* cygwin.din: Define symbols for `cygwin_logon_user' and
`cygwin_set_impersonation_token'. * dcrt0.cc (dll_crt0_1): Eliminate superfluous conditional statements. Add load statements for `ImpersonateLoggedOnUser', `LogonUserA' and `RevertToSelf'. * fork.cc (fork): Care for correct impersonation of parent and child process. * security.cc (cygwin_set_impersonation_token): New function. (cygwin_logon_user): Ditto. shared.h (class pinfo): New members `orig_uid', `orig_gid', `real_uid' nad `real_gid'. spawn.cc (spawn_guts): Care for impersonation when starting child process in a different user context. * syscalls.cc (setgid): Call `setegid' now. Set real_gid. (setuid): Call `seteuid' now. Set real_uid. (seteuid): Functionality moved from setuid to here. Care for correct impersonation. (setegid): Functionality moved from setgid to here. * uinfo.cc (uinfo_init): Initialization of additional pinfo members. (getuid): Return real uid. (getgid): Return real gid. (geteuid): Return effective uid. (getegid): Return effective gid. include/sys/cygwin.h: Add prototypes for `cygwin_logon_user' and `cygwin_set_impersonation_token'. include/cygwin/version.h: Bumb API minor version to 22.
This commit is contained in:
@ -374,6 +374,73 @@ got_it:
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
void
|
||||
cygwin_set_impersonation_token (const HANDLE hToken)
|
||||
{
|
||||
debug_printf ("set_impersonation_token (%d)", hToken);
|
||||
if (myself->token != hToken)
|
||||
{
|
||||
if (myself->token != INVALID_HANDLE_VALUE)
|
||||
CloseHandle (myself->token);
|
||||
myself->token = hToken;
|
||||
myself->impersonated = FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
extern "C"
|
||||
HANDLE
|
||||
cygwin_logon_user (const struct passwd *pw, const char *password)
|
||||
{
|
||||
if (os_being_run != winNT)
|
||||
{
|
||||
set_errno (ENOSYS);
|
||||
return INVALID_HANDLE_VALUE;
|
||||
}
|
||||
if (!pw)
|
||||
{
|
||||
set_errno (EINVAL);
|
||||
return INVALID_HANDLE_VALUE;
|
||||
}
|
||||
|
||||
char *c, *nt_user, *nt_domain = NULL;
|
||||
char usernamebuf[256];
|
||||
HANDLE hToken;
|
||||
|
||||
strcpy (usernamebuf, pw->pw_name);
|
||||
if (pw->pw_gecos)
|
||||
{
|
||||
if ((c = strstr (pw->pw_gecos, "U-")) != NULL &&
|
||||
(c == pw->pw_gecos || c[-1] == ','))
|
||||
{
|
||||
usernamebuf[0] = '\0';
|
||||
strncat (usernamebuf, c + 2, 255);
|
||||
if ((c = strchr (usernamebuf, ',')) != NULL)
|
||||
*c = '\0';
|
||||
}
|
||||
}
|
||||
nt_user = usernamebuf;
|
||||
if ((c = strchr (nt_user, '\\')) != NULL)
|
||||
{
|
||||
nt_domain = nt_user;
|
||||
*c = '\0';
|
||||
nt_user = c + 1;
|
||||
}
|
||||
if (! LogonUserA (nt_user, nt_domain, (char *) password,
|
||||
LOGON32_LOGON_INTERACTIVE,
|
||||
LOGON32_PROVIDER_DEFAULT,
|
||||
&hToken)
|
||||
|| !SetHandleInformation (hToken,
|
||||
HANDLE_FLAG_INHERIT,
|
||||
HANDLE_FLAG_INHERIT))
|
||||
{
|
||||
__seterrno ();
|
||||
return INVALID_HANDLE_VALUE;
|
||||
}
|
||||
debug_printf ("%d = logon_user(%s,...)", hToken, pw->pw_name);
|
||||
return hToken;
|
||||
}
|
||||
|
||||
/* read_sd reads a security descriptor from a file.
|
||||
In case of error, -1 is returned and errno is set.
|
||||
If sd_buf is too small, 0 is returned and sd_size
|
||||
|
Reference in New Issue
Block a user