newlib/winsup/cygwin/uinfo.cc

586 lines
14 KiB
C++

/* uinfo.cc: user info (uid, gid, etc...)
Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007 Red Hat, Inc.
This file is part of Cygwin.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
details. */
#include "winsup.h"
#include <pwd.h>
#include <unistd.h>
#include <winnls.h>
#include <wininet.h>
#include <utmp.h>
#include <limits.h>
#include <stdlib.h>
#include <lm.h>
#include <sys/cygwin.h>
#include "cygerrno.h"
#include "pinfo.h"
#include "security.h"
#include "path.h"
#include "fhandler.h"
#include "dtable.h"
#include "cygheap.h"
#include "registry.h"
#include "child_info.h"
#include "environ.h"
#include "pwdgrp.h"
#include "ntdll.h"
/* Initialize the part of cygheap_user that does not depend on files.
The information is used in shared.cc for the user shared.
Final initialization occurs in uinfo_init */
void
cygheap_user::init ()
{
char user_name[UNLEN + 1];
DWORD user_name_len = UNLEN + 1;
set_name (GetUserName (user_name, &user_name_len) ? user_name : "unknown");
DWORD siz;
PSECURITY_DESCRIPTOR psd;
if (!GetTokenInformation (hProcToken, TokenPrimaryGroup,
&groups.pgsid, sizeof (cygsid), &siz))
system_printf ("GetTokenInformation (TokenPrimaryGroup), %E");
/* Get the SID from current process and store it in effec_cygsid */
if (!GetTokenInformation (hProcToken, TokenUser, &effec_cygsid,
sizeof (cygsid), &siz))
{
system_printf ("GetTokenInformation (TokenUser), %E");
return;
}
/* Set token owner to the same value as token user */
if (!SetTokenInformation (hProcToken, TokenOwner, &effec_cygsid,
sizeof (cygsid)))
debug_printf ("SetTokenInformation(TokenOwner), %E");
/* Standard way to build a security descriptor with the usual DACL */
PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
psd = (PSECURITY_DESCRIPTOR)
(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
BOOL acl_exists, dummy;
TOKEN_DEFAULT_DACL dacl;
if (GetSecurityDescriptorDacl (psd, &acl_exists, &dacl.DefaultDacl, &dummy)
&& acl_exists && dacl.DefaultDacl)
{
NTSTATUS status;
/* Set the default DACL and the process DACL */
if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl,
sizeof (dacl)))
system_printf ("SetTokenInformation (TokenDefaultDacl), %E");
if ((status = NtSetSecurityObject (hMainProc, DACL_SECURITY_INFORMATION,
psd)))
system_printf ("NtSetSecurityObject, %lx", status);
}
else
system_printf("Cannot get dacl, %E");
}
void
internal_getlogin (cygheap_user &user)
{
struct passwd *pw = NULL;
cygpsid psid = user.sid ();
pw = internal_getpwsid (psid);
if (!pw && !(pw = internal_getpwnam (user.name ()))
&& !(pw = internal_getpwuid (DEFAULT_UID)))
debug_printf ("user not found in augmented /etc/passwd");
else
{
cygsid gsid;
myself->uid = pw->pw_uid;
myself->gid = pw->pw_gid;
user.set_name (pw->pw_name);
if (gsid.getfromgr (internal_getgrgid (pw->pw_gid)))
{
if (gsid != user.groups.pgsid)
{
/* Set primary group to the group in /etc/passwd. */
if (!SetTokenInformation (hProcToken, TokenPrimaryGroup,
&gsid, sizeof gsid))
debug_printf ("SetTokenInformation(TokenPrimaryGroup), %E");
else
user.groups.pgsid = gsid;
clear_procimptoken ();
}
}
else
debug_printf ("gsid not found in augmented /etc/group");
}
cygheap->user.ontherange (CH_HOME, pw);
}
void
uinfo_init ()
{
if (child_proc_info && !cygheap->user.has_impersonation_tokens ())
return;
if (!child_proc_info)
internal_getlogin (cygheap->user); /* Set the cygheap->user. */
/* Conditions must match those in spawn to allow starting child
processes with ruid != euid and rgid != egid. */
else if (cygheap->user.issetuid ()
&& cygheap->user.saved_uid == cygheap->user.real_uid
&& cygheap->user.saved_gid == cygheap->user.real_gid
&& !cygheap->user.groups.issetgroups ())
{
cygheap->user.reimpersonate ();
return;
}
else
cygheap->user.close_impersonation_tokens ();
cygheap->user.saved_uid = cygheap->user.real_uid = myself->uid;
cygheap->user.saved_gid = cygheap->user.real_gid = myself->gid;
cygheap->user.external_token = NO_IMPERSONATION;
cygheap->user.internal_token = NO_IMPERSONATION;
cygheap->user.curr_primary_token = NO_IMPERSONATION;
cygheap->user.curr_imp_token = NO_IMPERSONATION;
cygheap->user.set_saved_sid (); /* Update the original sid */
cygheap->user.reimpersonate ();
}
extern "C" int
getlogin_r (char *name, size_t namesize)
{
char *login = getlogin ();
size_t len = strlen (login) + 1;
if (len > namesize)
return ERANGE;
myfault efault;
if (efault.faulted ())
return EFAULT;
strncpy (name, login, len);
return 0;
}
extern "C" char *
getlogin (void)
{
return strcpy (_my_tls.locals.username, cygheap->user.name ());
}
extern "C" __uid32_t
getuid32 (void)
{
return cygheap->user.real_uid;
}
extern "C" __uid16_t
getuid (void)
{
return cygheap->user.real_uid;
}
extern "C" __gid32_t
getgid32 (void)
{
return cygheap->user.real_gid;
}
extern "C" __gid16_t
getgid (void)
{
return cygheap->user.real_gid;
}
extern "C" __uid32_t
geteuid32 (void)
{
return myself->uid;
}
extern "C" __uid16_t
geteuid (void)
{
return myself->uid;
}
extern "C" __gid32_t
getegid32 (void)
{
return myself->gid;
}
extern "C" __gid16_t
getegid (void)
{
return myself->gid;
}
/* Not quite right - cuserid can change, getlogin can't */
extern "C" char *
cuserid (char *src)
{
if (!src)
return getlogin ();
strcpy (src, getlogin ());
return src;
}
const char *
cygheap_user::ontherange (homebodies what, struct passwd *pw)
{
LPUSER_INFO_3 ui = NULL;
WCHAR wuser[UNLEN + 1];
NET_API_STATUS ret;
char homepath_env_buf[CYG_MAX_PATH];
char homedrive_env_buf[3];
char *newhomedrive = NULL;
char *newhomepath = NULL;
debug_printf ("what %d, pw %p", what, pw);
if (what == CH_HOME)
{
char *p;
if (homedrive)
newhomedrive = homedrive;
else if ((p = getenv ("HOMEDRIVE")))
newhomedrive = p;
if (homepath)
newhomepath = homepath;
else if ((p = getenv ("HOMEPATH")))
newhomepath = p;
if ((p = getenv ("HOME")))
debug_printf ("HOME is already in the environment %s", p);
else
{
if (pw && pw->pw_dir && *pw->pw_dir)
{
debug_printf ("Set HOME (from /etc/passwd) to %s", pw->pw_dir);
setenv ("HOME", pw->pw_dir, 1);
}
else if (!newhomedrive || !newhomepath)
setenv ("HOME", "/", 1);
else
{
char home[CYG_MAX_PATH];
char buf[CYG_MAX_PATH];
strcpy (buf, newhomedrive);
strcat (buf, newhomepath);
cygwin_conv_to_full_posix_path (buf, home);
debug_printf ("Set HOME (from HOMEDRIVE/HOMEPATH) to %s", home);
setenv ("HOME", home, 1);
}
}
}
