* cygheap.h (class cygheap_user): Use INVALID_HANDLE_VALUE as invalid

value for tokens. * syscalls.cc (seteuid32): Ditto. Set new_token to process token if process token is suitable. * uinfo.cc (uinfo_init): Initialize tokens in cygheap user info to INVALID_HANDLE_VALUE. * cygheap.h (enum impersonation): Delete. (cygheap_user::impersonation_state): Delete. (cygheap_user::current_token): New. (cygheap_user::issetuid): Modify to use current_token. (cygheap_user::token): Ditto. (cygheap_user::deimpersonate): Ditto. (cygheap_user::reimpersonate): Ditto. (cygheap_user::has_impersonation_tokens): Ditto. (cygheap_user::close_impersonation_tokens): Ditto. * security.cc (cygwin_set_impersonation_token): Always set the token. (verify_token): Change type of gsid to cygpsid. (get_file_attribute): Use the effective ids. * syscalls.cc (seteuid32): Modify to use cygheap_user::current_token. * uinfo.cc (uinfo_init) Do not set cygheap->user.impersonation_state.
author: Corinna Vinschen <corinna@vinschen.de> 2003-07-14 17:04:21 +0000
committer: Corinna Vinschen <corinna@vinschen.de> 2003-07-14 17:04:21 +0000
commit: ea3ba114990eb77ddf74d054bd01418ca580cb0b (patch)
tree: 837c0867009718e779809c4b328212fab4abb4fc /winsup/cygwin/syscalls.cc
parent: 9ff631a70c520489af06cce5127b9dd5c6e512fe (diff)
download: cygnal-ea3ba114990eb77ddf74d054bd01418ca580cb0b.tar.gz
cygnal-ea3ba114990eb77ddf74d054bd01418ca580cb0b.tar.bz2
cygnal-ea3ba114990eb77ddf74d054bd01418ca580cb0b.zip
1 files changed, 52 insertions, 71 deletions
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index 684a83705..b95c93999 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -2058,7 +2058,6 @@ seteuid32 (__uid32_t uid)
   HANDLE ptok, new_token = INVALID_HANDLE_VALUE;
   struct passwd * pw_new;
   PSID origpsid, psid2 = NO_SID;
-  enum impersonation new_state = IMP_BAD;
   BOOL token_is_internal;
 
   pw_new = internal_getpwuid (uid);
@@ -2079,48 +2078,47 @@ seteuid32 (__uid32_t uid)
 
   /* Verify if the process token is suitable. */
   if (verify_token (ptok, usersid, groups))
-    new_state = IMP_NONE;
-  /* Verify if a current token is suitable */
-  else if (cygheap->user.external_token
+    new_token = ptok;
+  /* Verify if the external token is suitable */
+  else if (cygheap->user.external_token != INVALID_HANDLE_VALUE
 	   && verify_token (cygheap->user.external_token, usersid, groups))
-    {
-      new_token = cygheap->user.external_token;
-      new_state = IMP_EXTERNAL;
-    }
-  else if (cygheap->user.internal_token
+    new_token = cygheap->user.external_token;
+  /* Verify if the current token (internal or former external) is suitable */
+  else if (cygheap->user.current_token != INVALID_HANDLE_VALUE
+	   && cygheap->user.current_token != cygheap->user.external_token
+	   && verify_token (cygheap->user.current_token, usersid, groups,
+			    &token_is_internal))
+    new_token = cygheap->user.current_token;
+  /* Verify if the internal token is suitable */
+  else if (cygheap->user.internal_token != INVALID_HANDLE_VALUE
+	   && cygheap->user.internal_token != cygheap->user.current_token
 	   && verify_token (cygheap->user.internal_token, usersid, groups,
 			    &token_is_internal))
-    {
-      new_token = cygheap->user.internal_token;
-      new_state = IMP_INTERNAL;
-    }
+    new_token = cygheap->user.internal_token;
 
-  debug_printf ("New token %d, state %d", new_token, new_state);
-  /* Return if current token is valid */
-  if (cygheap->user.impersonation_state == new_state)
-    {
-      cygheap->user.reimpersonate ();
-      goto success; /* No change */
-    }
+  debug_printf ("Found token %d", new_token);
 
