| Age | Commit message (Collapse) | Author |
|---|
|
* grp.cc (pwdgrp::parse_group): Call cygsid::getfromgr_passwd.
* passwd.cc (pwdgrp::parse_passwd): Call cygsid::getfrompw_gecos.
* pwdgrp.h (cygsid::getfrompw): Implement as inline method here,
accessing pg_pwd's sid member directly.
(cygsid::getfromgr): Implement as inline method here, accessing
pg_grp's sid member directly.
* sec_auth.cc (extract_nt_dom_user): Call cygsid::getfrompw_gecos.
Explain why.
* sec_helper.cc (cygsid::getfrompw): Drop implementation.
(cygsid::getfromgr): Ditto.
* security.h (cygsid::getfrompw_gecos): Implement former getfrompw
inline here.
(cygsid::getfromgr_passwd): Implement former getfromgr inline here.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
|
|
* sec_auth.cc (get_server_groups): Drop unused passwd argument. Adjust
calls throughout.
(get_initgroups_sidlist): Ditto.
(get_setgroups_sidlist): Ditto.
(create_token): Ditto.
(lsaauth): Ditto.
* security.h (create_token): Adjust prototype to above change.
(lsaauth): Ditto.
(get_server_groups): Ditto.
* grp.cc (get_groups): Adjust call to get_server_groups.
* syscalls.cc (seteuid32): Adjust calls to lsaauth and create_token.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
|
|
* glob.cc (issetugid): Drop macro.
* sec_auth.cc (issetugid): New exported function.
* include/cygwin/version.h (CYGWIN_VERSION_API_MINOR): Bump.
|
|
* security.h (get_logon_server): Same in prototype.
|
|
(LoadUserProfileW): Import.
* registry.cc (get_registry_hive_path): Move to sec_auth.cc.
(load_registry_hive): Remove.
* registry.h (get_registry_hive_path): Drop declaration.
(load_registry_hive): Ditto.
* sec_auth.cc (get_user_profile_directory): Moved from registry.cc and
renamed. Take third parameter with buffer length.
(load_user_profile): New function taking over for load_registry_hive.
Use official functions to load profile. If profile is missing, create
it on Vista and later.
* security.h (get_user_profile_directory): Declare.
(load_user_profile): Declare.
* syscalls.cc (seteuid32): Replace call to load_registry_hive with call
to load_user_profile.
* uinfo.cc (cygheap_user::env_userprofile): Replace call to
get_registry_hive_path with call to get_user_profile_directory.
|
|
(str2buf2lsa): Remove.
(lsaauth): Call RtlInitAnsiString instead of str2lsa and str2buf2lsa.
|
|
added 2014-09-05.
(get_user_local_groups): Ditto.
|
|
* uinfo.cc (client_request_pwdgrp::client_request_pwdgrp): Fix length
counter to include trailing NUL.
* sec_auth.cc (get_user_groups): Add experimental exception handler.
(get_user_local_groups): Ditto.
|
|
get_logon_server succeeded.
|
|
(CID 60021).
* sec_auth.cc (cygwin_logon_user): Securely erase password copy.
(lsaprivkeyauth): Avoid trying to dereference data if no key is stored
in the registry (CID 60122). Securely erase passwords after usage.
|
|
non-builtin accounts.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Check incoming
account name for validity in terms of the current name prefixing rules
and refuse invalid names.
|
|
instead throughout.
(MAX_SID_LEN): Drop. Use SECURITY_MAX_SID_SIZE instead throughout.
|
|
to INVALID_HANDLE_VALUE.
(lsaauth): Ditto.
(lsaprivkeyauth): Ditto.
* setlsapwd.cc (setlsapwd): Don't initialize lsa handle.
|
|
* sec_auth.cc (get_logon_server): Ditto.
|
|
(NT_readline::~NT_readline): Call close.
* sec_auth.cc (verify_token): Use constructor to initialize tok_usersid.
* security.h (cygsid::cygsid): Add copy constructor taking cygsid as
source.
|
|
/etc/nsswitch.conf file to configure it.
* Makefile.in (DLL_OFILES): Add ldap.o.
