diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2001-04-25 13:43:25 +0400 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2001-04-25 13:43:25 +0400 |
commit | d551169a9fa38d2499840f409e0ca90992d6881a (patch) | |
tree | 7597dd538a99f270fd0285082a090c35a6876d2c /winsup/cygwin/uinfo.cc | |
parent | 3a6e96682d6ee6f127882eef92e3041de8aca4af (diff) |
* autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16.
* cygheap.cc: Include security.h.
* grp.cc (internal_getgrent): New function.
(getgroups): Rearranged using `internal_getgrent' and the new
`cygsid' class.
* passwd.cc (internal_getpwent): New function.
* sec_acl.cc: Use new `cygsid' class throughout.
(acl_access): Use `internal_getgrent' instead of `getgrent'.
* sec_helper.cc: Use new `cygsid' class throughout.
(get_id_from_sid): Use `internal_getgrent' instead of `getgrent'.
Use `internal_getpwent' instead of `getpwent'.
* security.cc: Use new `cygsid' class throughout.
* security.h: Move `MAX_SID_LEN' from winsup.h to here.
Add extern declarations for `internal_getgrent' and `internal_getpwent'.
(class cygsid): New class.
* shared.cc (sec_user): Use new `cygsid' class.
* syscalls.cc (seteuid): Try to set owner to user and primary group to
current group in impersonation token before performing impersonation.
(setegid): Try to set primary group in process token to the new group
if ntsec is on.
* uinfo.cc (internal_getlogin): Use new `cygsid' class.
Try to set owner to user and primary group to current group in process
token if the process has been started from a non cygwin process.
(uinfo_init): Set primary group only if the process has been started
from a non cygwin process.
* winsup.h: Move define for `MAX_SID_LEN' to security.h.
Diffstat (limited to 'winsup/cygwin/uinfo.cc')
-rw-r--r-- | winsup/cygwin/uinfo.cc | 52 |
1 files changed, 36 insertions, 16 deletions
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index 6bf5debba..eb3f6ff81 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -115,7 +115,7 @@ internal_getlogin (cygheap_user &user) HANDLE ptok = user.token; /* Which is INVALID_HANDLE_VALUE if no impersonation took place. */ DWORD siz; - char tu[1024]; + cygsid tu; int ret = 0; /* Try to get the SID either from already impersonated token @@ -123,18 +123,14 @@ internal_getlogin (cygheap_user &user) important, because you can't rely on the user information in a process token of a currently impersonated process. */ if (ptok == INVALID_HANDLE_VALUE - && !OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &ptok)) + && !OpenProcessToken (GetCurrentProcess (), + TOKEN_ADJUST_DEFAULT | TOKEN_QUERY, + &ptok)) debug_printf ("OpenProcessToken(): %E\n"); - else if (!GetTokenInformation (ptok, TokenUser, (LPVOID) &tu, - sizeof tu, &siz)) + else if (!GetTokenInformation (ptok, TokenUser, &tu, sizeof tu, &siz)) debug_printf ("GetTokenInformation(): %E"); - else if (!(ret = user.set_sid (((TOKEN_USER *) &tu)->User.Sid))) + else if (!(ret = user.set_sid (tu))) debug_printf ("Couldn't retrieve SID from access token!"); - /* Close token only if it's a result from OpenProcessToken(). */ - if (ptok != INVALID_HANDLE_VALUE - && user.token == INVALID_HANDLE_VALUE) - CloseHandle (ptok); - /* If that failes, try to get the SID from localhost. This can only be done if a domain is given because there's a chance that a local and a domain user may have the same name. */ @@ -146,7 +142,7 @@ internal_getlogin (cygheap_user &user) debug_printf ("Couldn't retrieve SID locally!"); } - /* If that failes, too, as a last resort try to get the SID from + /* If that fails, too, as a last resort try to get the SID from the logon server. */ if (!ret && !(ret = lookup_name (user.name (), user.logsrv (), user.sid ()))) @@ -154,11 +150,11 @@ internal_getlogin (cygheap_user &user) /* If we have a SID, try to get the corresponding Cygwin user name which can be different from the Windows user name. */ + cygsid gsid (NULL); if (ret) { struct passwd *pw; - char psidbuf[MAX_SID_LEN]; - PSID psid = (PSID) psidbuf; + cygsid psid; if (!strcasematch (user.name (), "SYSTEM") && user.domain () && user.logsrv ()) @@ -166,14 +162,35 @@ internal_getlogin (cygheap_user &user) if (get_registry_hive_path (user.sid (), buf)) setenv ("USERPROFILE", buf, 1); } - while ((pw = getpwent ()) != NULL) + for (int pidx = 0; (pw = internal_getpwent (pidx)); ++pidx) if (get_pw_sid (psid, pw) && EqualSid (user.sid (), psid)) { user.set_name (pw->pw_name); + struct group *gr = getgrgid (pw->pw_gid); + if (gr) + if (!get_gr_sid (gsid.set (), gr)) + gsid = NULL; break; } - endpwent (); } + + /* If this process is started from a non Cygwin process, + set token owner to the same value as token user and + primary group to the group which is set as primary group + in /etc/passwd. */ + if (ptok != INVALID_HANDLE_VALUE && myself->ppid == 1) + { + if (!SetTokenInformation (ptok, TokenOwner, &tu, sizeof tu)) + debug_printf ("SetTokenInformation(TokenOwner): %E"); + if (gsid && !SetTokenInformation (ptok, TokenPrimaryGroup, + &gsid, sizeof gsid)) + debug_printf ("SetTokenInformation(TokenPrimaryGroup): %E"); + } + + /* Close token only if it's a result from OpenProcessToken(). */ + if (ptok != INVALID_HANDLE_VALUE + && user.token == INVALID_HANDLE_VALUE) + CloseHandle (ptok); } } debug_printf ("Cygwins Username: %s", user.name ()); @@ -198,7 +215,10 @@ uinfo_init () if ((p = getpwnam (internal_getlogin (cygheap->user))) != NULL) { myself->uid = p->pw_uid; - myself->gid = p->pw_gid; + /* Set primary group only if ntsec is off or the process has been + started from a non cygwin process. */ + if (!allow_ntsec || myself->ppid == 1) + myself->gid = p->pw_gid; } else { |