* autoload.cc: Add LoadDLLinitfunc for secur32.dll.

Add LoadDLLfuncEx statements for AllocateLocallyUniqueId@4,
        DuplicateTokenEx@24, LsaNtStatusToWinError@4,
        LsaDeregisterLogonProcess@4, LsaFreeReturnBuffer@4,
        LsaLogonUser@56, LsaLookupAuthenticationPackage@12,
        LsaRegisterLogonProcess@12,
        * environ.cc: Add extern declaration for `subauth_id'.
        (subauth_id_init): New function for setting `subauth_id'.
        (struct parse_thing): Add entry for `subauth_id'.
        * fork.cc (fork_parent): Call `RevertToSelf' and
        `ImpersonateLoggedOnUser' instead of `seteuid'.
        * security.cc: Define global variable `subauth_id'.
        (extract_nt_dom_user): New function.
        (cygwin_logon_user): Call `extract_nt_dom_user' now.
        (str2lsa): New static function.
        (str2buf2lsa): Ditto.
        (str2buf2uni): Ditto.
        (subauth): Ditto.
        * security.h: Add prototype for `subauth'.
        * spawn.cc (spawn_guts): Use cygheap->user.token only if impersonated.
        Use `cygsid' type. Remove impersonation before allowing access to
        workstation/desktop to everyone. Call `RevertToSelf' and
        `ImpersonateLoggedOnUser' instead of `seteuid'.
        * syscalls.cc (seteuid): Rearranged to allow using subauthentication
        to retrieve user tokens when needed.
This commit is contained in:
Corinna Vinschen
2001-04-30 21:19:42 +00:00
parent 965cecdfca
commit 57ff940dd4
8 changed files with 353 additions and 113 deletions

View File

@ -578,7 +578,8 @@ skip_arg_parsing:
/* Preallocated buffer for `sec_user' call */
char sa_buf[1024];
if (!hToken && cygheap->user.token != INVALID_HANDLE_VALUE)
if (!hToken && cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
hToken = cygheap->user.token;
const char *runpath = null_app_name ? NULL : (const char *) real_path;
@ -607,6 +608,28 @@ skip_arg_parsing:
}
else
{
cygsid sid;
DWORD ret_len;
if (!GetTokenInformation (hToken, TokenUser, &sid, sizeof sid, &ret_len))
{
sid = NULL;
system_printf ("GetTokenInformation: %E");
}
/* Retrieve security attributes before setting psid to NULL
since it's value is needed by `sec_user'. */
PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid
? sec_user (sa_buf, sid)
: &sec_all_nih;
/* Remove impersonation */
if (cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
RevertToSelf ();
/* Load users registry hive. */
load_registry_hive (sid);
/* allow the child to interact with our window station/desktop */
HANDLE hwst, hdsk;
SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
@ -625,31 +648,6 @@ skip_arg_parsing:
strcat (wstname, dskname);
si.lpDesktop = wstname;
char tu[1024];
PSID sid = NULL;
DWORD ret_len;
if (GetTokenInformation (hToken, TokenUser,
(LPVOID) &tu, sizeof tu,
&ret_len))
sid = ((TOKEN_USER *) &tu)->User.Sid;
else
system_printf ("GetTokenInformation: %E");
/* Retrieve security attributes before setting psid to NULL
since it's value is needed by `sec_user'. */
PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid
? sec_user (sa_buf, sid)
: &sec_all_nih;
/* Remove impersonation */
uid_t uid = geteuid ();
if (cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
seteuid (cygheap->user.orig_uid);
/* Load users registry hive. */
load_registry_hive (sid);
rc = CreateProcessAsUser (hToken,
runpath, /* image name - with full path */
one_line.buf, /* what was passed to exec */
@ -666,7 +664,7 @@ skip_arg_parsing:
if (mode != _P_OVERLAY && mode != _P_VFORK
&& cygheap->user.impersonated
&& cygheap->user.token != INVALID_HANDLE_VALUE)
seteuid (uid);
ImpersonateLoggedOnUser (cygheap->user.token);
}
MALLOC_CHECK;