* cygwin.din: Define symbols for `cygwin_logon_user' and

`cygwin_set_impersonation_token'. * dcrt0.cc (dll_crt0_1): Eliminate superfluous conditional statements. Add load statements for `ImpersonateLoggedOnUser', `LogonUserA' and `RevertToSelf'. * fork.cc (fork): Care for correct impersonation of parent and child process. * security.cc (cygwin_set_impersonation_token): New function. (cygwin_logon_user): Ditto. shared.h (class pinfo): New members `orig_uid', `orig_gid', `real_uid' nad `real_gid'. spawn.cc (spawn_guts): Care for impersonation when starting child process in a different user context. * syscalls.cc (setgid): Call `setegid' now. Set real_gid. (setuid): Call `seteuid' now. Set real_uid. (seteuid): Functionality moved from setuid to here. Care for correct impersonation. (setegid): Functionality moved from setgid to here. * uinfo.cc (uinfo_init): Initialization of additional pinfo members. (getuid): Return real uid. (getgid): Return real gid. (geteuid): Return effective uid. (getegid): Return effective gid. include/sys/cygwin.h: Add prototypes for `cygwin_logon_user' and `cygwin_set_impersonation_token'. include/cygwin/version.h: Bumb API minor version to 22.
author: Corinna Vinschen <corinna@vinschen.de> 2000-06-16 19:36:07 +0000
committer: Corinna Vinschen <corinna@vinschen.de> 2000-06-16 19:36:07 +0000
commit: 64b3062937b791faafddc02e9d38102a75b37a7a (patch)
tree: 48895becfe9d6a9816a99573c1dd716878d67fa4 /winsup/cygwin/syscalls.cc
parent: 3875d9e65223107ecc5ee8ce7f6510e092779da9 (diff)
download: cygnal-64b3062937b791faafddc02e9d38102a75b37a7a.tar.gz
cygnal-64b3062937b791faafddc02e9d38102a75b37a7a.tar.bz2
cygnal-64b3062937b791faafddc02e9d38102a75b37a7a.zip
1 files changed, 58 insertions, 26 deletions
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index d2eeab0d4..6c40cc153 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -1797,30 +1797,31 @@ extern "C"
 int
 setgid (gid_t gid)
 {
-  if (os_being_run == winNT)
-    {
-      if (gid != (gid_t) -1)
-        {
-          if (!getgrgid (gid))
-            {
-              set_errno (EINVAL);
-              return -1;
-            }
-          myself->gid = gid;
-        }
-    }
-  else
-    set_errno (ENOSYS);
-  return 0;
+  int ret = setegid (gid);
+  if (!ret)
+    myself->real_gid = myself->gid;
+  return ret;
 }
 
-extern char *internal_getlogin (struct pinfo *pi);
-
 /* setuid: POSIX 4.2.2.1 */
 extern "C"
 int
 setuid (uid_t uid)
 {
+  int ret = seteuid (uid);
+  if (!ret)
+    myself->real_uid = myself->uid;
+  debug_printf ("real: %d, effective: %d", myself->real_uid, myself->uid);
+  return ret;
+}
+
+extern char *internal_getlogin (struct pinfo *pi);
+
+/* seteuid: standards? */
+extern "C"
+int
+seteuid (uid_t uid)
+{
   if (os_being_run == winNT)
     {
       if (uid != (uid_t) -1)
@@ -1832,11 +1833,35 @@ setuid (uid_t uid)
               return -1;
             }
 
+          if (uid != myself->uid)
+            if (uid == myself->orig_uid)
+              {
+                debug_printf ("RevertToSelf() (uid == orig_uid, token=%d)",
+                              myself->token);
+                RevertToSelf();
+                if (myself->token != INVALID_HANDLE_VALUE)
+                  myself->impersonated = FALSE;
+              }
+            else if (!myself->impersonated)
+              {
+                debug_printf ("Impersonate(uid == %d)", uid);
+                RevertToSelf();
+                if (myself->token != INVALID_HANDLE_VALUE)
+                  if (!ImpersonateLoggedOnUser (myself->token))
+                    system_printf ("Impersonate(%d) in set(e)uid failed: %E",
+                                   myself->token);
+                  else
+                    myself->impersonated = TRUE;
+              }
+
           struct pinfo pi;
           pi.psid = (PSID) pi.sidbuf;
           struct passwd *pw_cur = getpwnam (internal_getlogin (&pi));
           if (pw_cur != pw_new)
             {
+              debug_printf ("Diffs!!! token: %d, cur: %d, new: %d, orig: %d",
+                            myself->token, pw_cur->pw_uid,
+                            pw_new->pw_uid, myself->orig_uid);
               set_errno (EPERM);
               return -1;
             }
@@ -1849,23 +1874,30 @@ setuid (uid_t uid)
     }
   else
     set_errno (ENOSYS);
+  debug_printf ("real: %d, effective: %d", myself->real_uid, myself->uid);
   return 0;
 }
 
-/* seteuid: standards? */
-extern "C"
-int
-seteuid (uid_t uid)
-{
-  return setuid (uid);
-}
-
 /* setegid: from System V.  */
 extern "C"
 int
 setegid (gid_t gid)
 {
-  return setgid (gid);
+  if (os_being_run == winNT)
+    {
+      if (gid != (gid_t) -1)
+        {
+          if (!getgrgid (gid))
+            {
+              set_errno (EINVAL);
+              return -1;
+            }
+          myself->gid = gid;
+        }
+    }
+  else
+    set_errno (ENOSYS);
+  return 0;
 }
 
 /* chroot: privileged Unix system call.  */
author	Corinna Vinschen <corinna@vinschen.de>	2000-06-16 19:36:07 +0000
committer	Corinna Vinschen <corinna@vinschen.de>	2000-06-16 19:36:07 +0000
commit	64b3062937b791faafddc02e9d38102a75b37a7a (patch)
tree	48895becfe9d6a9816a99573c1dd716878d67fa4 /winsup/cygwin/syscalls.cc
parent	3875d9e65223107ecc5ee8ce7f6510e092779da9 (diff)
download	cygnal-64b3062937b791faafddc02e9d38102a75b37a7a.tar.gz cygnal-64b3062937b791faafddc02e9d38102a75b37a7a.tar.bz2 cygnal-64b3062937b791faafddc02e9d38102a75b37a7a.zip