setuid: Create token from scratch without credentials of caller

* sec_auth.cc (get_token_group_sidlist): Drop auth_luid and auth_pos parameter. Remove code adding a logon SID. (get_initgroups_sidlist): Drop auth_luid and auth_pos parameter. Drop in call to get_token_group_sidlist. Accommodate in callers. (get_setgroups_sidlist): Ditto. (create_token): Explicitely set auth_luid to ANONYMOUS_LOGON_LUID or LOCALSERVICE_LUID depending on OS. Explain why. Remove handling of logon SID since we don't generate one anymore. (lsaauth): Drop now unused local variable auth_luid and auth_pos. * wincap.h (wincaps::has_broken_whoami): New element. * wincap.cc: Implement above element throughout. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-02-17 16:40:27 +01:00
parent 182e2502c8
commit 205862ed08
3 changed files with 29 additions and 35 deletions
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@@ -52,6 +52,7 @@ wincaps wincap_xpsp2 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_processor_groups:false,
  has_broken_prefetchvm:false,
  has_new_pebteb_region:false,
+  has_broken_whoami:true,
 };

 wincaps wincap_2003 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -86,6 +87,7 @@ wincaps wincap_2003 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_processor_groups:false,
  has_broken_prefetchvm:false,
  has_new_pebteb_region:false,
+  has_broken_whoami:true,
 };

 wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -120,6 +122,7 @@ wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_processor_groups:false,
  has_broken_prefetchvm:false,
  has_new_pebteb_region:false,
+  has_broken_whoami:true,
 };

 wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -154,6 +157,7 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_processor_groups:true,
  has_broken_prefetchvm:false,
  has_new_pebteb_region:false,
+  has_broken_whoami:true,
 };

 wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -188,6 +192,7 @@ wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_processor_groups:true,
  has_broken_prefetchvm:false,
  has_new_pebteb_region:false,
+  has_broken_whoami:false,
 };

 wincaps wincap_10 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -222,6 +227,7 @@ wincaps wincap_10 __attribute__((section (".cygwin_dll_common"), shared)) = {
  has_processor_groups:true,
  has_broken_prefetchvm:true,
  has_new_pebteb_region:false,
+  has_broken_whoami:false,
 };

 wincaps wincap_10_1511 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -256,6 +262,7 @@ wincaps wincap_10_1511 __attribute__((section (".cygwin_dll_common"), shared)) =
  has_processor_groups:true,
  has_broken_prefetchvm:false,
  has_new_pebteb_region:true,
+  has_broken_whoami:false,
 };

 wincapc wincap __attribute__((section (".cygwin_dll_common"), shared));