2003-10-16 Pierre Humblet <pierre.humblet@ieee.org>
* syscalls.cc (seteuid32): Always construct a default DACL including the new sid, Admins and SYSTEM and copy it to the new thread token. * security.cc (create_token): Use a NULL default DACL in NtCreateToken.
This commit is contained in:
Pierre Humblet
parent
abfc9c412c
commit
9808b5c420
@ -815,8 +815,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
|
||||
PTOKEN_PRIVILEGES privs = NULL;
|
||||
TOKEN_OWNER owner;
|
||||
TOKEN_PRIMARY_GROUP pgrp;
|
||||
char acl_buf[MAX_DACL_LEN (5)];
|
||||
TOKEN_DEFAULT_DACL dacl;
|
||||
TOKEN_DEFAULT_DACL dacl = {};
|
||||
TOKEN_SOURCE source;
|
||||
TOKEN_STATISTICS stats;
|
||||
memcpy (source.SourceName, "Cygwin.1", 8);
|
||||
@ -905,13 +904,6 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
|
||||
if (!(privs = get_priv_list (lsa, usersid, tmp_gsids)))
|
||||
goto out;
|
||||
|
||||
/* Create default dacl. */
|
||||
if (!sec_acl ((PACL) acl_buf, false, false,
|
||||
tmp_gsids.contains (well_known_admins_sid) ?
|
||||
well_known_admins_sid : usersid))
|
||||
goto out;
|
||||
dacl.DefaultDacl = (PACL) acl_buf;
|
||||
|
||||
/* Let's be heroic... */
|
||||
ret = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation,
|
||||
&auth_luid, &exp, &user, new_tok_gsids, privs, &owner,
|
||||
|
||||
@ -2121,6 +2121,8 @@ seteuid32 (__uid32_t uid)
|
||||
HANDLE ptok, new_token = INVALID_HANDLE_VALUE;
|
||||
struct passwd * pw_new;
|
||||
BOOL token_is_internal, issamesid;
|
||||
char dacl_buf[MAX_DACL_LEN (5)];
|
||||
TOKEN_DEFAULT_DACL tdacl = {};
|
||||
|
||||
pw_new = internal_getpwuid (uid);
|
||||
if (!wincap.has_security () && pw_new)
|
||||
@ -2161,19 +2163,14 @@ seteuid32 (__uid32_t uid)
|
||||
debug_printf ("Found token %d", new_token);
|
||||
|
||||
/* Set process def dacl to allow access to impersonated token */
|
||||
if (cygheap->user.current_token != new_token)
|
||||
if (sec_acl ((PACL) dacl_buf, true, true, usersid))
|
||||
{
|
||||
char dacl_buf[MAX_DACL_LEN (5)];
|
||||
if (sec_acl ((PACL) dacl_buf, true, false, usersid))
|
||||
{
|
||||
TOKEN_DEFAULT_DACL tdacl;
|
||||
tdacl.DefaultDacl = (PACL) dacl_buf;
|
||||
if (!SetTokenInformation (ptok, TokenDefaultDacl,
|
||||
&tdacl, sizeof dacl_buf))
|
||||
debug_printf ("SetTokenInformation"
|
||||
"(TokenDefaultDacl): %E");
|
||||
}
|
||||
}
|
||||
|
||||
/* If no impersonation token is available, try to
|
||||
authenticate using NtCreateToken () or subauthentication. */
|
||||
@ -2193,7 +2190,7 @@ seteuid32 (__uid32_t uid)
|
||||
CloseHandle (cygheap->user.internal_token);
|
||||
cygheap->user.internal_token = new_token;
|
||||
}
|
||||
else if (new_token != ptok)
|
||||
if (new_token != ptok)
|
||||
{
|
||||
/* Avoid having HKCU use default user */
|
||||
load_registry_hive (usersid);
|
||||
@ -2204,11 +2201,15 @@ seteuid32 (__uid32_t uid)
|
||||
debug_printf ("SetTokenInformation(user.token, "
|
||||
"TokenOwner): %E");
|
||||
/* Try setting primary group in token to current group */
|
||||
if (!SetTokenInformation (new_token,
|
||||
TokenPrimaryGroup,
|
||||
if (!SetTokenInformation (new_token, TokenPrimaryGroup,
|
||||
&groups.pgsid, sizeof (cygsid)))
|
||||
debug_printf ("SetTokenInformation(user.token, "
|
||||
"TokenPrimaryGroup): %E");
|
||||
/* Try setting default DACL */
|
||||
if (tdacl.DefaultDacl
|
||||
&& !SetTokenInformation (new_token, TokenDefaultDacl,
|
||||
&tdacl, sizeof (tdacl)))
|
||||
debug_printf ("SetTokenInformation (TokenDefaultDacl): %E");
|
||||
}
|
||||
|
||||
CloseHandle (ptok);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user