* cygheap.h (enum impersonation): New enum.

	(cygheap_user::token): Delete.
	(cygheap_user::impersonated): Delete.
	(cygheap_user::external_token): New member.
	(cygheap_user::internal_token): New member.
	(cygheap_user::impersonation_state): New member.
	(cygheap_user::issetuid): Modify.
	(cygheap_user::token): New method.
	(cygheap_user::deimpersonate): New method.
	(cygheap_user::reimpersonate): New method.
	(cygheap_user::has_impersonation_tokens): New method.
	(cygheap_user::close_impersonation_tokens): New method.
	* dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods.
	* fhandler_socket.cc (fhandler_socket::dup): Ditto.
	* fork.cc (fork_child): Ditto.
	(fork_parent): Ditto.
	* grp.cc (internal_getgroups): Ditto.
	* security.cc (verify_token): Ditto.
	(check_file_access): Ditto.
	(cygwin_set_impersonation_token): Detect conflicts. Set
	user.external_token.
	* spawn.cc (spawn_guts): Use new cygheap_user methods.
	* syscalls.cc (seteuid32): Rearrange to use the two tokens
	in cygheap_user.
	(setegid32): Use new cygheap_user methods.
	* uinfo.cc: (internal_getlogin): Ditto.

1 files changed, 44 insertions, 4 deletions

diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h
index bfa7a9308..963d9c4db 100644
--- a/winsup/cygwin/cygheap.h
+++ b/winsup/cygwin/cygheap.h
@@ -92,7 +92,13 @@ enum homebodies
   CH_HOME
 };
 
-struct passwd;
+enum impersonation
+{
+  IMP_BAD = -1,
+  IMP_NONE = 0,
+  IMP_EXTERNAL,
+  IMP_INTERNAL
+};
 
 class cygheap_user
 {
@@ -117,8 +123,9 @@ public:
 
   /* token is needed if set(e)uid should be called. It can be set by a call
      to `set_impersonation_token()'. */
-  HANDLE token;
-  BOOL   impersonated;
+  HANDLE external_token;
+  HANDLE internal_token;
+  enum impersonation impersonation_state;
 
   /* CGF 2002-06-27.  I removed the initializaton from this constructor
      since this class is always allocated statically.  That means that everything
@@ -165,7 +172,40 @@ public:
   const char *ontherange (homebodies what, struct passwd * = NULL);
   bool issetuid () const
   {
-    return impersonated && token != INVALID_HANDLE_VALUE;
+    return impersonation_state > IMP_NONE;
+  }
+  HANDLE token ()
+  {
+    if (impersonation_state == IMP_EXTERNAL)
+      return external_token;
+    if (impersonation_state == IMP_INTERNAL)
+      return internal_token;
+    return INVALID_HANDLE_VALUE;
+  }
+  void deimpersonate ()
+  {
+    if (impersonation_state > IMP_NONE)
+      RevertToSelf ();
+  }
+  void reimpersonate ()
+  {
+    if (impersonation_state > IMP_NONE
+	&& !ImpersonateLoggedOnUser (token ()))
+      system_printf ("ImpersonateLoggedOnUser: %E");
+  }
+  bool has_impersonation_tokens () { return external_token || internal_token; }
+  void close_impersonation_tokens ()
+  {
+    if (external_token)
+      {
+	CloseHandle (external_token);
+	external_token = 0;
+      }
+    if (internal_token)
+      {
+	CloseHandle (internal_token);
+	internal_token = 0;
+      }
   }
   const char *cygheap_user::test_uid (char *&, const char *, size_t)
     __attribute__ ((regparm (3)));