JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* autoload.cc: Add load statements for `LookupAccountNameW',

Browse Source 
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
        `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
        `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
        `NtCreateToken'.
        * ntdll.h: Add declaration for `NtCreateToken'.
        * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
        `well_known_network_sid', `well_known_batch_sid',
        `well_known_interactive_sid', `well_known_service_sid' and
        `well_known_authenticated_users_sid'.
        (cygsid::string): Define as const method.
        (cygsid::get_sid): Set psid to NO_SID on error.
        (cygsid::getfromstr): Ditto.
        (cygsid::getfrompw): Simplify.
        (cygsid::getfromgr): Check for gr == NULL.
        (legal_sid_type): Move to security.h.
        (set_process_privilege): Return -1 on error, otherwise 0 or 1 related
        to previous privilege setting.
        * security.cc (extract_nt_dom_user): Remove `static'.
        (lsa2wchar): New function.
        (open_local_policy): Ditto.
        (close_local_policy): Ditto.
        (get_lsa_srv_inf): Ditto.
        (get_logon_server): Ditto.
        (get_logon_server_and_user_domain): Ditto.
        (get_user_groups): Ditto.
        (is_group_member): Ditto.
        (get_user_local_groups): Ditto.
        (sid_in_token_groups): Ditto.
        (get_user_primary_group): Ditto.
        (get_group_sidlist): Ditto.
        (get_system_priv_list): Ditto.
        (get_priv_list): Ditto.
        (get_dacl): Ditto.
        (create_token): Ditto.
        (subauth): Return immediately if SE_TCB_NAME can't be assigned.
        Change all return statements in case of error to jumps to `out'
        label. Add `out' label to support cleanup.
        * security.h: Add extern declarations for `well_known_local_sid',
        `well_known_dialup_sid', `well_known_network_sid',
        `well_known_batch_sid', `well_known_interactive_sid',
        `well_known_service_sid' and `well_known_authenticated_users_sid'.
        Add extern declarations for functions `create_token',
        `extract_nt_dom_user' and `get_logon_server_and_user_domain'.
        (class cygsid): Add method `assign'. Change operator= to call new
        `assign' method. Add `debug_print' method.
        (class cygsidlist): New class.
        (legal_sid_type): Moved from sec_helper.cc to here.
        * spawn.cc (spawn_guts) Revert reversion of previous patch.
        Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
        again.
        * syscalls.cc (seteuid): Rearranged. Call `create_token' now when
        needed. Call `subauth' if `create_token' fails. Try setting token
        owner and primary group only if token was not explicitely created
        by `create_token'.
        * uinfo.cc (internal_getlogin): Try harder to generate correct user
        information. Especially don't trust return value of `GetUserName'.
This commit is contained in:
Corinna Vinschen
2001-05-20 08:10:47 +00:00
parent df7cd7fb0c
commit 1fcc912f13
9 changed files with 1041 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

673
winsup/cygwin/security.cc
View File