if (what != CH_HOME && homepath == NULL && newhomepath == NULL)
{
if (!pw)
pw = internal_getpwnam (name ());
if (pw && pw->pw_dir && *pw->pw_dir)
cygwin_conv_to_full_win32_path (pw->pw_dir, homepath_env_buf);
else
{
homepath_env_buf[0] = homepath_env_buf[1] = '\0';
if (logsrv ())
{
WCHAR wlogsrv[INTERNET_MAX_HOST_NAME_LENGTH + 3];
sys_mbstowcs (wlogsrv, logsrv (),
sizeof (wlogsrv) / sizeof (*wlogsrv));
sys_mbstowcs (wuser, winname (), sizeof (wuser) / sizeof (*wuser));
if (!(ret = NetUserGetInfo (wlogsrv, wuser, 3, (LPBYTE *) &ui)))
{
sys_wcstombs (homepath_env_buf, CYG_MAX_PATH,
ui->usri3_home_dir);
if (!homepath_env_buf[0])
{
sys_wcstombs (homepath_env_buf, CYG_MAX_PATH,
ui->usri3_home_dir_drive);
if (homepath_env_buf[0])
strcat (homepath_env_buf, "\\");
else
cygwin_conv_to_full_win32_path ("/", homepath_env_buf);
}
}
}
if (ui)
NetApiBufferFree (ui);
}
if (homepath_env_buf[1] != ':')
{
newhomedrive = almost_null;
newhomepath = homepath_env_buf;
}
else
{
homedrive_env_buf[0] = homepath_env_buf[0];
homedrive_env_buf[1] = homepath_env_buf[1];
homedrive_env_buf[2] = '\0';
newhomedrive = homedrive_env_buf;
newhomepath = homepath_env_buf + 2;
}
}
if (newhomedrive && newhomedrive != homedrive)
cfree_and_set (homedrive, (newhomedrive == almost_null)
? almost_null : cstrdup (newhomedrive));
if (newhomepath && newhomepath != homepath)
cfree_and_set (homepath, cstrdup (newhomepath));
switch (what)
{
case CH_HOMEDRIVE:
return homedrive;
case CH_HOMEPATH:
return homepath;
default:
return homepath;
}
}
const char *
cygheap_user::test_uid (char *&what, const char *name, size_t namelen)
{
if (!what && !issetuid ())
what = getwinenveq (name, namelen, HEAP_STR);
return what;
}
const char *
cygheap_user::env_logsrv (const char *name, size_t namelen)
{
if (test_uid (plogsrv, name, namelen))
return plogsrv;
const char *mydomain = domain ();
const char *myname = winname ();
if (!mydomain || ascii_strcasematch (myname, "SYSTEM"))
return almost_null;
char logsrv[INTERNET_MAX_HOST_NAME_LENGTH + 3];
cfree_and_set (plogsrv, almost_null);
if (get_logon_server (mydomain, logsrv, NULL, false))
plogsrv = cstrdup (logsrv);
return plogsrv;
}
const char *
cygheap_user::env_domain (const char *name, size_t namelen)
{
if (pwinname && test_uid (pdomain, name, namelen))
return pdomain;
char username[UNLEN + 1];
DWORD ulen = sizeof (username);
char userdomain[DNLEN + 1];
DWORD dlen = sizeof (userdomain);
SID_NAME_USE use;
cfree_and_set (pwinname, almost_null);
cfree_and_set (pdomain, almost_null);
if (!LookupAccountSid (NULL, sid (), username, &ulen,
userdomain, &dlen, &use))
__seterrno ();
else
{
pwinname = cstrdup (username);
pdomain = cstrdup (userdomain);
}
return pdomain;
}
const char *
cygheap_user::env_userprofile (const char *name, size_t namelen)
{
if (test_uid (puserprof, name, namelen))
return puserprof;
char userprofile_env_buf[PATH_MAX];
char win_id[UNLEN + 1]; /* Large enough for SID */
cfree_and_set (puserprof, almost_null);
if (get_registry_hive_path (get_windows_id (win_id), userprofile_env_buf))
puserprof = cstrdup (userprofile_env_buf);
return puserprof;
}
const char *
cygheap_user::env_homepath (const char *name, size_t namelen)
{
return ontherange (CH_HOMEPATH);
}
