diff options
Diffstat (limited to 'winsup/cygwin/sec_auth.cc')
| -rw-r--r-- | winsup/cygwin/sec_auth.cc | 70 |
1 files changed, 41 insertions, 29 deletions
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index dfec53ca9..2cdce8bd4 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -168,6 +168,7 @@ cygwin_logon_user (const struct passwd *pw, const char *password) if (!hToken) hToken = INVALID_HANDLE_VALUE; } + RtlSecureZeroMemory (passwd, NT_MAX_PATH); cygheap->user.reimpersonate (); debug_printf ("%R = logon_user(%s,...)", hToken, pw->pw_name); return hToken; @@ -806,7 +807,7 @@ HANDLE create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) { NTSTATUS status; - LSA_HANDLE lsa = INVALID_HANDLE_VALUE; + LSA_HANDLE lsa = NULL; cygsidlist tmp_gsids (cygsidlist_auto, 12); @@ -970,7 +971,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) cygsidlist tmp_gsids (cygsidlist_auto, 12); cygpsid pgrpsid; LSA_STRING name; - HANDLE lsa_hdl = NULL, lsa = INVALID_HANDLE_VALUE; + HANDLE lsa_hdl = NULL, lsa = NULL; LSA_OPERATIONAL_MODE sec_mode; NTSTATUS status, sub_status; ULONG package_id, size; @@ -1211,15 +1212,16 @@ HANDLE lsaprivkeyauth (struct passwd *pw) { NTSTATUS status; - HANDLE lsa = INVALID_HANDLE_VALUE; + HANDLE lsa = NULL; HANDLE token = NULL; WCHAR sid[256]; WCHAR domain[MAX_DOMAIN_NAME_LEN + 1]; WCHAR user[UNLEN + 1]; WCHAR key_name[MAX_DOMAIN_NAME_LEN + UNLEN + wcslen (SFU_LSA_KEY_SUFFIX) + 2]; UNICODE_STRING key; - PUNICODE_STRING data; + PUNICODE_STRING data = NULL; cygsid psid; + BOOL ret; push_self_privilege (SE_TCB_PRIVILEGE, true); @@ -1237,36 +1239,46 @@ lsaprivkeyauth (struct passwd *pw) RtlInitUnicodeString (&key, key_name); status = LsaRetrievePrivateData (lsa, &key, &data); if (!NT_SUCCESS (status)) - { - /* No Cygwin key, try Interix key. */ - if (!*domain) - goto out; - __small_swprintf (key_name, L"%W_%W%W", - domain, user, SFU_LSA_KEY_SUFFIX); - RtlInitUnicodeString (&key, key_name); - status = LsaRetrievePrivateData (lsa, &key, &data); - if (!NT_SUCCESS (status)) - goto out; - } + data = NULL; } - - /* The key is not 0-terminated. */ - PWCHAR passwd; - passwd = (PWCHAR) alloca (data->Length + sizeof (WCHAR)); - *wcpncpy (passwd, data->Buffer, data->Length / sizeof (WCHAR)) = L'\0'; - LsaFreeMemory (data); - debug_printf ("Try logon for %W\\%W", domain, user); - if (!LogonUserW (user, domain, passwd, LOGON32_LOGON_INTERACTIVE, - LOGON32_PROVIDER_DEFAULT, &token)) + /* No Cygwin key, try Interix key. */ + if (!data && *domain) { - __seterrno (); - token = NULL; + __small_swprintf (key_name, L"%W_%W%W", + domain, user, SFU_LSA_KEY_SUFFIX); + RtlInitUnicodeString (&key, key_name); + status = LsaRetrievePrivateData (lsa, &key, &data); + if (!NT_SUCCESS (status)) + data = NULL; } - else - token = get_full_privileged_inheritable_token (token); + /* Found an entry? Try to logon. */ + if (data) + { + /* The key is not 0-terminated. */ + PWCHAR passwd; + size_t pwdsize = data->Length + sizeof (WCHAR); + + passwd = (PWCHAR) alloca (pwdsize); + *wcpncpy (passwd, data->Buffer, data->Length / sizeof (WCHAR)) = L'\0'; + /* Weird: LsaFreeMemory invalidates the content of the UNICODE_STRING + structure, but it does not invalidate the Buffer content. */ + RtlSecureZeroMemory (data->Buffer, data->Length); + LsaFreeMemory (data); + debug_printf ("Try logon for %W\\%W", domain, user); + ret = LogonUserW (user, domain, passwd, LOGON32_LOGON_INTERACTIVE, + LOGON32_PROVIDER_DEFAULT, &token); + RtlSecureZeroMemory (passwd, pwdsize); + if (!ret) + { + __seterrno (); + token = NULL; + } + else + token = get_full_privileged_inheritable_token (token); + } + lsa_close_policy (lsa); out: - lsa_close_policy (lsa); pop_self_privilege (); return token; } |