@ -37,6 +37,10 @@ details. */
#include "pinfo.h"
#include "cygheap.h"
#include "security.h"
#include <ntdef.h>
#include "ntdll.h"
#include "lm.h"
extern BOOL allow_ntea;
BOOL allow_ntsec = FALSE;
@ -57,7 +61,7 @@ cygwin_set_impersonation_token (const HANDLE hToken)
}
}
static void
void
extract_nt_dom_user (const struct passwd *pw, char *domain, char *user)
{
char buf[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2];
@ -129,7 +133,7 @@ cygwin_logon_user (const struct passwd *pw, const char *password)
static void
str2lsa (LSA_STRING &tgt, const char *srcstr)
{
tgt.Length = strlen(srcstr);
tgt.Length = strlen (srcstr);
tgt.MaximumLength = tgt.Length + 1;
tgt.Buffer = (PCHAR) srcstr;
}
@ -137,7 +141,7 @@ str2lsa (LSA_STRING &tgt, const char *srcstr)
static void
str2buf2lsa (LSA_STRING &tgt, char *buf, const char *srcstr)
{
tgt.Length = strlen(srcstr);
tgt.Length = strlen (srcstr);
tgt.MaximumLength = tgt.Length + 1;
tgt.Buffer = (PCHAR) buf;
memcpy(buf, srcstr, tgt.MaximumLength);
@ -146,12 +150,644 @@ str2buf2lsa (LSA_STRING &tgt, char *buf, const char *srcstr)
static void
str2buf2uni (UNICODE_STRING &tgt, WCHAR *buf, const char *srcstr)
{
tgt.Length = strlen(srcstr) * sizeof (WCHAR);
tgt.Length = strlen (srcstr) * sizeof (WCHAR);
tgt.MaximumLength = tgt.Length + sizeof(WCHAR);
tgt.Buffer = (PWCHAR) buf;
mbstowcs (buf, srcstr, tgt.MaximumLength);
}
static void
lsa2wchar (WCHAR *tgt, LSA_UNICODE_STRING &src, int size)
{
size = (size - 1) * sizeof (WCHAR);
if (src.Length < size)
size = src.Length;
memcpy (tgt, src.Buffer, size);
size >>= 1;
tgt[size] = 0;
}
static LSA_HANDLE
open_local_policy ()
{
LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
LSA_HANDLE lsa = INVALID_HANDLE_VALUE;
NTSTATUS ret = LsaOpenPolicy(NULL, &oa, POLICY_ALL_ACCESS, &lsa);
if (ret != STATUS_SUCCESS)
set_errno (LsaNtStatusToWinError (ret));
return lsa;
}
static void
close_local_policy (LSA_HANDLE &lsa)
{
if (lsa != INVALID_HANDLE_VALUE)
LsaClose (lsa);
lsa = INVALID_HANDLE_VALUE;
}
static BOOL
get_lsa_srv_inf (LSA_HANDLE lsa, char *logonserver, char *domain)
{
NET_API_STATUS ret;
LPSERVER_INFO_101 buf;
DWORD cnt, tot;
char name[INTERNET_MAX_HOST_NAME_LENGTH + 1];
WCHAR account[INTERNET_MAX_HOST_NAME_LENGTH + 1];
WCHAR primary[INTERNET_MAX_HOST_NAME_LENGTH + 1];
PPOLICY_ACCOUNT_DOMAIN_INFO adi;
PPOLICY_PRIMARY_DOMAIN_INFO pdi;
if ((ret = LsaQueryInformationPolicy (lsa, PolicyAccountDomainInformation,
(PVOID *) &adi)) != STATUS_SUCCESS)
{
set_errno (LsaNtStatusToWinError(ret));
return FALSE;
}
lsa2wchar (account, adi->DomainName, INTERNET_MAX_HOST_NAME_LENGTH + 1);
LsaFreeMemory (adi);
if ((ret = LsaQueryInformationPolicy (lsa, PolicyPrimaryDomainInformation,
(PVOID *) &pdi)) != STATUS_SUCCESS)
{
set_errno (LsaNtStatusToWinError(ret));
return FALSE;
}
lsa2wchar (primary, pdi->Name, INTERNET_MAX_HOST_NAME_LENGTH + 1);
LsaFreeMemory (pdi);
if ((ret = NetServerEnum (NULL, 101, (LPBYTE *) &buf, MAX_PREFERRED_LENGTH,
&cnt, &tot, SV_TYPE_DOMAIN_CTRL, primary, NULL))
== STATUS_SUCCESS && cnt > 0)
{
wcstombs (name, buf[0].sv101_name, INTERNET_MAX_HOST_NAME_LENGTH + 1);
if (domain)
wcstombs (domain, primary, INTERNET_MAX_HOST_NAME_LENGTH + 1);
}
else
{
wcstombs (name, account, INTERNET_MAX_HOST_NAME_LENGTH + 1);
if (domain)
