diff options
| author | Pierre Humblet <phumblet@phumblet.no-ip.org> | 2003-09-27 05:56:36 +0400 |
|---|---|---|
| committer | Pierre Humblet <phumblet@phumblet.no-ip.org> | 2003-09-27 05:56:36 +0400 |
| commit | 6806a8b51f96d59cb6dadd86fab4ae7cdecca3ed (patch) | |
| tree | 513357f0c179f944228ac5f669f9e53b3456cce1 /winsup/cygwin/uinfo.cc | |
| parent | 349a6402fe566a06f18ee2a1e2d412b8b8d9d304 (diff) | |
2003-09-26 Pierre Humblet <pierre.humblet@ieee.org>
* uinfo.cc (cygheap_user::init): Make sure the current user appears
in the default DACL. Rearrange to decrease the indentation levels.
Initialize the effec_cygsid directly.
(internal_getlogin): Do not reinitialize myself->gid. Open the process
token with the required access.
* cygheap.h (class cygheap_user): Delete members pid and saved_psid.
Create members effec_cygsid and saved_cygsid.
(cygheap_user::set_sid): Define inline.
(cygheap_user::set_saved_sid): Ditto.
(cygheap_user::sid): Modify.
(cygheap_user::saved_sid): Modify.
* cygheap.cc (cygheap_user::set_sid): Delete.
(cygheap_user::set_saved_sid): Ditto.
* sec_helper.cc (sec_acl): Set the correct acl size.
* autoload.cc (FindFirstFreeAce): Add.
* security.h: Define ACL_DEFAULT_SIZE.
Diffstat (limited to 'winsup/cygwin/uinfo.cc')
| -rw-r--r-- | winsup/cygwin/uinfo.cc | 83 |
1 files changed, 57 insertions, 26 deletions
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index 0e46a13c0..6cd162b49 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -41,31 +41,65 @@ cygheap_user::init() set_name (GetUserName (user_name, &user_name_len) ? user_name : "unknown"); - if (wincap.has_security ()) + if (!wincap.has_security ()) + return; + + HANDLE ptok; + DWORD siz; + char pdacl_buf [sizeof (PTOKEN_DEFAULT_DACL) + ACL_DEFAULT_SIZE]; + PTOKEN_DEFAULT_DACL pdacl = (PTOKEN_DEFAULT_DACL) pdacl_buf; + + if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY, + &ptok)) { - HANDLE ptok = NULL; - DWORD siz, ret; - cygsid tu; - - /* Get the SID from current process and store it in user.psid */ - if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY, - &ptok)) - system_printf ("OpenProcessToken(): %E"); - else - { - if (!GetTokenInformation (ptok, TokenUser, &tu, sizeof tu, &siz)) - system_printf ("GetTokenInformation (TokenUser): %E"); - else if (!(ret = set_sid (tu))) - system_printf ("Couldn't retrieve SID from access token!"); - /* Set token owner to the same value as token user */ - else if (!SetTokenInformation (ptok, TokenOwner, &tu, sizeof tu)) - debug_printf ("SetTokenInformation(TokenOwner): %E"); - if (!GetTokenInformation (ptok, TokenPrimaryGroup, - &groups.pgsid, sizeof tu, &siz)) - system_printf ("GetTokenInformation (TokenPrimaryGroup): %E"); - CloseHandle (ptok); + system_printf ("OpenProcessToken(): %E"); + return; + } + if (!GetTokenInformation (ptok, TokenPrimaryGroup, + &groups.pgsid, sizeof (cygsid), &siz)) + system_printf ("GetTokenInformation (TokenPrimaryGroup): %E"); + + /* Get the SID from current process and store it in effec_cygsid */ + if (!GetTokenInformation (ptok, TokenUser, &effec_cygsid, sizeof (cygsid), &siz)) + { + system_printf ("GetTokenInformation (TokenUser): %E"); + goto out; + } + + /* Set token owner to the same value as token user */ + if (!SetTokenInformation (ptok, TokenOwner, &effec_cygsid, sizeof (cygsid))) + debug_printf ("SetTokenInformation(TokenOwner): %E"); + + /* Add the user in the default DACL if needed */ + if (!GetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (pdacl_buf), &siz)) + system_printf ("GetTokenInformation (TokenDefaultDacl): %E"); + else if (pdacl->DefaultDacl) /* Running with security */ + { + PACL pAcl = pdacl->DefaultDacl; + PACCESS_ALLOWED_ACE pAce; + + for (int i = 0; i < pAcl->AceCount; i++) + { + if (!GetAce(pAcl, i, (LPVOID *) &pAce)) + system_printf ("GetAce: %E"); + else if (pAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE + && effec_cygsid == &pAce->SidStart) + goto out; } + pAcl->AclSize = &pdacl_buf[sizeof (pdacl_buf)] - (char *) pAcl; + if (!AddAccessAllowedAce (pAcl, ACL_REVISION, GENERIC_ALL, effec_cygsid)) + system_printf ("AddAccessAllowedAce: %E"); + else if (FindFirstFreeAce (pAcl, (LPVOID *) &pAce), !(pAce)) + debug_printf ("FindFirstFreeAce %E"); + else + { + pAcl->AclSize = (char *) pAce - (char *) pAcl; + if (!SetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (* pdacl))) + system_printf ("SetTokenInformation (TokenDefaultDacl): %E"); + } } + out: + CloseHandle (ptok); } void @@ -73,8 +107,6 @@ internal_getlogin (cygheap_user &user) { struct passwd *pw = NULL; - myself->gid = UNKNOWN_GID; - if (wincap.has_security ()) { cygpsid psid = user.sid (); @@ -96,8 +128,7 @@ internal_getlogin (cygheap_user &user) { HANDLE ptok; if (gsid != user.groups.pgsid - && OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY, - &ptok)) + && OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT, &ptok)) { /* Set primary group to the group in /etc/passwd. */ if (!SetTokenInformation (ptok, TokenPrimaryGroup, |