JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Cygwin: user profile: Make an effort to unload unused user profiles

Browse Source 
Does this work?  There's not much feedback given.

TODO: We might want to try unloading the user profile at process
exit as well, FWIW.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2019-02-23 17:30:44 +01:00
parent 331653a215
commit 71b8777a71
6 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
winsup/cygwin/autoload.cc
View File

@ -699,6 +699,7 @@ LoadDLLfuncEx (CreateEnvironmentBlock, 12, userenv, 1)
LoadDLLfuncEx2 (CreateProfile, 16, userenv, 1, 1) LoadDLLfuncEx2 (CreateProfile, 16, userenv, 1, 1)
LoadDLLfunc (DestroyEnvironmentBlock, 4, userenv) LoadDLLfunc (DestroyEnvironmentBlock, 4, userenv)
LoadDLLfunc (LoadUserProfileW, 8, userenv) LoadDLLfunc (LoadUserProfileW, 8, userenv)
LoadDLLfunc (UnloadUserProfile, 8, userenv)
LoadDLLfuncEx3 (waveInAddBuffer, 12, winmm, 1, 0, 1) LoadDLLfuncEx3 (waveInAddBuffer, 12, winmm, 1, 0, 1)
LoadDLLfuncEx3 (waveInClose, 4, winmm, 1, 0, 1) LoadDLLfuncEx3 (waveInClose, 4, winmm, 1, 0, 1)

3
winsup/cygwin/cygheap.h
View File

@ -106,6 +106,9 @@ public:
HANDLE curr_primary_token; /* Just a copy of external or internal token */ HANDLE curr_primary_token; /* Just a copy of external or internal token */
HANDLE curr_imp_token; /* impersonation token derived from primary HANDLE curr_imp_token; /* impersonation token derived from primary
token */ token */
HANDLE imp_profile_token; /* Handle to the token used to load the
user profile in "imp_profile" */
HANDLE imp_profile; /* Handle to the user profile */
bool ext_token_is_restricted; /* external_token is restricted token */ bool ext_token_is_restricted; /* external_token is restricted token */
bool curr_token_is_restricted; /* curr_primary_token is restricted token */ bool curr_token_is_restricted; /* curr_primary_token is restricted token */
bool setuid_to_restricted; /* switch to restricted token by setuid () */ bool setuid_to_restricted; /* switch to restricted token by setuid () */

6
winsup/cygwin/sec_auth.cc
View File

@ -306,6 +306,12 @@ load_user_profile (HANDLE token, struct passwd *pw, cygpsid &usersid)
return pi.hProfile; return pi.hProfile;
} }
bool
unload_user_profile (HANDLE token, HANDLE profile)
{
return UnloadUserProfile (token, profile);
}
HANDLE HANDLE
lsa_open_policy (PWCHAR server, ACCESS_MASK access) lsa_open_policy (PWCHAR server, ACCESS_MASK access)
{ {

1
winsup/cygwin/security.h
View File

@ -502,6 +502,7 @@ PWCHAR get_user_profile_directory (PCWSTR sidstr, PWCHAR path, SIZE_T path_len);
/* Load user profile if it's not already loaded. */ /* Load user profile if it's not already loaded. */
HANDLE load_user_profile (HANDLE token, struct passwd *pw, cygpsid &sid); HANDLE load_user_profile (HANDLE token, struct passwd *pw, cygpsid &sid);
bool unload_user_profile (HANDLE token, HANDLE profile);
HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access); HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access);
void lsa_close_policy (HANDLE lsa); void lsa_close_policy (HANDLE lsa);

15
winsup/cygwin/syscalls.cc
View File

@ -3603,8 +3603,17 @@ seteuid32 (uid_t uid)
{ {
NTSTATUS status; NTSTATUS status;
if (!request_restricted_uid_switch) if (!request_restricted_uid_switch
load_user_profile (new_token, pw_new, usersid); && new_token != cygheap->user.imp_profile_token)
{
if (cygheap->user.imp_profile_token && cygheap->user.imp_profile)
unload_user_profile (cygheap->user.imp_profile_token,
cygheap->user.imp_profile);
cygheap->user.imp_profile = load_user_profile (new_token, pw_new,
usersid);
if (cygheap->user.imp_profile)
cygheap->user.imp_profile_token = new_token;
}
/* Try setting owner to same value as user. */ /* Try setting owner to same value as user. */
status = NtSetInformationToken (new_token, TokenOwner, status = NtSetInformationToken (new_token, TokenOwner,
@ -3634,7 +3643,7 @@ seteuid32 (uid_t uid)
issamesid = (usersid == cygheap->user.sid ()); issamesid = (usersid == cygheap->user.sid ());
cygheap->user.set_sid (usersid); cygheap->user.set_sid (usersid);
cygheap->user.curr_primary_token = new_token == hProcToken ? NO_IMPERSONATION cygheap->user.curr_primary_token = new_token == hProcToken ? NO_IMPERSONATION
: new_token; : new_token;
cygheap->user.curr_token_is_restricted = false; cygheap->user.curr_token_is_restricted = false;
cygheap->user.setuid_to_restricted = false; cygheap->user.setuid_to_restricted = false;
if (cygheap->user.curr_imp_token != NO_IMPERSONATION) if (cygheap->user.curr_imp_token != NO_IMPERSONATION)

2
winsup/cygwin/uinfo.cc
View File

@ -239,6 +239,8 @@ uinfo_init ()
cygheap->user.internal_token = NO_IMPERSONATION; cygheap->user.internal_token = NO_IMPERSONATION;
cygheap->user.curr_primary_token = NO_IMPERSONATION; cygheap->user.curr_primary_token = NO_IMPERSONATION;
cygheap->user.curr_imp_token = NO_IMPERSONATION; cygheap->user.curr_imp_token = NO_IMPERSONATION;
cygheap->user.imp_profile_token = NO_IMPERSONATION;
cygheap->user.imp_profile = NULL;
cygheap->user.ext_token_is_restricted = false; cygheap->user.ext_token_is_restricted = false;
cygheap->user.curr_token_is_restricted = false; cygheap->user.curr_token_is_restricted = false;
cygheap->user.setuid_to_restricted = false; cygheap->user.setuid_to_restricted = false;