diff options
Diffstat (limited to 'winsup/cygwin')
| -rw-r--r-- | winsup/cygwin/ChangeLog | 35 | ||||
| -rw-r--r-- | winsup/cygwin/fork.cc | 2 | ||||
| -rw-r--r-- | winsup/cygwin/grp.cc | 6 | ||||
| -rw-r--r-- | winsup/cygwin/registry.cc | 8 | ||||
| -rw-r--r-- | winsup/cygwin/sec_acl.cc | 21 | ||||
| -rw-r--r-- | winsup/cygwin/sec_helper.cc | 100 | ||||
| -rw-r--r-- | winsup/cygwin/security.cc | 16 | ||||
| -rw-r--r-- | winsup/cygwin/security.h | 59 | ||||
| -rw-r--r-- | winsup/cygwin/shared.cc | 12 | ||||
| -rw-r--r-- | winsup/cygwin/spawn.cc | 8 | ||||
| -rw-r--r-- | winsup/cygwin/syscalls.cc | 60 | ||||
| -rw-r--r-- | winsup/cygwin/uinfo.cc | 17 |
12 files changed, 181 insertions, 163 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 2c51ffd7b..c1aabddd3 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,38 @@ +Tue May 15 19:52:00 2001 Corinna Vinschen <corinna@vinschen.de> + + * fork.cc (fork): Eliminate superfluous call to getuid(). + * security.h: New define `NO_SID'. Remove declarations of functions + moved to methods into class cygsid. + (class cygsid): Declare new methods `getfromstr', `get_sid', + `getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string' + and new constructors and operators =, == and !=. + Declare new global cygsids `well_known_XXX_sid' substituting the + corresponding `get_XXX_sid' functions. Remove declarations of + these functions. + * sec_helper.cc (well_known_admin_sid): New global variable. + (well_known_system_sid): Ditto + (well_known_creator_owner_sid): Ditto + (well_known_world_sid): Ditto + (cygsid::string): New method, substituting `convert_sid_to_string_sid'. + (cygsid::get_sid): New method, substituting `get_sid'. + (cygsid::getfromstr): New method, substituting + `convert_string_sid_to_sid'. + (cygsid::getfrompw): New method, substituting `get_pw_sid'. + (cygsid::getfromgr): New method, substituting `get_gr_sid'. + (cygsid::get_id): New method, substituting `get_id_from_sid'. + (get_admin_sid): Eliminated. + (get_system_sid): Ditto. + (get_creator_owner_sid): Ditto. + (get_world_sid): Ditto. + * grp.cc: Use new cygsid methods and well known sids throughout. + * registry.cc: Ditto. + * sec_acl.cc: Ditto. + * security.cc: Ditto. + * shared.cc: Ditto. + * syscalls.cc (seteuid): Ditto. Eliminate redundant conditional. + * uinfo.cc (internal_getlogin): Ditto. + * spawn.cc (spawn_guts) Revert previous patch. + Tue May 15 10:20:00 2001 Corinna Vinschen <corinna@vinschen.de> * fhandler_socket.cc (fhandler_socket::ioctl): Convert s_addr diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc index b3c96f7e5..8f569c95c 100644 --- a/winsup/cygwin/fork.cc +++ b/winsup/cygwin/fork.cc @@ -433,8 +433,6 @@ fork_parent (void *stack_here, HANDLE& hParent, dll *&first_dll, si.cbReserved2 = sizeof(ch); /* Remove impersonation */ - uid_t uid; - uid = geteuid(); if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE) RevertToSelf (); diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc index 231501e8d..d81521668 100644 --- a/winsup/cygwin/grp.cc +++ b/winsup/cygwin/grp.cc @@ -125,8 +125,6 @@ add_grp_line (const char *line) curr_lines++; } -extern PSID get_admin_sid (); - /* Cygwin internal */ /* Read in /etc/group and save contents in the group cache */ /* This sets group_in_memory_p to 1 so functions in this file can @@ -176,7 +174,7 @@ read_etc_group () SID_NAME_USE acType; debug_printf ("Emulating /etc/group"); if (! LookupAccountSidA (NULL , - get_admin_sid () , + well_known_admin_sid, group_name, &group_name_len, domain_name, @@ -294,7 +292,7 @@ getgroups (int gidsetsize, gid_t *grouplist, gid_t gid, const char *username) cygsid sid; for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx) - if (get_gr_sid (sid, gr)) + if (sid.getfromgr (gr)) for (DWORD pg = 0; pg < groups->GroupCount; ++pg) if (sid == groups->Groups[pg].Sid) { diff --git a/winsup/cygwin/registry.cc b/winsup/cygwin/registry.cc index f26912570..1d3cce54e 100644 --- a/winsup/cygwin/registry.cc +++ b/winsup/cygwin/registry.cc @@ -202,7 +202,8 @@ get_registry_hive_path (const PSID psid, char *path) if (!psid || !path) return NULL; - convert_sid_to_string_sid (psid, sid); + cygsid csid (psid); + csid.string (sid); strcpy (key,"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\"); strcat (key, sid); if (!RegOpenKeyExA (HKEY_LOCAL_MACHINE, key, 0, KEY_READ, &hkey)) @@ -232,8 +233,9 @@ load_registry_hive (PSID psid) if (!psid) return; /* Check if user hive is already loaded. */ - if (!RegOpenKeyExA (HKEY_USERS, convert_sid_to_string_sid (psid, sid), - 0, KEY_READ, &hkey)) + cygsid csid (psid); + csid.string (sid); + if (!RegOpenKeyExA (HKEY_USERS, csid.string (sid), 0, KEY_READ, &hkey)) { debug_printf ("User registry hive for %s already exists", sid); RegCloseKey (hkey); diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index f4d004c7c..cd5722f0c 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -157,7 +157,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp) case USER: case DEF_USER: if (!(pw = getpwuid (aclbufp[i].a_id)) - || !get_pw_sid (sid, pw) + || !sid.getfrompw (pw) || !add_access_allowed_ace (acl, ace_off++, allow, sid, acl_len, inheritance)) return -1; @@ -171,7 +171,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp) case GROUP: case DEF_GROUP: if (!(gr = getgrgid (aclbufp[i].a_id)) - || !get_gr_sid (sid, gr) + || !sid.getfromgr (gr) || !add_access_allowed_ace (acl, ace_off++, allow, sid, acl_len, inheritance)) return -1; @@ -179,7 +179,8 @@ setacl (const char *file, int nentries, aclent_t *aclbufp) case OTHER_OBJ: case DEF_OTHER_OBJ: if (!add_access_allowed_ace (acl, ace_off++, allow, - get_world_sid(), acl_len, inheritance)) + well_known_world_sid, + acl_len, inheritance)) return -1; break; } @@ -261,7 +262,7 @@ getacl (const char *file, DWORD attr, int nentries, aclent_t *aclbufp) __seterrno (); return -1; } - uid = get_uid_from_sid (owner_sid); + uid = cygsid (owner_sid).get_uid (); if (!GetSecurityDescriptorGroup (psd, &group_sid, &dummy)) { @@ -269,7 +270,7 @@ getacl (const char *file, DWORD attr, int nentries, aclent_t *aclbufp) __seterrno (); return -1; } - gid = get_gid_from_sid (group_sid); + gid = cygsid (group_sid).get_gid (); aclent_t lacl[MAX_ACL_ENTRIES]; memset (&lacl, 0, MAX_ACL_ENTRIES * sizeof (aclent_t)); @@ -321,18 +322,18 @@ getacl (const char *file, DWORD attr, int nentries, aclent_t *aclbufp) type = GROUP_OBJ; id = gid; } - else if (ace_sid == get_world_sid ()) + else if (ace_sid == well_known_world_sid) { type = OTHER_OBJ; id = 0; } else { - id = get_id_from_sid (ace_sid, FALSE, &type); + id = ace_sid.get_id (FALSE, &type); if (type != GROUP) { int type2 = 0; - int id2 = get_id_from_sid (ace_sid, TRUE, &type2); + int id2 = ace_sid.get_id (TRUE, &type2); if (type2 == GROUP) { id = id2; @@ -424,10 +425,10 @@ acl_access (const char *path, int flags) struct group *gr = NULL; if ((pw = getpwuid (acls[i].a_id)) != NULL - && get_pw_sid (owner, pw)) + && owner.getfrompw (pw)) { for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx) - if (get_gr_sid (group, gr) + if (group.getfromgr (gr) && owner == group && is_grp_member (myself->uid, gr->gr_gid)) break; diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index e3eaa0938..8b389f66f 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -44,41 +44,46 @@ SID_IDENTIFIER_AUTHORITY sid_auth[] = { {SECURITY_NT_AUTHORITY} }; +cygsid well_known_admin_sid ("S-1-5-32-544"); +cygsid well_known_system_sid ("S-1-5-18"); +cygsid well_known_creator_owner_sid ("S-1-3-0"); +cygsid well_known_world_sid ("S-1-1-0"); + char * -convert_sid_to_string_sid (PSID psid, char *sid_str) +cygsid::string (char *nsidstr) { char t[32]; DWORD i; - if (!psid || !sid_str) + if (!psid || !nsidstr) return NULL; - strcpy (sid_str, "S-1-"); + strcpy (nsidstr, "S-1-"); __small_sprintf(t, "%u", GetSidIdentifierAuthority (psid)->Value[5]); - strcat (sid_str, t); + strcat (nsidstr, t); for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i) { __small_sprintf(t, "-%lu", *GetSidSubAuthority (psid, i)); - strcat (sid_str, t); + strcat (nsidstr, t); } - return sid_str; + return nsidstr; } PSID -get_sid (PSID psid, DWORD s, DWORD cnt, DWORD *r) +cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r) { DWORD i; - if (!psid || s > 5 || cnt < 1 || cnt > 8) + if (s > 5 || cnt < 1 || cnt > 8) return NULL; - + set (); InitializeSid(psid, &sid_auth[s], cnt); for (i = 0; i < cnt; ++i) memcpy ((char *) psid + 8 + sizeof (DWORD) * i, &r[i], sizeof (DWORD)); return psid; } -PSID -convert_string_sid_to_sid (PSID psid, const char *sid_str) +const PSID +cygsid::getfromstr (const char *nsidstr) { char sid_buf[256]; char *t, *lasts; @@ -86,10 +91,10 @@ convert_string_sid_to_sid (PSID psid, const char *sid_str) DWORD s = 0; DWORD i, r[8]; - if (!sid_str || strncmp (sid_str, "S-1-", 4)) + if (!nsidstr || strncmp (nsidstr, "S-1-", 4)) return NULL; - strcpy (sid_buf, sid_str); + strcpy (sid_buf, nsidstr); for (t = sid_buf + 4, i = 0; cnt < 8 && (t = strtok_r (t, "-", &lasts)); @@ -99,68 +104,33 @@ convert_string_sid_to_sid (PSID psid, const char *sid_str) else r[cnt++] = strtoul (t, NULL, 10); - return get_sid (psid, s, cnt, r); + return get_sid (s, cnt, r); } BOOL -get_pw_sid (PSID sid, struct passwd *pw) +cygsid::getfrompw (struct passwd *pw) { char *sp = pw->pw_gecos ? strrchr (pw->pw_gecos, ',') : NULL; if (!sp) return FALSE; - return convert_string_sid_to_sid (sid, ++sp) != NULL; + return (*this = ++sp) != NULL; } BOOL -get_gr_sid (PSID sid, struct group *gr) -{ - return convert_string_sid_to_sid (sid, gr->gr_passwd) != NULL; -} - -PSID -get_admin_sid () -{ - static NO_COPY cygsid admin_sid (NULL); - - if (!admin_sid) - convert_string_sid_to_sid (admin_sid.set (), "S-1-5-32-544"); - return admin_sid; -} - -PSID -get_system_sid () +cygsid::getfromgr (struct group *gr) { - static NO_COPY cygsid system_sid (NULL); - - if (!system_sid) - convert_string_sid_to_sid (system_sid.set (), "S-1-5-18"); - return system_sid; -} - -PSID -get_creator_owner_sid () -{ - static NO_COPY cygsid owner_sid (NULL); - - if (!owner_sid) - convert_string_sid_to_sid (owner_sid.set (), "S-1-3-0"); - return owner_sid; -} - -PSID -get_world_sid () -{ - static NO_COPY cygsid world_sid (NULL); - - if (!world_sid) - convert_string_sid_to_sid (world_sid.set (), "S-1-1-0"); - return world_sid; + return (*this = gr->gr_passwd) != NULL; } int -get_id_from_sid (PSID psid, BOOL search_grp, int *type) +cygsid::get_id (BOOL search_grp, int *type) { + if (!psid) + { + set_errno (EINVAL); + return -1; + } if (!IsValidSid (psid)) { __seterrno (); @@ -179,7 +149,7 @@ get_id_from_sid (PSID psid, BOOL search_grp, int *type) struct passwd *pw; for (int pidx = 0; (pw = internal_getpwent (pidx)); ++pidx) { - if (get_pw_sid (sid, pw) && sid == psid) + if (sid.getfrompw (pw) && sid == psid) { id = pw->pw_uid; break; @@ -197,7 +167,7 @@ get_id_from_sid (PSID psid, BOOL search_grp, int *type) struct group *gr; for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx) { - if (get_gr_sid (sid, gr) && sid == psid) + if (sid.getfromgr (gr) && sid == psid) { id = gr->gr_gid; break; @@ -268,13 +238,7 @@ get_id_from_sid (PSID psid, BOOL search_grp, int *type) return id; } -int -get_id_from_sid (PSID psid, BOOL search_grp) -{ - return get_id_from_sid (psid, search_grp, NULL); -} - -BOOL +static BOOL legal_sid_type (SID_NAME_USE type) { return type == SidTypeUser || type == SidTypeGroup diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 95058f4a9..934b8155d 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -428,8 +428,8 @@ get_nt_attribute (const char *file, int *attribute, return -1; } - uid_t uid = get_uid_from_sid (owner_sid); - gid_t gid = get_gid_from_sid (group_sid); + uid_t uid = cygsid(owner_sid).get_uid (); + gid_t gid = cygsid(group_sid).get_gid (); if (uidret) *uidret = uid; if (gidret) @@ -498,7 +498,7 @@ get_nt_attribute (const char *file, int *attribute, *flags |= S_IXGRP | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0); } - else if (ace_sid == get_world_sid ()) + else if (ace_sid == well_known_world_sid) { if (ace->Mask & FILE_READ_DATA) *flags |= S_IROTH @@ -615,7 +615,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute, cygsid owner_sid; struct passwd *pw = getpwuid (uid); strcpy (owner, pw ? pw->pw_name : getlogin ()); - if ((!pw || !get_pw_sid (owner_sid, pw)) + if ((!pw || !owner_sid.getfrompw (pw)) && !lookup_name (owner, logsrv, owner_sid)) return NULL; debug_printf ("owner: %s [%d]", owner, @@ -623,11 +623,11 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute, *GetSidSubAuthorityCount(owner_sid) - 1)); /* Get SID and name of new group. */ - cygsid group_sid (NULL); + cygsid group_sid (NO_SID); struct group *grp = getgrgid (gid); if (grp) { - if ((!grp || !get_gr_sid (group_sid.set (), grp)) + if ((!grp || !group_sid.getfromgr (grp)) && !lookup_name (grp->gr_name, logsrv, group_sid)) return NULL; } @@ -767,7 +767,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute, /* Set allow ACE for everyone. */ if (!add_access_allowed_ace (acl, ace_off++, other_allow, - get_world_sid (), acl_len, inherit)) + well_known_world_sid, acl_len, inherit)) return NULL; /* Get owner and group from current security descriptor. */ @@ -793,7 +793,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute, || (owner_sid && ace_sid == owner_sid) || (cur_group_sid && ace_sid == cur_group_sid) || (group_sid && ace_sid == group_sid) - || (ace_sid == get_world_sid ())) + || (ace_sid == well_known_world_sid)) continue; /* * Add unrelated ACCESS_DENIED_ACE to the beginning but diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index 11bf7d938..5f2a38141 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -12,21 +12,37 @@ details. */ #define INHERIT_ALL (CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE) #define INHERIT_ONLY (INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE) -#define MAX_SID_LEN 40 - #define DEFAULT_UID DOMAIN_USER_RID_ADMIN #define DEFAULT_GID DOMAIN_ALIAS_RID_ADMINS +#define MAX_SID_LEN 40 + +#define NO_SID ((PSID)NULL) + class cygsid { PSID psid; char sbuf[MAX_SID_LEN]; + + const PSID getfromstr (const char *nsidstr); + PSID get_sid (DWORD s, DWORD cnt, DWORD *r); + public: inline cygsid () : psid ((PSID) sbuf) {} - inline cygsid (PSID nsid) { *this = nsid; } + inline cygsid (const PSID nsid) { *this = nsid; } + inline cygsid (const char *nstrsid) { *this = nstrsid; } inline PSID set () { return psid = (PSID) sbuf; } - inline const PSID operator= (PSID nsid) + BOOL getfrompw (struct passwd *pw); + BOOL getfromgr (struct group *gr); + + int get_id (BOOL search_grp, int *type = NULL); + inline int get_uid () { return get_id (FALSE); } + inline int get_gid () { return get_id (TRUE); } + + char *string (char *nsidstr); + + inline const PSID operator= (const PSID nsid) { if (!nsid) psid = NULL; @@ -37,15 +53,33 @@ public: } return psid; } - inline BOOL operator== (PSID nsid) + inline const PSID operator= (const char *nsidstr) + { return getfromstr (nsidstr); } + + inline BOOL operator== (const PSID nsid) const { if (!psid || !nsid) return nsid == psid; return EqualSid (psid, nsid); } + inline BOOL operator== (const char *nsidstr) const + { + cygsid nsid (nsidstr); + return *this == nsid; + } + inline BOOL operator!= (const PSID nsid) const + { return !(*this == nsid); } + inline BOOL operator!= (const char *nsidstr) const + { return !(*this == nsidstr); } + inline operator const PSID () { return psid; } }; +extern cygsid well_known_admin_sid; +extern cygsid well_known_system_sid; +extern cygsid well_known_creator_owner_sid; +extern cygsid well_known_world_sid; + extern BOOL allow_ntsec; extern BOOL allow_smbntsec; @@ -70,18 +104,6 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS HANDLE subauth (struct passwd *pw); /* sec_helper.cc: Security helper functions. */ -char *__stdcall convert_sid_to_string_sid (PSID psid, char *sid_str); -PSID __stdcall convert_string_sid_to_sid (PSID psid, const char *sid_str); -PSID __stdcall get_sid (PSID psid, DWORD s, DWORD cnt, DWORD *r); -BOOL __stdcall get_pw_sid (PSID sid, struct passwd *pw); -BOOL __stdcall get_gr_sid (PSID sid, struct group *gr); -PSID __stdcall get_admin_sid (); -PSID __stdcall get_system_sid (); -PSID __stdcall get_creator_owner_sid (); -PSID __stdcall get_world_sid (); -int get_id_from_sid (PSID psid, BOOL search_grp, int *type); -int __stdcall get_id_from_sid (PSID psid, BOOL search_grp); -BOOL __stdcall legal_sid_type (SID_NAME_USE type); BOOL __stdcall is_grp_member (uid_t uid, gid_t gid); /* `lookup_name' should be called instead of LookupAccountName. * logsrv may be NULL, in this case only the local system is used for lookup. @@ -89,9 +111,6 @@ BOOL __stdcall is_grp_member (uid_t uid, gid_t gid); BOOL __stdcall lookup_name (const char *, const