wcstombs (domain, account, INTERNET_MAX_HOST_NAME_LENGTH + 1);
}
if (ret == STATUS_SUCCESS)
NetApiBufferFree (buf);
strcpy (logonserver, "\\\\");
strcat (logonserver, name);
return TRUE;
}
static BOOL
get_logon_server (LSA_HANDLE lsa, char *logonserver)
{
return get_lsa_srv_inf (lsa, logonserver, NULL);
}
BOOL
get_logon_server_and_user_domain (char *logonserver, char *userdomain)
{
BOOL ret = FALSE;
LSA_HANDLE lsa = open_local_policy ();
if (lsa)
{
ret = get_lsa_srv_inf (lsa, logonserver, userdomain);
close_local_policy (lsa);
}
return ret;
}
static BOOL
get_user_groups (WCHAR *wlogonserver, cygsidlist &grp_list, char *user)
{
WCHAR wuser[UNLEN + 1];
mbstowcs (wuser, user, UNLEN + 1);
LPGROUP_USERS_INFO_0 buf;
DWORD cnt, tot;
NET_API_STATUS ret;
if ((ret = NetUserGetGroups (wlogonserver, wuser, 0, (LPBYTE *) &buf,
MAX_PREFERRED_LENGTH, &cnt, &tot)))
{
debug_printf ("%d = NetUserGetGroups ()", ret);
set_errno (ret);
/* It's no error when the user name can't be found. */
return ret == NERR_UserNotFound;
}
for (DWORD i = 0; i < cnt; ++i)
{
cygsid gsid;
char group[UNLEN + 1];
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
DWORD glen = UNLEN + 1;
DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
SID_NAME_USE use = SidTypeInvalid;
wcstombs (group, buf[i].grui0_name, UNLEN + 1);
if (!LookupAccountName (NULL, group, gsid, &glen, domain, &dlen, &use))
debug_printf ("LookupAccountName(%s): %lu\n", group, GetLastError ());
if (!legal_sid_type (use))
{
strcat (strcpy (group, domain), "\\");
wcstombs (group + strlen (group), buf[i].grui0_name,
UNLEN + 1 - strlen (group));
glen = UNLEN + 1;
dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
if (!LookupAccountName(NULL, group, gsid, &glen, domain, &dlen, &use))
debug_printf ("LookupAccountName(%s): %lu\n", group,GetLastError());
}
if (legal_sid_type (use))
grp_list += gsid;
}
NetApiBufferFree (buf);
return TRUE;
}
static BOOL
is_group_member (WCHAR *wlogonserver, WCHAR *wgroup,
cygsid &usersid, cygsidlist &grp_list)
{
LPLOCALGROUP_MEMBERS_INFO_0 buf;
DWORD cnt, tot;
BOOL ret = FALSE;
if (NetLocalGroupGetMembers (wlogonserver, wgroup, 0, (LPBYTE *) &buf,
MAX_PREFERRED_LENGTH, &cnt, &tot, NULL))
return FALSE;
for (DWORD bidx = 0; !ret && bidx < cnt; ++bidx)
if (EqualSid (usersid, buf[bidx].lgrmi0_sid))
ret = TRUE;
else
for (int glidx = 0; !ret && glidx < grp_list.count; ++glidx)
if (EqualSid (grp_list.sids[glidx], buf[bidx].lgrmi0_sid))
ret = TRUE;
NetApiBufferFree (buf);
return ret;
}
static BOOL
get_user_local_groups (WCHAR *wlogonserver, const char *logonserver,
cygsidlist &grp_list, cygsid &usersid)
{
LPLOCALGROUP_INFO_0 buf;
DWORD cnt, tot;
NET_API_STATUS ret;
if ((ret = NetLocalGroupEnum (wlogonserver, 0, (LPBYTE *) &buf,
MAX_PREFERRED_LENGTH, &cnt, &tot, NULL)))
{
debug_printf ("%d = NetLocalGroupEnum ()", ret);
set_errno (ret);
return FALSE;
}
for (DWORD i = 0; i < cnt; ++i)
if (is_group_member (wlogonserver, buf[i].lgrpi0_name, usersid, grp_list))
{
cygsid gsid;
char group[UNLEN + 1];
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
DWORD glen = UNLEN + 1;
DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
SID_NAME_USE use = SidTypeInvalid;
wcstombs (group, buf[i].lgrpi0_name, UNLEN + 1);
if (!LookupAccountName (NULL, group, gsid, &glen, domain, &dlen, &use))
