* sec_auth.cc (get_token_group_sidlist): Add CONSOLE LOGON SID on

systems supporting it. Never add SERVICE SID but keep code in for future reference. Explain why. (get_priv_list): Add cygpsid pointer parameter. Point it to the mandatory integrity SID which matches account and privileges. (create_token): Fetch mandatory integrity SID from call to get_priv_list. (lsaauth): Call get_priv_list with additional NULL pointer. Change comment accordingly. * sec_helper.cc (well_known_console_logon_sid): New static SID. (cygpriv): Change to structure containing extra flag to store info about required integrity level. (privilege_luid): Accommodate changes to cygpriv. Return integrity level in new high_integrity parameter. (privilege_name): Accommodate changes to cygpriv. (set_privilege): Drop trailing \n from debug output. (set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore since it's just not needed, but keep code in for future reference. Change comment accordingly. * security.h (well_known_console_logon_sid): Declare. (privilege_luid): Align declaration to above change. * wincap.h (wincaps::has_console_logon_sid): New element. * wincap.cc: Implement above element throughout.
author: Corinna Vinschen <corinna@vinschen.de> 2011-10-15 20:31:57 +0400
committer: Corinna Vinschen <corinna@vinschen.de> 2011-10-15 20:31:57 +0400
commit: c52fd6cd475b1e65f7c5e1eda4b1f4600553ae30 (patch)
tree: 61157c5f31329ac596c820550e7db9266df7a0ed /winsup/cygwin/sec_helper.cc
parent: 551a3d64c9006525101275245db2c950308f5846 (diff)
1 files changed, 56 insertions, 47 deletions
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index c3531d321..d72c66b48 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -37,6 +37,8 @@ MKSID (well_known_world_sid, "S-1-1-0",
        SECURITY_WORLD_SID_AUTHORITY, 1, SECURITY_WORLD_RID);
 MKSID (well_known_local_sid, "S-1-2-0",
        SECURITY_LOCAL_SID_AUTHORITY, 1, SECURITY_LOCAL_RID);
+MKSID (well_known_console_logon_sid, "S-1-2-1",
+       SECURITY_LOCAL_SID_AUTHORITY, 1, 1);
 MKSID (well_known_creator_owner_sid, "S-1-3-0",
        SECURITY_CREATOR_SID_AUTHORITY, 1, SECURITY_CREATOR_OWNER_RID);
 MKSID (well_known_creator_group_sid, "S-1-3-1",
@@ -331,58 +333,64 @@ security_descriptor::free ()
 #undef TEXT
 #define TEXT(q) L##q
 
-/* Index must match the correspoding foo_PRIVILEGE value, see security.h. */
-static const wchar_t *cygpriv[] =
+/* Index must match the corresponding foo_PRIVILEGE value, see security.h. */
+static const struct {
+  const wchar_t *name;
+  bool		 high_integrity; /* UAC: High Mandatory Label required to 
+				    be allowed to enable this privilege in
+				    the user token. */
+} cygpriv[] =
 {
-  L"",
-  L"",
-  SE_CREATE_TOKEN_NAME,
-  SE_ASSIGNPRIMARYTOKEN_NAME,
-  SE_LOCK_MEMORY_NAME,
-  SE_INCREASE_QUOTA_NAME,
-  SE_MACHINE_ACCOUNT_NAME,
-  SE_TCB_NAME,
-  SE_SECURITY_NAME,
-  SE_TAKE_OWNERSHIP_NAME,
-  SE_LOAD_DRIVER_NAME,
-  SE_SYSTEM_PROFILE_NAME,
-  SE_SYSTEMTIME_NAME,
-  SE_PROF_SINGLE_PROCESS_NAME,
-  SE_INC_BASE_PRIORITY_NAME,
-  SE_CREATE_PAGEFILE_NAME,
-  SE_CREATE_PERMANENT_NAME,
-  SE_BACKUP_NAME,
-  SE_RESTORE_NAME,
-  SE_SHUTDOWN_NAME,
-  SE_DEBUG_NAME,
-  SE_AUDIT_NAME,
-  SE_SYSTEM_ENVIRONMENT_NAME,
-  SE_CHANGE_NOTIFY_NAME,
-  SE_REMOTE_SHUTDOWN_NAME,
-  SE_UNDOCK_NAME,
-  SE_SYNC_AGENT_NAME,
-  SE_ENABLE_DELEGATION_NAME,
-  SE_MANAGE_VOLUME_NAME,
-  SE_IMPERSONATE_NAME,
-  SE_CREATE_GLOBAL_NAME,
-  SE_TRUSTED_CREDMAN_ACCESS_NAME,
-  SE_RELABEL_NAME,
-  SE_INCREASE_WORKING_SET_NAME,
-  SE_TIME_ZONE_NAME,
-  SE_CREATE_SYMBOLIC_LINK_NAME
+  { L"",				false },
+  { L"",				false },
+  { SE_CREATE_TOKEN_NAME,		true  },
+  { SE_ASSIGNPRIMARYTOKEN_NAME,		true  },
+  { SE_LOCK_MEMORY_NAME,		false },
+  { SE_INCREASE_QUOTA_NAME,		true  },
+  { SE_MACHINE_ACCOUNT_NAME,		false },
+  { SE_TCB_NAME,			true  },
+  { SE_SECURITY_NAME,			true  },
+  { SE_TAKE_OWNERSHIP_NAME,		true  },
+  { SE_LOAD_DRIVER_NAME,		true  },
+  { SE_SYSTEM_PROFILE_NAME,		true  },
+  { SE_SYSTEMTIME_NAME,			true  },
+  { SE_PROF_SINGLE_PROCESS_NAME,	true  },
+  { SE_INC_BASE_PRIORITY_NAME,		true  },
+  { SE_CREATE_PAGEFILE_NAME,		true  },
+  { SE_CREATE_PERMANENT_NAME,		false },
+  { SE_BACKUP_NAME,			true  },
+  { SE_RESTORE_NAME,			true  },
+  { SE_SHUTDOWN_NAME,			false },
+  { SE_DEBUG_NAME,			true  },
+  { SE_AUDIT_NAME,			false },
+  { SE_SYSTEM_ENVIRONMENT_NAME,		true  },
+  { SE_CHANGE_NOTIFY_NAME,		false },
+  { SE_REMOTE_SHUTDOWN_NAME,		true  },
+  { SE_UNDOCK_NAME,			false },
+  { SE_SYNC_AGENT_NAME,			false },
+  { SE_ENABLE_DELEGATION_NAME,		false },
+  { SE_MANAGE_VOLUME_NAME,		true  },
+  { SE_IMPERSONATE_NAME,		true  },
+  { SE_CREATE_GLOBAL_NAME,		false },
+  { SE_TRUSTED_CREDMAN_ACCESS_NAME,	false },
+  { SE_RELABEL_NAME,			true  },
+  { SE_INCREASE_WORKING_SET_NAME,	false },
+  { SE_TIME_ZONE_NAME,			true  },
+  { SE_CREATE_SYMBOLIC_LINK_NAME,	true  }
 };
 
