* cygwin.din: Define symbols for `cygwin_logon_user' and
`cygwin_set_impersonation_token'. * dcrt0.cc (dll_crt0_1): Eliminate superfluous conditional statements. Add load statements for `ImpersonateLoggedOnUser', `LogonUserA' and `RevertToSelf'. * fork.cc (fork): Care for correct impersonation of parent and child process. * security.cc (cygwin_set_impersonation_token): New function. (cygwin_logon_user): Ditto. shared.h (class pinfo): New members `orig_uid', `orig_gid', `real_uid' nad `real_gid'. spawn.cc (spawn_guts): Care for impersonation when starting child process in a different user context. * syscalls.cc (setgid): Call `setegid' now. Set real_gid. (setuid): Call `seteuid' now. Set real_uid. (seteuid): Functionality moved from setuid to here. Care for correct impersonation. (setegid): Functionality moved from setgid to here. * uinfo.cc (uinfo_init): Initialization of additional pinfo members. (getuid): Return real uid. (getgid): Return real gid. (geteuid): Return effective uid. (getegid): Return effective gid. include/sys/cygwin.h: Add prototypes for `cygwin_logon_user' and `cygwin_set_impersonation_token'. include/cygwin/version.h: Bumb API minor version to 22.
This commit is contained in:
@@ -1,3 +1,34 @@
|
|||||||
|
Thu Jun 16 20:55:00 2000 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* cygwin.din: Define symbols for `cygwin_logon_user' and
|
||||||
|
`cygwin_set_impersonation_token'.
|
||||||
|
* dcrt0.cc (dll_crt0_1): Eliminate superfluous conditional
|
||||||
|
statements.
|
||||||
|
Add load statements for `ImpersonateLoggedOnUser', `LogonUserA'
|
||||||
|
and `RevertToSelf'.
|
||||||
|
* fork.cc (fork): Care for correct impersonation of parent
|
||||||
|
and child process.
|
||||||
|
* security.cc (cygwin_set_impersonation_token): New function.
|
||||||
|
(cygwin_logon_user): Ditto.
|
||||||
|
shared.h (class pinfo): New members `orig_uid', `orig_gid',
|
||||||
|
`real_uid' nad `real_gid'.
|
||||||
|
spawn.cc (spawn_guts): Care for impersonation when starting
|
||||||
|
child process in a different user context.
|
||||||
|
* syscalls.cc (setgid): Call `setegid' now. Set real_gid.
|
||||||
|
(setuid): Call `seteuid' now. Set real_uid.
|
||||||
|
(seteuid): Functionality moved from setuid to here. Care for
|
||||||
|
correct impersonation.
|
||||||
|
(setegid): Functionality moved from setgid to here.
|
||||||
|
* uinfo.cc (uinfo_init): Initialization of additional pinfo
|
||||||
|
members.
|
||||||
|
(getuid): Return real uid.
|
||||||
|
(getgid): Return real gid.
|
||||||
|
(geteuid): Return effective uid.
|
||||||
|
(getegid): Return effective gid.
|
||||||
|
include/sys/cygwin.h: Add prototypes for `cygwin_logon_user' and
|
||||||
|
`cygwin_set_impersonation_token'.
|
||||||
|
include/cygwin/version.h: Bumb API minor version to 22.