* autoload.cc: Import ldap functions from wldap32.dll.
(DsEnumerateDomainTrustsW): Import.
(NetGroupGetInfo): Import.
* cygheap.h (class cygheap_domain_info): New class to keep global
domain info.
(class cygheap_pwdgrp): New class to keep passwd/group caches and
configuration info from /etc/nssswitch.conf.
(struct init_cygheap): Add cygheap_domain_info member "dom" and
cygheap_pwdgrp member "pg".
* cygtls.h (struct _local_storage): Remove unused member "res".
Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
passwd/group fetching from SAM/AD. Make pw_pos and pw_pos unsigned.
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
uid/gid mapping.
* fhandler_process.cc: Drop including pwdgrp.h.
* fhandler_procsysvipc.cc: Ditto.
* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
* grp.cc (group_buf): Drop.
(gr): Drop.
(pwdgrp::parse_group): Fill pg_grp.
(pwdgrp::read_group): Remove.
(pwdgrp::init_grp): New method.
(pwdgrp::prep_tls_grbuf): New method.
(pwdgrp::find_group): New methods.
(internal_getgrsid): Convert to call new pwdgrp methods.
(internal_getgrnam): Ditto.
(internal_getgrgid): Ditto.
(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
(getgrgid32): Ditto.
(getgrnam_r): Ditto for internal_getgrnam.
(getgrnam32): Ditto.
(getgrent32): Convert to call new pwdgrp methods.
(internal_getgrent): Remove.
(internal_getgroups): Simplify, especially drop calls to
internal_getgrent.
* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
and RFC 2307 server.
* ldap.h: New header, declaring cyg_ldap class.
* passwd.cc (passwd_buf): Drop.
(pr): Drop.
(pwdgrp::parse_passwd): Fill pg_pwd.
(pwdgrp::read_passwd): Remove.
(pwdgrp::init_pwd): New method.
(pwdgrp::prep_tls_pwbuf): New method.
(find_user): New methods.
(internal_getpwsid): Convert to call new pwdgrp methods.
(internal_getpwnam): Ditto.
(internal_getpwuid): Ditto.
(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
(getpwuid_r): Ditto.
(getpwnam): Ditto for internal_getpwnam.
(getpwnam_r): Ditto.
(getpwent): Convert to call new pwdgrp methods.
* path.cc (class etc): Remove all methods.
* path.h (class etc): Drop.
* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
than UNKNOWN_GID.
(pinfo_init): Ditto.
* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
(internal_getpwuid): Ditto.
(internal_getgrgid): Ditto.
(internal_getgrnam): Ditto.
(internal_getgrent): Drop declaration.
(enum fetch_user_arg_type_t): New type.
(struct fetch_user_arg_t): New type.
(struct pg_pwd): New type.
(struct pg_grp): New type.
(class pwdgrp): Rework to provide functions for file and db requests
and caching.
(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
(ugid_cache): Declare.
* sec_acl.cc: Drop including pwdgrp.h.
* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
(get_logon_server): Convert third parameter to ULONG flags argument
to allow arbitrary flags values in DsGetDcNameW call and change calls
to this function throughout. Use cached account domain name rather
than calling GetComputerNameW.
(get_unix_group_sidlist): Remove.
(get_server_groups): Drop call to get_unix_group_sidlist.
(verify_token): Rework token group check without calling
internal_getgrent.
* sec_helper.cc (cygpsid::pstring): New methods, like string() but
return pointer to end of string.
(cygsid::getfromstr): Add wide character implementation.
(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
* security.cc: Drop including pwdgrp.h.
* security.h (DEFAULT_UID): Remove.
(UNKNOWN_UID): Remove.
(UNKNOWN_GID): Remove.
(uinfo_init): Move here from winsup.h.
(ILLEGAL_UID): Ditto.
(ILLEGAL_GID): Ditto.
(UNIX_POSIX_OFFSET): Define. Add lengthy comment.
(UNIX_POSIX_MASK): Ditto.
(MAP_UNIX_TO_CYGWIN_ID): Ditto.
(ILLEGAL_UID16): Move here from winsup.h.
