* security.h (open_local_policy): Remove declaration.

(lsa_open_policy): Declare.
	(lsa_close_policy): Declare.
	* sec_auth.cc (lsa_open_policy): Rename from open_local_policy.  Take
	server name as parameter.  Return NULL in case of error, rather than
	INVALID_HANDLE_VALUE.
	(lsa_close_policy): Rename from close_local_policy.  Make externally
	available.  Get handle by value.
	(create_token): Convert call to open_local_policy/close_local_policy
	according to aforementioned changes.
	(lsaauth): Ditto.
	(lsaprivkeyauth): Ditto.
	* setlsapwd.cc (setlsapwd): Ditto.
This commit is contained in:
Corinna Vinschen 2014-01-23 17:02:30 +00:00
parent 6485b9c274
commit 76e4f83fc6
4 changed files with 44 additions and 25 deletions

View File

@ -1,3 +1,19 @@
2014-01-23 Corinna Vinschen <corinna@vinschen.de>
* security.h (open_local_policy): Remove declaration.
(lsa_open_policy): Declare.
(lsa_close_policy): Declare.
* sec_auth.cc (lsa_open_policy): Rename from open_local_policy. Take
server name as parameter. Return NULL in case of error, rather than
INVALID_HANDLE_VALUE.
(lsa_close_policy): Rename from close_local_policy. Make externally
available. Get handle by value.
(create_token): Convert call to open_local_policy/close_local_policy
according to aforementioned changes.
(lsaauth): Ditto.
(lsaprivkeyauth): Ditto.
* setlsapwd.cc (setlsapwd): Ditto.
2014-01-22 Corinna Vinschen <corinna@vinschen.de> 2014-01-22 Corinna Vinschen <corinna@vinschen.de>
* path.cc (etc::test_file_change): In case of NtQueryFullAttributesFile * path.cc (etc::test_file_change): In case of NtQueryFullAttributesFile

View File

@ -1,7 +1,7 @@
/* sec_auth.cc: NT authentication functions /* sec_auth.cc: NT authentication functions
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc. 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
This file is part of Cygwin. This file is part of Cygwin.
@ -191,28 +191,32 @@ str2buf2lsa (LSA_STRING &tgt, char *buf, const char *srcstr)
} }
HANDLE HANDLE
open_local_policy (ACCESS_MASK access) lsa_open_policy (PWCHAR server, ACCESS_MASK access)
{ {
LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; LSA_UNICODE_STRING srvbuf;
HANDLE lsa = INVALID_HANDLE_VALUE; PLSA_UNICODE_STRING srv = NULL;
static LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
HANDLE lsa;
NTSTATUS status = LsaOpenPolicy (NULL, &oa, access, &lsa); if (server)
{
srv = &srvbuf;
RtlInitUnicodeString (srv, server);
}
NTSTATUS status = LsaOpenPolicy (srv, &oa, access, &lsa);
if (!NT_SUCCESS (status)) if (!NT_SUCCESS (status))
{ {
__seterrno_from_nt_status (status); __seterrno_from_nt_status (status);
/* Some versions of Windows set the lsa handle to NULL when lsa = NULL;
LsaOpenPolicy fails. */
lsa = INVALID_HANDLE_VALUE;
} }
return lsa; return lsa;
} }
static void void
close_local_policy (LSA_HANDLE &lsa) lsa_close_policy (HANDLE lsa)
{ {
if (lsa != INVALID_HANDLE_VALUE) if (lsa)
LsaClose (lsa); LsaClose (lsa);
lsa = INVALID_HANDLE_VALUE;
} }
bool bool
@ -836,7 +840,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
push_self_privilege (SE_CREATE_TOKEN_PRIVILEGE, true); push_self_privilege (SE_CREATE_TOKEN_PRIVILEGE, true);
/* Open policy object. */ /* Open policy object. */
if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE) if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE)))
goto out; goto out;
/* User, owner, primary group. */ /* User, owner, primary group. */
@ -954,7 +958,7 @@ out:
free (privs); free (privs);
if (my_tok_gsids) if (my_tok_gsids)
free (my_tok_gsids); free (my_tok_gsids);
close_local_policy (lsa); lsa_close_policy (lsa);
debug_printf ("%p = create_token ()", primary_token); debug_printf ("%p = create_token ()", primary_token);
return primary_token; return primary_token;
@ -1021,7 +1025,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
} }
/* Open policy object. */ /* Open policy object. */
if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE) if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE)))
goto out; goto out;
/* Create origin. */ /* Create origin. */
@ -1192,7 +1196,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
out: out:
if (privs) if (privs)
free (privs); free (privs);
close_local_policy (lsa); lsa_close_policy (lsa);
if (lsa_hdl) if (lsa_hdl)
LsaDeregisterLogonProcess (lsa_hdl); LsaDeregisterLogonProcess (lsa_hdl);
pop_self_privilege (); pop_self_privilege ();
@ -1220,8 +1224,7 @@ lsaprivkeyauth (struct passwd *pw)
push_self_privilege (SE_TCB_PRIVILEGE, true); push_self_privilege (SE_TCB_PRIVILEGE, true);
/* Open policy object. */ /* Open policy object. */
if ((lsa = open_local_policy (POLICY_GET_PRIVATE_INFORMATION)) if (!(lsa = lsa_open_policy (NULL, POLICY_GET_PRIVATE_INFORMATION)))
== INVALID_HANDLE_VALUE)
goto out; goto out;
/* Needed for Interix key and LogonUser. */ /* Needed for Interix key and LogonUser. */
@ -1263,7 +1266,7 @@ lsaprivkeyauth (struct passwd *pw)
token = get_full_privileged_inheritable_token (token); token = get_full_privileged_inheritable_token (token);
out: out:
close_local_policy (lsa); lsa_close_policy (lsa);
pop_self_privilege (); pop_self_privilege ();
return token; return token;
} }

