* cygwin.din: Define symbols for `cygwin_logon_user' and
`cygwin_set_impersonation_token'.
* dcrt0.cc (dll_crt0_1): Eliminate superfluous conditional
statements.
Add load statements for `ImpersonateLoggedOnUser', `LogonUserA'
and `RevertToSelf'.
* fork.cc (fork): Care for correct impersonation of parent
and child process.
* security.cc (cygwin_set_impersonation_token): New function.
(cygwin_logon_user): Ditto.
shared.h (class pinfo): New members `orig_uid', `orig_gid',
`real_uid' nad `real_gid'.
spawn.cc (spawn_guts): Care for impersonation when starting
child process in a different user context.
* syscalls.cc (setgid): Call `setegid' now. Set real_gid.
(setuid): Call `seteuid' now. Set real_uid.
(seteuid): Functionality moved from setuid to here. Care for
correct impersonation.
(setegid): Functionality moved from setgid to here.
* uinfo.cc (uinfo_init): Initialization of additional pinfo
members.
(getuid): Return real uid.
(getgid): Return real gid.
(geteuid): Return effective uid.
(getegid): Return effective gid.
include/sys/cygwin.h: Add prototypes for `cygwin_logon_user' and
`cygwin_set_impersonation_token'.
include/cygwin/version.h: Bumb API minor version to 22.
This commit is contained in:
Corinna Vinschen
@ -363,10 +363,16 @@ fork ()
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Remove impersonation */
|
||||
uid_t uid = geteuid();
|
||||
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||
seteuid (myself->orig_uid);
|
||||
|
||||
char sa_buf[1024];
|
||||
rc = CreateProcessA (myself->progname, /* image to run */
|
||||
myself->progname, /* what we send in arg0 */
|
||||
&sec_none_nih, /* process security attrs */
|
||||
&sec_none_nih, /* thread security attrs */
|
||||
allow_ntsec ? sec_user (sa_buf) : &sec_none_nih,
|
||||
allow_ntsec ? sec_user (sa_buf) : &sec_none_nih,
|
||||
TRUE, /* inherit handles from parent */
|
||||
c_flags,
|
||||
NULL, /* environment filled in later */
|
||||
@ -384,9 +390,16 @@ fork ()
|
||||
ForceCloseHandle(subproc_ready);
|
||||
ForceCloseHandle(forker_finished);
|
||||
subproc_ready = forker_finished = NULL;
|
||||
/* Restore impersonation */
|
||||
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||
seteuid (uid);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Restore impersonation */
|
||||
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||
seteuid (uid);
|
||||
|
||||
ProtectHandle (pi.hThread);
|
||||
/* Protect the handle but name it similarly to the way it will
|
||||
be called in subproc handling. */
|
||||
@ -410,6 +423,12 @@ fork ()
|
||||
memcpy (child->sidbuf, myself->sidbuf, 40);
|
||||
memcpy (child->logsrv, myself->logsrv, 256);
|
||||
memcpy (child->domain, myself->domain, MAX_COMPUTERNAME_LENGTH+1);
|
||||
child->token = myself->token;
|
||||
child->impersonated = myself->impersonated;
|
||||
child->orig_uid = myself->orig_uid;
|
||||
child->orig_gid = myself->orig_gid;
|
||||
child->real_uid = myself->real_uid;
|
||||
child->real_gid = myself->real_gid;
|
||||
set_child_mmap_ptr (child);
|
||||
|
||||
/* Wait for subproc to initialize itself. */
|
||||
@ -494,6 +513,17 @@ fork ()
|
||||
debug_printf ("self %p, pid %d, ppid %d",
|
||||
myself, x, myself ? myself->ppid : -1);
|
||||
|
||||
/* Restore the inheritance state as in parent
|
||||
Don't call setuid here! The flags are already set. */
|
||||
if (myself->impersonated)
|
||||
{
|
||||
debug_printf ("Impersonation of child, token: %d", myself->token);
|
||||
if (myself->token == INVALID_HANDLE_VALUE)
|
||||
RevertToSelf (); // probably not needed
|
||||
else if (!ImpersonateLoggedOnUser (myself->token))
|
||||
system_printf ("Impersonate for forked child failed: %E");
|
||||
}
|
||||
|
||||
sync_with_parent ("after longjmp.", TRUE);
|
||||
ProtectHandle (hParent);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user