* cygheap.h (enum impersonation): New enum.

(cygheap_user::token): Delete.
	(cygheap_user::impersonated): Delete.
	(cygheap_user::external_token): New member.
	(cygheap_user::internal_token): New member.
	(cygheap_user::impersonation_state): New member.
	(cygheap_user::issetuid): Modify.
	(cygheap_user::token): New method.
	(cygheap_user::deimpersonate): New method.
	(cygheap_user::reimpersonate): New method.
	(cygheap_user::has_impersonation_tokens): New method.
	(cygheap_user::close_impersonation_tokens): New method.
	* dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods.
	* fhandler_socket.cc (fhandler_socket::dup): Ditto.
	* fork.cc (fork_child): Ditto.
	(fork_parent): Ditto.
	* grp.cc (internal_getgroups): Ditto.
	* security.cc (verify_token): Ditto.
	(check_file_access): Ditto.
	(cygwin_set_impersonation_token): Detect conflicts. Set
	user.external_token.
	* spawn.cc (spawn_guts): Use new cygheap_user methods.
	* syscalls.cc (seteuid32): Rearrange to use the two tokens
	in cygheap_user.
	(setegid32): Use new cygheap_user methods.
	* uinfo.cc: (internal_getlogin): Ditto.
This commit is contained in:
Corinna Vinschen
2003-06-30 13:07:36 +00:00
parent 3fbdb70ec6
commit 70249d5687
10 changed files with 160 additions and 115 deletions

View File

@@ -70,10 +70,16 @@ extern "C" void
cygwin_set_impersonation_token (const HANDLE hToken)
{
debug_printf ("set_impersonation_token (%d)", hToken);
if (cygheap->user.token != hToken)
if (cygheap->user.impersonation_state == IMP_EXTERNAL
&& cygheap->user.external_token != hToken)
{
cygheap->user.token = hToken;
cygheap->user.impersonated = FALSE;
set_errno (EPERM);
return;
}
else
{
cygheap->user.external_token = hToken;
return;
}
}
@@ -717,7 +723,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
if (pintern)
{
TOKEN_SOURCE ts;
if (!GetTokenInformation (cygheap->user.token, TokenSource,
if (!GetTokenInformation (token, TokenSource,
&ts, sizeof ts, &size))
debug_printf ("GetTokenInformation(): %E");
else
@@ -1906,7 +1912,7 @@ check_file_access (const char *fn, int flags)
goto done;
if (cygheap->user.issetuid ())
hToken = cygheap->user.token;
hToken = cygheap->user.token ();
else if (!OpenProcessToken (hMainProc, TOKEN_DUPLICATE, &hToken))
{
__seterrno ();
@@ -1914,7 +1920,7 @@ check_file_access (const char *fn, int flags)
}
if (!(status = DuplicateToken (hToken, SecurityIdentification, &hIToken)))
__seterrno ();
if (hToken != cygheap->user.token)
if (!cygheap->user.issetuid ())
CloseHandle (hToken);
if (!status)
goto done;