2003-09-09 Pierre Humblet <pierre.humblet@ieee.org>
* shared_info.h: Include security.h. (open_shared): Add psa argument. (user_shared_initialize): New declaration. * security.h: Add _SECURITY_H guard. (sec_user): Use sec_none in the no ntsec case. * spawn.cc (spawn_guts): Remove call to load_registry_hive. * syscalls (seteuid32): If warranted, call load_registry_hive, user_shared_initialize and RegCloseKey(HKEY_CURRENT_USER). * shared.cc (user_shared_initialize): New. (open_shared): Add and use psa argument. (memory_init): Move mount table initialization to user_shared_initialize. Call it.
This commit is contained in:
Pierre Humblet
@@ -1,3 +1,18 @@
|
||||
2003-09-09 Pierre Humblet <pierre.humblet@ieee.org>
|
||||
|
||||
* shared_info.h: Include security.h.
|
||||
(open_shared): Add psa argument.
|
||||
(user_shared_initialize): New declaration.
|
||||
* security.h: Add _SECURITY_H guard.
|
||||
(sec_user): Use sec_none in the no ntsec case.
|
||||
* spawn.cc (spawn_guts): Remove call to load_registry_hive.
|
||||
* syscalls (seteuid32): If warranted, call load_registry_hive,
|
||||
user_shared_initialize and RegCloseKey(HKEY_CURRENT_USER).
|
||||
* shared.cc (user_shared_initialize): New.
|
||||
(open_shared): Add and use psa argument.
|
||||
(memory_init): Move mount table initialization to
|
||||
user_shared_initialize. Call it.
|
||||
|
||||
2003-09-09 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* mmap.cc (mmap64): Change address types from caddr_t to void *
|
||||
|
||||
@@ -8,6 +8,9 @@ This software is a copyrighted work licensed under the terms of the
|
||||
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
||||
details. */
|
||||
|
||||
#ifndef _SECURITY_H
|
||||
#define _SECURITY_H
|
||||
|
||||
#include <accctrl.h>
|
||||
|
||||
#define DEFAULT_UID DOMAIN_USER_RID_ADMIN
|
||||
@@ -271,5 +274,6 @@ sec_user_nih (char sa_buf[], PSID sid = NULL)
|
||||
extern inline SECURITY_ATTRIBUTES *
|
||||
sec_user (char sa_buf[], PSID sid = NULL)
|
||||
{
|
||||
return allow_ntsec ? __sec_user (sa_buf, sid, TRUE) : &sec_none_nih;
|
||||
return allow_ntsec ? __sec_user (sa_buf, sid, TRUE) : &sec_none;
|
||||
}
|
||||
#endif /*_SECURITY_H*/
|
||||
|
||||
@@ -67,7 +67,8 @@ static char *offsets[] =
|
||||
};
|
||||
|
||||
void * __stdcall
|
||||
open_shared (const char *name, int n, HANDLE &shared_h, DWORD size, shared_locations m)
|
||||
open_shared (const char *name, int n, HANDLE &shared_h, DWORD size,
|
||||
shared_locations m, PSECURITY_ATTRIBUTES psa)
|
||||
{
|
||||
void *shared;
|
||||
|
||||
@@ -96,7 +97,7 @@ open_shared (const char *name, int n, HANDLE &shared_h, DWORD size, shared_locat
|
||||
TRUE, mapname);
|
||||
}
|
||||
if (!shared_h &&
|
||||
!(shared_h = CreateFileMapping (INVALID_HANDLE_VALUE, &sec_all,
|
||||
!(shared_h = CreateFileMapping (INVALID_HANDLE_VALUE, psa,
|
||||
PAGE_READWRITE, 0, size, mapname)))
|
||||
api_fatal ("CreateFileMapping, %E. Terminating.");
|
||||
}
|
||||
@@ -144,6 +145,71 @@ open_shared (const char *name, int n, HANDLE &shared_h, DWORD size, shared_locat
|
||||
return shared;
|
||||
}
|
||||
|
||||
void
|
||||
