* cygheap.h (class cygheap_user): Use INVALID_HANDLE_VALUE as invalid

value for tokens. * syscalls.cc (seteuid32): Ditto. Set new_token to process token if process token is suitable. * uinfo.cc (uinfo_init): Initialize tokens in cygheap user info to INVALID_HANDLE_VALUE. * cygheap.h (enum impersonation): Delete. (cygheap_user::impersonation_state): Delete. (cygheap_user::current_token): New. (cygheap_user::issetuid): Modify to use current_token. (cygheap_user::token): Ditto. (cygheap_user::deimpersonate): Ditto. (cygheap_user::reimpersonate): Ditto. (cygheap_user::has_impersonation_tokens): Ditto. (cygheap_user::close_impersonation_tokens): Ditto. * security.cc (cygwin_set_impersonation_token): Always set the token. (verify_token): Change type of gsid to cygpsid. (get_file_attribute): Use the effective ids. * syscalls.cc (seteuid32): Modify to use cygheap_user::current_token. * uinfo.cc (uinfo_init) Do not set cygheap->user.impersonation_state.
author: Corinna Vinschen <corinna@vinschen.de> 2003-07-14 21:04:21 +0400
committer: Corinna Vinschen <corinna@vinschen.de> 2003-07-14 21:04:21 +0400
commit: ea3ba114990eb77ddf74d054bd01418ca580cb0b (patch)
tree: 837c0867009718e779809c4b328212fab4abb4fc /winsup
parent: 9ff631a70c520489af06cce5127b9dd5c6e512fe (diff)
5 files changed, 106 insertions, 115 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 46260fc94..ee5897b96 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,29 @@
+2003-07-14  Corinna Vinschen  <corinna@vinschen.de>
+
+	* cygheap.h (class cygheap_user): Use INVALID_HANDLE_VALUE as invalid
+	value for tokens.
+	* syscalls.cc (seteuid32): Ditto.  Set new_token to process token if
+	process token is suitable.
+	* uinfo.cc (uinfo_init): Initialize tokens in cygheap user info
+	to INVALID_HANDLE_VALUE.
+
+2003-07-14  Pierre Humblet  <pierre.humblet@ieee.org>
+
+	* cygheap.h (enum impersonation): Delete.
+	(cygheap_user::impersonation_state): Delete.
+	(cygheap_user::current_token): New.
+	(cygheap_user::issetuid): Modify to use current_token.
+	(cygheap_user::token): Ditto.
+	(cygheap_user::deimpersonate): Ditto.
+	(cygheap_user::reimpersonate): Ditto.
+	(cygheap_user::has_impersonation_tokens): Ditto.
+	(cygheap_user::close_impersonation_tokens): Ditto.
+	* security.cc (cygwin_set_impersonation_token): Always set the token.
+	(verify_token): Change type of gsid to cygpsid.
+	(get_file_attribute): Use the effective ids.
+	* syscalls.cc (seteuid32): Modify to use cygheap_user::current_token.
+	* uinfo.cc (uinfo_init) Do not set cygheap->user.impersonation_state.
+
 2003-07-12  Christopher Faylor  <cgf@redhat.com>
 
 	* pinfo.cc (_pinfo::commune_send): Fix bounds test so that poll of
diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h
index 963d9c4db..f765541c4 100644
--- a/winsup/cygwin/cygheap.h
+++ b/winsup/cygwin/cygheap.h
@@ -92,14 +92,6 @@ enum homebodies
   CH_HOME
 };
 
-enum impersonation
-{
-  IMP_BAD = -1,
-  IMP_NONE = 0,
-  IMP_EXTERNAL,
-  IMP_INTERNAL
-};
-
 class cygheap_user
 {
   /* Extendend user information.
@@ -125,7 +117,7 @@ public:
      to `set_impersonation_token()'. */
   HANDLE external_token;
   HANDLE internal_token;
-  enum impersonation impersonation_state;
+  HANDLE current_token;
 
