1 /* uinfo.cc: user info (uid, gid, etc...)
3 Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
4 2006, 2007, 2008 Red Hat, Inc.
6 This file is part of Cygwin.
8 This software is a copyrighted work licensed under the terms of the
9 Cygwin license. Please consult the file "CYGWIN_LICENSE" for
19 #include <sys/cygwin.h>
26 #include "shared_info.h"
28 #include "child_info.h"
34 /* Initialize the part of cygheap_user that does not depend on files.
35 The information is used in shared.cc for the user shared.
36 Final initialization occurs in uinfo_init */
40 WCHAR user_name[UNLEN + 1];
41 DWORD user_name_len = UNLEN + 1;
43 if (!GetUserNameW (user_name, &user_name_len))
44 wcpcpy (user_name, L"unknown");
46 char mb_user_name[user_name_len = sys_wcstombs (NULL, 0, user_name)];
47 sys_wcstombs (mb_user_name, user_name_len, user_name);
48 set_name (mb_user_name);
51 PSECURITY_DESCRIPTOR psd;
53 if (!GetTokenInformation (hProcToken, TokenPrimaryGroup,
54 &groups.pgsid, sizeof (cygsid), &siz))
55 system_printf ("GetTokenInformation (TokenPrimaryGroup), %E");
57 /* Get the SID from current process and store it in effec_cygsid */
58 if (!GetTokenInformation (hProcToken, TokenUser, &effec_cygsid,
59 sizeof (cygsid), &siz))
61 system_printf ("GetTokenInformation (TokenUser), %E");
65 /* Set token owner to the same value as token user */
66 if (!SetTokenInformation (hProcToken, TokenOwner, &effec_cygsid,
68 debug_printf ("SetTokenInformation(TokenOwner), %E");
70 /* Standard way to build a security descriptor with the usual DACL */
71 PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
72 psd = (PSECURITY_DESCRIPTOR)
73 (sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
75 BOOL acl_exists, dummy;
76 TOKEN_DEFAULT_DACL dacl;
77 if (GetSecurityDescriptorDacl (psd, &acl_exists, &dacl.DefaultDacl, &dummy)
78 && acl_exists && dacl.DefaultDacl)
82 /* Set the default DACL and the process DACL */
83 if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl,
85 system_printf ("SetTokenInformation (TokenDefaultDacl), %E");
86 if ((status = NtSetSecurityObject (NtCurrentProcess (),
87 DACL_SECURITY_INFORMATION, psd)))
88 system_printf ("NtSetSecurityObject, %lx", status);
91 system_printf("Cannot get dacl, %E");
95 internal_getlogin (cygheap_user &user)
97 struct passwd *pw = NULL;
99 cygpsid psid = user.sid ();
100 pw = internal_getpwsid (psid);
102 if (!pw && !(pw = internal_getpwnam (user.name ()))
103 && !(pw = internal_getpwuid (DEFAULT_UID)))
104 debug_printf ("user not found in augmented /etc/passwd");
109 myself->uid = pw->pw_uid;
110 myself->gid = pw->pw_gid;
111 user.set_name (pw->pw_name);
112 if (gsid.getfromgr (internal_getgrgid (pw->pw_gid)))
114 if (gsid != user.groups.pgsid)
116 /* Set primary group to the group in /etc/passwd. */
117 if (!SetTokenInformation (hProcToken, TokenPrimaryGroup,
119 debug_printf ("SetTokenInformation(TokenPrimaryGroup), %E");
121 user.groups.pgsid = gsid;
122 clear_procimptoken ();
126 debug_printf ("gsid not found in augmented /etc/group");
128 cygheap->user.ontherange (CH_HOME, pw);
134 if (child_proc_info && !cygheap->user.has_impersonation_tokens ())
137 if (!child_proc_info)
138 internal_getlogin (cygheap->user); /* Set the cygheap->user. */
139 /* Conditions must match those in spawn to allow starting child
140 processes with ruid != euid and rgid != egid. */
141 else if (cygheap->user.issetuid ()
142 && cygheap->user.saved_uid == cygheap->user.real_uid
143 && cygheap->user.saved_gid == cygheap->user.real_gid
144 && !cygheap->user.groups.issetgroups ()
145 && !cygheap->user.setuid_to_restricted)
147 cygheap->user.reimpersonate ();
151 cygheap->user.close_impersonation_tokens ();
153 cygheap->user.saved_uid = cygheap->user.real_uid = myself->uid;
154 cygheap->user.saved_gid = cygheap->user.real_gid = myself->gid;
