From 76e4f83fc6c68cfe319df5cad0ab7e65cd6eb4e9 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Thu, 23 Jan 2014 17:02:30 +0000 Subject: * security.h (open_local_policy): Remove declaration. (lsa_open_policy): Declare. (lsa_close_policy): Declare. * sec_auth.cc (lsa_open_policy): Rename from open_local_policy. Take server name as parameter. Return NULL in case of error, rather than INVALID_HANDLE_VALUE. (lsa_close_policy): Rename from close_local_policy. Make externally available. Get handle by value. (create_token): Convert call to open_local_policy/close_local_policy according to aforementioned changes. (lsaauth): Ditto. (lsaprivkeyauth): Ditto. * setlsapwd.cc (setlsapwd): Ditto. --- winsup/cygwin/sec_auth.cc | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) (limited to 'winsup/cygwin/sec_auth.cc') diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index d6f3bb5d8..dfec53ca9 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -1,7 +1,7 @@ /* sec_auth.cc: NT authentication functions Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc. + 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -191,28 +191,32 @@ str2buf2lsa (LSA_STRING &tgt, char *buf, const char *srcstr) } HANDLE -open_local_policy (ACCESS_MASK access) +lsa_open_policy (PWCHAR server, ACCESS_MASK access) { - LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; - HANDLE lsa = INVALID_HANDLE_VALUE; + LSA_UNICODE_STRING srvbuf; + PLSA_UNICODE_STRING srv = NULL; + static LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; + HANDLE lsa; - NTSTATUS status = LsaOpenPolicy (NULL, &oa, access, &lsa); + if (server) + { + srv = &srvbuf; + RtlInitUnicodeString (srv, server); + } + NTSTATUS status = LsaOpenPolicy (srv, &oa, access, &lsa); if (!NT_SUCCESS (status)) { __seterrno_from_nt_status (status); - /* Some versions of Windows set the lsa handle to NULL when - LsaOpenPolicy fails. */ - lsa = INVALID_HANDLE_VALUE; + lsa = NULL; } return lsa; } -static void -close_local_policy (LSA_HANDLE &lsa) +void +lsa_close_policy (HANDLE lsa) { - if (lsa != INVALID_HANDLE_VALUE) + if (lsa) LsaClose (lsa); - lsa = INVALID_HANDLE_VALUE; } bool @@ -836,7 +840,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) push_self_privilege (SE_CREATE_TOKEN_PRIVILEGE, true); /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE))) goto out; /* User, owner, primary group. */ @@ -954,7 +958,7 @@ out: free (privs); if (my_tok_gsids) free (my_tok_gsids); - close_local_policy (lsa); + lsa_close_policy (lsa); debug_printf ("%p = create_token ()", primary_token); return primary_token; @@ -1021,7 +1025,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) } /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE))) goto out; /* Create origin. */ @@ -1192,7 +1196,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) out: if (privs) free (privs); - close_local_policy (lsa); + lsa_close_policy (lsa); if (lsa_hdl) LsaDeregisterLogonProcess (lsa_hdl); pop_self_privilege (); @@ -1220,8 +1224,7 @@ lsaprivkeyauth (struct passwd *pw) push_self_privilege (SE_TCB_PRIVILEGE, true); /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_GET_PRIVATE_INFORMATION)) - == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_GET_PRIVATE_INFORMATION))) goto out; /* Needed for Interix key and LogonUser. */ @@ -1263,7 +1266,7 @@ lsaprivkeyauth (struct passwd *pw) token = get_full_privileged_inheritable_token (token); out: - close_local_policy (lsa); + lsa_close_policy (lsa); pop_self_privilege (); return token; } -- cgit v1.2.3