{
glen = UNLEN + 1;
dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
if (!LookupAccountName (logonserver + 2, group,
gsid, &glen, domain, &dlen, &use))
debug_printf ("LookupAccountName(%s): %lu\n", group,
GetLastError ());
}
else if (!legal_sid_type (use))
{
strcat (strcpy (group, domain), "\\");
wcstombs (group + strlen (group), buf[i].lgrpi0_name,
UNLEN + 1 - strlen (group));
glen = UNLEN + 1;
dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
if (!LookupAccountName (NULL, group, gsid, &glen,
domain, &dlen, &use))
debug_printf ("LookupAccountName(%s): %lu\n", group,
GetLastError ());
}
if (legal_sid_type (use))
grp_list += gsid;
}
NetApiBufferFree (buf);
return TRUE;
}
static BOOL
sid_in_token_groups (PTOKEN_GROUPS grps, cygsid &sid)
{
if (!grps)
return FALSE;
for (DWORD i = 0; i < grps->GroupCount; ++i)
if (sid == grps->Groups[i].Sid)
return TRUE;
return FALSE;
}
static BOOL
get_user_primary_group (WCHAR *wlogonserver, const char *user,
cygsid &usersid, cygsid &pgrpsid)
{
LPUSER_INFO_3 buf;
WCHAR wuser[UNLEN + 1];
BOOL ret = FALSE;
UCHAR count;
if (usersid == well_known_system_sid)
{
pgrpsid = well_known_system_sid;
return TRUE;
}
mbstowcs (wuser, user, UNLEN + 1);
if (NetUserGetInfo (wlogonserver, wuser, 3, (LPBYTE *) &buf))
return FALSE;
pgrpsid = usersid;
if (IsValidSid (pgrpsid) && (count = *GetSidSubAuthorityCount (pgrpsid)) > 1)
{
*GetSidSubAuthority (pgrpsid, count - 1) = buf->usri3_primary_group_id;
ret = TRUE;
}
NetApiBufferFree (buf);
return ret;
}
static BOOL
get_group_sidlist (const char *logonserver, cygsidlist &grp_list,
cygsid &usersid, cygsid &pgrpsid,
PTOKEN_GROUPS my_grps, LUID auth_luid, int &auth_pos)
{
WCHAR wserver[INTERNET_MAX_HOST_NAME_LENGTH + 1];
char user[INTERNET_MAX_HOST_NAME_LENGTH + 1];
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
DWORD ulen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
SID_NAME_USE use;
auth_pos = -1;
mbstowcs (wserver, logonserver, INTERNET_MAX_HOST_NAME_LENGTH + 1);
if (!LookupAccountSid (NULL, usersid, user, &ulen, domain, &dlen, &use))
{
debug_printf ("LookupAccountSid () %E");
__seterrno ();
return FALSE;
}
grp_list += well_known_world_sid;
if (usersid == well_known_system_sid)
{
grp_list += well_known_system_sid;
grp_list += well_known_admin_sid;
}
else
{
if (my_grps)
{
if (sid_in_token_groups (my_grps, well_known_local_sid))
grp_list += well_known_local_sid;
if (sid_in_token_groups (my_grps, well_known_dialup_sid))
grp_list += well_known_dialup_sid;
if (sid_in_token_groups (my_grps, well_known_network_sid))
grp_list += well_known_network_sid;
if (sid_in_token_groups (my_grps, well_known_batch_sid))
grp_list += well_known_batch_sid;
if (sid_in_token_groups (my_grps, well_known_interactive_sid))
grp_list += well_known_interactive_sid;
if (sid_in_token_groups (my_grps, well_known_service_sid))
grp_list += well_known_service_sid;
grp_list += well_known_authenticated_users_sid;
}
else
{
grp_list += well_known_local_sid;
grp_list += well_known_interactive_sid;
grp_list += well_known_authenticated_users_sid;
}
if (auth_luid.QuadPart != 999) /* != SYSTEM_LUID */
{
char buf[64];
__small_sprintf (buf, "S-1-5-5-%u-%u", auth_luid.HighPart,
auth_luid.LowPart);
grp_list += buf;
auth_pos = grp_list.count - 1;
}
}
if (!pgrpsid)