View File

@ -1,7 +1,7 @@
/* security.h: security declarations /* security.h: security declarations
Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
2011, 2012, 2013 Red Hat, Inc. 2011, 2012, 2013, 2014 Red Hat, Inc.
This file is part of Cygwin. This file is part of Cygwin.
@ -416,7 +416,8 @@ void extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user);
/* Get default logonserver for a domain. */ /* Get default logonserver for a domain. */
bool get_logon_server (PWCHAR domain, PWCHAR wserver, bool rediscovery); bool get_logon_server (PWCHAR domain, PWCHAR wserver, bool rediscovery);
HANDLE open_local_policy (ACCESS_MASK access); HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access);
void lsa_close_policy (HANDLE lsa);
/* sec_helper.cc: Security helper functions. */ /* sec_helper.cc: Security helper functions. */
int set_privilege (HANDLE token, DWORD privilege, bool enable); int set_privilege (HANDLE token, DWORD privilege, bool enable);

View File

@ -1,6 +1,6 @@
/* setlsapwd.cc: Set LSA private data password for current user. /* setlsapwd.cc: Set LSA private data password for current user.
Copyright 2008, 2009, 2011 Red Hat, Inc. Copyright 2008, 2009, 2011, 2014 Red Hat, Inc.
This file is part of Cygwin. This file is part of Cygwin.
@ -71,8 +71,7 @@ setlsapwd (const char *passwd, const char *username)
if (data_buf) if (data_buf)
RtlInitUnicodeString (&data, data_buf); RtlInitUnicodeString (&data, data_buf);
/* First try it locally. Works for admin accounts. */ /* First try it locally. Works for admin accounts. */
if ((lsa = open_local_policy (POLICY_CREATE_SECRET)) if (!(lsa = lsa_open_policy (NULL, POLICY_CREATE_SECRET)))
!= INVALID_HANDLE_VALUE)
{ {
NTSTATUS status = LsaStorePrivateData (lsa, &key, NTSTATUS status = LsaStorePrivateData (lsa, &key,
data.Length ? &data : NULL); data.Length ? &data : NULL);
@ -83,7 +82,7 @@ setlsapwd (const char *passwd, const char *username)
ret = 0; ret = 0;
else else
__seterrno_from_nt_status (status); __seterrno_from_nt_status (status);
LsaClose (lsa); lsa_close_policy (lsa);
} }
else if (ret && !username) else if (ret && !username)
{ {