2004-10-28 Pierre Humblet <pierre.humblet@ieee.org>

        * path.cc (mount_info::from_registry): Deimpersonate while
        accessing HKLM.
        (mount_info::read_cygdrive_info_from_registry): Ditto.
        * cygheap.h: Define NO_IMPERSONATION.
        (cygheap_user::issetuid): Replace INVALID_HANDLE_VALUE by
        NO_IMPERSONATION.
        (cygheap_user::has_impersonation_tokens): Ditto.
        (cygheap_user::close_impersonation_tokens): Ditto.
        * uinfo.cc (uinfo_init): Ditto.
        * syscalls.cc (seteuid32): Ditto.
        * security.cc (set_impersonation_token): Ditto.

6 files changed, 41 insertions, 23 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 96e0c61..dfa658d 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,17 @@
+2004-10-28  Pierre Humblet <pierre.humblet@ieee.org>
+
+	* path.cc (mount_info::from_registry): Deimpersonate while
+	accessing HKLM.
+	(mount_info::read_cygdrive_info_from_registry): Ditto.
+	* cygheap.h: Define NO_IMPERSONATION.
+	(cygheap_user::issetuid): Replace INVALID_HANDLE_VALUE by 
+	NO_IMPERSONATION.
+	(cygheap_user::has_impersonation_tokens): Ditto.
+	(cygheap_user::close_impersonation_tokens): Ditto.
+	* uinfo.cc (uinfo_init): Ditto.
+	* syscalls.cc (seteuid32): Ditto.
+	* security.cc (set_impersonation_token): Ditto.
+
 2004-10-26  Christopher Faylor  <cgf@timesys.com>
 
 	* cygtls.cc (_cygtls::fixup_after_fork): Wipe out exitsock local since
diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h
index 80abe6e..2feff85 100644
--- a/winsup/cygwin/cygheap.h
+++ b/winsup/cygwin/cygheap.h
@@ -169,7 +169,8 @@ public:
   PSID sid () { return effec_cygsid; }
   PSID saved_sid () { return saved_cygsid; }
   const char *ontherange (homebodies what, struct passwd * = NULL);
-  bool issetuid () const { return current_token != INVALID_HANDLE_VALUE; }
+#define NO_IMPERSONATION NULL
+  bool issetuid () const { return current_token != NO_IMPERSONATION; }
   HANDLE token () { return current_token; }
   void deimpersonate ()
   {
@@ -183,26 +184,26 @@ public:
       system_printf ("ImpersonateLoggedOnUser: %E");
   }
   bool has_impersonation_tokens ()
-    { return external_token != INVALID_HANDLE_VALUE
-	     || internal_token != INVALID_HANDLE_VALUE
-	     || current_token != INVALID_HANDLE_VALUE; }
+    { return external_token != NO_IMPERSONATION
+	     || internal_token != NO_IMPERSONATION
+	     || current_token != NO_IMPERSONATION; }
   void close_impersonation_tokens ()
   {
-    if (current_token != INVALID_HANDLE_VALUE)
+    if (current_token != NO_IMPERSONATION)
       {
 	if( current_token != external_token && current_token != internal_token)
 	  CloseHandle (current_token);
-	current_token = INVALID_HANDLE_VALUE;
+	current_token = NO_IMPERSONATION;
       }
-    if (external_token != INVALID_HANDLE_VALUE)
+    if (external_token != NO_IMPERSONATION)
       {
 	CloseHandle (external_token);
-	external_token = INVALID_HANDLE_VALUE;
+	external_token = NO_IMPERSONATION;
       }
-    if (internal_token != INVALID_HANDLE_VALUE)
+    if (internal_token != NO_IMPERSONATION)
       {
 	CloseHandle (internal_token);
-	internal_token = INVALID_HANDLE_VALUE;
+	internal_token = NO_IMPERSONATION;
       }
   }
   const char *cygheap_user::test_uid (char *&, const char *, size_t)
diff --git a/winsup/cygwin/path.cc b/winsup/cygwin/path.cc
index 2281883..893e47d 100644
--- a/winsup/cygwin/path.cc
+++ b/winsup/cygwin/path.cc
@@ -1802,11 +1802,13 @@ mount_info::from_registry ()
   read_mounts (r);
 
   /* Then read mounts from system-wide mount table. */
+  cygheap->user.deimpersonate ();
   reg_key r1 (HKEY_LOCAL_MACHINE, KEY_READ, "SOFTWARE",
 	      CYGWIN_INFO_CYGNUS_REGISTRY_NAME, CYGWIN_REGNAME,
 	      CYGWIN_INFO_CYGWIN_MOUNT_REGISTRY_NAME,
 	      NULL);
   read_mounts (r1);
+  cygheap->user.reimpersonate ();
 }
 
