* cygheap.h (enum impersonation): New enum.
(cygheap_user::token): Delete. (cygheap_user::impersonated): Delete. (cygheap_user::external_token): New member. (cygheap_user::internal_token): New member. (cygheap_user::impersonation_state): New member. (cygheap_user::issetuid): Modify. (cygheap_user::token): New method. (cygheap_user::deimpersonate): New method. (cygheap_user::reimpersonate): New method. (cygheap_user::has_impersonation_tokens): New method. (cygheap_user::close_impersonation_tokens): New method. * dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods. * fhandler_socket.cc (fhandler_socket::dup): Ditto. * fork.cc (fork_child): Ditto. (fork_parent): Ditto. * grp.cc (internal_getgroups): Ditto. * security.cc (verify_token): Ditto. (check_file_access): Ditto. (cygwin_set_impersonation_token): Detect conflicts. Set user.external_token. * spawn.cc (spawn_guts): Use new cygheap_user methods. * syscalls.cc (seteuid32): Rearrange to use the two tokens in cygheap_user. (setegid32): Use new cygheap_user methods. * uinfo.cc: (internal_getlogin): Ditto.
This commit is contained in:
@@ -236,14 +236,7 @@ fork_child (HANDLE& hParent, dll *&first_dll, bool& load_dlls)
|
||||
|
||||
/* Restore the inheritance state as in parent
|
||||
Don't call setuid here! The flags are already set. */
|
||||
if (cygheap->user.impersonated)
|
||||
{
|
||||
debug_printf ("Impersonation of child, token: %d", cygheap->user.token);
|
||||
if (cygheap->user.token == INVALID_HANDLE_VALUE)
|
||||
RevertToSelf (); // probably not needed
|
||||
else if (!ImpersonateLoggedOnUser (cygheap->user.token))
|
||||
system_printf ("Impersonate for forked child failed: %E");
|
||||
}
|
||||
cygheap->user.reimpersonate ();
|
||||
|
||||
sync_with_parent ("after longjmp.", TRUE);
|
||||
sigproc_printf ("hParent %p, child 1 first_dll %p, load_dlls %d", hParent,
|
||||
@@ -436,8 +429,7 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
|
||||
si.cbReserved2 = sizeof (ch);
|
||||
|
||||
/* Remove impersonation */
|
||||
if (cygheap->user.issetuid ())
|
||||
RevertToSelf ();
|
||||
cygheap->user.deimpersonate ();
|
||||
|
||||
ch.parent = hParent;
|
||||
#ifdef DEBUGGING
|
||||
@@ -485,8 +477,7 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
|
||||
ForceCloseHandle (subproc_ready);
|
||||
ForceCloseHandle (forker_finished);
|
||||
/* Restore impersonation */
|
||||
if (cygheap->user.issetuid ())
|
||||
ImpersonateLoggedOnUser (cygheap->user.token);
|
||||
cygheap->user.reimpersonate ();
|
||||
cygheap_setup_for_child_cleanup (newheap, &ch, 0);
|
||||
return -1;
|
||||
}
|
||||
@@ -513,8 +504,7 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
|
||||
strcpy (forked->progname, myself->progname);
|
||||
|
||||
/* Restore impersonation */
|
||||
if (cygheap->user.issetuid ())
|
||||
ImpersonateLoggedOnUser (cygheap->user.token);
|
||||
cygheap->user.reimpersonate ();
|
||||
|
||||
ProtectHandle (pi.hThread);
|
||||
/* Protect the handle but name it similarly to the way it will
|
||||
|
Reference in New Issue
Block a user