const char *
cygheap_user::env_homedrive (const char *name, size_t namelen)
{
return ontherange (CH_HOMEDRIVE);
}
const char *
cygheap_user::env_name (const char *name, size_t namelen)
{
if (!test_uid (pwinname, name, namelen))
domain ();
return pwinname;
}
const char *
cygheap_user::env_systemroot (const char *name, size_t namelen)
{
if (!psystemroot)
{
int size = GetWindowsDirectory (NULL, 0);
if (size > 0)
{
psystemroot = (char *) cmalloc_abort (HEAP_STR, ++size);
size = GetWindowsDirectory (psystemroot, size);
if (size <= 0)
{
cfree (psystemroot);
psystemroot = NULL;
}
}
if (size <= 0)
debug_printf ("GetWindowsDirectory(), %E");
}
return psystemroot;
}
char *
pwdgrp::next_str (char c)
{
char *res = lptr;
lptr = strechr (lptr, c);
if (*lptr)
*lptr++ = '\0';
return res;
}
bool
pwdgrp::next_num (unsigned long& n)
{
char *p = next_str (':');
char *cp;
n = strtoul (p, &cp, 10);
return p != cp && !*cp;
}
char *
pwdgrp::add_line (char *eptr)
{
if (eptr)
{
lptr = eptr;
eptr = strchr (lptr, '\n');
if (eptr)
{
if (eptr > lptr && eptr[-1] == '\r')
eptr[-1] = '\0';
else
*eptr = '\0';
eptr++;
}
if (curr_lines >= max_lines)
{
max_lines += 10;
*pwdgrp_buf = realloc (*pwdgrp_buf, max_lines * pwdgrp_buf_elem_size);
}
if ((this->*parse) ())
curr_lines++;
}
return eptr;
}
void
pwdgrp::load (const char *posix_fname)
{
static const char failed[] = "failed";
static const char succeeded[] = "succeeded";
const char *res = failed;
HANDLE fh = NULL;
LARGE_INTEGER off = { QuadPart:0LL };
NTSTATUS status;
OBJECT_ATTRIBUTES attr;
IO_STATUS_BLOCK io;
FILE_STANDARD_INFORMATION fsi;
if (buf)
free (buf);
buf = NULL;
curr_lines = 0;
pc.check (posix_fname);
etc_ix = etc::init (etc_ix, pc.get_nt_native_path ());
paranoid_printf ("%s", posix_fname);
if (pc.error || !pc.exists () || pc.isdir ())
{
paranoid_printf ("strange path_conv problem");
goto out;
}
status = NtOpenFile (&fh, FILE_READ_DATA,
pc.get_object_attr (attr, sec_none_nih), &io,
FILE_SHARE_VALID_FLAGS, 0);
if (!NT_SUCCESS (status))
{
paranoid_printf ("NtOpenFile(%S) failed, status %p",
pc.get_nt_native_path (), status);
goto out;
}
status = NtQueryInformationFile (fh, &io, &fsi, sizeof fsi,
FileStandardInformation);
if (!NT_SUCCESS (status))
{
paranoid_printf ("NtQueryInformationFile(%S) failed, status %p",
pc.get_nt_native_path (), status);
goto out;
}
/* FIXME: Should we test for HighPart set? If so, the
passwd or group file is way beyond what we can handle. */
/* FIXME 2: It's still ugly that we keep the file in memory.
Big organizations have naturally large passwd files. */
buf = (char *) malloc (fsi.EndOfFile.LowPart + 1);
if (!buf)
{
paranoid_printf ("malloc (%d) failed", fsi.EndOfFile.LowPart);
goto out;
}
status = NtReadFile (fh, NULL, NULL, NULL, &io, buf,
fsi.EndOfFile.LowPart, &off, NULL);
if (!NT_SUCCESS (status))
{
paranoid_printf ("NtReadFile(%S) failed, status %p",
pc.get_nt_native_path (), status);
free (buf);
goto out;
}
buf[fsi.EndOfFile.LowPart] = '\0';
char *eptr = buf;
while ((eptr = add_line (eptr)))
continue;
debug_printf ("%s curr_lines %d", posix_fname, curr_lines);
res = succeeded;
out:
if (fh)
NtClose (fh);
debug_printf ("%s load %s", posix_fname, res);
initialized = true;
}