 /* add_reg_mount: Add mount item to registry.  Return zero on success,
@@ -1922,16 +1924,16 @@ mount_info::read_cygdrive_info_from_registry ()
 {
   /* reg_key for user path prefix in HKEY_CURRENT_USER. */
   reg_key r;
-
+  /* First read cygdrive from user's registry. */
   if (r.get_string (CYGWIN_INFO_CYGDRIVE_PREFIX, cygdrive, sizeof (cygdrive), "") != 0)
     {
-      /* Didn't find the user path prefix so check the system path prefix. */
-
-      /* reg_key for system path prefix in HKEY_LOCAL_MACHINE.  */
+      /* Then read cygdrive from system-wide registry. */
+      cygheap->user.deimpersonate ();
       reg_key r2 (HKEY_LOCAL_MACHINE, KEY_READ, "SOFTWARE",
 		 CYGWIN_INFO_CYGNUS_REGISTRY_NAME, CYGWIN_REGNAME,
 		 CYGWIN_INFO_CYGWIN_MOUNT_REGISTRY_NAME,
 		 NULL);
+      cygheap->user.reimpersonate ();
 
       if (r2.get_string (CYGWIN_INFO_CYGDRIVE_PREFIX, cygdrive,
 	  sizeof (cygdrive), ""))
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 458e232..14f4013 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -69,7 +69,7 @@ extern "C" void
 cygwin_set_impersonation_token (const HANDLE hToken)
 {
   debug_printf ("set_impersonation_token (%d)", hToken);
-  cygheap->user.external_token = hToken;
+  cygheap->user.external_token = hToken == INVALID_HANDLE_VALUE ? NO_IMPERSONATION : hToken;
   return;
 }
 
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index 0aec709..619eda3 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -2032,17 +2032,17 @@ seteuid32 (__uid32_t uid)
   if (verify_token (ptok, usersid, groups))
     new_token = ptok;
   /* Verify if the external token is suitable */
-  else if (cygheap->user.external_token != INVALID_HANDLE_VALUE
+  else if (cygheap->user.external_token != NO_IMPERSONATION
 	   && verify_token (cygheap->user.external_token, usersid, groups))
     new_token = cygheap->user.external_token;
   /* Verify if the current token (internal or former external) is suitable */
-  else if (cygheap->user.current_token != INVALID_HANDLE_VALUE
+  else if (cygheap->user.current_token != NO_IMPERSONATION
 	   && cygheap->user.current_token != cygheap->user.external_token
 	   && verify_token (cygheap->user.current_token, usersid, groups,
 			    &token_is_internal))
     new_token = cygheap->user.current_token;
   /* Verify if the internal token is suitable */
-  else if (cygheap->user.internal_token != INVALID_HANDLE_VALUE
+  else if (cygheap->user.internal_token != NO_IMPERSONATION
 	   && cygheap->user.internal_token != cygheap->user.current_token
 	   && verify_token (cygheap->user.internal_token, usersid, groups,
 			    &token_is_internal))
@@ -2074,10 +2074,11 @@ seteuid32 (__uid32_t uid)
 	    goto failed;
 	}
       /* Keep at most one internal token */
-      if (cygheap->user.internal_token != INVALID_HANDLE_VALUE)
+      if (cygheap->user.internal_token != NO_IMPERSONATION)
 	CloseHandle (cygheap->user.internal_token);
       cygheap->user.internal_token = new_token;
     }
+
   if (new_token != ptok)
     {
       /* Avoid having HKCU use default user */
@@ -2103,7 +2104,7 @@ seteuid32 (__uid32_t uid)
   CloseHandle (ptok);
   issamesid = (usersid == cygheap->user.sid ());
   cygheap->user.set_sid (usersid);
-  cygheap->user.current_token = new_token == ptok ? INVALID_HANDLE_VALUE
+  cygheap->user.current_token = new_token == ptok ? NO_IMPERSONATION
 						  : new_token;
   if (!issamesid) /* MS KB 199190 */
     RegCloseKey (HKEY_CURRENT_USER);
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 6fca2fd..1b3206b 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -160,9 +160,9 @@ uinfo_init ()
 
   cygheap->user.saved_uid = cygheap->user.real_uid = myself->uid;
   cygheap->user.saved_gid = cygheap->user.real_gid = myself->gid;
-  cygheap->user.external_token = INVALID_HANDLE_VALUE;
-  cygheap->user.internal_token = INVALID_HANDLE_VALUE;
-  cygheap->user.current_token = INVALID_HANDLE_VALUE;
+  cygheap->user.external_token = NO_IMPERSONATION;
+  cygheap->user.internal_token = NO_IMPERSONATION;
+  cygheap->user.current_token = NO_IMPERSONATION;
   cygheap->user.set_saved_sid ();	/* Update the original sid */
 }