   /* CGF 2002-06-27.  I removed the initializaton from this constructor
      since this class is always allocated statically.  That means that everything
@@ -170,41 +162,40 @@ public:
   PSID sid () const { return psid; }
   PSID orig_sid () const { return orig_psid; }
   const char *ontherange (homebodies what, struct passwd * = NULL);
-  bool issetuid () const
-  {
-    return impersonation_state > IMP_NONE;
-  }
-  HANDLE token ()
-  {
-    if (impersonation_state == IMP_EXTERNAL)
-      return external_token;
-    if (impersonation_state == IMP_INTERNAL)
-      return internal_token;
-    return INVALID_HANDLE_VALUE;
-  }
+  bool issetuid () const { return current_token != INVALID_HANDLE_VALUE; }
+  HANDLE token () { return current_token; }
   void deimpersonate ()
   {
-    if (impersonation_state > IMP_NONE)
+    if (issetuid ())
       RevertToSelf ();
   }
   void reimpersonate ()
   {
-    if (impersonation_state > IMP_NONE
+    if (issetuid ()
 	&& !ImpersonateLoggedOnUser (token ()))
       system_printf ("ImpersonateLoggedOnUser: %E");
   }
-  bool has_impersonation_tokens () { return external_token || internal_token; }
+  bool has_impersonation_tokens ()
+    { return external_token != INVALID_HANDLE_VALUE
+             || internal_token != INVALID_HANDLE_VALUE
+	     || current_token != INVALID_HANDLE_VALUE; }
   void close_impersonation_tokens ()
   {
-    if (external_token)
+    if (current_token != INVALID_HANDLE_VALUE)
+      {
+	if( current_token != external_token && current_token != internal_token)
+	  CloseHandle (current_token);
+	current_token = INVALID_HANDLE_VALUE;
+      }
+    if (external_token != INVALID_HANDLE_VALUE)
       {
 	CloseHandle (external_token);
-	external_token = 0;
+	external_token = INVALID_HANDLE_VALUE;
       }
-    if (internal_token)
+    if (internal_token != INVALID_HANDLE_VALUE)
       {
 	CloseHandle (internal_token);
-	internal_token = 0;
+	internal_token = INVALID_HANDLE_VALUE;
       }
   }
   const char *cygheap_user::test_uid (char *&, const char *, size_t)
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index c08e1abe3..7f7d9d1bd 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -69,17 +69,8 @@ extern "C" void
 cygwin_set_impersonation_token (const HANDLE hToken)
 {
   debug_printf ("set_impersonation_token (%d)", hToken);
-  if (cygheap->user.impersonation_state == IMP_EXTERNAL
-      && cygheap->user.external_token != hToken)
-    {
-      set_errno (EPERM);
-      return;
-    }
-  else
-    {
-      cygheap->user.external_token = hToken;
-      return;
-    }
+  cygheap->user.external_token = hToken;
+  return;
 }
 
 void
@@ -741,13 +732,13 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
   if (intern && !groups.issetgroups ())
     {
       char sd_buf[MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR)];
-      PSID gsid = NO_SID;
+      cygpsid gsid (NO_SID);
       if (!GetKernelObjectSecurity (token, GROUP_SECURITY_INFORMATION,
 				    (PSECURITY_DESCRIPTOR) sd_buf,
 				    sizeof sd_buf, &size))
 	debug_printf ("GetKernelObjectSecurity(): %E");
       else if (!GetSecurityDescriptorGroup ((PSECURITY_DESCRIPTOR) sd_buf,
-					    &gsid, (BOOL *) &size))
+					    (PSID *) &gsid, (BOOL *) &size))
 	debug_printf ("GetSecurityDescriptorGroup(): %E");
       if (well_known_null_sid != gsid)
 	return gsid == groups.pgsid;
@@ -1414,9 +1405,9 @@ get_file_attribute (int use_ntsec, const char *file,
     }
 
   if (uidret)
-    *uidret = getuid32 ();
+    *uidret = myself->uid;
   if (gidret)
-    *gidret = getgid32 ();
+    *gidret = myself->gid;
 
   if (!attribute)
     return 0;
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index 684a83705..b95c93999 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -2058,7 +2058,6 @@ seteuid32 (__uid32_t uid)
   HANDLE ptok, new_token = INVALID_HANDLE_VALUE;
   struct passwd * pw_new;
   PSID origpsid, psid2 = NO_SID;
-  enum impersonation new_state = IMP_BAD;
   BOOL token_is_internal;
 
   pw_new = internal_getpwuid (uid);
@@ -2079,48 +2078,47 @@ seteuid32 (__uid32_t uid)
 