user_shared_initialize ()
|
||||
{
|
||||
char name[UNLEN + 1] = "";
|
||||
|
||||
/* Temporary code. Will be cleaned up later */
|
||||
if (wincap.has_security ())
|
||||
{
|
||||
HANDLE ptok = NULL;
|
||||
DWORD siz;
|
||||
cygsid tu;
|
||||
|
||||
if (cygwin_mount_h) /* Reinit */
|
||||
tu = cygheap->user.sid ();
|
||||
else
|
||||
{
|
||||
if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
|
||||
&ptok))
|
||||
system_printf ("OpenProcessToken(): %E");
|
||||
else if (!GetTokenInformation (ptok, TokenUser, &tu, sizeof tu, &siz))
|
||||
system_printf ("GetTokenInformation (TokenUser): %E");
|
||||
else
|
||||
tu.string (name);
|
||||
if (ptok)
|
||||
CloseHandle (ptok);
|
||||
}
|
||||
tu.string (name);
|
||||
}
|
||||
else
|
||||
strcpy (name, cygheap->user.name ());
|
||||
|
||||
if (cygwin_mount_h)
|
||||
{
|
||||
if (!UnmapViewOfFile (mount_table))
|
||||
debug_printf("UnmapViewOfFile %E");
|
||||
if (!ForceCloseHandle (cygwin_mount_h))
|
||||
debug_printf("CloseHandle %E");
|
||||
cygwin_mount_h = NULL;
|
||||
}
|
||||
|
||||
mount_table = (mount_info *) open_shared (name, MOUNT_VERSION,
|
||||
cygwin_mount_h, sizeof (mount_info),
|
||||
SH_MOUNT_TABLE, &sec_none);
|
||||
debug_printf ("opening mount table for '%s' at %p", name,
|
||||
mount_table);
|
||||
ProtectHandleINH (cygwin_mount_h);
|
||||
debug_printf ("mount table version %x at %p", mount_table->version, mount_table);
|
||||
|
||||
/* Initialize the Cygwin per-user mount table, if necessary */
|
||||
if (!mount_table->version)
|
||||
{
|
||||
mount_table->version = MOUNT_VERSION_MAGIC;
|
||||
debug_printf ("initializing mount table");
|
||||
mount_table->cb = sizeof (*mount_table);
|
||||
if (mount_table->cb != MOUNT_INFO_CB)
|
||||
system_printf ("size of mount table region changed from %u to %u",
|
||||
MOUNT_INFO_CB, mount_table->cb);
|
||||
mount_table->init (); /* Initialize the mount table. */
|
||||
}
|
||||
else if (mount_table->version != MOUNT_VERSION_MAGIC)
|
||||
multiple_cygwin_problem ("mount", mount_table->version, MOUNT_VERSION);
|
||||
else if (mount_table->cb != MOUNT_INFO_CB)
|
||||
multiple_cygwin_problem ("mount table size", mount_table->cb, MOUNT_INFO_CB);
|
||||
}
|
||||
|
||||
void
|
||||
shared_info::initialize (const char *user_name)
|
||||
{
|
||||
@@ -208,31 +274,7 @@ memory_init ()
|
||||
cygheap->shared_h = shared_h;
|
||||
ProtectHandleINH (cygheap->shared_h);
|
||||
|
||||
/* Allocate memory for the per-user mount table */
|
||||
mount_table = (mount_info *) open_shared (user_name, MOUNT_VERSION,
|
||||
cygwin_mount_h, sizeof (mount_info),
|
||||
SH_MOUNT_TABLE);
|
||||
debug_printf ("opening mount table for '%s' at %p", cygheap->user.name (),
|
||||
mount_table);
|
||||
ProtectHandleINH (cygwin_mount_h);
|
||||
debug_printf ("mount table version %x at %p", mount_table->version, mount_table);
|
||||
|
||||
/* Initialize the Cygwin per-user mount table, if necessary */
|
||||
if (!mount_table->version)
|
||||
{
|
||||
mount_table->version = MOUNT_VERSION_MAGIC;
|
||||
debug_printf ("initializing mount table");
|
||||
mount_table->cb = sizeof (*mount_table);
|
