diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2002-07-29 12:51:52 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2002-07-29 12:51:52 +0000 |
| commit | 5519d54352e7bdc6d77186cef46dbafc86946bcf (patch) | |
| tree | 7b69706b4f2ed5aa997ddff5a367d757bb7afb8e /winsup/cygwin/syscalls.cc | |
| parent | eb5720f25501cd7e9b8115bb0220bef058bb5afd (diff) | |
| download | cygnal-5519d54352e7bdc6d77186cef46dbafc86946bcf.tar.gz cygnal-5519d54352e7bdc6d77186cef46dbafc86946bcf.tar.bz2 cygnal-5519d54352e7bdc6d77186cef46dbafc86946bcf.zip | |
* security.cc: Change some formatting.
* include/cygwin/version.h: Bump API minor version.
* cygheap.h (class cygheap_user): Add member groups.
* security.h (class cygsidlist): Add members type and maxcount,
methods position, addfromgr, alloc_sids and free_sids and
operator+= (const PSID psid). Modify contains () to call
position () and optimize add () to use maxcount.
(class user_groups): Create.
Update declarations of verify_token and create_token.
* security.cc (cygsidlist::alloc_sids): New.
(cygsidlist::free_sids): New.
(get_token_group_sidlist): Create from get_group_sidlist.
(get_initgroups_sidlist): Create from get_group_sidlist.
(get_group_sidlist): Suppress.
(get_setgroups_sidlist): Create.
(verify_token): Modify arguments. Add setgroups case.
(create_token): Modify arguments. Call get_initgroups_sidlist and
get_setgroups_sidlist as needed. Set SE_GROUP_LOGON_ID from auth_pos
outside of the loop. Rename the various group sid lists consistently.
* syscalls.cc (seteuid32): Modify to use cygheap->user.groups.
(setegid32): Call cygheap->user.groups.update_pgrp.
* grp.cc (setgroups): Create.
(setgroups32): Create.
* uinfo.cc (internal_getlogin): Initialize and update user.groups.pgsid.
* cygwin.din: Add setgroups and setgroups32.
Diffstat (limited to 'winsup/cygwin/syscalls.cc')
| -rw-r--r-- | winsup/cygwin/syscalls.cc | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index 018f67dc6..2dc5f1776 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -1958,9 +1958,8 @@ seteuid32 (__uid32_t uid) debug_printf ("uid: %d myself->gid: %d", uid, myself->gid); if (!wincap.has_security () - || (!cygheap->user.issetuid () - && uid == myself->uid - && myself->gid == cygheap->user.orig_gid) + || (uid == myself->uid + && !cygheap->user.groups.ischanged) || uid == ILLEGAL_UID) { debug_printf ("Nothing happens"); @@ -1968,7 +1967,8 @@ seteuid32 (__uid32_t uid) } sigframe thisframe (mainthread); - cygsid usersid, pgrpsid; + cygsid usersid; + user_groups &groups = cygheap->user.groups; HANDLE ptok, sav_token; BOOL sav_impersonated, sav_token_is_internal_token; BOOL process_ok, explicitly_created_token = FALSE; @@ -1976,8 +1976,7 @@ seteuid32 (__uid32_t uid) PSID origpsid, psid2 = NO_SID; pw_new = getpwuid32 (uid); - if (!usersid.getfrompw (pw_new) || - (!pgrpsid.getfromgr (getgrgid32 (myself->gid)))) + if (!usersid.getfrompw (pw_new)) { set_errno (EINVAL); return -1; @@ -1995,7 +1994,7 @@ seteuid32 (__uid32_t uid) /* Verify if the process token is suitable. Currently we do not try to differentiate between internal tokens and others */ - process_ok = verify_token (ptok, usersid, pgrpsid); + process_ok = verify_token (ptok, usersid, groups); debug_printf("Process token %sverified", process_ok ? "" : "not "); if (process_ok) { @@ -2011,8 +2010,8 @@ seteuid32 (__uid32_t uid) if (!process_ok && cygheap->user.token != INVALID_HANDLE_VALUE) { /* Verify if the current tokem is suitable */ - BOOL token_ok = verify_token (cygheap->user.token, usersid, pgrpsid, - & sav_token_is_internal_token); + BOOL token_ok = verify_token (cygheap->user.token, usersid, groups, + &sav_token_is_internal_token); debug_printf("Thread token %d %sverified", cygheap->user.token, token_ok?"":"not "); if (!token_ok) @@ -2048,7 +2047,7 @@ seteuid32 (__uid32_t uid) { /* If no impersonation token is available, try to authenticate using NtCreateToken() or subauthentication. */ - cygheap->user.token = create_token (usersid, pgrpsid, pw_new); + cygheap->user.token = create_token (usersid, groups, pw_new); if (cygheap->user.token != INVALID_HANDLE_VALUE) explicitly_created_token = TRUE; else @@ -2076,7 +2075,7 @@ seteuid32 (__uid32_t uid) /* Try setting primary group in token to current group */ if (!SetTokenInformation (cygheap->user.token, TokenPrimaryGroup, - &pgrpsid, sizeof pgrpsid)) + &groups.pgsid, sizeof(cygsid))) debug_printf ("SetTokenInformation(user.token, " "TokenPrimaryGroup): %E"); } @@ -2098,6 +2097,7 @@ seteuid32 (__uid32_t uid) cygheap->user.set_name (pw_new->pw_name); cygheap->user.set_sid (usersid); myself->uid = uid; + groups.ischanged = FALSE; return 0; failed: @@ -2142,6 +2142,7 @@ setegid32 (__gid32_t gid) return 0; sigframe thisframe (mainthread); + user_groups * groups = &cygheap->user.groups; cygsid gsid; HANDLE ptok; @@ -2153,6 +2154,7 @@ setegid32 (__gid32_t gid) } myself->gid = gid; + groups->update_pgrp (gsid); /* If impersonated, update primary group and revert */ if (cygheap->user.issetuid ()) { |