From 70249d5687c6020064b70431e115fe1c0161cfa3 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Mon, 30 Jun 2003 13:07:36 +0000 Subject: * cygheap.h (enum impersonation): New enum. (cygheap_user::token): Delete. (cygheap_user::impersonated): Delete. (cygheap_user::external_token): New member. (cygheap_user::internal_token): New member. (cygheap_user::impersonation_state): New member. (cygheap_user::issetuid): Modify. (cygheap_user::token): New method. (cygheap_user::deimpersonate): New method. (cygheap_user::reimpersonate): New method. (cygheap_user::has_impersonation_tokens): New method. (cygheap_user::close_impersonation_tokens): New method. * dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods. * fhandler_socket.cc (fhandler_socket::dup): Ditto. * fork.cc (fork_child): Ditto. (fork_parent): Ditto. * grp.cc (internal_getgroups): Ditto. * security.cc (verify_token): Ditto. (check_file_access): Ditto. (cygwin_set_impersonation_token): Detect conflicts. Set user.external_token. * spawn.cc (spawn_guts): Use new cygheap_user methods. * syscalls.cc (seteuid32): Rearrange to use the two tokens in cygheap_user. (setegid32): Use new cygheap_user methods. * uinfo.cc: (internal_getlogin): Ditto. --- winsup/cygwin/security.cc | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'winsup/cygwin/security.cc') diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 7bae8f4c7..5ccf37e3d 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -70,10 +70,16 @@ extern "C" void cygwin_set_impersonation_token (const HANDLE hToken) { debug_printf ("set_impersonation_token (%d)", hToken); - if (cygheap->user.token != hToken) + if (cygheap->user.impersonation_state == IMP_EXTERNAL + && cygheap->user.external_token != hToken) { - cygheap->user.token = hToken; - cygheap->user.impersonated = FALSE; + set_errno (EPERM); + return; + } + else + { + cygheap->user.external_token = hToken; + return; } } @@ -717,7 +723,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern) if (pintern) { TOKEN_SOURCE ts; - if (!GetTokenInformation (cygheap->user.token, TokenSource, + if (!GetTokenInformation (token, TokenSource, &ts, sizeof ts, &size)) debug_printf ("GetTokenInformation(): %E"); else @@ -1906,7 +1912,7 @@ check_file_access (const char *fn, int flags) goto done; if (cygheap->user.issetuid ()) - hToken = cygheap->user.token; + hToken = cygheap->user.token (); else if (!OpenProcessToken (hMainProc, TOKEN_DUPLICATE, &hToken)) { __seterrno (); @@ -1914,7 +1920,7 @@ check_file_access (const char *fn, int flags) } if (!(status = DuplicateToken (hToken, SecurityIdentification, &hIToken))) __seterrno (); - if (hToken != cygheap->user.token) + if (!cygheap->user.issetuid ()) CloseHandle (hToken); if (!status) goto done; -- cgit v1.2.3