|
||||||
|
|
||||||
Thu Jun 15 18:12:36 2000 Christopher Faylor <cgf@cygnus.com>
|
Thu Jun 15 18:12:36 2000 Christopher Faylor <cgf@cygnus.com>
|
||||||
|
|
||||||
* path.cc (chdir): Don't set cache to offending chdir. Change comment
|
* path.cc (chdir): Don't set cache to offending chdir. Change comment
|
||||||
|
@@ -988,6 +988,8 @@ cygwin32_posix_to_win32_path_list = cygwin_posix_to_win32_path_list
|
|||||||
cygwin32_split_path = cygwin_split_path
|
cygwin32_split_path = cygwin_split_path
|
||||||
cygwin_winpid_to_pid
|
cygwin_winpid_to_pid
|
||||||
cygwin32_winpid_to_pid = cygwin_winpid_to_pid
|
cygwin32_winpid_to_pid = cygwin_winpid_to_pid
|
||||||
|
cygwin_logon_user
|
||||||
|
cygwin_set_impersonation_token
|
||||||
realpath
|
realpath
|
||||||
reent_data DATA
|
reent_data DATA
|
||||||
getenv
|
getenv
|
||||||
|
@@ -763,10 +763,9 @@ dll_crt0_1 ()
|
|||||||
/* Flush signals and ensure that signal thread is up and running. Can't
|
/* Flush signals and ensure that signal thread is up and running. Can't
|
||||||
do this for noncygwin case since the signal thread is blocked due to
|
do this for noncygwin case since the signal thread is blocked due to
|
||||||
LoadLibrary serialization. */
|
LoadLibrary serialization. */
|
||||||
if (!dynamically_loaded)
|
sig_send (NULL, __SIGFLUSH); /* also initializes uid, gid */
|
||||||
sig_send (NULL, __SIGFLUSH); /* also initializes uid, gid */
|
|
||||||
|
|
||||||
if (user_data->main && !dynamically_loaded)
|
if (user_data->main)
|
||||||
exit (user_data->main (argc, argv, *user_data->envptr));
|
exit (user_data->main (argc, argv, *user_data->envptr));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1157,10 +1156,12 @@ LoadDLLfunc (GetSidSubAuthority, 8, advapi32)
|
|||||||
LoadDLLfunc (GetSidSubAuthorityCount, 4, advapi32)
|
LoadDLLfunc (GetSidSubAuthorityCount, 4, advapi32)
|
||||||
LoadDLLfunc (GetTokenInformation, 20, advapi32)
|
LoadDLLfunc (GetTokenInformation, 20, advapi32)
|
||||||
LoadDLLfunc (GetUserNameA, 8, advapi32)
|
LoadDLLfunc (GetUserNameA, 8, advapi32)
|
||||||
|
LoadDLLfunc (ImpersonateLoggedOnUser, 4, advapi32)
|
||||||
LoadDLLfunc (InitializeAcl, 12, advapi32)
|
LoadDLLfunc (InitializeAcl, 12, advapi32)
|
||||||
LoadDLLfunc (InitializeSecurityDescriptor, 8, advapi32)
|
LoadDLLfunc (InitializeSecurityDescriptor, 8, advapi32)
|
||||||
LoadDLLfunc (InitializeSid, 12, advapi32)
|
LoadDLLfunc (InitializeSid, 12, advapi32)
|
||||||
LoadDLLfunc (IsValidSid, 4, advapi32)
|
LoadDLLfunc (IsValidSid, 4, advapi32)
|
||||||
|
LoadDLLfunc (LogonUserA, 24, advapi32)
|
||||||
LoadDLLfunc (LookupAccountNameA, 28, advapi32)
|
LoadDLLfunc (LookupAccountNameA, 28, advapi32)
|
||||||
LoadDLLfunc (LookupAccountSidA, 28, advapi32)
|
LoadDLLfunc (LookupAccountSidA, 28, advapi32)
|
||||||
LoadDLLfunc (LookupPrivilegeValueA, 12, advapi32)
|
LoadDLLfunc (LookupPrivilegeValueA, 12, advapi32)
|
||||||
@@ -1175,6 +1176,7 @@ LoadDLLfunc (RegQueryValueExA, 24, advapi32)
|
|||||||
LoadDLLfunc (RegSetValueExA, 24, advapi32)
|
LoadDLLfunc (RegSetValueExA, 24, advapi32)
|
||||||
LoadDLLfunc (RegisterEventSourceA, 8, advapi32)
|
LoadDLLfunc (RegisterEventSourceA, 8, advapi32)
|
||||||
LoadDLLfunc (ReportEventA, 36, advapi32)
|
LoadDLLfunc (ReportEventA, 36, advapi32)
|
||||||
|
LoadDLLfunc (RevertToSelf, 0, advapi32)
|
||||||
LoadDLLfunc (SetKernelObjectSecurity, 12, advapi32)
|
LoadDLLfunc (SetKernelObjectSecurity, 12, advapi32)
|
||||||
LoadDLLfunc (SetSecurityDescriptorDacl, 16, advapi32)
|
LoadDLLfunc (SetSecurityDescriptorDacl, 16, advapi32)
|
||||||
LoadDLLfunc (SetSecurityDescriptorGroup, 12, advapi32)
|
LoadDLLfunc (SetSecurityDescriptorGroup, 12, advapi32)
|
||||||
|
@@ -363,10 +363,16 @@ fork ()
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Remove impersonation */
|
||||||
|