get_user_primary_group (wserver, user, usersid, pgrpsid);
if (!get_user_groups (wserver, grp_list, user) ||
!get_user_local_groups (wserver, logonserver, grp_list, usersid))
return FALSE;
if (!grp_list.contains (pgrpsid))
grp_list += pgrpsid;
return TRUE;
}
static const char *sys_privs[] = {
SE_TCB_NAME,
SE_ASSIGNPRIMARYTOKEN_NAME,
SE_CREATE_TOKEN_NAME,
SE_CHANGE_NOTIFY_NAME,
SE_SECURITY_NAME,
SE_BACKUP_NAME,
SE_RESTORE_NAME,
SE_SYSTEMTIME_NAME,
SE_SHUTDOWN_NAME,
SE_REMOTE_SHUTDOWN_NAME,
SE_TAKE_OWNERSHIP_NAME,
SE_DEBUG_NAME,
SE_SYSTEM_ENVIRONMENT_NAME,
SE_SYSTEM_PROFILE_NAME,
SE_PROF_SINGLE_PROCESS_NAME,
SE_INC_BASE_PRIORITY_NAME,
SE_LOAD_DRIVER_NAME,
SE_CREATE_PAGEFILE_NAME,
SE_INCREASE_QUOTA_NAME
};
#define SYSTEM_PERMISSION_COUNT (sizeof sys_privs / sizeof (const char *))
PTOKEN_PRIVILEGES
get_system_priv_list (cygsidlist &grp_list)
{
LUID priv;
PTOKEN_PRIVILEGES privs = (PTOKEN_PRIVILEGES) malloc (sizeof (ULONG) +
20 * sizeof (LUID_AND_ATTRIBUTES));
if (!privs)
{
debug_printf ("malloc (system_privs) failed.");
return NULL;
}
privs->PrivilegeCount = 0;
for (DWORD i = 0; i < SYSTEM_PERMISSION_COUNT; ++i)
if (LookupPrivilegeValue (NULL, sys_privs[i], &priv))
{
privs->Privileges[privs->PrivilegeCount].Luid = priv;
privs->Privileges[privs->PrivilegeCount].Attributes =
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT;
++privs->PrivilegeCount;
}
return privs;
}
PTOKEN_PRIVILEGES
get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list)
{
PLSA_UNICODE_STRING privstrs;
ULONG cnt;
PTOKEN_PRIVILEGES privs = NULL;
NTSTATUS ret;
char buf[INTERNET_MAX_HOST_NAME_LENGTH + 1];
if (usersid == well_known_system_sid)
return get_system_priv_list (grp_list);
for (int grp = -1; grp < grp_list.count; ++grp)
{
if (grp == -1)
{
if ((ret = LsaEnumerateAccountRights (lsa, usersid, &privstrs, &cnt))
!= STATUS_SUCCESS)
continue;
}
else if ((ret = LsaEnumerateAccountRights (lsa, grp_list.sids[grp],
&privstrs, &cnt))
!= STATUS_SUCCESS)
continue;
for (ULONG i = 0; i < cnt; ++i)
{
LUID priv;
PTOKEN_PRIVILEGES tmp;
DWORD tmp_count;
wcstombs (buf, privstrs[i].Buffer, INTERNET_MAX_HOST_NAME_LENGTH + 1);
if (!LookupPrivilegeValue (NULL, buf, &priv))
continue;
for (DWORD p = 0; privs && p < privs->PrivilegeCount; ++p)
if (!memcmp (&priv, &privs->Privileges[p].Luid, sizeof (LUID)))
goto next_account_right;
tmp_count = privs ? privs->PrivilegeCount : 0;
tmp = (PTOKEN_PRIVILEGES)
realloc (privs, sizeof (ULONG) +
(tmp_count + 1) * sizeof (LUID_AND_ATTRIBUTES));
if (!tmp)
{
if (privs)
free (privs);
LsaFreeMemory (privstrs);
debug_printf ("realloc (privs) failed.");
return NULL;
}
tmp->PrivilegeCount = tmp_count;
privs = tmp;
privs->Privileges[privs->PrivilegeCount].Luid = priv;
privs->Privileges[privs->PrivilegeCount].Attributes =
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT;
++privs->PrivilegeCount;
next_account_right:
;
}
LsaFreeMemory (privstrs);
}
return privs;
}
#define token_acl_size (sizeof (ACL) + \
2 * (sizeof (ACCESS_ALLOWED_ACE) + MAX_SID_LEN))
static BOOL
get_dacl (PACL acl, cygsid usersid, cygsidlist &grp_list)
{
if (!InitializeAcl(acl, token_acl_size, ACL_REVISION))
{
__seterrno ();
return FALSE;
}
if (grp_list.contains (well_known_admin_sid))
{
if (!AddAccessAllowedAce(acl, ACL_REVISION, GENERIC_ALL,
well_known_admin_sid))
