* autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16.
* cygheap.cc: Include security.h.
* grp.cc (internal_getgrent): New function.
(getgroups): Rearranged using `internal_getgrent' and the new
`cygsid' class.
* passwd.cc (internal_getpwent): New function.
* sec_acl.cc: Use new `cygsid' class throughout.
(acl_access): Use `internal_getgrent' instead of `getgrent'.
* sec_helper.cc: Use new `cygsid' class throughout.
(get_id_from_sid): Use `internal_getgrent' instead of `getgrent'.
Use `internal_getpwent' instead of `getpwent'.
* security.cc: Use new `cygsid' class throughout.
* security.h: Move `MAX_SID_LEN' from winsup.h to here.
Add extern declarations for `internal_getgrent' and `internal_getpwent'.
(class cygsid): New class.
* shared.cc (sec_user): Use new `cygsid' class.
* syscalls.cc (seteuid): Try to set owner to user and primary group to
current group in impersonation token before performing impersonation.
(setegid): Try to set primary group in process token to the new group
if ntsec is on.
* uinfo.cc (internal_getlogin): Use new `cygsid' class.
Try to set owner to user and primary group to current group in process
token if the process has been started from a non cygwin process.
(uinfo_init): Set primary group only if the process has been started
from a non cygwin process.
* winsup.h: Move define for `MAX_SID_LEN' to security.h.
This commit is contained in:
Corinna Vinschen
@@ -1977,11 +1977,36 @@ seteuid (uid_t uid)
|
||||
debug_printf ("Impersonate (uid == %d)", uid);
|
||||
RevertToSelf ();
|
||||
if (cygheap->user.token != INVALID_HANDLE_VALUE)
|
||||
if (!ImpersonateLoggedOnUser (cygheap->user.token))
|
||||
system_printf ("Impersonate (%d) in set (e)uid failed: %E",
|
||||
cygheap->user.token);
|
||||
else
|
||||
cygheap->user.impersonated = TRUE;
|
||||
{
|
||||
struct group *gr;
|
||||
cygsid sid;
|
||||
DWORD siz;
|
||||
|
||||
/* Try setting owner to same value as user. */
|
||||
if (!GetTokenInformation (cygheap->user.token, TokenUser,
|
||||
&sid, sizeof sid, &siz))
|
||||
debug_printf ("GetTokenInformation(): %E");
|
||||
else if (!SetTokenInformation (cygheap->user.token,
|
||||
TokenOwner,
|
||||
&sid, sizeof sid))
|
||||
debug_printf ("SetTokenInformation(user.token, "
|
||||
"TokenOwner): %E");
|
||||
/* Try setting primary group in token to current group. */
|
||||
if ((gr = getgrgid (myself->gid)) &&
|
||||
get_gr_sid (sid, gr) &&
|
||||
!SetTokenInformation (cygheap->user.token,
|
||||
TokenPrimaryGroup,
|
||||
&sid, sizeof sid))
|
||||
debug_printf ("SetTokenInformation(user.token, "
|
||||
"TokenPrimaryGroup): %E");
|
||||
|
||||
/* Now try to impersonate. */
|
||||
if (!ImpersonateLoggedOnUser (cygheap->user.token))
|
||||
system_printf ("Impersonate (%d) in set(e)uid failed: %E",
|
||||
cygheap->user.token);
|
||||
else
|
||||
cygheap->user.impersonated = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
cygheap_user user;
|
||||
@@ -2018,12 +2043,35 @@ setegid (gid_t gid)
|
||||
{
|
||||
if (gid != (gid_t) -1)
|
||||
{
|
||||
if (!getgrgid (gid))
|
||||
struct group *gr;
|
||||
|
||||
if (!(gr = getgrgid (gid)))
|
||||
{
|
||||
set_errno (EINVAL);
|
||||
return -1;
|
||||
}
|
||||
myself->gid = gid;
|
||||
if (allow_ntsec)
|
||||
{
|
||||
cygsid gsid;
|
||||
HANDLE ptok;
|
||||
|
||||
if (get_gr_sid (gsid, gr))
|
||||
{
|
||||
if (!OpenProcessToken (GetCurrentProcess (),
|
||||
TOKEN_ADJUST_DEFAULT,
|
||||
&ptok))
|
||||
debug_printf ("OpenProcessToken(): %E\n");
|
||||
else
|
||||
{
|
||||
if (!SetTokenInformation (ptok, TokenPrimaryGroup,
|
||||
&gsid, sizeof gsid))
|
||||
debug_printf ("SetTokenInformation(myself, "
|
||||
"TokenPrimaryGroup): %E");
|
||||
CloseHandle (ptok);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user