From 4adfb882c358688592a8ef0d6e748c7151d5c91d Mon Sep 17 00:00:00 2001 From: corinna Date: Wed, 15 Nov 2000 21:04:02 +0000 Subject: [PATCH] * cygheap.h: Move `token' and `impersonated' from class _pinfo to class cygheap_user. * pinfo.h: Ditto. * fork.cc (fork_child): Change usage of `token' and `impersonated' accordingly. (fork_parent): Ditto. * security.cc (cygwin_set_impersonation_token): Ditto. * sigproc.cc (proc_subproc): Ditto. * spawn.cc (spawn_guts): Ditto. * syscalls.cc (seteuid): Ditto. * uinfo.cc (uinfo_init): Ditto. --- winsup/cygwin/ChangeLog | 14 ++++++++++++++ winsup/cygwin/cygheap.h | 14 +++++++++----- winsup/cygwin/fork.cc | 15 ++++++++------- winsup/cygwin/pinfo.h | 5 ----- winsup/cygwin/security.cc | 10 +++++----- winsup/cygwin/sigproc.cc | 2 -- winsup/cygwin/spawn.cc | 12 +++++++----- winsup/cygwin/syscalls.cc | 20 ++++++++++---------- winsup/cygwin/uinfo.cc | 4 ++-- 9 files changed, 55 insertions(+), 41 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 2e81104ab9..ee586f0dc3 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,17 @@ +Wed Nov 15 21:56:00 2000 Corinna Vinschen + + * cygheap.h: Move `token' and `impersonated' from class _pinfo + to class cygheap_user. + * pinfo.h: Ditto. + * fork.cc (fork_child): Change usage of `token' and `impersonated' + accordingly. + (fork_parent): Ditto. + * security.cc (cygwin_set_impersonation_token): Ditto. + * sigproc.cc (proc_subproc): Ditto. + * spawn.cc (spawn_guts): Ditto. + * syscalls.cc (seteuid): Ditto. + * uinfo.cc (uinfo_init): Ditto. + Wed Nov 15 9:59:00 2000 Corinna Vinschen * spawn.cc (spawn_guts): Revert patch to ignore chroot settings diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h index 779df67d31..c39438ab1d 100644 --- a/winsup/cygwin/cygheap.h +++ b/winsup/cygwin/cygheap.h @@ -57,17 +57,21 @@ class cygheap_user { /* Extendend user information. The information is derived from the internal_getlogin call when on a NT system. */ - char *pname; /* user's name */ - char *plogsrv; /* Logon server, may be FQDN */ - char *pdomain; /* Logon domain of the user */ - PSID psid; /* buffer for user's SID */ - + char *pname; /* user's name */ + char *plogsrv; /* Logon server, may be FQDN */ + char *pdomain; /* Logon domain of the user */ + PSID psid; /* buffer for user's SID */ public: uid_t orig_uid; /* Remains intact even after impersonation */ uid_t orig_gid; /* Ditto */ uid_t real_uid; /* Remains intact on seteuid, replaced by setuid */ gid_t real_gid; /* Ditto */ + /* token is needed if set(e)uid should be called. It can be set by a call + to `set_impersonation_token()'. */ + HANDLE token; + BOOL impersonated; + cygheap_user () : pname (NULL), plogsrv (NULL), pdomain (NULL), psid (NULL) {} ~cygheap_user (); diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc index 71da9f5443..433d3e9083 100644 --- a/winsup/cygwin/fork.cc +++ b/winsup/cygwin/fork.cc @@ -234,12 +234,12 @@ fork_child (HANDLE& hParent, dll *&first_dll, bool& load_dlls) /* Restore the inheritance state as in parent Don't call setuid here! The flags are already set. */ - if (myself->impersonated) + if (cygheap->user.impersonated) { - debug_printf ("Impersonation of child, token: %d", myself->token); - if (myself->token == INVALID_HANDLE_VALUE) + debug_printf ("Impersonation of child, token: %d", cygheap->user.token); + if (cygheap->user.token == INVALID_HANDLE_VALUE) RevertToSelf (); // probably not needed - else if (!ImpersonateLoggedOnUser (myself->token)) + else if (!ImpersonateLoggedOnUser (cygheap->user.token)) system_printf ("Impersonate for forked child failed: %E"); } @@ -434,7 +434,7 @@ fork_parent (void *stack_here, HANDLE& hParent, dll *&first_dll, /* Remove impersonation */ uid_t uid; uid = geteuid(); - if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) + if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE) seteuid (cygheap->user.orig_uid); ch.parent = hParent; @@ -481,7 +481,8 @@ out: ForceCloseHandle(subproc_ready); ForceCloseHandle(forker_finished); /* Restore impersonation */ - if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) + if (cygheap->user.impersonated + && cygheap->user.token != INVALID_HANDLE_VALUE) seteuid (uid); return -1; } @@ -505,7 +506,7 @@ out: strcpy(forked->progname, myself->progname); /* Restore impersonation */ - if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) + if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE) seteuid (uid); ProtectHandle (pi.hThread); diff --git a/winsup/cygwin/pinfo.h b/winsup/cygwin/pinfo.h index 271e51a27e..dd49cd8193 100644 --- a/winsup/cygwin/pinfo.h +++ b/winsup/cygwin/pinfo.h @@ -72,11 +72,6 @@ public: int ctty; /* Control tty */ bool has_pgid_children;/* True if we've forked or spawned children with our GID. */ - /* token is needed if sexec should be called. It can be set by a call - to `set_impersonation_token()'. */ - HANDLE token; - BOOL