(ILLEGAL_GID16): Ditto.
(uid16touid32): Ditto.
(gid16togid32): Ditto.
(sid_id_auth): New convenience macro for SID component access.
(sid_sub_auth_count): Ditto.
(sid_sub_auth): Ditto.
(sid_sub_auth_rid): Ditto.
(cygpsid::pstring): Declare.
(cygsid::getfromstr): Declare wide character variant.
(cygsid::operator=): Ditto.
(cygsid::operator*=): Ditto.
(get_logon_server): Change declaration according to source code.
* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
call.
* shared.cc (memory_init): Call cygheap->pg.init in first process.
* syscalls.cc: Drop including pwdgrp.h.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Ditto.
* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
call. Fix debug output. Overwrite user gid in border case of a
missing passwd file while a group file exists.
(pwdgrp::add_line): Allocate memory on cygheap.
(pwdgrp::load): Remove.
(ugid_cache): Define.
(cygheap_pwdgrp::init): New method.
(cygheap_pwdgrp::nss_init_line): New method.
(cygheap_pwdgrp::_nss_init): New method.
(cygheap_domain_info::init): New method.
(logon_sid): Define.
(get_logon_sid): New function.
(pwdgrp::add_account_post_fetch): New method.
(pwdgrp::add_account_from_file): New methods.
(pwdgrp::add_account_from_windows): New methods.
(pwdgrp::check_file): New method.
(pwdgrp::fetch_account_from_line): New method.
(pwdgrp::fetch_account_from_file): New method.
(pwdgrp::fetch_account_from_windows): New method.
* winsup.h: Move aforementioned macros and declarations to security.h.
|
|
(lsa_open_policy): Declare.
(lsa_close_policy): Declare.
* sec_auth.cc (lsa_open_policy): Rename from open_local_policy. Take
server name as parameter. Return NULL in case of error, rather than
INVALID_HANDLE_VALUE.
(lsa_close_policy): Rename from close_local_policy. Make externally
available. Get handle by value.
(create_token): Convert call to open_local_policy/close_local_policy
according to aforementioned changes.
(lsaauth): Ditto.
(lsaprivkeyauth): Ditto.
* setlsapwd.cc (setlsapwd): Ditto.
|
|
error. Explain why.
|
|
|
|
checkins. Regularize copyright format.
|
|
* environ.cc (environ_init): Likewise.
* sec_acl.cc (aclfromtext32): Likewise.
* sec_auth.cc (extract_nt_dom_user): Likewise.
* uinfo.cc (pwdgrp::next_str): Likewise.
* string.h (strechr): Likewise.
|
|
Throughout use wincap.page_size instead of getsystempagesize.
Throughout use "status" as variable name to hold NTSTATUS values.
* fhandler_mem.cc: Check for NT_SUCCESS rather than for STATUS_SUCCESS.
Fix debug_printf output. Rectify long statements. Fix comment
formatting.
* fhandler_proc.cc: Ditto.
(format_proc_swaps): Drop useless test for ERROR_PROC_NOT_FOUND.
* fhandler_process.cc: Ditto as in fhandler_mem.cc.
(get_process_state): Rearrange allocation loop. Use malloc/realloc.
(get_mem_values): Fix potential NULL pointer usage. Drop unused
variable.
* pinfo.cc (winpids::enum_processes): Handle low memory gracefully.
* sec_auth.cc (get_priv_list): Drop local variable ret.
* shared.cc (memory_init): Drop outdated call to getpagesize.
* syscalls.cc (getsystempagesize): Remove.
* sysconf.cc: Check for NT_SUCCESS rather than for STATUS_SUCCESS.
(sysinfo): Constify sizeof_stodi. Drop useless test for
ERROR_PROC_NOT_FOUND.
* thread.cc (pthread_getattr_np): Cast pointers to uintptr_t rather
than to int for pointer arithmetic.
* winsup.h (getsystempagesize): Drop declaration.
|
|
Throughout, change syscalls to report on return values using new %R format
option.
* smallprint.cc (__small_vsprintf): Add parsing for %R to report on return
values and possible errno from syscalls.
