* autoload.cc (Wow64DisableWow64FsRedirection): Define.
(Wow64RevertWow64FsRedirection): Define. * security.cc (cygsuba_installed): New shared variable to store result of cygsuba.dll installation test. (subauth): Check if cygsuba.dll has been installed and registered before issuing the (sub)authentication.
This commit is contained in:
		
							parent
							
								
									208e95c2f2
								
							
						
					
					
						commit
						fb7dc2480c
					
				|  | @ -1,3 +1,12 @@ | ||||||
|  | 2006-10-13  Corinna Vinschen  <corinna@vinschen.de> | ||||||
|  | 
 | ||||||
|  | 	* autoload.cc (Wow64DisableWow64FsRedirection): Define. | ||||||
|  | 	(Wow64RevertWow64FsRedirection): Define. | ||||||
|  | 	* security.cc (cygsuba_installed): New shared variable to store result | ||||||
|  | 	of cygsuba.dll installation test. | ||||||
|  | 	(subauth): Check if cygsuba.dll has been installed and registered | ||||||
|  | 	before issuing the (sub)authentication. | ||||||
|  | 
 | ||||||
| 2006-10-12  Corinna Vinschen  <corinna@vinschen.de> | 2006-10-12  Corinna Vinschen  <corinna@vinschen.de> | ||||||
| 
 | 
 | ||||||
| 	* security.cc (create_token): Fix condition for source identifier. | 	* security.cc (create_token): Fix condition for source identifier. | ||||||
|  |  | ||||||
|  | @ -521,6 +521,8 @@ LoadDLLfuncEx (SetHandleInformation, 12, kernel32, 1) | ||||||
| LoadDLLfuncEx (SetProcessWorkingSetSize, 12, kernel32, 1) | LoadDLLfuncEx (SetProcessWorkingSetSize, 12, kernel32, 1) | ||||||
| LoadDLLfuncEx (SignalObjectAndWait, 16, kernel32, 1) | LoadDLLfuncEx (SignalObjectAndWait, 16, kernel32, 1) | ||||||
| LoadDLLfuncEx (SwitchToThread, 0, kernel32, 1) | LoadDLLfuncEx (SwitchToThread, 0, kernel32, 1) | ||||||
|  | LoadDLLfuncEx (Wow64DisableWow64FsRedirection, 4, kernel32, 1) | ||||||
|  | LoadDLLfuncEx (Wow64RevertWow64FsRedirection, 4, kernel32, 1) | ||||||
| 
 | 
 | ||||||
| LoadDLLfunc (SHGetDesktopFolder, 4, shell32) | LoadDLLfunc (SHGetDesktopFolder, 4, shell32) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -982,6 +982,20 @@ out: | ||||||
|   return primary_token; |   return primary_token; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | extern "C" | ||||||
|  | { | ||||||
|  |   BOOL WINAPI Wow64DisableWow64FsRedirection (PVOID *); | ||||||
|  |   BOOL WINAPI Wow64RevertWow64FsRedirection (PVOID); | ||||||
|  | }; | ||||||
|  | 
 | ||||||
|  | static enum | ||||||
|  | { | ||||||
|  |   not_tested, | ||||||
|  |   not_installed, | ||||||
|  |   installed | ||||||
|  | } cygsuba_installed __attribute__((section (".cygwin_dll_common"), shared)) | ||||||
|  |   = not_tested; | ||||||
|  | 
 | ||||||
| int subauth_id = 255; | int subauth_id = 255; | ||||||
| 
 | 
 | ||||||
| HANDLE | HANDLE | ||||||
|  | @ -1016,6 +1030,48 @@ subauth (struct passwd *pw) | ||||||
|   HANDLE user_token = NULL; |   HANDLE user_token = NULL; | ||||||
|   HANDLE primary_token = INVALID_HANDLE_VALUE; |   HANDLE primary_token = INVALID_HANDLE_VALUE; | ||||||
| 
 | 
 | ||||||
|  |   /* Check to see if cygsuba.dll has been registered and is present.  The
 | ||||||
|  |      idea here is to avoid authentication failure messages in the security | ||||||
|  |      event log for each logon attempt if cygsuba.dll hasn't been installed. | ||||||
|  |      The test is only made once per DLL life time, since installing and | ||||||
|  |      registering the subauthentication DLL requires reboot anyway. */ | ||||||
|  |   if (cygsuba_installed == not_installed) | ||||||
|  |     { | ||||||
|  |       debug_printf ("subauth not installed, exit subauth"); | ||||||
|  |       return INVALID_HANDLE_VALUE; | ||||||
|  |     } | ||||||
|  |   else if (cygsuba_installed == not_tested) | ||||||
|  |     { | ||||||
|  |       char auth_path[CYG_MAX_PATH]; | ||||||
|  | 
 | ||||||
|  |       cygsuba_installed = not_installed; | ||||||
|  |       __small_sprintf (auth_path, "/proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/" | ||||||
|  | 				  "CurrentControlSet/Control/Lsa/MSV1_0/Auth%d", | ||||||
|  | 				  subauth_id); | ||||||
|  |       if (access (auth_path, F_OK)) | ||||||
|  | 	{ | ||||||
|  | 	  debug_printf ("%s doesn't exist, exit subauth", auth_path); | ||||||
|  | 	  return INVALID_HANDLE_VALUE; | ||||||
|  | 	} | ||||||
|  |       /* On 64 bit systems the dll must be installed into the *real* system32
 | ||||||
|  | 	 directory so we have to switch off file system redirection. */ | ||||||
|  |       PVOID old_fsredir; | ||||||
|  |       DWORD attr = INVALID_FILE_ATTRIBUTES; | ||||||
|  |       Wow64DisableWow64FsRedirection (&old_fsredir); | ||||||
|  |       if (GetSystemDirectory (auth_path, CYG_MAX_PATH)) | ||||||
|  | 	{ | ||||||
|  | 	  strcat (auth_path, "\\cygsuba.dll"); | ||||||
|  | 	  attr = GetFileAttributes (auth_path); | ||||||
|  | 	} | ||||||
|  |       Wow64RevertWow64FsRedirection (old_fsredir); | ||||||
|  |       if (attr == INVALID_FILE_ATTRIBUTES) | ||||||
|  | 	{ | ||||||
|  | 	  debug_printf ("%s doesn't exist, exit subauth", auth_path); | ||||||
|  | 	  return INVALID_HANDLE_VALUE; | ||||||
|  | 	} | ||||||
|  |       cygsuba_installed = installed; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|   push_self_privilege (SE_TCB_PRIV, true); |   push_self_privilege (SE_TCB_PRIV, true); | ||||||
| 
 | 
 | ||||||
|   /* Register as logon process. */ |   /* Register as logon process. */ | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue