -191,28 +191,32 @@ str2buf2lsa (LSA_STRING &tgt, char *buf, const char *srcstr) } HANDLE -open_local_policy (ACCESS_MASK access) +lsa_open_policy (PWCHAR server, ACCESS_MASK access) { - LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; - HANDLE lsa = INVALID_HANDLE_VALUE; + LSA_UNICODE_STRING srvbuf; + PLSA_UNICODE_STRING srv = NULL; + static LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; + HANDLE lsa; - NTSTATUS status = LsaOpenPolicy (NULL, &oa, access, &lsa); + if (server) + { + srv = &srvbuf; + RtlInitUnicodeString (srv, server); + } + NTSTATUS status = LsaOpenPolicy (srv, &oa, access, &lsa); if (!NT_SUCCESS (status)) { __seterrno_from_nt_status (status); - /* Some versions of Windows set the lsa handle to NULL when - LsaOpenPolicy fails. */ - lsa = INVALID_HANDLE_VALUE; + lsa = NULL; } return lsa; } -static void -close_local_policy (LSA_HANDLE &lsa) +void +lsa_close_policy (HANDLE lsa) { - if (lsa != INVALID_HANDLE_VALUE) + if (lsa) LsaClose (lsa); - lsa = INVALID_HANDLE_VALUE; } bool @@ -836,7 +840,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) push_self_privilege (SE_CREATE_TOKEN_PRIVILEGE, true); /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE))) goto out; /* User, owner, primary group. */ @@ -954,7 +958,7 @@ out: free (privs); if (my_tok_gsids) free (my_tok_gsids); - close_local_policy (lsa); + lsa_close_policy (lsa); debug_printf ("%p = create_token ()", primary_token); return primary_token; @@ -1021,7 +1025,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) } /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE))) goto out; /* Create origin. */ @@ -1192,7 +1196,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) out: if (privs) free (privs); - close_local_policy (lsa); + lsa_close_policy (lsa); if (lsa_hdl) LsaDeregisterLogonProcess (lsa_hdl); pop_self_privilege (); @@ -1220,8 +1224,7 @@ lsaprivkeyauth (struct passwd *pw) push_self_privilege (SE_TCB_PRIVILEGE, true); /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_GET_PRIVATE_INFORMATION)) - == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_GET_PRIVATE_INFORMATION))) goto out; /* Needed for Interix key and LogonUser. */ @@ -1263,7 +1266,7 @@ lsaprivkeyauth (struct passwd *pw) token = get_full_privileged_inheritable_token (token); out: - close_local_policy (lsa); + lsa_close_policy (lsa); pop_self_privilege (); return token; } diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index ca0239b69..940afc5d7 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -1,7 +1,7 @@ /* security.h: security declarations Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, - 2011, 2012, 2013 Red Hat, Inc. + 2011, 2012, 2013, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -416,7 +416,8 @@ void extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user); /* Get default logonserver for a domain. */ bool get_logon_server (PWCHAR domain, PWCHAR wserver, bool rediscovery); -HANDLE open_local_policy (ACCESS_MASK access); +HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access); +void lsa_close_policy (HANDLE lsa); /* sec_helper.cc: Security helper functions. */ int set_privilege (HANDLE token, DWORD privilege, bool enable); diff --git a/winsup/cygwin/setlsapwd.cc b/winsup/cygwin/setlsapwd.cc index 8e1baa9bb..e86696b80 100644 --- a/winsup/cygwin/setlsapwd.cc +++ b/winsup/cygwin/setlsapwd.cc @@ -1,6 +1,6 @@ /* setlsapwd.cc: Set LSA private data password for current user. - Copyright 2008, 2009, 2011 Red Hat, Inc. + Copyright 2008, 2009, 2011, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -71,8 +71,7 @@ setlsapwd (const char *passwd, const char *username) if (data_buf) RtlInitUnicodeString (&data, data_buf); /* First try it locally. Works for admin accounts. */ - if ((lsa = open_local_policy (POLICY_CREATE_SECRET)) - != INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_CREATE_SECRET))) { NTSTATUS status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL); @@ -83,7 +82,7 @@ setlsapwd (const char *passwd, const char *username) ret = 0; else __seterrno_from_nt_status (status); - LsaClose (lsa); + lsa_close_policy (lsa); } else if (ret && !username) {