* errno.cc (errmap): Add PRIVILEGE_NOT_HELD.
* fhandler_tty.cc (fhandler_pty_master::setup): When creating a thread use
shorter name to reduce debuggging output.
* select.cc (start_thread_pipe): Ditto.
(start_thread_serial): Ditto.
(start_thread_socket): Ditto.
(start_thread_mailslot): Ditto.
* sigproc.cc (talktome): Ditto.
|
|
systems supporting it. Never add SERVICE SID but keep code in for
future reference. Explain why.
(get_priv_list): Add cygpsid pointer parameter. Point it to the
mandatory integrity SID which matches account and privileges.
(create_token): Fetch mandatory integrity SID from call to
get_priv_list.
(lsaauth): Call get_priv_list with additional NULL pointer. Change
comment accordingly.
* sec_helper.cc (well_known_console_logon_sid): New static SID.
(cygpriv): Change to structure containing extra flag to store info
about required integrity level.
(privilege_luid): Accommodate changes to cygpriv. Return integrity
level in new high_integrity parameter.
(privilege_name): Accommodate changes to cygpriv.
(set_privilege): Drop trailing \n from debug output.
(set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore
since it's just not needed, but keep code in for future reference.
Change comment accordingly.
* security.h (well_known_console_logon_sid): Declare.
(privilege_luid): Align declaration to above change.
* wincap.h (wincaps::has_console_logon_sid): New element.
* wincap.cc: Implement above element throughout.
|
|
|
|
(EqualSid): Remove.
(CopySid): Remove.
(AddAccessAllowedAce): Remove.
(AddAccessDeniedAce): Remove.
(MakeSelfRelativeSD): Remove.
* flock.cc: Replace above functions throughout with their ntdll.dll
equivalent.
* sec_acl.cc: Ditto.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
* security.h: Ditto.
(RtlEqualSid): Declare. Explain why.
(RtlCopySid): Ditto.
|
|
(SetTokenInformation): Remove.
* grp.cc: Replace above functions throughout with their ntdll.dll
equivalent.
* sec_auth.cc: Ditto.
* syscalls.cc: Ditto.
* uinfo.cc: Ditto.
|
|
(GetSecurityDescriptorGroup): Remove.
(GetSecurityDescriptorOwner): Remove.
* sec_acl.cc: Replace above functions throughout with their ntdll.dll
equivalent. Remove redundant debug output.
* sec_auth.cc: Ditto.
* security.cc: Ditto.
* uinfo.cc: Ditto.
|
|
(AddAce): Remove.
(FindFirstFreeAce): Remove.
(GetAce): Remove.
(InitializeSecurityDescriptor): Remove.
(OpenProcessToken): Remove.
* dcrt0.cc: Replace above functions throughout with their ntdll.dll
equivalent.
* fhandler_tty.cc: Ditto.
* flock.cc: Ditto.
* pinfo.cc: Ditto. Drop unnecessary error handling.
* sec_acl.cc: Ditto.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
|
|
(EqualPrefixSid): Remove.
(GetLengthSid): Remove.
(GetSidSubAuthority): Remove.
(GetSidSubAuthorityCount): Remove.
(GetSidIdentifierAuthority): Remove.
* fhandler_disk_file.cc: Remove above functions throughout with their
ntdll.dll equivalent.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
|
|
* autoload.cc (DnsQuery_A): Fatal if not available.
(DnsRecordListFree): Ditto.
(DsGetDcNameW): Ditto.
(NetGetAnyDCName): Remove.
(NetGetDCName): Remove.
(EnumProcessModules): Fatal if not available.
(GetModuleFileNameExW): Ditto.
(GetModuleInformation): Ditto.
(GetProcessMemoryInfo): Ditto.
(QueryWorkingSet): Ditto.
(LsaRegisterLogonProcess): Ditto.
* fenv.cc (_feinitialise): Drop supports_sse condition.
* fhandler_disk_file.cc (path_conv::isgood_inode): Fix comment.
(fhandler_base::fstat_by_name): Drop has_fileid_dirinfo condition.
(fhandler_disk_file::opendir): Ditto.
* fhandler_netdrive.cc (fhandler_netdrive::readdir): Fix comment.
* fhandler_proc.cc (format_proc_partitions): Drop NT4-only code.
* fhandler_process.cc (get_process_state): Ditto.
* kernel32.cc (GetWindowsDirectoryW): Remove.
(GetWindowsDirectoryA): Remove.
* miscfuncs.cc (nice_to_winprio): Drop NT4-only code.
* mount.cc (fs_info::update): Fix comments.
* net.cc (get_2k_ifs): Drop NT4-only code.
* sec_auth.cc (get_logon_server): Ditto.
(lsaauth): Drop NT4-specific error handling.
* security.cc (alloc_sd): Set SE_DACL_PROTECTED unconditionally.
* select.cc (select_stuff::wait): Always use MWMO_INPUTAVAILABLE.
(peek_windows): Drop NT4-only condition in call to PeekMessage.
* syscalls.cc (gethostid): Remove NT4-only workaround.
* wincap.cc: Througout, drop has_dacl_protect,
has_broken_if_oper_status, has_process_io_counters,
has_terminal_services, has_extended_priority_class, has_guid_volumes,
has_fileid_dirinfo, has_mwmo_inputavailable and supports_sse from
wincaps.
(wincap_nt4sp4): Remove.
(wincap_minimal): Set to wincap_2000.
(wincapc::init): Rely on availability of OSVERSIONINFOEX structure.
Treat error from GetVersionEx as fatal. Treat NT4 as fatal.
* wincap.h (struct wincaps): Drop has_dacl_protect,
has_broken_if_oper_status, has_process_io_counters,
has_terminal_services, has_extended_priority_class, has_guid_volumes,
has_fileid_dirinfo, has_mwmo_inputavailable and supports_sse flags
and methods.
* winlean.h (GetWindowsDirectoryW) Define as GetSystemWindowsDirectoryW.
(GetWindowsDirectoryA): Define as GetSystemWindowsDirectoryA.
|
|
(get_user_local_groups): Ditto.
(verify_token): Drop useless label.
* sec_helper.cc (cygsid::get_sid): Check for well-known SID if
well_known isn't set.
* security.h (well_known_sid_type): New inline function.
|
|
Use CryptAcquireContextW.
* ntdll.h (STATUS_PROCEDURE_NOT_FOUND): Define.
* sec_auth.cc (open_local_policy): Rename NTSTATUS variable ret to
status. Drop usage of LsaNtStatusToWinError.
(verify_token): Call NtQuerySecurityObject instead of
GetKernelObjectSecurity.
(create_token): Rename NTSTATUS variable ret to status. Rename ret2 to
sub_status. Drop usage of LsaNtStatusToWinError. In case LsaLogonUser
fails, report the sub_status as well.
|
|
secur32 functions, except for LsaRegisterLogonProcess. Change return
value to ERROR_PROC_NOT_FOUND. Explain why.
* sec_auth.cc (lsaauth): Handle ERROR_PROC_NOT_FOUND from call to
LsaRegisterLogonProcess when generating the errno value.
|
|
when checking linked token for being a primary token.
|
|
builtin group from system. Explain why.
* sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
* security.h (well_known_builtin_sid): Declare.
|
|
to fetch token with full privileges from logon token in Vista and
later, and to make token inheritable. Add lengthy comments to explain
the function's job.
(cygwin_logon_user): Drop calling SetHandleInformation. Enable TCB
privilege and call get_full_privileged_inheritable_token.
(lsaauth): Don't fetch linked token and don't make handle inheritable
here, just call get_full_privileged_inheritable_token instead.
(lsaprivkeyauth): Ditto.
|
|
decouple from Cygwin release.
|
|
to all created tokens.
* sec_helper.cc (well_known_users_sid): Define as BUILTIN\Users.
* security.h (well_known_users_sid): Declare.
|
|
CW_SET_EXTERNAL_TOKEN.
Add new enum CW_TOKEN_IMPERSONATION, CW_TOKEN_RESTRICTED.
* cygheap.h (cyguser): New flags ext_token_is_restricted,
curr_token_is_restricted and setuid_to_restricted.
