diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 5b5e250ce..b44351f0c 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,12 @@ +2002-06-23 Pierre Humblet + + * security.cc (get_group_sidlist): Add pw argument and use pw->pw_name + in call to get_supplementary_group_sidlist. + (create_token): Add pw argument and use it in call to + get_group_sidlist. + * security.h: Add pw argument in declaration of create_token. + * syscalls.cc (seteuid32): Add pw argument in call to create_token. + 2002-06-23 Conrad Scott * fhandler.cc (fhandler_base::fstat): Set S_IFIFO for pipes. diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 60b5378f3..74c4a173b 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -482,7 +482,7 @@ get_supplementary_group_sidlist (const char *username, cygsidlist &grp_list) static BOOL get_group_sidlist (cygsidlist &grp_list, - cygsid &usersid, cygsid &pgrpsid, + cygsid &usersid, cygsid &pgrpsid, struct passwd * pw, PTOKEN_GROUPS my_grps, LUID auth_luid, int &auth_pos, BOOL * special_pgrp) { @@ -554,7 +554,7 @@ get_group_sidlist (cygsidlist &grp_list, get_user_primary_group (wserver, user, usersid, pgrpsid); } else * special_pgrp = TRUE; - if (get_supplementary_group_sidlist (user, sup_list)) + if (pw->pw_name && get_supplementary_group_sidlist (pw->pw_name, sup_list)) { for (int i = 0; i < sup_list.count; ++i) if (!grp_list.contains (sup_list.sids[i])) @@ -734,7 +734,7 @@ verify_token (HANDLE token, cygsid &usersid, cygsid &pgrpsid, BOOL * pintern) } HANDLE -create_token (cygsid &usersid, cygsid &pgrpsid) +create_token (cygsid &usersid, cygsid &pgrpsid, struct passwd * pw) { NTSTATUS ret; LSA_HANDLE lsa = INVALID_HANDLE_VALUE; @@ -818,7 +818,7 @@ create_token (cygsid &usersid, cygsid &pgrpsid) /* Create list of groups, the user is member in. */ int auth_pos; - if (!get_group_sidlist (grpsids, usersid, pgrpsid, + if (!get_group_sidlist (grpsids, usersid, pgrpsid, pw, my_grps, auth_luid, auth_pos, &special_pgrp)) goto out; @@ -1379,13 +1379,13 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, /* Otherwise retrieve user data from /etc/passwd */ struct passwd *pw = getpwuid32 (uid); if (!pw) - { + { debug_printf ("no /etc/passwd entry for %d", uid); set_errno (EINVAL); return NULL; } else if (!owner_sid.getfrompw (pw)) - { + { debug_printf ("no SID for user %d", uid); set_errno (EINVAL); return NULL; diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index af4b667f8..88aa5fdac 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -180,7 +180,7 @@ void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa, /* Try a subauthentication. */ HANDLE subauth (struct passwd *pw); /* Try creating a token directly. */ -HANDLE create_token (cygsid &usersid, cygsid &pgrpsid); +HANDLE create_token (cygsid &usersid, cygsid &pgrpsid, struct passwd * pw); /* Verify an existing token */ BOOL verify_token (HANDLE token, cygsid &usersid, cygsid &pgrpsid, BOOL * pintern = NULL); @@ -206,7 +206,7 @@ extern BOOL sec_acl (PACL acl, BOOL admins, PSID sid1 = NO_SID, PSID sid2 = NO_S int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len); BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len); PSECURITY_DESCRIPTOR alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, - PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret); + PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret); extern inline SECURITY_ATTRIBUTES * sec_user_nih (char sa_buf[], PSID sid = NULL) diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index a788c604b..d5b6be4ff 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -2043,7 +2043,7 @@ seteuid32 (__uid32_t uid) { /* If no impersonation token is available, try to authenticate using NtCreateToken() or subauthentication. */ - cygheap->user.token = create_token (usersid, pgrpsid); + cygheap->user.token = create_token (usersid, pgrpsid, pw_new); if (cygheap->user.token != INVALID_HANDLE_VALUE) explicitly_created_token = TRUE; else