   /* Verify if the process token is suitable. */
   if (verify_token (ptok, usersid, groups))
-    new_state = IMP_NONE;
-  /* Verify if a current token is suitable */
-  else if (cygheap->user.external_token
+    new_token = ptok;
+  /* Verify if the external token is suitable */
+  else if (cygheap->user.external_token != INVALID_HANDLE_VALUE
 	   && verify_token (cygheap->user.external_token, usersid, groups))
-    {
-      new_token = cygheap->user.external_token;
-      new_state = IMP_EXTERNAL;
-    }
-  else if (cygheap->user.internal_token
+    new_token = cygheap->user.external_token;
+  /* Verify if the current token (internal or former external) is suitable */
+  else if (cygheap->user.current_token != INVALID_HANDLE_VALUE
+	   && cygheap->user.current_token != cygheap->user.external_token
+	   && verify_token (cygheap->user.current_token, usersid, groups,
+			    &token_is_internal))
+    new_token = cygheap->user.current_token;
+  /* Verify if the internal token is suitable */
+  else if (cygheap->user.internal_token != INVALID_HANDLE_VALUE
+	   && cygheap->user.internal_token != cygheap->user.current_token
 	   && verify_token (cygheap->user.internal_token, usersid, groups,
 			    &token_is_internal))
-    {
-      new_token = cygheap->user.internal_token;
-      new_state = IMP_INTERNAL;
-    }
+    new_token = cygheap->user.internal_token;
 
-  debug_printf ("New token %d, state %d", new_token, new_state);
-  /* Return if current token is valid */
-  if (cygheap->user.impersonation_state == new_state)
-    {
-      cygheap->user.reimpersonate ();
-      goto success; /* No change */
-    }
+  debug_printf ("Found token %d", new_token);
 
   /* Set process def dacl to allow access to impersonated token */
-  char dacl_buf[MAX_DACL_LEN (5)];
-  if (usersid != (origpsid = cygheap->user.orig_sid ()))
-    psid2 = usersid;
-  if (sec_acl ((PACL) dacl_buf, FALSE, origpsid, psid2))
+  if (cygheap->user.current_token != new_token)
     {
-      TOKEN_DEFAULT_DACL tdacl;
-      tdacl.DefaultDacl = (PACL) dacl_buf;
-      if (!SetTokenInformation (ptok, TokenDefaultDacl,
-				&tdacl, sizeof dacl_buf))
-	debug_printf ("SetTokenInformation"
-		      "(TokenDefaultDacl): %E");
+      char dacl_buf[MAX_DACL_LEN (5)];
+      if (usersid != (origpsid = cygheap->user.orig_sid ()))
+	psid2 = usersid;
+      if (sec_acl ((PACL) dacl_buf, FALSE, origpsid, psid2))
+        {
+	  TOKEN_DEFAULT_DACL tdacl;
+	  tdacl.DefaultDacl = (PACL) dacl_buf;
+	  if (!SetTokenInformation (ptok, TokenDefaultDacl,
+				    &tdacl, sizeof dacl_buf))
+	    debug_printf ("SetTokenInformation"
+			  "(TokenDefaultDacl): %E");
+	}
     }
 
