* autoload.cc: Add LoadDLLinitfunc for secur32.dll.
Add LoadDLLfuncEx statements for AllocateLocallyUniqueId@4,
DuplicateTokenEx@24, LsaNtStatusToWinError@4,
LsaDeregisterLogonProcess@4, LsaFreeReturnBuffer@4,
LsaLogonUser@56, LsaLookupAuthenticationPackage@12,
LsaRegisterLogonProcess@12,
* environ.cc: Add extern declaration for `subauth_id'.
(subauth_id_init): New function for setting `subauth_id'.
(struct parse_thing): Add entry for `subauth_id'.
* fork.cc (fork_parent): Call `RevertToSelf' and
`ImpersonateLoggedOnUser' instead of `seteuid'.
* security.cc: Define global variable `subauth_id'.
(extract_nt_dom_user): New function.
(cygwin_logon_user): Call `extract_nt_dom_user' now.
(str2lsa): New static function.
(str2buf2lsa): Ditto.
(str2buf2uni): Ditto.
(subauth): Ditto.
* security.h: Add prototype for `subauth'.
* spawn.cc (spawn_guts): Use cygheap->user.token only if impersonated.
Use `cygsid' type. Remove impersonation before allowing access to
workstation/desktop to everyone. Call `RevertToSelf' and
`ImpersonateLoggedOnUser' instead of `seteuid'.
* syscalls.cc (seteuid): Rearranged to allow using subauthentication
to retrieve user tokens when needed.
This commit is contained in:
Corinna Vinschen
@ -578,7 +578,8 @@ skip_arg_parsing:
|
||||
/* Preallocated buffer for `sec_user' call */
|
||||
char sa_buf[1024];
|
||||
|
||||
if (!hToken && cygheap->user.token != INVALID_HANDLE_VALUE)
|
||||
if (!hToken && cygheap->user.impersonated
|
||||
&& cygheap->user.token != INVALID_HANDLE_VALUE)
|
||||
hToken = cygheap->user.token;
|
||||
|
||||
const char *runpath = null_app_name ? NULL : (const char *) real_path;
|
||||
@ -607,6 +608,28 @@ skip_arg_parsing:
|
||||
}
|
||||
else
|
||||
{
|
||||
cygsid sid;
|
||||
DWORD ret_len;
|
||||
if (!GetTokenInformation (hToken, TokenUser, &sid, sizeof sid, &ret_len))
|
||||
{
|
||||
sid = NULL;
|
||||
system_printf ("GetTokenInformation: %E");
|
||||
}
|
||||
|
||||
/* Retrieve security attributes before setting psid to NULL
|
||||
since it's value is needed by `sec_user'. */
|
||||
PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid
|
||||
? sec_user (sa_buf, sid)
|
||||
: &sec_all_nih;
|
||||
|
||||
/* Remove impersonation */
|
||||
if (cygheap->user.impersonated
|
||||
&& cygheap->user.token != INVALID_HANDLE_VALUE)
|
||||
RevertToSelf ();
|
||||
|
||||
/* Load users registry hive. */
|
||||
load_registry_hive (sid);
|
||||
|
||||
/* allow the child to interact with our window station/desktop */
|
||||
HANDLE hwst, hdsk;
|
||||
SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
|
||||
@ -625,31 +648,6 @@ skip_arg_parsing:
|
||||
strcat (wstname, dskname);
|
||||
si.lpDesktop = wstname;
|
||||
|
||||
char tu[1024];
|
||||
PSID sid = NULL;
|
||||
DWORD ret_len;
|
||||
if (GetTokenInformation (hToken, TokenUser,
|
||||
(LPVOID) &tu, sizeof tu,
|
||||
&ret_len))
|
||||
sid = ((TOKEN_USER *) &tu)->User.Sid;
|
||||
else
|
||||
system_printf ("GetTokenInformation: %E");
|
||||
|
||||
/* Retrieve security attributes before setting psid to NULL
|
||||
since it's value is needed by `sec_user'. */
|
||||
PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid
|
||||
? sec_user (sa_buf, sid)
|
||||
: &sec_all_nih;
|
||||
|
||||
/* Remove impersonation */
|
||||
uid_t uid = geteuid ();
|
||||
if (cygheap->user.impersonated
|
||||
&& cygheap->user.token != INVALID_HANDLE_VALUE)
|
||||
seteuid (cygheap->user.orig_uid);
|
||||
|
||||
/* Load users registry hive. */
|
||||
load_registry_hive (sid);
|
||||
|
||||
rc = CreateProcessAsUser (hToken,
|
||||
runpath, /* image name - with full path */
|
||||
one_line.buf, /* what was passed to exec */
|
||||
@ -666,7 +664,7 @@ skip_arg_parsing:
|
||||
if (mode != _P_OVERLAY && mode != _P_VFORK
|
||||
&& cygheap->user.impersonated
|
||||
&& cygheap->user.token != INVALID_HANDLE_VALUE)
|
||||
seteuid (uid);
|
||||
ImpersonateLoggedOnUser (cygheap->user.token);
|
||||
}
|
||||
|
||||
MALLOC_CHECK;
|
||||
|
||||
Reference in New Issue
Block a user