155 cygheap->user.external_token = NO_IMPERSONATION;
156 cygheap->user.internal_token = NO_IMPERSONATION;
157 cygheap->user.curr_primary_token = NO_IMPERSONATION;
158 cygheap->user.curr_imp_token = NO_IMPERSONATION;
159 cygheap->user.ext_token_is_restricted = false;
160 cygheap->user.curr_token_is_restricted = false;
161 cygheap->user.setuid_to_restricted = false;
162 cygheap->user.set_saved_sid (); /* Update the original sid */
163 cygheap->user.deimpersonate ();
167 getlogin_r (char *name, size_t namesize)
169 char *login = getlogin ();
170 size_t len = strlen (login) + 1;
174 if (efault.faulted ())
176 strncpy (name, login, len);
183 return strcpy (_my_tls.locals.username, cygheap->user.name ());
189 return cygheap->user.real_uid;
195 return cygheap->user.real_uid;
201 return cygheap->user.real_gid;
207 return cygheap->user.real_gid;
234 /* Not quite right - cuserid can change, getlogin can't */
241 strcpy (src, getlogin ());
246 cygheap_user::ontherange (homebodies what, struct passwd *pw)
248 LPUSER_INFO_3 ui = NULL;
249 WCHAR wuser[UNLEN + 1];
251 char homedrive_env_buf[3];
252 char *newhomedrive = NULL;
253 char *newhomepath = NULL;
256 debug_printf ("what %d, pw %p", what, pw);
261 if ((p = getenv ("HOME")))
262 debug_printf ("HOME is already in the environment %s", p);
265 if (pw && pw->pw_dir && *pw->pw_dir)
267 debug_printf ("Set HOME (from /etc/passwd) to %s", pw->pw_dir);
268 setenv ("HOME", pw->pw_dir, 1);
272 char home[strlen (name ()) + 8];
274 debug_printf ("Set HOME to default /home/USER");
275 __small_sprintf (home, "/home/%s", name ());
276 setenv ("HOME", home, 1);
281 if (what != CH_HOME && homepath == NULL && newhomepath == NULL)
283 char *homepath_env_buf = tp.c_get ();
285 pw = internal_getpwnam (name ());
286 if (pw && pw->pw_dir && *pw->pw_dir)
287 cygwin_conv_path (CCP_POSIX_TO_WIN_A, pw->pw_dir, homepath_env_buf,
291 homepath_env_buf[0] = homepath_env_buf[1] = '\0';
294 WCHAR wlogsrv[INTERNET_MAX_HOST_NAME_LENGTH + 3];
295 sys_mbstowcs (wlogsrv, sizeof (wlogsrv) / sizeof (*wlogsrv),
297 sys_mbstowcs (wuser, sizeof (wuser) / sizeof (*wuser), winname ());
298 if (!(ret = NetUserGetInfo (wlogsrv, wuser, 3, (LPBYTE *) &ui)))
300 sys_wcstombs (homepath_env_buf, NT_MAX_PATH,
302 if (!homepath_env_buf[0])
304 sys_wcstombs (homepath_env_buf, NT_MAX_PATH,
305 ui->usri3_home_dir_drive);
306 if (homepath_env_buf[0])
307 strcat (homepath_env_buf, "\\");
309 cygwin_conv_path (CCP_POSIX_TO_WIN_A | CCP_ABSOLUTE,
310 "/", homepath_env_buf, NT_MAX_PATH);
315 NetApiBufferFree (ui);
318 if (homepath_env_buf[1] != ':')
320 newhomedrive = almost_null;
321 newhomepath = homepath_env_buf;
325 homedrive_env_buf[0] = homepath_env_buf[0];
326 homedrive_env_buf[1] = homepath_env_buf[1];
327 homedrive_env_buf[2] = '\0';
328 newhomedrive = homedrive_env_buf;
329 newhomepath = homepath_env_buf + 2;
333 if (newhomedrive && newhomedrive != homedrive)
334 cfree_and_set (homedrive, (newhomedrive == almost_null)
335 ? almost_null : cstrdup (newhomedrive));
337 if (newhomepath && newhomepath != homepath)
338 cfree_and_set (homepath, cstrdup (newhomepath));
352 cygheap_user::test_uid (char *&what, const char *name, size_t namelen)
354 if (!what && !issetuid ())
355 what = getwinenveq (name, namelen, HEAP_STR);
360 cygheap_user::env_logsrv (const char *name, size_t namelen)
362 if (test_uid (plogsrv, name, namelen))
365 const char *mydomain = domain ();
366 const char *myname = winname ();
367 if (!mydomain || ascii_strcasematch (myname, "SYSTEM"))
370 WCHAR wdomain[MAX_DOMAIN_NAME_LEN + 1];
371 WCHAR wlogsrv[INTERNET_MAX_HOST_NAME_LENGTH + 3];
372 sys_mbstowcs (wdomain, MAX_DOMAIN_NAME_LEN + 1, mydomain);
373 cfree_and_set (plogsrv, almost_null);
374 if (get_logon_server (wdomain, wlogsrv, false))
375 sys_wcstombs_alloc (&plogsrv, HEAP_STR, wlogsrv);