-  if (new_state == IMP_BAD)
+  /* If no impersonation token is available, try to
+     authenticate using NtCreateToken () or subauthentication. */
+  if (new_token == INVALID_HANDLE_VALUE)
     {
-      /* If no impersonation token is available, try to
-	 authenticate using NtCreateToken () or subauthentication. */
       new_token = create_token (usersid, groups, pw_new);
       if (new_token == INVALID_HANDLE_VALUE)
 	{
@@ -2130,48 +2128,31 @@ seteuid32 (__uid32_t uid)
 	  if (new_token == INVALID_HANDLE_VALUE)
 	    goto failed;
 	}
-      new_state = IMP_INTERNAL;
-    }
-
-  /* If using the token, set info and impersonate */
-  if (new_state != IMP_NONE)
-    {
-      /* If the token was explicitly created, all information has
-	 already been set correctly. */
-      if (new_state == IMP_EXTERNAL)
-	{
-	  /* Try setting owner to same value as user. */
-	  if (!SetTokenInformation (new_token, TokenOwner,
-				    &usersid, sizeof usersid))
-	    debug_printf ("SetTokenInformation(user.token, "
-			  "TokenOwner): %E");
-	  /* Try setting primary group in token to current group */
-	  if (!SetTokenInformation (new_token,
-				    TokenPrimaryGroup,
-				    &groups.pgsid, sizeof (cygsid)))
-	    debug_printf ("SetTokenInformation(user.token, "
-			  "TokenPrimaryGroup): %E");
-	}
-      /* Try to impersonate. */
-      if (!ImpersonateLoggedOnUser (new_token))
-	{
-	  debug_printf ("ImpersonateLoggedOnUser %E");
-	  __seterrno ();
-	  goto failed;
-	}
       /* Keep at most one internal token */
-      if (new_state == IMP_INTERNAL)
-        {
-	  if (cygheap->user.internal_token)
-	    CloseHandle (cygheap->user.internal_token);
-	  cygheap->user.internal_token = new_token;
-	}
+      if (cygheap->user.internal_token != INVALID_HANDLE_VALUE)
+	CloseHandle (cygheap->user.internal_token);
+      cygheap->user.internal_token = new_token;
+    }
+  else if (new_token != ptok)
+    {
+      /* Try setting owner to same value as user. */
+      if (!SetTokenInformation (new_token, TokenOwner,
+				&usersid, sizeof usersid))
+	debug_printf ("SetTokenInformation(user.token, "
+		      "TokenOwner): %E");
+      /* Try setting primary group in token to current group */
+      if (!SetTokenInformation (new_token,
+				TokenPrimaryGroup,
+				&groups.pgsid, sizeof (cygsid)))
+	debug_printf ("SetTokenInformation(user.token, "
+		      "TokenPrimaryGroup): %E");
     }
-  cygheap->user.set_sid (usersid);
 
-success:
   CloseHandle (ptok);
-  cygheap->user.impersonation_state = new_state;
+  cygheap->user.set_sid (usersid);
+  cygheap->user.current_token = new_token == ptok ? INVALID_HANDLE_VALUE
+						  : new_token;
+  cygheap->user.reimpersonate ();
 success_9x:
   cygheap->user.set_name (pw_new->pw_name);
   myself->uid = uid;
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index f63230d0a..54a7bec9a 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -122,7 +122,9 @@ uinfo_init ()
 
   cygheap->user.orig_uid = cygheap->user.real_uid = myself->uid;
   cygheap->user.orig_gid = cygheap->user.real_gid = myself->gid;
-  cygheap->user.impersonation_state = IMP_NONE;
+  cygheap->user.external_token = INVALID_HANDLE_VALUE;
+  cygheap->user.internal_token = INVALID_HANDLE_VALUE;
+  cygheap->user.current_token = INVALID_HANDLE_VALUE;
   cygheap->user.set_orig_sid ();	/* Update the original sid */
 }
author	Corinna Vinschen <corinna@vinschen.de>	2003-07-14 21:04:21 +0400
committer	Corinna Vinschen <corinna@vinschen.de>	2003-07-14 21:04:21 +0400
commit	ea3ba114990eb77ddf74d054bd01418ca580cb0b (patch)
tree	837c0867009718e779809c4b328212fab4abb4fc /winsup
parent	9ff631a70c520489af06cce5127b9dd5c6e512fe (diff)