uid_t uid = geteuid();
|
||||||
|
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
seteuid (myself->orig_uid);
|
||||||
|
|
||||||
|
char sa_buf[1024];
|
||||||
rc = CreateProcessA (myself->progname, /* image to run */
|
rc = CreateProcessA (myself->progname, /* image to run */
|
||||||
myself->progname, /* what we send in arg0 */
|
myself->progname, /* what we send in arg0 */
|
||||||
&sec_none_nih, /* process security attrs */
|
allow_ntsec ? sec_user (sa_buf) : &sec_none_nih,
|
||||||
&sec_none_nih, /* thread security attrs */
|
allow_ntsec ? sec_user (sa_buf) : &sec_none_nih,
|
||||||
TRUE, /* inherit handles from parent */
|
TRUE, /* inherit handles from parent */
|
||||||
c_flags,
|
c_flags,
|
||||||
NULL, /* environment filled in later */
|
NULL, /* environment filled in later */
|
||||||
@@ -384,9 +390,16 @@ fork ()
|
|||||||
ForceCloseHandle(subproc_ready);
|
ForceCloseHandle(subproc_ready);
|
||||||
ForceCloseHandle(forker_finished);
|
ForceCloseHandle(forker_finished);
|
||||||
subproc_ready = forker_finished = NULL;
|
subproc_ready = forker_finished = NULL;
|
||||||
|
/* Restore impersonation */
|
||||||
|
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
seteuid (uid);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Restore impersonation */
|
||||||
|
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
seteuid (uid);
|
||||||
|
|
||||||
ProtectHandle (pi.hThread);
|
ProtectHandle (pi.hThread);
|
||||||
/* Protect the handle but name it similarly to the way it will
|
/* Protect the handle but name it similarly to the way it will
|
||||||
be called in subproc handling. */
|
be called in subproc handling. */
|
||||||
@@ -410,6 +423,12 @@ fork ()
|
|||||||
memcpy (child->sidbuf, myself->sidbuf, 40);
|
memcpy (child->sidbuf, myself->sidbuf, 40);
|
||||||
memcpy (child->logsrv, myself->logsrv, 256);
|
memcpy (child->logsrv, myself->logsrv, 256);
|
||||||
memcpy (child->domain, myself->domain, MAX_COMPUTERNAME_LENGTH+1);
|
memcpy (child->domain, myself->domain, MAX_COMPUTERNAME_LENGTH+1);
|
||||||
|
child->token = myself->token;
|
||||||
|
child->impersonated = myself->impersonated;
|
||||||
|
child->orig_uid = myself->orig_uid;
|
||||||
|
child->orig_gid = myself->orig_gid;
|
||||||
|
child->real_uid = myself->real_uid;
|
||||||
|
child->real_gid = myself->real_gid;
|
||||||
set_child_mmap_ptr (child);
|
set_child_mmap_ptr (child);
|
||||||
|
|
||||||
/* Wait for subproc to initialize itself. */
|
/* Wait for subproc to initialize itself. */
|
||||||
@@ -494,6 +513,17 @@ fork ()
|
|||||||
debug_printf ("self %p, pid %d, ppid %d",
|
debug_printf ("self %p, pid %d, ppid %d",
|
||||||
myself, x, myself ? myself->ppid : -1);
|
myself, x, myself ? myself->ppid : -1);
|
||||||
|
|
||||||
|
/* Restore the inheritance state as in parent
|
||||||
|
Don't call setuid here! The flags are already set. */
|
||||||
|
if (myself->impersonated)
|
||||||
|
{
|
||||||
|
debug_printf ("Impersonation of child, token: %d", myself->token);
|
||||||
|
if (myself->token == INVALID_HANDLE_VALUE)
|
||||||
|
RevertToSelf (); // probably not needed
|
||||||
|
else if (!ImpersonateLoggedOnUser (myself->token))
|
||||||
|
system_printf ("Impersonate for forked child failed: %E");
|
||||||
|
}
|
||||||
|
|
||||||
sync_with_parent ("after longjmp.", TRUE);
|
sync_with_parent ("after longjmp.", TRUE);
|
||||||
ProtectHandle (hParent);
|
ProtectHandle (hParent);
|
||||||
|
|
||||||
|
@@ -106,10 +106,15 @@ details. */
|
|||||||
19: Export fchown, lchown, lacl
|
19: Export fchown, lchown, lacl
|
||||||
20: regsub, inet_network
|
20: regsub, inet_network
|
||||||
21: incompatible change to stdio cr/lf and buffering
|
21: incompatible change to stdio cr/lf and buffering
|
||||||
|
22: Export cygwin_logon_user, cygwin_set_impersonation_token.
|
||||||
|
geteuid, getegid return effective uid/gid.
|
||||||
|
getuid, getgid return real uid/gid.
|
||||||
|
seteuid, setegid set only effective uid/gid.
|
||||||
|
setuid, setgid set effective and real uid/gid.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define CYGWIN_VERSION_API_MAJOR 0
|
#define CYGWIN_VERSION_API_MAJOR 0
|
||||||
#define CYGWIN_VERSION_API_MINOR 21
|
#define CYGWIN_VERSION_API_MINOR 22
|
||||||
|
|
||||||
/* There is also a compatibity version number associated with the
|
/* There is also a compatibity version number associated with the
|
||||||
shared memory regions. It is incremented when incompatible
|
shared memory regions. It is incremented when incompatible
|
||||||
|
@@ -31,6 +31,9 @@ extern int cygwin_conv_to_full_posix_path (const char *, char *);
|
|||||||
extern int cygwin_posix_path_list_p (const char *);
|
extern int cygwin_posix_path_list_p (const char *);
|
||||||
extern void cygwin_split_path (const char *, char *, char *);
|
extern void cygwin_split_path (const char *, char *, char *);
|
||||||
|
|
||||||
|
extern HANDLE cygwin_logon_user (const struct passwd *, const char *);
|
||||||
|
extern void cygwin_set_impersonation_token (const HANDLE);
|
||||||
|
|
||||||
#ifdef _GNU_H_WINDOWS32_BASE
|
#ifdef _GNU_H_WINDOWS32_BASE
|
||||||
/* included if <windows.h> is included */
|
/* included if <windows.h> is included */
|
||||||
extern int cygwin32_attach_handle_to_fd (char *, int, HANDLE, int, int);
|
extern int cygwin32_attach_handle_to_fd (char *, int, HANDLE, int, int);
|
||||||
|
@@ -374,6 +374,73 @@ got_it:
|
|||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
extern "C"
|
||||||
|
void
|
||||||
|
cygwin_set_impersonation_token (const HANDLE hToken)
|
||||||
|
{
|
||||||
|
debug_printf ("set_impersonation_token (%d)", hToken);
|
||||||
|
if (myself->token != hToken)
|
||||||
|
{
|
||||||
|
if (myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
CloseHandle (myself->token);
|
||||||
|
myself->token = hToken;
|
||||||
|
myself->impersonated = FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
extern "C"
|
||||||
|
HANDLE
|
||||||
|
cygwin_logon_user (const struct passwd *pw, const char *password)
|
||||||
|
{
|
||||||
|
if (os_being_run != winNT)
|
||||||
|
{
|
||||||
|
set_errno (ENOSYS);
|
||||||
|
return INVALID_HANDLE_VALUE;
|
||||||
|
}
|
||||||
|
if (!pw)
|
||||||
|
{
|
||||||
|
set_errno (EINVAL);
|
||||||
|
return INVALID_HANDLE_VALUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
char *c, *nt_user, *nt_domain = NULL;
|
||||||
|
char usernamebuf[256];
|
||||||
|
HANDLE hToken;
|
||||||
|
|
||||||
|
strcpy (usernamebuf, pw->pw_name);
|
||||||
|
if (pw->pw_gecos)
|
||||||
|
{
|
||||||
|
if ((c = strstr (pw->pw_gecos, "U-")) != NULL &&
|
||||||
|
(c == pw->pw_gecos || c[-1] == ','))
|
||||||
|
{
|
||||||
|
usernamebuf[0] = '\0';
|
||||||
|
strncat (usernamebuf, c + 2, 255);
|
||||||
|
if ((c = strchr (usernamebuf, ',')) != NULL)
|
||||||
|
*c = '\0';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
nt_user = usernamebuf;
|
||||||
|
if ((c = strchr (nt_user, '\\')) != NULL)
|
||||||
|
{
|
||||||
|
nt_domain = nt_user;
|
||||||
|
*c = '\0';
|
