* sec_auth.cc (get_token_group_sidlist): Add CONSOLE LOGON SID on
systems supporting it. Never add SERVICE SID but keep code in for future reference. Explain why. (get_priv_list): Add cygpsid pointer parameter. Point it to the mandatory integrity SID which matches account and privileges. (create_token): Fetch mandatory integrity SID from call to get_priv_list. (lsaauth): Call get_priv_list with additional NULL pointer. Change comment accordingly. * sec_helper.cc (well_known_console_logon_sid): New static SID. (cygpriv): Change to structure containing extra flag to store info about required integrity level. (privilege_luid): Accommodate changes to cygpriv. Return integrity level in new high_integrity parameter. (privilege_name): Accommodate changes to cygpriv. (set_privilege): Drop trailing \n from debug output. (set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore since it's just not needed, but keep code in for future reference. Change comment accordingly. * security.h (well_known_console_logon_sid): Declare. (privilege_luid): Align declaration to above change. * wincap.h (wincaps::has_console_logon_sid): New element. * wincap.cc: Implement above element throughout.
This commit is contained in:
@ -37,6 +37,8 @@ MKSID (well_known_world_sid, "S-1-1-0",
|
||||
SECURITY_WORLD_SID_AUTHORITY, 1, SECURITY_WORLD_RID);
|
||||
MKSID (well_known_local_sid, "S-1-2-0",
|
||||
SECURITY_LOCAL_SID_AUTHORITY, 1, SECURITY_LOCAL_RID);
|
||||
MKSID (well_known_console_logon_sid, "S-1-2-1",
|
||||
SECURITY_LOCAL_SID_AUTHORITY, 1, 1);
|
||||
MKSID (well_known_creator_owner_sid, "S-1-3-0",
|
||||
SECURITY_CREATOR_SID_AUTHORITY, 1, SECURITY_CREATOR_OWNER_RID);
|
||||
MKSID (well_known_creator_group_sid, "S-1-3-1",
|
||||
@ -331,58 +333,64 @@ security_descriptor::free ()
|
||||
#undef TEXT
|
||||
#define TEXT(q) L##q
|
||||
|
||||
/* Index must match the correspoding foo_PRIVILEGE value, see security.h. */
|
||||
static const wchar_t *cygpriv[] =
|
||||
/* Index must match the corresponding foo_PRIVILEGE value, see security.h. */
|
||||
static const struct {
|
||||
const wchar_t *name;
|
||||
bool high_integrity; /* UAC: High Mandatory Label required to
|
||||
be allowed to enable this privilege in
|
||||
the user token. */
|
||||
} cygpriv[] =
|
||||
{
|
||||
L"",
|
||||
L"",
|
||||
SE_CREATE_TOKEN_NAME,
|
||||
SE_ASSIGNPRIMARYTOKEN_NAME,
|
||||
SE_LOCK_MEMORY_NAME,
|
||||
SE_INCREASE_QUOTA_NAME,
|
||||
SE_MACHINE_ACCOUNT_NAME,
|
||||
SE_TCB_NAME,
|
||||
SE_SECURITY_NAME,
|
||||
SE_TAKE_OWNERSHIP_NAME,
|
||||
SE_LOAD_DRIVER_NAME,
|
||||
SE_SYSTEM_PROFILE_NAME,
|
||||
SE_SYSTEMTIME_NAME,
|
||||
SE_PROF_SINGLE_PROCESS_NAME,
|
||||
SE_INC_BASE_PRIORITY_NAME,
|
||||
SE_CREATE_PAGEFILE_NAME,
|
||||
SE_CREATE_PERMANENT_NAME,
|
||||
SE_BACKUP_NAME,
|
||||
SE_RESTORE_NAME,
|
||||
SE_SHUTDOWN_NAME,
|
||||
SE_DEBUG_NAME,
|
||||
SE_AUDIT_NAME,
|
||||
SE_SYSTEM_ENVIRONMENT_NAME,
|
||||
SE_CHANGE_NOTIFY_NAME,
|
||||
SE_REMOTE_SHUTDOWN_NAME,
|
||||
SE_UNDOCK_NAME,
|
||||
SE_SYNC_AGENT_NAME,
|
||||
SE_ENABLE_DELEGATION_NAME,
|
||||
SE_MANAGE_VOLUME_NAME,
|
||||
SE_IMPERSONATE_NAME,
|
||||
SE_CREATE_GLOBAL_NAME,
|
||||
SE_TRUSTED_CREDMAN_ACCESS_NAME,
|
||||
SE_RELABEL_NAME,
|
||||
SE_INCREASE_WORKING_SET_NAME,
|
||||
SE_TIME_ZONE_NAME,
|
||||
SE_CREATE_SYMBOLIC_LINK_NAME
|
||||
{ L"", false },
|
||||
{ L"", false },
|
||||
{ SE_CREATE_TOKEN_NAME, true },
|
||||
{ SE_ASSIGNPRIMARYTOKEN_NAME, true },
|
||||
{ SE_LOCK_MEMORY_NAME, false },
|
||||