   /* Set process def dacl to allow access to impersonated token */
-  char dacl_buf[MAX_DACL_LEN (5)];
-  if (usersid != (origpsid = cygheap->user.orig_sid ()))
-    psid2 = usersid;
-  if (sec_acl ((PACL) dacl_buf, FALSE, origpsid, psid2))
+  if (cygheap->user.current_token != new_token)
     {
-      TOKEN_DEFAULT_DACL tdacl;
-      tdacl.DefaultDacl = (PACL) dacl_buf;
-      if (!SetTokenInformation (ptok, TokenDefaultDacl,
-				&tdacl, sizeof dacl_buf))
-	debug_printf ("SetTokenInformation"
-		      "(TokenDefaultDacl): %E");
+      char dacl_buf[MAX_DACL_LEN (5)];
+      if (usersid != (origpsid = cygheap->user.orig_sid ()))
+	psid2 = usersid;
+      if (sec_acl ((PACL) dacl_buf, FALSE, origpsid, psid2))
+        {
+	  TOKEN_DEFAULT_DACL tdacl;
+	  tdacl.DefaultDacl = (PACL) dacl_buf;
+	  if (!SetTokenInformation (ptok, TokenDefaultDacl,
+				    &tdacl, sizeof dacl_buf))
+	    debug_printf ("SetTokenInformation"
+			  "(TokenDefaultDacl): %E");
+	}
     }
 
-  if (new_state == IMP_BAD)
+  /* If no impersonation token is available, try to
+     authenticate using NtCreateToken () or subauthentication. */
+  if (new_token == INVALID_HANDLE_VALUE)
     {
-      /* If no impersonation token is available, try to
-	 authenticate using NtCreateToken () or subauthentication. */
       new_token = create_token (usersid, groups, pw_new);
       if (new_token == INVALID_HANDLE_VALUE)
 	{
@@ -2130,48 +2128,31 @@ seteuid32 (__uid32_t uid)
 	  if (new_token == INVALID_HANDLE_VALUE)
 	    goto failed;
 	}
-      new_state = IMP_INTERNAL;
-    }
-
-  /* If using the token, set info and impersonate */
-  if (new_state != IMP_NONE)
-    {
-      /* If the token was explicitly created, all information has
-	 already been set correctly. */
-      if (new_state == IMP_EXTERNAL)
-	{
-	  /* Try setting owner to same value as user. */
-	  if (!SetTokenInformation (new_token, TokenOwner,
-				    &usersid, sizeof usersid))
-	    debug_printf ("SetTokenInformation(user.token, "
-			  "TokenOwner): %E");
-	  /* Try setting primary group in token to current group */
-	  if (!SetTokenInformation (new_token,
-				    TokenPrimaryGroup,
-				    &groups.pgsid, sizeof (cygsid)))
-	    debug_printf ("SetTokenInformation(user.token, "
-			  "TokenPrimaryGroup): %E");
-	}
-      /* Try to impersonate. */
-      if (!ImpersonateLoggedOnUser (new_token))
-	{
-	  debug_printf ("ImpersonateLoggedOnUser %E");
-	  __seterrno ();
-	  goto failed;
-	}
       /* Keep at most one internal token */
-      if (new_state == IMP_INTERNAL)
-        {
-	  if (cygheap->user.internal_token)
-	    CloseHandle (cygheap->user.internal_token);
-	  cygheap->user.internal_token = new_token;
-	}
+      if (cygheap->user.internal_token != INVALID_HANDLE_VALUE)
+	CloseHandle (cygheap->user.internal_token);
+      cygheap->user.internal_token = new_token;
+    }
+  else if (new_token != ptok)
+    {
+      /* Try setting owner to same value as user. */
+      if (!SetTokenInformation (new_token, TokenOwner,
+				&usersid, sizeof usersid))
+	debug_printf ("SetTokenInformation(user.token, "
+		      "TokenOwner): %E");
+      /* Try setting primary group in token to current group */
+      if (!SetTokenInformation (new_token,
+				TokenPrimaryGroup,
+				&groups.pgsid, sizeof (cygsid)))
+	debug_printf ("SetTokenInformation(user.token, "
+		      "TokenPrimaryGroup): %E");
     }
-  cygheap->user.set_sid (usersid);
 
-success:
   CloseHandle (ptok);
-  cygheap->user.impersonation_state = new_state;
+  cygheap->user.set_sid (usersid);
+  cygheap->user.current_token = new_token == ptok ? INVALID_HANDLE_VALUE
+						  : new_token;
+  cygheap->user.reimpersonate ();
 success_9x:
   cygheap->user.set_name (pw_new->pw_name);
   myself->uid = uid;
author	Corinna Vinschen <corinna@vinschen.de>	2003-07-14 17:04:21 +0000
committer	Corinna Vinschen <corinna@vinschen.de>	2003-07-14 17:04:21 +0000
commit	ea3ba114990eb77ddf74d054bd01418ca580cb0b (patch)
tree	837c0867009718e779809c4b328212fab4abb4fc /winsup/cygwin/syscalls.cc
parent	9ff631a70c520489af06cce5127b9dd5c6e512fe (diff)
download	cygnal-ea3ba114990eb77ddf74d054bd01418ca580cb0b.tar.gz cygnal-ea3ba114990eb77ddf74d054bd01418ca580cb0b.tar.bz2 cygnal-ea3ba114990eb77ddf74d054bd01418ca580cb0b.zip