Welcome to mirror list, hosted at ThFree Co, Russian Federation.

cygwin.com/git/newlib-cygwin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--winsup/cygwin/ChangeLog19
-rw-r--r--winsup/cygwin/autoload.cc1
-rw-r--r--winsup/cygwin/cygheap.cc25
-rw-r--r--winsup/cygwin/cygheap.h12
-rw-r--r--winsup/cygwin/sec_helper.cc7
-rw-r--r--winsup/cygwin/security.h2
-rw-r--r--winsup/cygwin/uinfo.cc83
7 files changed, 91 insertions, 58 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 4bca458c2..3f4467ac3 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,22 @@
+2003-09-26 Pierre Humblet <pierre.humblet@ieee.org>
+
+ * uinfo.cc (cygheap_user::init): Make sure the current user appears
+ in the default DACL. Rearrange to decrease the indentation levels.
+ Initialize the effec_cygsid directly.
+ (internal_getlogin): Do not reinitialize myself->gid. Open the process
+ token with the required access.
+ * cygheap.h (class cygheap_user): Delete members pid and saved_psid.
+ Create members effec_cygsid and saved_cygsid.
+ (cygheap_user::set_sid): Define inline.
+ (cygheap_user::set_saved_sid): Ditto.
+ (cygheap_user::sid): Modify.
+ (cygheap_user::saved_sid): Modify.
+ * cygheap.cc (cygheap_user::set_sid): Delete.
+ (cygheap_user::set_saved_sid): Ditto.
+ * sec_helper.cc (sec_acl): Set the correct acl size.
+ * autoload.cc (FindFirstFreeAce): Add.
+ * security.h: Define ACL_DEFAULT_SIZE.
+
2003-09-26 Corinna Vinschen <corinna@vinschen.de>
* mmap.cc (munmap): Use correct address and length parameters when
diff --git a/winsup/cygwin/autoload.cc b/winsup/cygwin/autoload.cc
index 6344a6d0c..9c1bb4731 100644
--- a/winsup/cygwin/autoload.cc
+++ b/winsup/cygwin/autoload.cc
@@ -320,6 +320,7 @@ LoadDLLfunc (DeregisterEventSource, 4, advapi32)
LoadDLLfunc (DuplicateToken, 12, advapi32)
LoadDLLfuncEx (DuplicateTokenEx, 24, advapi32, 1)
LoadDLLfunc (EqualSid, 8, advapi32)
+LoadDLLfunc (FindFirstFreeAce, 8, advapi32)
LoadDLLfunc (GetAce, 12, advapi32)
LoadDLLfunc (GetFileSecurityA, 20, advapi32)
LoadDLLfunc (GetKernelObjectSecurity, 20, advapi32)
diff --git a/winsup/cygwin/cygheap.cc b/winsup/cygwin/cygheap.cc
index 077610fa0..ede408695 100644
--- a/winsup/cygwin/cygheap.cc
+++ b/winsup/cygwin/cygheap.cc
@@ -444,28 +444,3 @@ cygheap_user::set_name (const char *new_name)
cfree_and_set (pwinname);
}
-BOOL
-cygheap_user::set_sid (PSID new_sid)
-{
- if (new_sid)
- {
- if (!psid)
- psid = cmalloc (HEAP_STR, MAX_SID_LEN);
- if (psid)
- return CopySid (MAX_SID_LEN, psid, new_sid);
- }
- return FALSE;
-}
-
-BOOL
-cygheap_user::set_saved_sid ()
-{
- if (psid)
- {
- if (!saved_psid)
- saved_psid = cmalloc (HEAP_STR, MAX_SID_LEN);
- if (saved_psid)
- return CopySid (MAX_SID_LEN, saved_psid, psid);
- }
- return FALSE;
-}
diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h
index 3a8085ffb..fc46118a1 100644
--- a/winsup/cygwin/cygheap.h
+++ b/winsup/cygwin/cygheap.h
@@ -106,8 +106,8 @@ class cygheap_user
char *homepath; /* User's home path */
char *pwinname; /* User's name as far as Windows knows it */
char *puserprof; /* User profile */
- PSID psid; /* buffer for user's SID */
- PSID saved_psid; /* Remains intact even after impersonation */
+ cygsid effec_cygsid; /* buffer for user's SID */
+ cygsid saved_cygsid; /* Remains intact even after impersonation */
public:
__uid32_t saved_uid; /* Remains intact even after impersonation */
__gid32_t saved_gid; /* Ditto */
@@ -160,10 +160,10 @@ public:
const char *p = env_domain ("USERDOMAIN=", sizeof ("USERDOMAIN=") - 1);
return (p == almost_null) ? NULL : p;
}
- BOOL set_sid (PSID new_sid);
- BOOL set_saved_sid ();
- PSID sid () const { return psid; }
- PSID saved_sid () const { return saved_psid; }
+ BOOL set_sid (PSID new_sid) {return (BOOL) (effec_cygsid = new_sid);}
+ BOOL set_saved_sid () { return (BOOL) (saved_cygsid = effec_cygsid); }
+ PSID sid () { return effec_cygsid; }
+ PSID saved_sid () { return saved_cygsid; }
const char *ontherange (homebodies what, struct passwd * = NULL);
bool issetuid () const { return current_token != INVALID_HANDLE_VALUE; }
HANDLE token () { return current_token; }
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 040760685..dda352543 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -375,6 +375,7 @@ BOOL
sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD access2)
{
size_t acl_len = MAX_DACL_LEN(5);
+ LPVOID pAce;
cygpsid psid;
