* autoload.cc: Add LoadDLLinitfunc for secur32.dll.
Add LoadDLLfuncEx statements for AllocateLocallyUniqueId@4,
DuplicateTokenEx@24, LsaNtStatusToWinError@4,
LsaDeregisterLogonProcess@4, LsaFreeReturnBuffer@4,
LsaLogonUser@56, LsaLookupAuthenticationPackage@12,
LsaRegisterLogonProcess@12,
* environ.cc: Add extern declaration for `subauth_id'.
(subauth_id_init): New function for setting `subauth_id'.
(struct parse_thing): Add entry for `subauth_id'.
* fork.cc (fork_parent): Call `RevertToSelf' and
`ImpersonateLoggedOnUser' instead of `seteuid'.
* security.cc: Define global variable `subauth_id'.
(extract_nt_dom_user): New function.
(cygwin_logon_user): Call `extract_nt_dom_user' now.
(str2lsa): New static function.
(str2buf2lsa): Ditto.
(str2buf2uni): Ditto.
(subauth): Ditto.
* security.h: Add prototype for `subauth'.
* spawn.cc (spawn_guts): Use cygheap->user.token only if impersonated.
Use `cygsid' type. Remove impersonation before allowing access to
workstation/desktop to everyone. Call `RevertToSelf' and
`ImpersonateLoggedOnUser' instead of `seteuid'.
* syscalls.cc (seteuid): Rearranged to allow using subauthentication
to retrieve user tokens when needed.
This commit is contained in:
Corinna Vinschen
@ -129,6 +129,28 @@ LoadDLLinitfunc (ntdll)
|
||||
return 0;
|
||||
}
|
||||
|
||||
LoadDLLinitfunc (secur32)
|
||||
{
|
||||
HANDLE h;
|
||||
static NO_COPY LONG here = -1L;
|
||||
|
||||
while (InterlockedIncrement (&here))
|
||||
{
|
||||
InterlockedDecrement (&here);
|
||||
Sleep (0);
|
||||
}
|
||||
|
||||
if (secur32_handle)
|
||||
/* nothing to do */;
|
||||
else if ((h = LoadLibrary ("secur32.dll")) != NULL)
|
||||
secur32_handle = h;
|
||||
else if (!secur32_handle)
|
||||
api_fatal ("could not load secur32.dll, %E");
|
||||
|
||||
InterlockedDecrement (&here);
|
||||
return 0; /* Already done by another thread? */
|
||||
}
|
||||
|
||||
LoadDLLinitfunc (user32)
|
||||
{
|
||||
HANDLE h;
|
||||
@ -271,12 +293,14 @@ LoadDLLfunc (AddAccessAllowedAce, 16, advapi32)
|
||||
LoadDLLfunc (AddAccessDeniedAce, 16, advapi32)
|
||||
LoadDLLfunc (AddAce, 20, advapi32)
|
||||
LoadDLLfunc (AdjustTokenPrivileges, 24, advapi32)
|
||||
LoadDLLfuncEx (AllocateLocallyUniqueId, 4, advapi32, 1)
|
||||
LoadDLLfunc (CopySid, 12, advapi32)
|
||||
LoadDLLfunc (CreateProcessAsUserA, 44, advapi32)
|
||||
LoadDLLfuncEx (CryptAcquireContextA, 20, advapi32, 1)
|
||||
LoadDLLfuncEx (CryptGenRandom, 12, advapi32, 1)
|
||||
LoadDLLfuncEx (CryptReleaseContext, 8, advapi32, 1)
|
||||
LoadDLLfunc (DeregisterEventSource, 4, advapi32)
|
||||
LoadDLLfuncEx (DuplicateTokenEx, 24, advapi32, 1)
|
||||
LoadDLLfunc (EqualSid, 8, advapi32)
|
||||
LoadDLLfunc (GetAce, 12, advapi32)
|
||||
LoadDLLfunc (GetFileSecurityA, 20, advapi32)
|
||||
@ -298,6 +322,7 @@ LoadDLLfunc (LogonUserA, 24, advapi32)
|
||||
LoadDLLfunc (LookupAccountNameA, 28, advapi32)
|
||||
LoadDLLfunc (LookupAccountSidA, 28, advapi32)
|
||||
LoadDLLfunc (LookupPrivilegeValueA, 12, advapi32)
|
||||
LoadDLLfuncEx (LsaNtStatusToWinError, 4, advapi32, 1)
|
||||
LoadDLLfunc (MakeSelfRelativeSD, 12, advapi32)
|
||||
LoadDLLfunc (OpenProcessToken, 12, advapi32)
|
||||
LoadDLLfunc (RegCloseKey, 4, advapi32)
|
||||
@ -334,6 +359,13 @@ LoadDLLfuncEx (RtlInitUnicodeString, 8, ntdll, 1)
|
||||
LoadDLLfuncEx (RtlNtStatusToDosError, 4, ntdll, 1)
|
||||
LoadDLLfuncEx (ZwQuerySystemInformation, 16, ntdll, 1)
|
||||
|
||||
LoadDLLinit (secur32)
|
||||
LoadDLLfuncEx (LsaDeregisterLogonProcess, 4, secur32, 1)
|
||||
LoadDLLfuncEx (LsaFreeReturnBuffer, 4, secur32, 1)
|
||||
LoadDLLfuncEx (LsaLogonUser, 56, secur32, 1)
|
||||
LoadDLLfuncEx (LsaLookupAuthenticationPackage, 12, secur32, 1)
|
||||
LoadDLLfuncEx (LsaRegisterLogonProcess, 12, secur32, 1)
|
||||
|
||||
LoadDLLinit (user32)
|
||||
LoadDLLfunc (CharToOemA, 8, user32)
|
||||
LoadDLLfunc (CharToOemBuffA, 12, user32)
|
||||
|
||||
Reference in New Issue
Block a user