From 6806a8b51f96d59cb6dadd86fab4ae7cdecca3ed Mon Sep 17 00:00:00 2001
From: Pierre Humblet <phumblet@phumblet.no-ip.org>
Date: Sat, 27 Sep 2003 01:56:36 +0000
Subject: 2003-09-26  Pierre Humblet <pierre.humblet@ieee.org>

	* uinfo.cc (cygheap_user::init): Make sure the current user appears
	in the default DACL. Rearrange to decrease the indentation levels.
	Initialize the effec_cygsid directly.
	(internal_getlogin): Do not reinitialize myself->gid. Open the process
	token with the required access.
	* cygheap.h (class cygheap_user): Delete members pid and saved_psid.
	Create members effec_cygsid and saved_cygsid.
	(cygheap_user::set_sid): Define inline.
	(cygheap_user::set_saved_sid): Ditto.
	(cygheap_user::sid): Modify.
	(cygheap_user::saved_sid): Modify.
	* cygheap.cc (cygheap_user::set_sid): Delete.
	(cygheap_user::set_saved_sid): Ditto.
	* sec_helper.cc (sec_acl): Set the correct acl size.
	* autoload.cc (FindFirstFreeAce): Add.
	* security.h: Define ACL_DEFAULT_SIZE.
---
 winsup/cygwin/uinfo.cc | 83 ++++++++++++++++++++++++++++++++++----------------
 1 file changed, 57 insertions(+), 26 deletions(-)

(limited to 'winsup/cygwin/uinfo.cc')

diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 0e46a13c0..6cd162b49 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -41,31 +41,65 @@ cygheap_user::init()
 
   set_name (GetUserName (user_name, &user_name_len) ? user_name : "unknown");
 
-  if (wincap.has_security ())
+  if (!wincap.has_security ())
+    return;
+
+  HANDLE ptok;
+  DWORD siz;
+  char pdacl_buf [sizeof (PTOKEN_DEFAULT_DACL) + ACL_DEFAULT_SIZE];
+  PTOKEN_DEFAULT_DACL pdacl = (PTOKEN_DEFAULT_DACL) pdacl_buf;
+
+  if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
+			 &ptok))
     {
-      HANDLE ptok = NULL;
-      DWORD siz, ret;
-      cygsid tu;
-
-      /* Get the SID from current process and store it in user.psid */
-      if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
-			     &ptok))
-	system_printf ("OpenProcessToken(): %E");
-      else
-	{
-	  if (!GetTokenInformation (ptok, TokenUser, &tu, sizeof tu, &siz))
-	    system_printf ("GetTokenInformation (TokenUser): %E");
-	  else if (!(ret = set_sid (tu)))
-	    system_printf ("Couldn't retrieve SID from access token!");
-	  /* Set token owner to the same value as token user */
-	  else if (!SetTokenInformation (ptok, TokenOwner, &tu, sizeof tu))
-	    debug_printf ("SetTokenInformation(TokenOwner): %E");
-	  if (!GetTokenInformation (ptok, TokenPrimaryGroup,
-				    &groups.pgsid, sizeof tu, &siz))
-	    system_printf ("GetTokenInformation (TokenPrimaryGroup): %E");
-	  CloseHandle (ptok);
+      system_printf ("OpenProcessToken(): %E");
+      return;
+    }
+  if (!GetTokenInformation (ptok, TokenPrimaryGroup,
+			    &groups.pgsid, sizeof (cygsid), &siz))
+    system_printf ("GetTokenInformation (TokenPrimaryGroup): %E");
+
+  /* Get the SID from current process and store it in effec_cygsid */
+  if (!GetTokenInformation (ptok, TokenUser, &effec_cygsid, sizeof (cygsid), &siz))
+    {
+      system_printf ("GetTokenInformation (TokenUser): %E");
+      goto out;
+    }
+
+  /* Set token owner to the same value as token user */
+  if (!SetTokenInformation (ptok, TokenOwner, &effec_cygsid, sizeof (cygsid)))
+    debug_printf ("SetTokenInformation(TokenOwner): %E");
+
+  /* Add the user in the default DACL if needed */ 
+  if (!GetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (pdacl_buf), &siz))
+    system_printf ("GetTokenInformation (TokenDefaultDacl): %E");
+  else if (pdacl->DefaultDacl) /* Running with security */
+    {
+      PACL pAcl = pdacl->DefaultDacl;
+      PACCESS_ALLOWED_ACE pAce;
+
+      for (int i = 0; i < pAcl->AceCount; i++)
+        {
+	  if (!GetAce(pAcl, i, (LPVOID *) &pAce))
+	    system_printf ("GetAce: %E");
+	  else if (pAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE
+		   && effec_cygsid == &pAce->SidStart)
+	    goto out;
 	}
+      pAcl->AclSize = &pdacl_buf[sizeof (pdacl_buf)] - (char *) pAcl;
+      if (!AddAccessAllowedAce (pAcl, ACL_REVISION, GENERIC_ALL, effec_cygsid)) 
+	system_printf ("AddAccessAllowedAce: %E");
+      else if (FindFirstFreeAce (pAcl, (LPVOID *) &pAce), !(pAce))
+	debug_printf ("FindFirstFreeAce %E");
+      else
+        {
+          pAcl->AclSize = (char *) pAce - (char *) pAcl;
+	  if (!SetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (* pdacl)))
+	    system_printf ("SetTokenInformation (TokenDefaultDacl): %E");
+        }
     }
+ out:	  
+  CloseHandle (ptok);
 }
 
 void
@@ -73,8 +107,6 @@ internal_getlogin (cygheap_user &user)
 {
   struct passwd *pw = NULL;
 
-  myself->gid = UNKNOWN_GID;
-
   if (wincap.has_security ())
     {
       cygpsid psid = user.sid ();
@@ -96,8 +128,7 @@ internal_getlogin (cygheap_user &user)
 	    {
 	      HANDLE ptok;
 	      if (gsid != user.groups.pgsid
-		  && OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
-				     &ptok))
+		  && OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT, &ptok))
 	        {
 		  /* Set primary group to the group in /etc/passwd. */
 		  if (!SetTokenInformation (ptok, TokenPrimaryGroup,
-- 
cgit v1.2.3