||||||
|
nt_user = c + 1;
|
||||||
|
}
|
||||||
|
if (! LogonUserA (nt_user, nt_domain, (char *) password,
|
||||||
|
LOGON32_LOGON_INTERACTIVE,
|
||||||
|
LOGON32_PROVIDER_DEFAULT,
|
||||||
|
&hToken)
|
||||||
|
|| !SetHandleInformation (hToken,
|
||||||
|
HANDLE_FLAG_INHERIT,
|
||||||
|
HANDLE_FLAG_INHERIT))
|
||||||
|
{
|
||||||
|
__seterrno ();
|
||||||
|
return INVALID_HANDLE_VALUE;
|
||||||
|
}
|
||||||
|
debug_printf ("%d = logon_user(%s,...)", hToken, pw->pw_name);
|
||||||
|
return hToken;
|
||||||
|
}
|
||||||
|
|
||||||
/* read_sd reads a security descriptor from a file.
|
/* read_sd reads a security descriptor from a file.
|
||||||
In case of error, -1 is returned and errno is set.
|
In case of error, -1 is returned and errno is set.
|
||||||
If sd_buf is too small, 0 is returned and sd_size
|
If sd_buf is too small, 0 is returned and sd_size
|
||||||
|
@@ -93,6 +93,15 @@ class pinfo
|
|||||||
char logsrv[256]; /* Logon server, may be fully qualified DNS name */
|
char logsrv[256]; /* Logon server, may be fully qualified DNS name */
|
||||||
char domain[MAX_COMPUTERNAME_LENGTH+1]; /* Logon domain of the user */
|
char domain[MAX_COMPUTERNAME_LENGTH+1]; /* Logon domain of the user */
|
||||||
|
|
||||||
|
/* token is needed if sexec should be called. It can be set by a call
|
||||||
|
to `set_impersonation_token()'. */
|
||||||
|
HANDLE token;
|
||||||
|
BOOL impersonated;
|
||||||
|
uid_t orig_uid; /* Remains intact also after impersonation */
|
||||||
|
uid_t orig_gid; /* Ditto */
|
||||||
|
uid_t real_uid; /* Remains intact on seteuid, replaced by setuid */
|
||||||
|
gid_t real_gid; /* Ditto */
|
||||||
|
|
||||||
/* Non-zero if process was stopped by a signal. */
|
/* Non-zero if process was stopped by a signal. */
|
||||||
char stopsig;
|
char stopsig;
|
||||||
|
|
||||||
|
@@ -503,6 +503,9 @@ skip_arg_parsing:
|
|||||||
/* Preallocated buffer for `sec_user' call */
|
/* Preallocated buffer for `sec_user' call */
|
||||||
char sa_buf[1024];
|
char sa_buf[1024];
|
||||||
|
|
||||||
|
if (!hToken && myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
hToken = myself->token;
|
||||||
|
|
||||||
if (hToken)
|
if (hToken)
|
||||||
{
|
{
|
||||||
/* allow the child to interact with our window station/desktop */
|
/* allow the child to interact with our window station/desktop */
|
||||||
@@ -535,6 +538,11 @@ skip_arg_parsing:
|
|||||||
else
|
else
|
||||||
system_printf ("GetTokenInformation: %E");
|
system_printf ("GetTokenInformation: %E");
|
||||||
|
|
||||||
|
/* Remove impersonation */
|
||||||
|
uid_t uid = geteuid();
|
||||||
|
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
seteuid (myself->orig_uid);
|
||||||
|
|
||||||
rc = CreateProcessAsUser (hToken,
|
rc = CreateProcessAsUser (hToken,
|
||||||
real_path, /* image name - with full path */
|
real_path, /* image name - with full path */
|
||||||
one_line.buf, /* what was passed to exec */
|
one_line.buf, /* what was passed to exec */
|
||||||
@@ -550,6 +558,9 @@ skip_arg_parsing:
|
|||||||
0, /* use current drive/directory */
|
0, /* use current drive/directory */
|
||||||
&si,
|
&si,
|
||||||
&pi);
|
&pi);
|
||||||
|
/* Restore impersonation */