{
__seterrno ();
return FALSE;
}
}
else if (!AddAccessAllowedAce(acl, ACL_REVISION, GENERIC_ALL, usersid))
{
__seterrno ();
return FALSE;
}
if (!AddAccessAllowedAce(acl, ACL_REVISION, GENERIC_ALL,
well_known_system_sid))
{
__seterrno ();
return FALSE;
}
return TRUE;
}
HANDLE
create_token (cygsid &usersid, cygsid &pgrpsid)
{
NTSTATUS ret;
LSA_HANDLE lsa = NULL;
char logonserver[INTERNET_MAX_HOST_NAME_LENGTH + 1];
int old_priv_state;
cygsidlist grpsids;
SECURITY_QUALITY_OF_SERVICE sqos =
{ sizeof sqos, SecurityImpersonation, SECURITY_STATIC_TRACKING, FALSE };
OBJECT_ATTRIBUTES oa =
{ sizeof oa, 0, 0, 0, 0, &sqos };
SECURITY_ATTRIBUTES sa = { sizeof sa, NULL, TRUE };
LUID auth_luid = SYSTEM_LUID;
LARGE_INTEGER exp = { 0x7fffffffffffffffLL } ;
TOKEN_USER user;
PTOKEN_GROUPS grps = NULL;
PTOKEN_PRIVILEGES privs = NULL;
TOKEN_OWNER owner;
TOKEN_PRIMARY_GROUP pgrp;
char acl_buf[token_acl_size];
TOKEN_DEFAULT_DACL dacl;
TOKEN_SOURCE source;
TOKEN_STATISTICS stats;
memcpy(source.SourceName, "Cygwin.1", 8);
source.SourceIdentifier.HighPart = 0;
source.SourceIdentifier.LowPart = 0x0101;
HANDLE token;
HANDLE primary_token = INVALID_HANDLE_VALUE;
HANDLE my_token = INVALID_HANDLE_VALUE;
PTOKEN_GROUPS my_grps = NULL;
DWORD size;
/* SE_CREATE_TOKEN_NAME privilege needed to call NtCreateToken. */
if ((old_priv_state = set_process_privilege (SE_CREATE_TOKEN_NAME)) < 0)
goto out;
/* Open policy object. */
if ((lsa = open_local_policy ()) == INVALID_HANDLE_VALUE)
goto out;
/* Get logon server. */
if (!get_logon_server (lsa, logonserver))
goto out;
/* User, owner, primary group. */
user.User.Sid = usersid;
user.User.Attributes = 0;
owner.Owner = usersid;
/* Retrieve authentication id and group list from own process. */
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &my_token))
debug_printf ("OpenProcessToken(my_token): %E\n");
else
{
/* Switching user context to SYSTEM doesn't inherit the authentication
id of the user account running current process. */
if (usersid != well_known_system_sid)
if (!GetTokenInformation (my_token, TokenStatistics,
&stats, sizeof stats, &size))
debug_printf ("GetTokenInformation(my_token, TokenStatistics): %E\n");
else
auth_luid = stats.AuthenticationId;
/* Retrieving current processes group list to be able to inherit
some important well known group sids. */
if (!GetTokenInformation (my_token, TokenGroups, NULL, 0, &size) &&
GetLastError () != ERROR_INSUFFICIENT_BUFFER)
debug_printf ("GetTokenInformation(my_token, TokenGroups): %E\n");
else if (!(my_grps = (PTOKEN_GROUPS) malloc (size)))
debug_printf ("malloc (my_grps) failed.");
else if (!GetTokenInformation (my_token, TokenGroups, my_grps,
size, &size))
{
debug_printf ("GetTokenInformation(my_token, TokenGroups): %E\n");
free (my_grps);
my_grps = NULL;
}
}
/* Create list of groups, the user is member in. */
int auth_pos;
if (!get_group_sidlist (logonserver, grpsids, usersid, pgrpsid,
my_grps, auth_luid, auth_pos))
goto out;
/* Primary group. */
pgrp.PrimaryGroup = pgrpsid;
/* Create a TOKEN_GROUPS list from the above retrieved list of sids. */
char grps_buf[sizeof (ULONG) + grpsids.count * sizeof (SID_AND_ATTRIBUTES)];
grps = (PTOKEN_GROUPS) grps_buf;
grps->GroupCount = grpsids.count;
for (DWORD i = 0; i < grps->GroupCount; ++i)
{
