Welcome to mirror list, hosted at ThFree Co, Russian Federation.

cygwin.com/git/newlib-cygwin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/winsup/cygwin/security.cc
diff options
context:
space:
mode:
authorCorinna Vinschen <corinna@vinschen.de>2003-06-30 17:07:36 +0400
committerCorinna Vinschen <corinna@vinschen.de>2003-06-30 17:07:36 +0400
commit70249d5687c6020064b70431e115fe1c0161cfa3 (patch)
tree64e9bd4e8db6308fd1c748266a00901b5e45b8d3 /winsup/cygwin/security.cc
parent3fbdb70ec68d30d36bda2dd186b9a1ce8b4d579b (diff)
* cygheap.h (enum impersonation): New enum.
(cygheap_user::token): Delete. (cygheap_user::impersonated): Delete. (cygheap_user::external_token): New member. (cygheap_user::internal_token): New member. (cygheap_user::impersonation_state): New member. (cygheap_user::issetuid): Modify. (cygheap_user::token): New method. (cygheap_user::deimpersonate): New method. (cygheap_user::reimpersonate): New method. (cygheap_user::has_impersonation_tokens): New method. (cygheap_user::close_impersonation_tokens): New method. * dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods. * fhandler_socket.cc (fhandler_socket::dup): Ditto. * fork.cc (fork_child): Ditto. (fork_parent): Ditto. * grp.cc (internal_getgroups): Ditto. * security.cc (verify_token): Ditto. (check_file_access): Ditto. (cygwin_set_impersonation_token): Detect conflicts. Set user.external_token. * spawn.cc (spawn_guts): Use new cygheap_user methods. * syscalls.cc (seteuid32): Rearrange to use the two tokens in cygheap_user. (setegid32): Use new cygheap_user methods. * uinfo.cc: (internal_getlogin): Ditto.
Diffstat (limited to 'winsup/cygwin/security.cc')
-rw-r--r--winsup/cygwin/security.cc18
1 files changed, 12 insertions, 6 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 7bae8f4c7..5ccf37e3d 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -70,10 +70,16 @@ extern "C" void
cygwin_set_impersonation_token (const HANDLE hToken)
{
debug_printf ("set_impersonation_token (%d)", hToken);
- if (cygheap->user.token != hToken)
+ if (cygheap->user.impersonation_state == IMP_EXTERNAL
+ && cygheap->user.external_token != hToken)
{
- cygheap->user.token = hToken;
- cygheap->user.impersonated = FALSE;
+ set_errno (EPERM);
+ return;
+ }
+ else
+ {
+ cygheap->user.external_token = hToken;
+ return;
}
}
@@ -717,7 +723,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
if (pintern)
{
TOKEN_SOURCE ts;
- if (!GetTokenInformation (cygheap->user.token, TokenSource,
+ if (!GetTokenInformation (token, TokenSource,
&ts, sizeof ts, &size))
debug_printf ("GetTokenInformation(): %E");
else
@@ -1906,7 +1912,7 @@ check_file_access (const char *fn, int flags)
goto done;
if (cygheap->user.issetuid ())
- hToken = cygheap->user.token;
+ hToken = cygheap->user.token ();
else if (!OpenProcessToken (hMainProc, TOKEN_DUPLICATE, &hToken))
{
__seterrno ();
@@ -1914,7 +1920,7 @@ check_file_access (const char *fn, int flags)
}
if (!(status = DuplicateToken (hToken, SecurityIdentification, &hIToken)))
__seterrno ();
- if (hToken != cygheap->user.token)
+ if (!cygheap->user.issetuid ())
CloseHandle (hToken);
if (!status)
goto done;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 15:19:47 +0300