impersonated; - /* Resources used by process. */ long start_time; struct rusage rusage_self; diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 35caf1d799..740c2fae3e 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -422,12 +422,12 @@ void cygwin_set_impersonation_token (const HANDLE hToken) { debug_printf ("set_impersonation_token (%d)", hToken); - if (myself->token != hToken) + if (cygheap->user.token != hToken) { - if (myself->token != INVALID_HANDLE_VALUE) - CloseHandle (myself->token); - myself->token = hToken; - myself->impersonated = FALSE; + if (cygheap->user.token != INVALID_HANDLE_VALUE) + CloseHandle (cygheap->user.token); + cygheap->user.token = hToken; + cygheap->user.impersonated = FALSE; } } diff --git a/winsup/cygwin/sigproc.cc b/winsup/cygwin/sigproc.cc index 67a5c16cf6..a304940439 100644 --- a/winsup/cygwin/sigproc.cc +++ b/winsup/cygwin/sigproc.cc @@ -263,8 +263,6 @@ proc_subproc (DWORD what, DWORD val) vchild->pgid = myself->pgid; vchild->sid = myself->sid; vchild->ctty = myself->ctty; - vchild->impersonated = myself->impersonated; - vchild->token = myself->token; vchild->process_state |= PID_INITIALIZING | (myself->process_state & PID_USETTY); sigproc_printf ("added pid %d to wait list, slot %d, winpid %p, handle %p", diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc index d2338e9954..097ecedc9e 100644 --- a/winsup/cygwin/spawn.cc +++ b/winsup/cygwin/spawn.cc @@ -562,8 +562,8 @@ skip_arg_parsing: /* Preallocated buffer for `sec_user' call */ char sa_buf[1024]; - if (!hToken && myself->token != INVALID_HANDLE_VALUE) - hToken = myself->token; + if (!hToken && cygheap->user.token != INVALID_HANDLE_VALUE) + hToken = cygheap->user.token; const char *runpath = null_app_name ? NULL : (const char *) real_path; @@ -624,7 +624,8 @@ skip_arg_parsing: /* Remove impersonation */ uid_t uid = geteuid(); - if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) + if (cygheap->user.impersonated + && cygheap->user.token != INVALID_HANDLE_VALUE) seteuid (cygheap->user.orig_uid); /* Load users registry hive. */ @@ -644,7 +645,8 @@ skip_arg_parsing: /* Restore impersonation. In case of _P_OVERLAY this isn't allowed since it would overwrite child data. */ if (mode != _P_OVERLAY && mode != _P_VFORK - && myself->impersonated && myself->token != INVALID_HANDLE_VALUE) + && cygheap->user.impersonated + && cygheap->user.token != INVALID_HANDLE_VALUE) seteuid (uid); } @@ -717,7 +719,7 @@ skip_arg_parsing: sigproc_printf ("spawned windows pid %d", pi.dwProcessId); - if (hToken && hToken != myself->token) + if (hToken && hToken != cygheap->user.token) CloseHandle (hToken); DWORD res; diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index 90cc1b7856..5691b26788 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -1833,34 +1833,34 @@ seteuid (uid_t uid) if (uid == cygheap->user.orig_uid) { debug_printf ("RevertToSelf() (uid == orig_uid, token=%d)", - myself->token); + cygheap->user.token); RevertToSelf(); - if (myself->token != INVALID_HANDLE_VALUE) - myself->impersonated = FALSE; + if (cygheap->user.token != INVALID_HANDLE_VALUE) + cygheap->user.impersonated = FALSE; } - else if (!myself->impersonated) + else if (!cygheap->user.impersonated) { debug_printf ("Impersonate(uid == %d)", uid); RevertToSelf(); - if (myself->token != INVALID_HANDLE_VALUE) - if (!ImpersonateLoggedOnUser (myself->token)) + if (cygheap->user.token != INVALID_HANDLE_VALUE) + if (!ImpersonateLoggedOnUser (cygheap->user.token)) system_printf ("Impersonate(%d) in set(e)uid failed: %E", - myself->token); + cygheap->user.token); else - myself->impersonated = TRUE; + cygheap->user.impersonated = TRUE; } cygheap_user user; /* token is used in internal_getlogin() to determine if impersonation is active. If so, the token is used for retrieving user's SID. */ - HANDLE token = myself->impersonated ? myself->token + HANDLE token = cygheap->user.impersonated ? cygheap->user.token : INVALID_HANDLE_VALUE; struct passwd *pw_cur = getpwnam (internal_getlogin (user, token)); if (pw_cur != pw_new) { debug_printf ("Diffs!!! token: %d, cur: %d, new: %d, orig: %d", - myself->token, pw_cur->pw_uid, + cygheap->user.token, pw_cur->pw_uid, pw_new->pw_uid, cygheap->user.orig_uid); set_errno (EPERM); return -1; diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index 8a95fa349e..c3153966be 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -184,8 +184,8 @@ uinfo_init () Setting `impersonated' to TRUE seems to be wrong but it isn't. Impersonated is thought as "Current User and `token' are coincident". See seteuid() for the mechanism behind that. */ - myself->token = INVALID_HANDLE_VALUE; - myself->impersonated = TRUE; + cygheap->user.token = INVALID_HANDLE_VALUE; + cygheap->user.impersonated = TRUE; /* If uid is USHRT_MAX, the process is started from a non cygwin process or the user context was changed in spawn.cc */ -- 2.11.0