* winsup.h: Define MAX_SID_LEN and new MAX_HOST_NAME.
* fork.cc (fork): Use above defines instead of numerical constants.
* shared.cc (sec_user): Ditto.
* shared.h (class pinfo): Ditto.
* syscall.cc (seteuid): Ditto.
* spawn.cc (_spawnve): Ditto. Eliminate conditional.
(spawn_guts): Set child->uid = USHRT_MAX when user context will be
changed in child process.
* uinfo.cc (uinfo_init): Check for myself->uid instead of myself->psid
to avoid reloading of /etc/passwd on process startup if ntsec is off.
Use above defines instead of numerical constants.
* security.cc: Move define for MAX_SID_LEN to winsup.h.
This commit is contained in:
Corinna Vinschen
parent
c570d680fb
commit
0c4d2abd99
|
|
@ -1,3 +1,12 @@
|
||||||
|
Sun Jul 2 10:39:00 2000 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* uinfo.cc (uinfo_init): Check for myself->uid instead of myself->psid
|
||||||
|
to avoid reloading of /etc/passwd on process startup if ntsec is off.
|
||||||
|
* spawn.cc (_spawnve): Adjust conditional asking for switching
|
||||||
|
user context.
|
||||||
|
(spawn_guts): Ditto. Set child->uid = USHRT_MAX when user context will
|
||||||
|
change in child process.
|
||||||
|
|
||||||
Sun Jul 2 1:57:00 2000 Corinna Vinschen <corinna@vinschen.de>
|
Sun Jul 2 1:57:00 2000 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
* uinfo.cc (uinfo_init): Eliminate calls to read_etc_group()
|
* uinfo.cc (uinfo_init): Eliminate calls to read_etc_group()
|
||||||
|
|
|
||||||
|
|
@ -419,10 +419,10 @@ fork ()
|
||||||
child->process_state |= PID_INITIALIZING |
|
child->process_state |= PID_INITIALIZING |
|
||||||
(myself->process_state & PID_USETTY);
|
(myself->process_state & PID_USETTY);
|
||||||
memcpy (child->username, myself->username, MAX_USER_NAME);
|
memcpy (child->username, myself->username, MAX_USER_NAME);
|
||||||
memcpy (child->sidbuf, myself->sidbuf, 40);
|
memcpy (child->sidbuf, myself->sidbuf, MAX_SID_LEN);
|
||||||
if (myself->psid)
|
if (myself->psid)
|
||||||
child->psid = child->sidbuf;
|
child->psid = child->sidbuf;
|
||||||
memcpy (child->logsrv, myself->logsrv, 256);
|
memcpy (child->logsrv, myself->logsrv, MAX_HOST_NAME);
|
||||||
memcpy (child->domain, myself->domain, MAX_COMPUTERNAME_LENGTH+1);
|
memcpy (child->domain, myself->domain, MAX_COMPUTERNAME_LENGTH+1);
|
||||||
child->token = myself->token;
|
child->token = myself->token;
|
||||||
child->impersonated = myself->impersonated;
|
child->impersonated = myself->impersonated;
|
||||||
|
|
|
||||||
|
|
@ -23,8 +23,6 @@ details. */
|
||||||
#include "winsup.h"
|
#include "winsup.h"
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
|
||||||
#define MAX_SID_LEN 40
|
|
||||||
|
|
||||||
extern BOOL allow_ntea;
|
extern BOOL allow_ntea;
|
||||||
BOOL allow_ntsec = FALSE;
|
BOOL allow_ntsec = FALSE;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -212,11 +212,11 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
|
||||||
((char *) sa_buf + sizeof (*psa));
|
((char *) sa_buf + sizeof (*psa));
|
||||||
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
|
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
|
||||||
|
|
||||||
char sid_buf[40];
|