grps->Groups[i].Sid = grpsids.sids[i];
grps->Groups[i].Attributes = SE_GROUP_MANDATORY |
SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_ENABLED;
if (auth_pos >= 0 && i == (DWORD) auth_pos)
grps->Groups[i].Attributes |= SE_GROUP_LOGON_ID;
}
/* Retrieve list of privileges of that user. */
if (!(privs = get_priv_list (lsa, usersid, grpsids)))
goto out;
/* Create default dacl. */
if (!get_dacl ((PACL) acl_buf, usersid, grpsids))
goto out;
dacl.DefaultDacl = (PACL) acl_buf;
/* Let's be heroic... */
ret = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation,
&auth_luid, &exp, &user, grps, privs, &owner, &pgrp,
&dacl, &source);
if (ret)
set_errno (RtlNtStatusToDosError (ret));
else if (GetLastError () == ERROR_PROC_NOT_FOUND)
{
__seterrno ();
debug_printf ("Loading NtCreateToken failed.");
}
/* Convert to primary token. */
if (!DuplicateTokenEx (token, TOKEN_ALL_ACCESS, &sa,
SecurityImpersonation, TokenPrimary,
&primary_token))
__seterrno ();
out:
if (old_priv_state >= 0)
set_process_privilege (SE_CREATE_TOKEN_NAME, old_priv_state);
if (token != INVALID_HANDLE_VALUE)
CloseHandle (token);
if (privs)
free (privs);
if (my_grps)
free (my_grps);
close_local_policy (lsa);
debug_printf ("%d = create_token ()", primary_token);
return primary_token;
}
int subauth_id = 255;
HANDLE
@ -177,12 +813,16 @@ subauth (struct passwd *pw)
TOKEN_SOURCE ts;
PMSV1_0_LM20_LOGON_PROFILE profile;
LUID luid;
HANDLE user_token;
QUOTA_LIMITS quota;
char nt_domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
char nt_user[UNLEN + 1];
SECURITY_ATTRIBUTES sa = { sizeof sa, NULL, TRUE };
HANDLE user_token = INVALID_HANDLE_VALUE;
HANDLE primary_token = INVALID_HANDLE_VALUE;
int old_tcb_state;
set_process_privilege(SE_TCB_NAME);
if ((old_tcb_state = set_process_privilege(SE_TCB_NAME)) < 0)
return INVALID_HANDLE_VALUE;
/* Register as logon process. */
str2lsa (name, "Cygwin");
@ -192,12 +832,12 @@ subauth (struct passwd *pw)
{
debug_printf ("LsaRegisterLogonProcess: %d", ret);
set_errno (LsaNtStatusToWinError(ret));
return INVALID_HANDLE_VALUE;
goto out;
}
else if (GetLastError () == ERROR_PROC_NOT_FOUND)
{
debug_printf ("Couldn't load Secur32.dll");
return INVALID_HANDLE_VALUE;
goto out;
}
/* Get handle to MSV1_0 package. */
str2lsa (name, MSV1_0_PACKAGE_NAME);
@ -207,7 +847,7 @@ subauth (struct passwd *pw)
debug_printf ("LsaLookupAuthenticationPackage: %d", ret);
set_errno (LsaNtStatusToWinError(ret));
LsaDeregisterLogonProcess(lsa_hdl);
return INVALID_HANDLE_VALUE;
goto out;
}
/* Create origin. */
str2buf2lsa (origin.str, origin.buf, "Cygwin");
@ -236,20 +876,19 @@ subauth (struct passwd *pw)
debug_printf ("LsaLogonUser: %d", ret);
set_errno (LsaNtStatusToWinError(ret));
LsaDeregisterLogonProcess(lsa_hdl);
return INVALID_HANDLE_VALUE;
goto out;
}
LsaFreeReturnBuffer(profile);
/* Convert to primary token. */
SECURITY_ATTRIBUTES sa = { sizeof sa, NULL, TRUE };
HANDLE primary_token;
if (!DuplicateTokenEx (user_token, TOKEN_ALL_ACCESS, &sa,
SecurityImpersonation, TokenPrimary,
&primary_token))
{
CloseHandle (user_token);
return INVALID_HANDLE_VALUE;
}
CloseHandle (user_token);
__seterrno ();
out:
set_process_privilege(SE_TCB_NAME, old_tcb_state);
if (user_token != INVALID_HANDLE_VALUE)
CloseHandle (user_token);
return primary_token;
}