* cygwin.din: Define symbols for `cygwin_logon_user' and
`cygwin_set_impersonation_token'.
* dcrt0.cc (dll_crt0_1): Eliminate superfluous conditional
statements.
Add load statements for `ImpersonateLoggedOnUser', `LogonUserA'
and `RevertToSelf'.
* fork.cc (fork): Care for correct impersonation of parent
and child process.
* security.cc (cygwin_set_impersonation_token): New function.
(cygwin_logon_user): Ditto.
shared.h (class pinfo): New members `orig_uid', `orig_gid',
`real_uid' nad `real_gid'.
spawn.cc (spawn_guts): Care for impersonation when starting
child process in a different user context.
* syscalls.cc (setgid): Call `setegid' now. Set real_gid.
(setuid): Call `seteuid' now. Set real_uid.
(seteuid): Functionality moved from setuid to here. Care for
correct impersonation.
(setegid): Functionality moved from setgid to here.
* uinfo.cc (uinfo_init): Initialization of additional pinfo
members.
(getuid): Return real uid.
(getgid): Return real gid.
(geteuid): Return effective uid.
(getegid): Return effective gid.
include/sys/cygwin.h: Add prototypes for `cygwin_logon_user' and
`cygwin_set_impersonation_token'.
include/cygwin/version.h: Bumb API minor version to 22.
This commit is contained in:
Corinna Vinschen
@@ -1796,6 +1796,92 @@ mknod ()
|
||||
extern "C"
|
||||
int
|
||||
setgid (gid_t gid)
|
||||
{
|
||||
int ret = setegid (gid);
|
||||
if (!ret)
|
||||
myself->real_gid = myself->gid;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* setuid: POSIX 4.2.2.1 */
|
||||
extern "C"
|
||||
int
|
||||
setuid (uid_t uid)
|
||||
{
|
||||
int ret = seteuid (uid);
|
||||
if (!ret)
|
||||
myself->real_uid = myself->uid;
|
||||
debug_printf ("real: %d, effective: %d", myself->real_uid, myself->uid);
|
||||
return ret;
|
||||
}
|
||||
|
||||
extern char *internal_getlogin (struct pinfo *pi);
|
||||
|
||||
/* seteuid: standards? */
|
||||
extern "C"
|
||||
int
|
||||
seteuid (uid_t uid)
|
||||
{
|
||||
if (os_being_run == winNT)
|
||||
{
|
||||
if (uid != (uid_t) -1)
|
||||
{
|
||||
struct passwd *pw_new = getpwuid (uid);
|
||||
if (!pw_new)
|
||||
{
|
||||
set_errno (EINVAL);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (uid != myself->uid)
|
||||
if (uid == myself->orig_uid)
|
||||
{
|
||||
debug_printf ("RevertToSelf() (uid == orig_uid, token=%d)",
|
||||
myself->token);
|
||||
RevertToSelf();
|
||||
if (myself->token != INVALID_HANDLE_VALUE)
|
||||
myself->impersonated = FALSE;
|
||||
}
|
||||
else if (!myself->impersonated)
|
||||
{
|
||||
debug_printf ("Impersonate(uid == %d)", uid);
|
||||
RevertToSelf();
|
||||
if (myself->token != INVALID_HANDLE_VALUE)
|
||||
if (!ImpersonateLoggedOnUser (myself->token))
|
||||
system_printf ("Impersonate(%d) in set(e)uid failed: %E",
|
||||
myself->token);
|
||||
else
|
||||
myself->impersonated = TRUE;
|
||||
}
|
||||
|
||||
struct pinfo pi;
|
||||
pi.psid = (PSID) pi.sidbuf;
|
||||
struct passwd *pw_cur = getpwnam (internal_getlogin (&pi));
|
||||
if (pw_cur != pw_new)
|
||||
{
|
||||
debug_printf ("Diffs!!! token: %d, cur: %d, new: %d, orig: %d",
|
||||
myself->token, pw_cur->pw_uid,
|
||||
pw_new->pw_uid, myself->orig_uid);
|
||||
set_errno (EPERM);
|
||||
return -1;
|
||||
}
|
||||
myself->uid = uid;
|
||||
strcpy (myself->username, pi.username);
|
||||
CopySid (40, myself->psid, pi.psid);
|
||||
strcpy (myself->logsrv, pi.logsrv);
|
||||
strcpy (myself->domain, pi.domain);
|
||||
}
|
||||
}
|
||||
else
|
||||
set_errno (ENOSYS);
|
||||
debug_printf ("real: %d, effective: %d", myself->real_uid, myself->uid);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* setegid: from System V. */
|
||||
extern "C"
|
||||
int
|
||||
setegid (gid_t gid)
|
||||
{
|
||||
if (os_being_run == winNT)
|
||||
{
|
||||
@@ -1814,60 +1900,6 @@ setgid (gid_t gid)
|
||||
return 0;
|
||||
}
|
||||
|
||||
extern char *internal_getlogin (struct pinfo *pi);
|
||||
|
||||
/* setuid: POSIX 4.2.2.1 */
|
||||
extern "C"
|
||||
int
|
||||
setuid (uid_t uid)
|
||||
{
|
||||
if (os_being_run == winNT)
|
||||
{
|
||||
if (uid != (uid_t) -1)
|
||||
{
|
||||
struct passwd *pw_new = getpwuid (uid);
|
||||
if (!pw_new)
|
||||
{
|
||||
set_errno (EINVAL);
|
||||
return -1;
|
||||
}
|
||||
|
||||
struct pinfo pi;
|
||||
pi.psid = (PSID) pi.sidbuf;
|
||||
struct passwd *pw_cur = getpwnam (internal_getlogin (&pi));
|
||||
if (pw_cur != pw_new)
|
||||
{
|
||||
set_errno (EPERM);
|
||||
return -1;
|
||||
}
|
||||
myself->uid = uid;
|
||||
strcpy (myself->username, pi.username);
|
||||
CopySid (40, myself->psid, pi.psid);
|
||||
strcpy (myself->logsrv, pi.logsrv);
|
||||
strcpy (myself->domain, pi.domain);
|
||||
}
|
||||
}
|
||||
else
|
||||
set_errno (ENOSYS);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* seteuid: standards? */
|
||||
extern "C"
|
||||
int
|
||||
seteuid (uid_t uid)
|
||||
{
|
||||
return setuid (uid);
|
||||
}
|
||||
|
||||
/* setegid: from System V. */
|
||||
extern "C"
|
||||
int
|
||||
setegid (gid_t gid)
|
||||
{
|
||||
return setgid (gid);
|
||||
}
|
||||
|
||||
/* chroot: privileged Unix system call. */
|
||||
extern "C"
|
||||
int
|
||||
|
||||
Reference in New Issue
Block a user