char sid_buf[MAX_SID_LEN];
|
||||||
PSID sid = (PSID) sid_buf;
|
PSID sid = (PSID) sid_buf;
|
||||||
|
|
||||||
if (myself->psid)
|
if (myself->psid)
|
||||||
CopySid (40, sid, myself->psid);
|
CopySid (MAX_SID_LEN, sid, myself->psid);
|
||||||
else if (! lookup_name (getlogin (), myself->logsrv, sid))
|
else if (! lookup_name (getlogin (), myself->logsrv, sid))
|
||||||
return inherit ? &sec_none_nih : &sec_none;
|
return inherit ? &sec_none_nih : &sec_none;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -89,8 +89,8 @@ class pinfo
|
||||||
The information is derived from the internal_getlogin call
|
The information is derived from the internal_getlogin call
|
||||||
when on a NT system. */
|
when on a NT system. */
|
||||||
PSID psid; /* user's SID */
|
PSID psid; /* user's SID */
|
||||||
char sidbuf[40]; /* buffer for user's SID */
|
char sidbuf[MAX_SID_LEN]; /* buffer for user's SID */
|
||||||
char logsrv[256]; /* Logon server, may be fully qualified DNS name */
|
char logsrv[MAX_HOST_NAME]; /* Logon server, may be FQDN */
|
||||||
char domain[MAX_COMPUTERNAME_LENGTH+1]; /* Logon domain of the user */
|
char domain[MAX_COMPUTERNAME_LENGTH+1]; /* Logon domain of the user */
|
||||||
|
|
||||||
/* token is needed if sexec should be called. It can be set by a call
|
/* token is needed if sexec should be called. It can be set by a call
|
||||||
|
|
|
||||||
|
|
@ -543,8 +543,9 @@ skip_arg_parsing:
|
||||||
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
|
||||||
seteuid (myself->orig_uid);
|
seteuid (myself->orig_uid);
|
||||||
|
|
||||||
/* Set child->psid to NULL to force calling internal_getlogin()
|
/* Set child->uid to USHRT_MAX to force calling internal_getlogin()
|
||||||
from child process. */
|
from child process. Set psid to NULL to play it safe. */
|
||||||
|
child->uid = USHRT_MAX;
|
||||||
child->psid = NULL;
|
child->psid = NULL;
|
||||||
|
|
||||||
/* Load users registry hive. */
|
/* Load users registry hive. */
|
||||||
|
|
@ -844,15 +845,12 @@ _spawnve (HANDLE hToken, int mode, const char *path, const char *const *argv,
|
||||||
child->ctty = myself->ctty;
|
child->ctty = myself->ctty;
|
||||||
child->umask = myself->umask;
|
child->umask = myself->umask;
|
||||||
child->process_state |= PID_INITIALIZING;
|
child->process_state |= PID_INITIALIZING;
|
||||||
if (!hToken && !myself->token)
|
|
||||||
{
|
|
||||||
memcpy (child->username, myself->username, MAX_USER_NAME);
|
memcpy (child->username, myself->username, MAX_USER_NAME);
|
||||||
memcpy (child->sidbuf, myself->sidbuf, 40);
|
memcpy (child->sidbuf, myself->sidbuf, MAX_SID_LEN);
|
||||||
if (myself->psid)
|
if (myself->psid)
|
||||||
child->psid = child->sidbuf;
|
child->psid = child->sidbuf;
|
||||||
memcpy (child->logsrv, myself->logsrv, 256);
|
memcpy (child->logsrv, myself->logsrv, MAX_HOST_NAME);
|
||||||
memcpy (child->domain, myself->domain, MAX_COMPUTERNAME_LENGTH+1);
|
memcpy (child->domain, myself->domain, MAX_COMPUTERNAME_LENGTH+1);
|
||||||
}
|
|
||||||
subproc_init ();
|
subproc_init ();
|
||||||
ret = spawn_guts (hToken, path, argv, envp, child, mode);
|
ret = spawn_guts (hToken, path, argv, envp, child, mode);
|