|
||||||
|
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
seteuid (uid);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
rc = CreateProcessA (real_path, /* image name - with full path */
|
rc = CreateProcessA (real_path, /* image name - with full path */
|
||||||
|
@@ -1796,6 +1796,92 @@ mknod ()
|
|||||||
extern "C"
|
extern "C"
|
||||||
int
|
int
|
||||||
setgid (gid_t gid)
|
setgid (gid_t gid)
|
||||||
|
{
|
||||||
|
int ret = setegid (gid);
|
||||||
|
if (!ret)
|
||||||
|
myself->real_gid = myself->gid;
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* setuid: POSIX 4.2.2.1 */
|
||||||
|
extern "C"
|
||||||
|
int
|
||||||
|
setuid (uid_t uid)
|
||||||
|
{
|
||||||
|
int ret = seteuid (uid);
|
||||||
|
if (!ret)
|
||||||
|
myself->real_uid = myself->uid;
|
||||||
|
debug_printf ("real: %d, effective: %d", myself->real_uid, myself->uid);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
extern char *internal_getlogin (struct pinfo *pi);
|
||||||
|
|
||||||
|
/* seteuid: standards? */
|
||||||
|
extern "C"
|
||||||
|
int
|
||||||
|
seteuid (uid_t uid)
|
||||||
|
{
|
||||||
|
if (os_being_run == winNT)
|
||||||
|
{
|
||||||
|
if (uid != (uid_t) -1)
|
||||||
|
{
|
||||||
|
struct passwd *pw_new = getpwuid (uid);
|
||||||
|
if (!pw_new)
|
||||||
|
{
|
||||||
|
set_errno (EINVAL);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (uid != myself->uid)
|
||||||
|
if (uid == myself->orig_uid)
|
||||||
|
{
|
||||||
|
debug_printf ("RevertToSelf() (uid == orig_uid, token=%d)",
|
||||||
|
myself->token);
|
||||||
|
RevertToSelf();
|
||||||
|
if (myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
myself->impersonated = FALSE;
|
||||||
|
}
|
||||||
|
else if (!myself->impersonated)
|
||||||
|
{
|
||||||
|
debug_printf ("Impersonate(uid == %d)", uid);
|
||||||
|
RevertToSelf();
|
||||||
|
if (myself->token != INVALID_HANDLE_VALUE)
|
||||||
|
if (!ImpersonateLoggedOnUser (myself->token))
|
||||||
|
system_printf ("Impersonate(%d) in set(e)uid failed: %E",
|
||||||
|
myself->token);
|
||||||
|
else
|
||||||
|
myself->impersonated = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct pinfo pi;
|
||||||
|
pi.psid = (PSID) pi.sidbuf;
|
||||||
|
struct passwd *pw_cur = getpwnam (internal_getlogin (&pi));
|
||||||
|
if (pw_cur != pw_new)
|
||||||
|
{
|
||||||
|
debug_printf ("Diffs!!! token: %d, cur: %d, new: %d, orig: %d",
|
||||||
|
myself->token, pw_cur->pw_uid,
|
||||||
|
pw_new->pw_uid, myself->orig_uid);
|
||||||
|
set_errno (EPERM);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
myself->uid = uid;
|
||||||
|
strcpy (myself->username, pi.username);
|
||||||
|
CopySid (40, myself->psid, pi.psid);
|
||||||
|
strcpy (myself->logsrv, pi.logsrv);
|
||||||
|
strcpy (myself->domain, pi.domain);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
set_errno (ENOSYS);
|
||||||
|
debug_printf ("real: %d, effective: %d", myself->real_uid, myself->uid);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* setegid: from System V. */
|
||||||
|
extern "C"
|
||||||
|
int
|
||||||
|
setegid (gid_t gid)
|
||||||
{
|
{
|
||||||
if (os_being_run == winNT)
|
if (os_being_run == winNT)
|
||||||
{
|
{
|
||||||
@@ -1814,60 +1900,6 @@ setgid (gid_t gid)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
extern char *internal_getlogin (struct pinfo *pi);
|
|
||||||
|
|
||||||
/* setuid: POSIX 4.2.2.1 */
|
|
||||||
extern "C"
|
|
||||||
int
|
|
||||||
setuid (uid_t uid)
|
|
||||||
{
|
|
||||||
if (os_being_run == winNT)
|
|
||||||
{
|
|
||||||
if (uid != (uid_t) -1)
|
|
||||||
{
|
|
||||||
struct passwd *pw_new = getpwuid (uid);
|
|
||||||
if (!pw_new)
|
|
||||||
{
|
|
||||||
set_errno (EINVAL);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
struct pinfo pi;
|
|
||||||
pi.psid = (PSID) pi.sidbuf;
|
|
||||||
struct passwd *pw_cur = getpwnam (internal_getlogin (&pi));
|
|
||||||
if (pw_cur != pw_new)
|
|
||||||
{
|
|
||||||
set_errno (EPERM);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
myself->uid = uid;
|
|
||||||
strcpy (myself->username, pi.username);
|
|
||||||
CopySid (40, myself->psid, pi.psid);
|
|
||||||
strcpy (myself->logsrv, pi.logsrv);
|
|
||||||
strcpy (myself->domain, pi.domain);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
set_errno (ENOSYS);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* seteuid: standards? */
|
|
||||||
extern "C"
|
|
||||||
int
|
|
||||||
seteuid (uid_t uid)
|
|
||||||
{
|
|
||||||
return setuid (uid);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* setegid: from System V. */
|
|
||||||
extern "C"
|
|
||||||
int
|
|
||||||
setegid (gid_t gid)
|
|
||||||
{
|
|
||||||
return setgid (gid);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* chroot: privileged Unix system call. */
|
/* chroot: privileged Unix system call. */
|
||||||
extern "C"
|
extern "C"
|
||||||
int
|
int
|
||||||
|
@@ -126,6 +126,11 @@ uinfo_init ()
|
|||||||
myself->uid = DEFAULT_UID;
|
myself->uid = DEFAULT_UID;
|
||||||
myself->gid = DEFAULT_GID;
|
myself->gid = DEFAULT_GID;
|
||||||
}
|
}
|
||||||
|
/* Set to non impersonated value. */
|
||||||
|
myself->token = INVALID_HANDLE_VALUE;
|
||||||
|
myself->impersonated = TRUE;
|
||||||
|
myself->orig_uid = myself->real_uid = myself->uid;
|
||||||
|
myself->orig_gid = myself->real_gid = myself->gid;
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" char *
|
extern "C" char *
|
||||||
@@ -143,25 +148,25 @@ getlogin (void)
|
|||||||
extern "C" uid_t
|
extern "C" uid_t
|
||||||
getuid (void)
|
getuid (void)
|
||||||
{
|
{
|
||||||
return myself->uid;
|
return myself->real_uid;
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" gid_t
|
extern "C" gid_t
|
||||||
getgid (void)
|
getgid (void)
|
||||||
{
|
{
|
||||||
return myself->gid;
|
return myself->real_gid;
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" uid_t
|
extern "C" uid_t
|
||||||
geteuid (void)
|
geteuid (void)
|
||||||
{
|
{
|
||||||
return getuid ();
|
return myself->uid;
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" gid_t
|
extern "C" gid_t
|
||||||
getegid (void)
|
getegid (void)
|
||||||
{
|
{
|
||||||
return getgid ();
|
return myself->gid;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Not quite right - cuserid can change, getlogin can't */
|
/* Not quite right - cuserid can change, getlogin can't */
|
||||||
|
Reference in New Issue
Block a user