380 cygheap_user::env_domain (const char *name, size_t namelen)
382 if (pwinname && test_uid (pdomain, name, namelen))
385 char username[UNLEN + 1];
386 DWORD ulen = sizeof (username);
387 char userdomain[DNLEN + 1];
388 DWORD dlen = sizeof (userdomain);
391 cfree_and_set (pwinname, almost_null);
392 cfree_and_set (pdomain, almost_null);
393 if (!LookupAccountSid (NULL, sid (), username, &ulen,
394 userdomain, &dlen, &use))
398 pwinname = cstrdup (username);
399 pdomain = cstrdup (userdomain);
405 cygheap_user::env_userprofile (const char *name, size_t namelen)
407 if (test_uid (puserprof, name, namelen))
410 WCHAR userprofile_env_buf[NT_MAX_PATH];
411 WCHAR win_id[UNLEN + 1]; /* Large enough for SID */
413 cfree_and_set (puserprof, almost_null);
414 if (get_registry_hive_path (get_windows_id (win_id), userprofile_env_buf))
415 sys_wcstombs_alloc (&puserprof, HEAP_STR, userprofile_env_buf);
421 cygheap_user::env_homepath (const char *name, size_t namelen)
423 return ontherange (CH_HOMEPATH);
427 cygheap_user::env_homedrive (const char *name, size_t namelen)
429 return ontherange (CH_HOMEDRIVE);
433 cygheap_user::env_name (const char *name, size_t namelen)
435 if (!test_uid (pwinname, name, namelen))
441 cygheap_user::env_systemroot (const char *name, size_t namelen)
445 int size = GetWindowsDirectory (NULL, 0);
448 psystemroot = (char *) cmalloc_abort (HEAP_STR, ++size);
449 size = GetWindowsDirectory (psystemroot, size);
457 debug_printf ("GetWindowsDirectory(), %E");
463 pwdgrp::next_str (char c)
466 lptr = strechr (lptr, c);
473 pwdgrp::next_num (unsigned long& n)
475 char *p = next_str (':');
477 n = strtoul (p, &cp, 10);
478 return p != cp && !*cp;
482 pwdgrp::add_line (char *eptr)
487 eptr = strchr (lptr, '\n');
490 if (eptr > lptr && eptr[-1] == '\r')
496 if (curr_lines >= max_lines)
499 *pwdgrp_buf = realloc (*pwdgrp_buf, max_lines * pwdgrp_buf_elem_size);
501 if ((this->*parse) ())
508 pwdgrp::load (const wchar_t *rel_path)
510 static const char failed[] = "failed";
511 static const char succeeded[] = "succeeded";
512 const char *res = failed;
516 OBJECT_ATTRIBUTES attr;
518 FILE_STANDARD_INFORMATION fsi;
526 !(path = (PWCHAR) malloc ((wcslen (installation_root)
527 + wcslen (rel_path) + 1) * sizeof (WCHAR))))
529 paranoid_printf ("malloc (%W) failed", rel_path);
532 wcpcpy (wcpcpy (path, installation_root), rel_path);
533 RtlInitUnicodeString (&upath, path);
535 InitializeObjectAttributes (&attr, &upath, OBJ_CASE_INSENSITIVE, NULL, NULL);
536 etc_ix = etc::init (etc_ix, &attr);
538 paranoid_printf ("%S", &upath);
540 status = NtOpenFile (&fh, SYNCHRONIZE | FILE_READ_DATA, &attr, &io,
541 FILE_SHARE_VALID_FLAGS,
542 FILE_SYNCHRONOUS_IO_NONALERT
543 | FILE_OPEN_FOR_BACKUP_INTENT);
544 if (!NT_SUCCESS (status))
546 paranoid_printf ("NtOpenFile(%S) failed, status %p", &upath, status);
549 status = NtQueryInformationFile (fh, &io, &fsi, sizeof fsi,
550 FileStandardInformation);
551 if (!NT_SUCCESS (status))
553 paranoid_printf ("NtQueryInformationFile(%S) failed, status %p",
557 /* FIXME: Should we test for HighPart set? If so, the
558 passwd or group file is way beyond what we can handle. */
559 /* FIXME 2: It's still ugly that we keep the file in memory.
560 Big organizations have naturally large passwd files. */
561 buf = (char *) malloc (fsi.EndOfFile.LowPart + 1);
564 paranoid_printf ("malloc (%d) failed", fsi.EndOfFile.LowPart);
567 status = NtReadFile (fh, NULL, NULL, NULL, &io, buf, fsi.EndOfFile.LowPart,
569 if (!NT_SUCCESS (status))
571 paranoid_printf ("NtReadFile(%S) failed, status %p", &upath, status);
575 buf[fsi.EndOfFile.LowPart] = '\0';
576 for (char *eptr = buf; (eptr = add_line (eptr)); )
578 debug_printf ("%W curr_lines %d", rel_path, curr_lines);
584 debug_printf ("%W load %s", rel_path, res);