 bool
-privilege_luid (const PWCHAR pname, LUID *luid)
+privilege_luid (const PWCHAR pname, LUID &luid, bool &high_integrity)
 {
   ULONG idx;
   for (idx = SE_CREATE_TOKEN_PRIVILEGE;
        idx <= SE_MAX_WELL_KNOWN_PRIVILEGE;
        ++idx)
-    if (!wcscmp (cygpriv[idx], pname))
+    if (!wcscmp (cygpriv[idx].name, pname))
       {
-	luid->HighPart = 0;
-	luid->LowPart = idx;
+	luid.HighPart = 0;
+	luid.LowPart = idx;
+	high_integrity = cygpriv[idx].high_integrity;
 	return true;
       }
   return false;
@@ -394,7 +402,7 @@ privilege_name (const LUID &priv_luid)
   if (priv_luid.HighPart || priv_luid.LowPart < SE_CREATE_TOKEN_PRIVILEGE
       || priv_luid.LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE)
     return L"<unknown privilege>";
-  return cygpriv[priv_luid.LowPart];
+  return cygpriv[priv_luid.LowPart].name;
 }
 
 int
@@ -426,7 +434,7 @@ set_privilege (HANDLE token, DWORD privilege, bool enable)
 
 out:
   if (ret < 0)
-    debug_printf ("%d = set_privilege ((token %x) %W, %d)\n", ret, token,
+    debug_printf ("%d = set_privilege ((token %x) %W, %d)", ret, token,
 		  privilege_name (new_priv.Privileges[0].Luid), enable);
   return ret;
 }
@@ -444,12 +452,13 @@ set_cygwin_privileges (HANDLE token)
   set_privilege (token, SE_BACKUP_PRIVILEGE, true);
   /* Allow full access to other user's processes. */
   set_privilege (token, SE_DEBUG_PRIVILEGE, true);
-  /* Allow to create global shared memory.  This shouldn't be required since
+#if 0
+  /* Allow to create global shared memory.  This isn't required anymore since
      Cygwin 1.7.  It uses its own subdirectories in the global NT namespace
-     which isn't affected by the SE_CREATE_GLOBAL_PRIVILEGE restriction.
-     Anyway, better safe than sorry. */
+     which isn't affected by the SE_CREATE_GLOBAL_PRIVILEGE restriction. */
   if (wincap.has_create_global_privilege ())
     set_privilege (token, SE_CREATE_GLOBAL_PRIVILEGE, true);
+#endif
 }
 
 /* Function to return a common SECURITY_DESCRIPTOR that
author	Corinna Vinschen <corinna@vinschen.de>	2011-10-15 20:31:57 +0400
committer	Corinna Vinschen <corinna@vinschen.de>	2011-10-15 20:31:57 +0400
commit	c52fd6cd475b1e65f7c5e1eda4b1f4600553ae30 (patch)
tree	61157c5f31329ac596c820550e7db9266df7a0ed /winsup/cygwin/sec_helper.cc
parent	551a3d64c9006525101275245db2c950308f5846 (diff)