6e623e9320
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause. Everything else stays under GPLv3+. New Linking Exception exempts resulting executables from LGPLv3 section 4. Add CONTRIBUTORS file to keep track of licensing. Remove 'Copyright Red Hat Inc' comments. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
103 lines
2.8 KiB
C++
103 lines
2.8 KiB
C++
/* setpwd.cc: Set LSA private data password for current user.
|
|
|
|
This file is part of Cygwin.
|
|
|
|
This software is a copyrighted work licensed under the terms of the
|
|
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
|
details. */
|
|
|
|
#ifdef __OUTSIDE_CYGWIN__
|
|
#include "woutsup.h"
|
|
|
|
#include <errno.h>
|
|
#include <pthread.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
#include <wchar.h>
|
|
|
|
#include <ntsecapi.h>
|
|
#include <ntdef.h>
|
|
#include "ntdll.h"
|
|
|
|
#include "cygserver.h"
|
|
#include "process.h"
|
|
#include "transport.h"
|
|
|
|
#include "cygserver_setpwd.h"
|
|
|
|
client_request_setpwd::client_request_setpwd ()
|
|
: client_request (CYGSERVER_REQUEST_SETPWD,
|
|
&_parameters, sizeof (_parameters))
|
|
{
|
|
}
|
|
|
|
void
|
|
client_request_setpwd::serve (transport_layer_base *const conn,
|
|
process_cache *const cache)
|
|
{
|
|
HANDLE tok;
|
|
PTOKEN_USER user;
|
|
WCHAR sidbuf[128], key_name [128 + wcslen (CYGWIN_LSA_KEY_PREFIX)];
|
|
UNICODE_STRING sid, key, data;
|
|
|
|
syscall_printf ("Request to set private data");
|
|
if (msglen () != sizeof (_parameters.in))
|
|
{
|
|
syscall_printf ("bad request body length: expecting %lu bytes, got %lu",
|
|
sizeof (_parameters), msglen ());
|
|
error_code (EINVAL);
|
|
msglen (0);
|
|
return;
|
|
}
|
|
msglen (0);
|
|
if (!conn->impersonate_client ())
|
|
{
|
|
error_code (EACCES);
|
|
return;
|
|
}
|
|
if (!OpenThreadToken (GetCurrentThread (), TOKEN_READ, TRUE, &tok))
|
|
{
|
|
conn->revert_to_self ();
|
|
error_code (EACCES);
|
|
return;
|
|
}
|
|
/* Get uid from user SID in token. */
|
|
user = (PTOKEN_USER) get_token_info (tok, TokenUser);
|
|
CloseHandle (tok);
|
|
conn->revert_to_self ();
|
|
if (!user)
|
|
{
|
|
error_code (EACCES);
|
|
return;
|
|
}
|
|
LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
|
|
HANDLE lsa;
|
|
NTSTATUS status = LsaOpenPolicy (NULL, &oa, POLICY_CREATE_SECRET, &lsa);
|
|
if (!NT_SUCCESS (status))
|
|
{
|
|
error_code (LsaNtStatusToWinError (status));
|
|
return;
|
|
}
|
|
RtlInitEmptyUnicodeString (&sid, sidbuf, sizeof sidbuf);
|
|
RtlConvertSidToUnicodeString (&sid, user->User.Sid, FALSE);
|
|
free (user);
|
|
RtlInitEmptyUnicodeString (&key, key_name, sizeof key_name);
|
|
RtlAppendUnicodeToString (&key, CYGWIN_LSA_KEY_PREFIX);
|
|
RtlAppendUnicodeStringToString (&key, &sid);
|
|
RtlInitUnicodeString (&data, _parameters.in.passwd);
|
|
status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL);
|
|
if (data.Length)
|
|
RtlSecureZeroMemory (data.Buffer, data.Length);
|
|
/* Success or we're trying to remove a password entry which doesn't exist. */
|
|
if (NT_SUCCESS (status)
|
|
|| (data.Length == 0 && status == STATUS_OBJECT_NAME_NOT_FOUND))
|
|
error_code (0);
|
|
else
|
|
error_code (LsaNtStatusToWinError (status));
|
|
syscall_printf ("Request to set private data returns error %d", error_code ());
|
|
LsaClose (lsa);
|
|
}
|
|
#endif /* __OUTSIDE_CYGWIN__ */
|