* external.cc (cygwin_internal): Add CW_SET_EXTERNAL_TOKEN.
* sec_auth.cc (set_imp_token): New function.
(cygwin_set_impersonation_token): Call set_imp_token ().
* security.h (set_imp_token): New prototype.
* spawn.cc (spawn_guts): Use CreateProcessAsUserW if restricted token
was enabled by setuid(). Do not create new window station in this case.
* syscalls.cc (seteuid32): Add handling of restricted external tokens.
Set HANDLE_FLAG_INHERIT for primary token.
(setuid32): Set setuid_to_restricted flag.
* uinfo.cc (uinfo_init): Do not reimpersonate if restricted token was
enabled by setuid (). Initialize user.*_restricted flags.
|
|
(lsaprivkeyauth): Ditto.
|
|
get_user_local_groups.
|
|
* path.cc (str2uni_cat): ...to here. Simplify. Make static inline.
(get_nt_native_path): Use RtlAppendUnicodeToString rather than
str2uni_cat for constant strings for speed.
* security.h (str2uni_cat): Drop declaration.
|
|
* security.h (str2buf2uni): Remove declaration.
|
|
_TOKEN_LINKED_TOKEN and TokenLinkedToken in favor of definitions
from winnt.h.
(lsaprivkeyauth): As in lsaauth, fetch linked token if available and
return that in favor of default token.
|
|
|
|
(NetLocalGroupGetMembers): Remove.
(NetUserGetLocalGroups): Add.
* sec_auth.cc (is_group_member): Remove function.
(get_user_local_groups): Get user as string instead of as SID.
Call NetUserGetLocalGroups instead of NetLocalGroupEnum. Drop call
to is_group_member.
(get_server_groups): Call get_user_local_groups with user name instead
of user SID.
|
|
INVALID_HANDLE_VALUE when LsaOpenPolicy fails. Explain why.
|
|
* fhandler_fifo.cc (fhandler_fifo::open): Rework to cause errno to be set to
ENXIO when opening a fifo write/nonblocking.
* environ.cc (ucreqenv): Rename to ucenv. Move code from old ucenv here and
conditionalize it on create_upcaseenv.
(ucenv): Delete.
(environ_init): Fix compiler warning by moving create_upcaseenv test to ucenv.
Don't bother checking for child_proc_info when calling ucenv since it is
assumed to be NULL at the point where the function is called.
* path.cc (symlink_worker): Turn off MS-DOS path warnings when dealing with
devices since the device handler passes in a translated MS-DOS path.
* sec_auth.cc (lsaprivkeyauth): Avoid variable initialization which causes a
compiler error.
* fhandler_netdrive.cc: Update copyright.
|
|
* cygserver.h (CYGWIN_SERVER_VERSION_API): Bump.
(request_code_t): Define CYGSERVER_REQUEST_SETPWD request type.
* cygserver_msg.h (client_request_msg::retval): Use default value of -1
for retval if msglen is 0.
* cygserver_sem.h (client_request_sem::retval): Ditto.
* cygserver_shm.h (client_request_shm::retval): Ditto.
* cygserver_setpwd.h: New file.
* external.cc (cygwin_internal): Implement new CW_SET_PRIV_KEY type.
* sec_auth.cc (open_local_policy): Make externally available.
Get ACCESS_MASK as argument.
(create_token): Accommodate change to open_local_policy.
(lsaauth): Ditto.
(lsaprivkeyauth): New function fetching token by retrieving
password stored in Cygwin or Interix LSA private data area and
calling LogonUser with it.
* security.h (lsaprivkeyauth): Declare.
(open_local_policy): Declare.
* setlsapwd.cc: New file implementing setting LSA private data password
using LsaStorePrivateData or by calling cygserver if available.
* syscalls.cc (seteuid32): Add workaround to get the original token
when switching back to the original privileged user, even if
setgroups group list is still active. Add long comment to explain why.
Call lsaprivkeyauth first, only if that fails call lsaauth or
create_token.
* include/cygwin/version.h: Bump API minor number.
* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_SET_PRIV_KEY.
|