if (!InitializeAcl (acl, acl_len, ACL_REVISION))
@@ -402,6 +403,12 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, well_known_system_sid))
debug_printf ("AddAccessAllowedAce(system) %E");
+ FindFirstFreeAce (acl, &pAce);
+ if (pAce)
+ acl->AclSize = (char *) pAce - (char *) acl;
+ else
+ debug_printf ("FindFirstFreeAce %E");
+
return TRUE;
}
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index b39962aa2..a7e2515c7 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -20,7 +20,7 @@ details. */
#define MAX_SID_LEN 40
#define MAX_DACL_LEN(n) (sizeof (ACL) \
+ (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN))
-
+#define ACL_DEFAULT_SIZE 3072
#define NO_SID ((PSID)NULL)
class cygpsid {
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 0e46a13c0..6cd162b49 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -41,31 +41,65 @@ cygheap_user::init()
set_name (GetUserName (user_name, &user_name_len) ? user_name : "unknown");
- if (wincap.has_security ())
+ if (!wincap.has_security ())
+ return;
+
+ HANDLE ptok;
+ DWORD siz;
+ char pdacl_buf [sizeof (PTOKEN_DEFAULT_DACL) + ACL_DEFAULT_SIZE];
+ PTOKEN_DEFAULT_DACL pdacl = (PTOKEN_DEFAULT_DACL) pdacl_buf;
+
+ if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
+ &ptok))
{
- HANDLE ptok = NULL;
- DWORD siz, ret;
- cygsid tu;
-
- /* Get the SID from current process and store it in user.psid */
- if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
- &ptok))
- system_printf ("OpenProcessToken(): %E");
- else
- {
- if (!GetTokenInformation (ptok, TokenUser, &tu, sizeof tu, &siz))
- system_printf ("GetTokenInformation (TokenUser): %E");
- else if (!(ret = set_sid (tu)))
- system_printf ("Couldn't retrieve SID from access token!");
- /* Set token owner to the same value as token user */
- else if (!SetTokenInformation (ptok, TokenOwner, &tu, sizeof tu))
- debug_printf ("SetTokenInformation(TokenOwner): %E");
- if (!GetTokenInformation (ptok, TokenPrimaryGroup,
- &groups.pgsid, sizeof tu, &siz))
- system_printf ("GetTokenInformation (TokenPrimaryGroup): %E");
- CloseHandle (ptok);
+ system_printf ("OpenProcessToken(): %E");
+ return;
+ }
+ if (!GetTokenInformation (ptok, TokenPrimaryGroup,
+ &groups.pgsid, sizeof (cygsid), &siz))
+ system_printf ("GetTokenInformation (TokenPrimaryGroup): %E");
+
+ /* Get the SID from current process and store it in effec_cygsid */
+ if (!GetTokenInformation (ptok, TokenUser, &effec_cygsid, sizeof (cygsid), &siz))
+ {
+ system_printf ("GetTokenInformation (TokenUser): %E");
+ goto out;
+ }
+
+ /* Set token owner to the same value as token user */
+ if (!SetTokenInformation (ptok, TokenOwner, &effec_cygsid, sizeof (cygsid)))
+ debug_printf ("SetTokenInformation(TokenOwner): %E");
+
+ /* Add the user in the default DACL if needed */
+ if (!GetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (pdacl_buf), &siz))
+ system_printf ("GetTokenInformation (TokenDefaultDacl): %E");
+ else if (pdacl->DefaultDacl) /* Running with security */
+ {
+ PACL pAcl = pdacl->DefaultDacl;
+ PACCESS_ALLOWED_ACE pAce;
+
+ for (int i = 0; i < pAcl->AceCount; i++)
+ {
+ if (!GetAce(pAcl, i, (LPVOID *) &pAce))
+ system_printf ("GetAce: %E");
+ else if (pAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE
+ && effec_cygsid == &pAce->SidStart)
+ goto out;
}
+ pAcl->AclSize = &pdacl_buf[sizeof (pdacl_buf)] - (char *) pAcl;
+ if (!AddAccessAllowedAce (pAcl, ACL_REVISION, GENERIC_ALL, effec_cygsid))
+ system_printf ("AddAccessAllowedAce: %E");
+ else if (FindFirstFreeAce (pAcl, (LPVOID *) &pAce), !(pAce))
+ debug_printf ("FindFirstFreeAce %E");
+ else
+ {
+ pAcl->AclSize = (char *) pAce - (char *) pAcl;
+ if (!SetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (* pdacl)))
+ system_printf ("SetTokenInformation (TokenDefaultDacl): %E");
+ }
}
+ out:
+ CloseHandle (ptok);
}
void
@@ -73,8 +107,6 @@ internal_getlogin (cygheap_user &user)
{
struct passwd *pw = NULL;
- myself->gid = UNKNOWN_GID;
-
if (wincap.has_security ())
{
cygpsid psid = user.sid ();
@@ -96,8 +128,7 @@ internal_getlogin (cygheap_user &user)
{
HANDLE ptok;
if (gsid != user.groups.pgsid
- && OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
- &ptok))
+ && OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT, &ptok))
{
/* Set primary group to the group in /etc/passwd. */
if (!SetTokenInformation (ptok, TokenPrimaryGroup,
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 23:47:34 +0300