||||||
if (ret == -1)
|
if (ret == -1)
|
||||||
|
|
|
||||||
|
|
@ -1872,7 +1872,7 @@ seteuid (uid_t uid)
|
||||||
}
|
}
|
||||||
myself->uid = uid;
|
myself->uid = uid;
|
||||||
strcpy (myself->username, pi.username);
|
strcpy (myself->username, pi.username);
|
||||||
CopySid (40, myself->psid, pi.psid);
|
CopySid (MAX_SID_LEN, myself->psid, pi.psid);
|
||||||
strcpy (myself->logsrv, pi.logsrv);
|
strcpy (myself->logsrv, pi.logsrv);
|
||||||
strcpy (myself->domain, pi.domain);
|
strcpy (myself->domain, pi.domain);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -106,7 +106,7 @@ internal_getlogin (struct pinfo *pi)
|
||||||
else if (!GetTokenInformation (ptok, TokenUser, (LPVOID) &tu,
|
else if (!GetTokenInformation (ptok, TokenUser, (LPVOID) &tu,
|
||||||
sizeof tu, &siz))
|
sizeof tu, &siz))
|
||||||
debug_printf ("GetTokenInformation(): %E");
|
debug_printf ("GetTokenInformation(): %E");
|
||||||
else if (!(ret = CopySid (40, (PSID) pi->sidbuf,
|
else if (!(ret = CopySid (MAX_SID_LEN, (PSID) pi->sidbuf,
|
||||||
((TOKEN_USER *) &tu)->User.Sid)))
|
((TOKEN_USER *) &tu)->User.Sid)))
|
||||||
debug_printf ("Couldn't retrieve SID from access token!");
|
debug_printf ("Couldn't retrieve SID from access token!");
|
||||||
/* Close token only if it's a result from OpenProcessToken(). */
|
/* Close token only if it's a result from OpenProcessToken(). */
|
||||||
|
|
@ -135,7 +135,7 @@ internal_getlogin (struct pinfo *pi)
|
||||||
if (ret)
|
if (ret)
|
||||||
{
|
{
|
||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
char psidbuf[40];
|
char psidbuf[MAX_SID_LEN];
|
||||||
PSID psid = (PSID) psidbuf;
|
PSID psid = (PSID) psidbuf;
|
||||||
|
|
||||||
pi->psid = (PSID) pi->sidbuf;
|
pi->psid = (PSID) pi->sidbuf;
|
||||||
|
|
@ -172,11 +172,9 @@ uinfo_init ()
|
||||||
myself->token = INVALID_HANDLE_VALUE;
|
myself->token = INVALID_HANDLE_VALUE;
|
||||||
myself->impersonated = TRUE;
|
myself->impersonated = TRUE;
|
||||||
|
|
||||||
/* If psid is non null, the process is forked or spawned from
|
/* If uid is USHRT_MAX, the process is started from a non cygwin
|
||||||
another cygwin process without changing the user context.
|
process or the user context was changed in spawn.cc */
|
||||||
So all user infos in myself as well as the environment are
|
if (myself->uid == USHRT_MAX)
|
||||||
(perhaps) valid. */
|
|
||||||
if (!myself->psid)
|
|
||||||
if ((p = getpwnam (username = internal_getlogin (myself))) != NULL)
|
if ((p = getpwnam (username = internal_getlogin (myself))) != NULL)
|
||||||
{
|
{
|
||||||
myself->uid = p->pw_uid;
|
myself->uid = p->pw_uid;
|
||||||
|
|
|
||||||
|
|
@ -67,6 +67,9 @@ extern int dynamically_loaded;
|
||||||
#define DEFAULT_UID 500
|
#define DEFAULT_UID 500
|
||||||
#define DEFAULT_GID 544
|
#define DEFAULT_GID 544
|
||||||
|
|
||||||
|
#define MAX_SID_LEN 40
|
||||||
|
#define MAX_HOST_NAME 256
|
||||||
|
|
||||||
/* status bit manipulation */
|
/* status bit manipulation */
|
||||||
#define __ISSETF(what, x, prefix) \
|
#define __ISSETF(what, x, prefix) \
|
||||||
((what)->status & prefix##_##x)
|
((what)->status & prefix##_##x)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue