From 7b9a10a60c6a3e921316d708b09219ed1813b506 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Wed, 23 May 2001 15:49:22 +0000 Subject: [PATCH] * syscalls.cc (seteuid): Restrict overriding external provided user tokens to ntsec. Don't test external tokens for primary group to evaluate if it should be overridden. Restrict creating internal tokens to ntsec. --- winsup/cygwin/ChangeLog | 7 +++++++ winsup/cygwin/syscalls.cc | 34 +++++++++++++++++++++------------- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 962070994..7ccbbb12c 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,10 @@ +Wed May 23 17:45:00 2001 Corinna Vinschen + + * syscalls.cc (seteuid): Restrict overriding external provided + user tokens to ntsec. Don't test external tokens for primary + group to evaluate if it should be overridden. Restrict creating + internal tokens to ntsec. + Wed May 23 10:11:00 2001 Corinna Vinschen * syscalls.cc (chown_worker): Don't check for ENOSYS. diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index 6eb9ee1b2..a4252532f 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -1980,6 +1980,7 @@ seteuid (uid_t uid) DWORD siz; HANDLE sav_token = INVALID_HANDLE_VALUE; BOOL sav_impersonation; + BOOL current_token_is_internal_token = FALSE; BOOL explicitely_created_token = FALSE; struct group *gr = getgrgid (myself->gid); @@ -1988,9 +1989,10 @@ seteuid (uid_t uid) usersid.getfrompw (pw_new); pgrpsid.getfromgr (gr); + /* Only when ntsec is ON! */ /* Check if new user == user of impersonation token and - - if available - new pgrp == pgrp of impersonation token. */ - if (cygheap->user.token != INVALID_HANDLE_VALUE) + - if reasonable - new pgrp == pgrp of impersonation token. */ + if (allow_ntsec && cygheap->user.token != INVALID_HANDLE_VALUE) { if (!GetTokenInformation (cygheap->user.token, TokenUser, &tok_usersid, sizeof tok_usersid, &siz)) @@ -2004,8 +2006,19 @@ seteuid (uid_t uid) debug_printf ("GetTokenInformation(): %E"); tok_pgrpsid = NO_SID; } + /* Check if the current user token was internally created. */ + TOKEN_SOURCE ts; + if (!GetTokenInformation (cygheap->user.token, TokenSource, + &ts, sizeof ts, &siz)) + debug_printf ("GetTokenInformation(): %E"); + else if (!memcmp (ts.SourceName, "Cygwin.1", 8)) + current_token_is_internal_token = TRUE; if ((usersid && tok_usersid && usersid != tok_usersid) || - (pgrpsid && tok_pgrpsid && pgrpsid != tok_pgrpsid)) + /* Check for pgrp only if current token is an internal + token. Otherwise the external provided token is + very likely overwritten here. */ + (current_token_is_internal_token && + pgrpsid && tok_pgrpsid && pgrpsid != tok_pgrpsid)) { /* If not, RevertToSelf and close old token. */ debug_printf ("tsid != usersid"); @@ -2017,9 +2030,10 @@ seteuid (uid_t uid) } } + /* Only when ntsec is ON! */ /* If no impersonation token is available, try to authenticate using NtCreateToken() or subauthentication. */ - if (cygheap->user.token == INVALID_HANDLE_VALUE) + if (allow_ntsec && cygheap->user.token == INVALID_HANDLE_VALUE) { HANDLE ptok = INVALID_HANDLE_VALUE; @@ -2036,15 +2050,9 @@ seteuid (uid_t uid) { cygwin_set_impersonation_token (ptok); /* If sav_token was internally created, destroy it. */ - if (sav_token != INVALID_HANDLE_VALUE) - { - TOKEN_SOURCE ts; - if (!GetTokenInformation (sav_token, TokenSource, - &ts, sizeof ts, &siz)) - debug_printf ("GetTokenInformation(): %E"); - else if (!memcmp (ts.SourceName, "Cygwin.1", 8)) - CloseHandle (sav_token); - } + if (sav_token != INVALID_HANDLE_VALUE && + current_token_is_internal_token) + CloseHandle (sav_token); } else if (sav_token != INVALID_HANDLE_VALUE) cygheap->user.token = sav_token;