char *, PSID); int set_process_privilege (const char *privilege, BOOL enable = TRUE); -extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);} -extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); } - /* shared.cc: */ /* Retrieve a security descriptor that allows all access */ SECURITY_DESCRIPTOR *__stdcall get_null_sd (void); diff --git a/winsup/cygwin/shared.cc b/winsup/cygwin/shared.cc index 2312d81a4..28fbf4ceb 100644 --- a/winsup/cygwin/shared.cc +++ b/winsup/cygwin/shared.cc @@ -249,9 +249,9 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit) size_t acl_len = sizeof (ACL) + 4 * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD)) + GetLengthSid (sid) - + GetLengthSid (get_admin_sid ()) - + GetLengthSid (get_system_sid ()) - + GetLengthSid (get_creator_owner_sid ()); + + GetLengthSid (well_known_admin_sid) + + GetLengthSid (well_known_system_sid) + + GetLengthSid (well_known_creator_owner_sid); if (sid2) acl_len += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + GetLengthSid (sid2); @@ -266,17 +266,17 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit) if (! AddAccessAllowedAce (acl, ACL_REVISION, SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL, - get_admin_sid ())) + well_known_admin_sid)) debug_printf ("AddAccessAllowedAce(admin) %E"); if (! AddAccessAllowedAce (acl, ACL_REVISION, SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL, - get_system_sid ())) + well_known_system_sid)) debug_printf ("AddAccessAllowedAce(system) %E"); if (! AddAccessAllowedAce (acl, ACL_REVISION, SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL, - get_creator_owner_sid ())) + well_known_creator_owner_sid)) debug_printf ("AddAccessAllowedAce(creator_owner) %E"); if (sid2) diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc index f67fa626a..b49e0f8f4 100644 --- a/winsup/cygwin/spawn.cc +++ b/winsup/cygwin/spawn.cc @@ -612,10 +612,9 @@ skip_arg_parsing: DWORD ret_len; if (!GetTokenInformation (hToken, TokenUser, &sid, sizeof sid, &ret_len)) { - sid = NULL; + sid = NO_SID; system_printf ("GetTokenInformation: %E"); } - /* Retrieve security attributes before setting psid to NULL since it's value is needed by `sec_user'. */ PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid @@ -623,9 +622,10 @@ skip_arg_parsing: : &sec_all_nih; /* Remove impersonation */ + uid_t uid = geteuid (); if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE) - RevertToSelf (); + seteuid (cygheap->user.orig_uid); /* Load users registry hive. */ load_registry_hive (sid); @@ -664,7 +664,7 @@ skip_arg_parsing: if (mode != _P_OVERLAY && mode != _P_VFORK && cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE) - ImpersonateLoggedOnUser (cygheap->user.token); + seteuid (uid); } MALLOC_CHECK; diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index 085c9cebb..e4df8eb3b 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -1984,9 +1984,12 @@ seteuid (uid_t uid) if (!GetTokenInformation (cygheap->user.token, TokenUser, &tsid, sizeof tsid, &siz)) debug_printf ("GetTokenInformation(): %E"); - else if (get_pw_sid (psid, pw_new) && tsid != psid) + else if (psid.getfrompw (pw_new) && tsid != psid) { /* If not, RevertToSelf and close old token. */ + char tstr[256], pstr[256]; + debug_printf ("tsid (%s) != psid (%s)", + tsid.string (tstr), psid.string (pstr)); RevertToSelf (); cygwin_set_impersonation_token (INVALID_HANDLE_VALUE); } @@ -2003,36 +2006,35 @@ seteuid (uid_t uid) } /* If no impersonation is active but an impersonation token is available, try to impersonate. */ - if (!cygheap->user.impersonated) + if (cygheap->user.token != INVALID_HANDLE_VALUE && + !cygheap->user.impersonated) { debug_printf ("Impersonate (uid == %d)", uid); RevertToSelf (); - if (cygheap->user.token != INVALID_HANDLE_VALUE) - { - struct group *gr; - - /* Try setting owner to same value as user. */ - if (!SetTokenInformation (cygheap->user.token, - TokenOwner, - &tsid, sizeof tsid)) - debug_printf ("SetTokenInformation(user.token, " - "TokenOwner): %E"); - /* Try setting primary group in token to current group. */ - if ((gr = getgrgid (myself->gid)) && - get_gr_sid (gsid, gr) && - !SetTokenInformation (cygheap->user.token, - TokenPrimaryGroup, - &gsid, sizeof gsid)) - debug_printf ("SetTokenInformation(user.token, " - "TokenPrimaryGroup): %E"); - - /* Now try to impersonate. */ - if (!ImpersonateLoggedOnUser (cygheap->user.token)) - system_printf ("Impersonating (%d) in set(e)uid " - "failed: %E", cygheap->user.token); - else - cygheap->user.impersonated = TRUE; - } + + struct group *gr; + + /* Try setting owner to same value as user. */ + if (!SetTokenInformation (cygheap->user.token, + TokenOwner, + &tsid, sizeof tsid)) + debug_printf ("SetTokenInformation(user.token, " + "TokenOwner): %E"); + /* Try setting primary group in token to current group. */ + if ((gr = getgrgid (myself->gid)) && + gsid.getfromgr (gr) && + !SetTokenInformation (cygheap->user.token, + TokenPrimaryGroup, + &gsid, sizeof gsid)) + debug_printf ("SetTokenInformation(user.token, " + "TokenPrimaryGroup): %E"); + + /* Now try to impersonate. */ + if (!ImpersonateLoggedOnUser (cygheap->user.token)) + system_printf ("Impersonating (%d) in set(e)uid " + "failed: %E", cygheap->user.token); + else + cygheap->user.impersonated = TRUE; } } @@ -2084,7 +2086,7 @@ setegid (gid_t gid) cygsid gsid; HANDLE ptok; - if (get_gr_sid (gsid, gr)) + if (gsid.getfromgr (gr)) { if (!OpenProcessToken (GetCurrentProcess (), TOKEN_ADJUST_DEFAULT, diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index 65e06bc18..a476b73f0 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -34,11 +34,10 @@ internal_getlogin (cygheap_user &user) DWORD username_len = UNLEN + 1; struct passwd *pw = NULL; - if (!user.name ()) - if (!GetUserName (username, &username_len)) - user.set_name ("unknown"); - else - user.set_name (username); + if (!GetUserName (username, &username_len)) + user.set_name ("unknown"); + else + user.set_name (username); if (os_being_run == winNT) { @@ -153,7 +152,7 @@ internal_getlogin (cygheap_user &user) /* If we have a SID, try to get the corresponding Cygwin user name which can be different from the Windows user name. */ - cygsid gsid (NULL); + cygsid gsid (NO_SID); if (ret) { cygsid psid; @@ -165,13 +164,13 @@ internal_getlogin (cygheap_user &user) setenv ("USERPROFILE", buf, 1); } for (int pidx = 0; (pw = internal_getpwent (pidx)); ++pidx) - if (get_pw_sid (psid, pw) && EqualSid (user.sid (), psid)) + if (psid.getfrompw (pw) && EqualSid (user.sid (), psid)) { user.set_name (pw->pw_name); struct group *gr = getgrgid (pw->pw_gid); if (gr) - if (!get_gr_sid (gsid.set (), gr)) - gsid = NULL; + if (!gsid.getfromgr (gr)) + gsid = NO_SID; break; } } |