||||
if (mount_table->cb != MOUNT_INFO_CB)
|
||||
system_printf ("size of mount table region changed from %u to %u",
|
||||
MOUNT_INFO_CB, mount_table->cb);
|
||||
mount_table->init (); /* Initialize the mount table. */
|
||||
}
|
||||
else if (mount_table->version != MOUNT_VERSION_MAGIC)
|
||||
multiple_cygwin_problem ("mount", mount_table->version, MOUNT_VERSION);
|
||||
else if (mount_table->cb != MOUNT_INFO_CB)
|
||||
multiple_cygwin_problem ("mount table size", mount_table->cb, MOUNT_INFO_CB);
|
||||
|
||||
user_shared_initialize ();
|
||||
}
|
||||
|
||||
unsigned
|
||||
|
||||
@@ -9,6 +9,7 @@ Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
||||
details. */
|
||||
|
||||
#include "tty.h"
|
||||
#include "security.h"
|
||||
|
||||
/* Mount table entry */
|
||||
|
||||
@@ -189,4 +190,7 @@ struct console_state
|
||||
#endif
|
||||
|
||||
char *__stdcall shared_name (char *, const char *, int);
|
||||
void *__stdcall open_shared (const char *name, int n, HANDLE &shared_h, DWORD size, shared_locations);
|
||||
void *__stdcall open_shared (const char *name, int n, HANDLE &shared_h, DWORD size,
|
||||
shared_locations, PSECURITY_ATTRIBUTES psa = &sec_all);
|
||||
extern void user_shared_initialize ();
|
||||
|
||||
|
||||
@@ -654,9 +654,6 @@ spawn_guts (const char * prog_arg, const char *const *argv,
|
||||
/* Set security attributes with sid */
|
||||
PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);
|
||||
|
||||
/* Load users registry hive. */
|
||||
load_registry_hive (sid);
|
||||
|
||||
/* allow the child to interact with our window station/desktop */
|
||||
HANDLE hwst, hdsk;
|
||||
SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
|
||||
|
||||
@@ -2076,8 +2076,8 @@ seteuid32 (__uid32_t uid)
|
||||
user_groups &groups = cygheap->user.groups;
|
||||
HANDLE ptok, new_token = INVALID_HANDLE_VALUE;
|
||||
struct passwd * pw_new;
|
||||
PSID origpsid, psid2 = NO_SID;
|
||||
BOOL token_is_internal;
|
||||
cygpsid origpsid, psid2 (NO_SID);
|
||||
BOOL token_is_internal, issamesid;
|
||||
|
||||
pw_new = internal_getpwuid (uid);
|
||||
if (!wincap.has_security () && pw_new)
|
||||
@@ -2154,6 +2154,9 @@ seteuid32 (__uid32_t uid)
|
||||
}
|
||||
else if (new_token != ptok)
|
||||
{
|
||||
/* Avoid having HKCU use default user */
|
||||
load_registry_hive (usersid);
|
||||
|
||||
/* Try setting owner to same value as user. */
|
||||
if (!SetTokenInformation (new_token, TokenOwner,
|
||||
&usersid, sizeof usersid))
|
||||
@@ -2168,10 +2171,16 @@ seteuid32 (__uid32_t uid)
|
||||
}
|
||||
|
||||
CloseHandle (ptok);
|
||||
issamesid = (usersid == (psid2 = cygheap->user.sid ()));
|
||||
cygheap->user.set_sid (usersid);
|
||||
cygheap->user.current_token = new_token == ptok ? INVALID_HANDLE_VALUE
|
||||
: new_token;
|
||||
: new_token;
|
||||
if (!issamesid) /* MS KB 199190 */
|
||||
RegCloseKey(HKEY_CURRENT_USER);
|
||||
cygheap->user.reimpersonate ();
|
||||
if (!issamesid)
|
||||
user_shared_initialize ();
|
||||
|
||||
success_9x:
|
||||
cygheap->user.set_name (pw_new->pw_name);
|
||||
myself->uid = uid;
|
||||
|
||||
Reference in New Issue
Block a user