{ SE_INCREASE_QUOTA_NAME, true },
|
||||
{ SE_MACHINE_ACCOUNT_NAME, false },
|
||||
{ SE_TCB_NAME, true },
|
||||
{ SE_SECURITY_NAME, true },
|
||||
{ SE_TAKE_OWNERSHIP_NAME, true },
|
||||
{ SE_LOAD_DRIVER_NAME, true },
|
||||
{ SE_SYSTEM_PROFILE_NAME, true },
|
||||
{ SE_SYSTEMTIME_NAME, true },
|
||||
{ SE_PROF_SINGLE_PROCESS_NAME, true },
|
||||
{ SE_INC_BASE_PRIORITY_NAME, true },
|
||||
{ SE_CREATE_PAGEFILE_NAME, true },
|
||||
{ SE_CREATE_PERMANENT_NAME, false },
|
||||
{ SE_BACKUP_NAME, true },
|
||||
{ SE_RESTORE_NAME, true },
|
||||
{ SE_SHUTDOWN_NAME, false },
|
||||
{ SE_DEBUG_NAME, true },
|
||||
{ SE_AUDIT_NAME, false },
|
||||
{ SE_SYSTEM_ENVIRONMENT_NAME, true },
|
||||
{ SE_CHANGE_NOTIFY_NAME, false },
|
||||
{ SE_REMOTE_SHUTDOWN_NAME, true },
|
||||
{ SE_UNDOCK_NAME, false },
|
||||
{ SE_SYNC_AGENT_NAME, false },
|
||||
{ SE_ENABLE_DELEGATION_NAME, false },
|
||||
{ SE_MANAGE_VOLUME_NAME, true },
|
||||
{ SE_IMPERSONATE_NAME, true },
|
||||
{ SE_CREATE_GLOBAL_NAME, false },
|
||||
{ SE_TRUSTED_CREDMAN_ACCESS_NAME, false },
|
||||
{ SE_RELABEL_NAME, true },
|
||||
{ SE_INCREASE_WORKING_SET_NAME, false },
|
||||
{ SE_TIME_ZONE_NAME, true },
|
||||
{ SE_CREATE_SYMBOLIC_LINK_NAME, true }
|
||||
};
|
||||
|
||||
bool
|
||||
privilege_luid (const PWCHAR pname, LUID *luid)
|
||||
privilege_luid (const PWCHAR pname, LUID &luid, bool &high_integrity)
|
||||
{
|
||||
ULONG idx;
|
||||
for (idx = SE_CREATE_TOKEN_PRIVILEGE;
|
||||
idx <= SE_MAX_WELL_KNOWN_PRIVILEGE;
|
||||
++idx)
|
||||
if (!wcscmp (cygpriv[idx], pname))
|
||||
if (!wcscmp (cygpriv[idx].name, pname))
|
||||
{
|
||||
luid->HighPart = 0;
|
||||
luid->LowPart = idx;
|
||||
luid.HighPart = 0;
|
||||
luid.LowPart = idx;
|
||||
high_integrity = cygpriv[idx].high_integrity;
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
@ -394,7 +402,7 @@ privilege_name (const LUID &priv_luid)
|
||||
if (priv_luid.HighPart || priv_luid.LowPart < SE_CREATE_TOKEN_PRIVILEGE
|
||||
|| priv_luid.LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE)
|
||||
return L"<unknown privilege>";
|
||||
return cygpriv[priv_luid.LowPart];
|
||||
return cygpriv[priv_luid.LowPart].name;
|
||||
}
|
||||
|
||||
int
|
||||
@ -426,7 +434,7 @@ set_privilege (HANDLE token, DWORD privilege, bool enable)
|
||||
|
||||
out:
|
||||
if (ret < 0)
|
||||
debug_printf ("%d = set_privilege ((token %x) %W, %d)\n", ret, token,
|
||||
debug_printf ("%d = set_privilege ((token %x) %W, %d)", ret, token,
|
||||
privilege_name (new_priv.Privileges[0].Luid), enable);
|
||||
return ret;
|
||||
}
|
||||
@ -444,12 +452,13 @@ set_cygwin_privileges (HANDLE token)
|
||||
set_privilege (token, SE_BACKUP_PRIVILEGE, true);
|
||||
/* Allow full access to other user's processes. */
|
||||
set_privilege (token, SE_DEBUG_PRIVILEGE, true);
|
||||
/* Allow to create global shared memory. This shouldn't be required since
|
||||
#if 0
|
||||
/* Allow to create global shared memory. This isn't required anymore since
|
||||
Cygwin 1.7. It uses its own subdirectories in the global NT namespace
|
||||
which isn't affected by the SE_CREATE_GLOBAL_PRIVILEGE restriction.
|
||||
Anyway, better safe than sorry. */
|
||||
which isn't affected by the SE_CREATE_GLOBAL_PRIVILEGE restriction. */
|
||||
if (wincap.has_create_global_privilege ())
|
||||
set_privilege (token, SE_CREATE_GLOBAL_PRIVILEGE, true);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Function to return a common SECURITY_DESCRIPTOR that
|
||||
|
Reference in New Issue
Block a user