aboutsummaryrefslogtreecommitdiff
path: root/winsup
diff options
context:
space:
mode:
Diffstat (limited to 'winsup')
-rw-r--r--winsup/cygwin/ChangeLog16
-rw-r--r--winsup/cygwin/sec_auth.cc41
-rw-r--r--winsup/cygwin/security.h5
-rw-r--r--winsup/cygwin/setlsapwd.cc7
4 files changed, 44 insertions, 25 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index fcfe757..c79b6bf 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,19 @@
+2014-01-23 Corinna Vinschen <corinna@vinschen.de>
+
+ * security.h (open_local_policy): Remove declaration.
+ (lsa_open_policy): Declare.
+ (lsa_close_policy): Declare.
+ * sec_auth.cc (lsa_open_policy): Rename from open_local_policy. Take
+ server name as parameter. Return NULL in case of error, rather than
+ INVALID_HANDLE_VALUE.
+ (lsa_close_policy): Rename from close_local_policy. Make externally
+ available. Get handle by value.
+ (create_token): Convert call to open_local_policy/close_local_policy
+ according to aforementioned changes.
+ (lsaauth): Ditto.
+ (lsaprivkeyauth): Ditto.
+ * setlsapwd.cc (setlsapwd): Ditto.
+
2014-01-22 Corinna Vinschen <corinna@vinschen.de>
* path.cc (etc::test_file_change): In case of NtQueryFullAttributesFile
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index d6f3bb5..dfec53c 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -1,7 +1,7 @@
/* sec_auth.cc: NT authentication functions
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc.
+ 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
This file is part of Cygwin.
@@ -191,28 +191,32 @@ str2buf2lsa (LSA_STRING &tgt, char *buf, const char *srcstr)
}
HANDLE
-open_local_policy (ACCESS_MASK access)
+lsa_open_policy (PWCHAR server, ACCESS_MASK access)
{
- LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
- HANDLE lsa = INVALID_HANDLE_VALUE;
+ LSA_UNICODE_STRING srvbuf;
+ PLSA_UNICODE_STRING srv = NULL;
+ static LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
+ HANDLE lsa;
- NTSTATUS status = LsaOpenPolicy (NULL, &oa, access, &lsa);
+ if (server)
+ {
+ srv = &srvbuf;
+ RtlInitUnicodeString (srv, server);
+ }
+ NTSTATUS status = LsaOpenPolicy (srv, &oa, access, &lsa);
if (!NT_SUCCESS (status))
{
__seterrno_from_nt_status (status);
- /* Some versions of Windows set the lsa handle to NULL when
- LsaOpenPolicy fails. */
- lsa = INVALID_HANDLE_VALUE;
+ lsa = NULL;
}
return lsa;
}
-static void
-close_local_policy (LSA_HANDLE &lsa)
+void
+lsa_close_policy (HANDLE lsa)
{
- if (lsa != INVALID_HANDLE_VALUE)
+ if (lsa)
LsaClose (lsa);
- lsa = INVALID_HANDLE_VALUE;
}
bool
@@ -836,7 +840,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
push_self_privilege (SE_CREATE_TOKEN_PRIVILEGE, true);
/* Open policy object. */
- if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE)
+ if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE)))
goto out;
/* User, owner, primary group. */
@@ -954,7 +958,7 @@ out:
free (privs);
if (my_tok_gsids)
free (my_tok_gsids);
- close_local_policy (lsa);
+ lsa_close_policy (lsa);
debug_printf ("%p = create_token ()", primary_token);
return primary_token;
@@ -1021,7 +1025,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
}
/* Open policy object. */
- if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE)
+ if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE)))
goto out;
/* Create origin. */
@@ -1192,7 +1196,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
out:
if (privs)
free (privs);
- close_local_policy (lsa);
+ lsa_close_policy (lsa);
if (lsa_hdl)
LsaDeregisterLogonProcess (lsa_hdl);
pop_self_privilege ();
@@ -1220,8 +1224,7 @@ lsaprivkeyauth (struct passwd *pw)
push_self_privilege (SE_TCB_PRIVILEGE, true);
/* Open policy object. */
- if ((lsa = open_local_policy (POLICY_GET_PRIVATE_INFORMATION))
- == INVALID_HANDLE_VALUE)
+ if (!(lsa = lsa_open_policy (NULL, POLICY_GET_PRIVATE_INFORMATION)))
goto out;
/* Needed for Interix key and LogonUser. */
@@ -1263,7 +1266,7 @@ lsaprivkeyauth (struct passwd *pw)
token = get_full_privileged_inheritable_token (token);
out:
- close_local_policy (lsa);
+ lsa_close_policy (lsa);
pop_self_privilege ();
return token;
}
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index ca0239b..940afc5 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -1,7 +1,7 @@
/* security.h: security declarations
Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
- 2011, 2012, 2013 Red Hat, Inc.
+ 2011, 2012, 2013, 2014 Red Hat, Inc.
This file is part of Cygwin.
@@ -416,7 +416,8 @@ void extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user);
/* Get default logonserver for a domain. */
bool get_logon_server (PWCHAR domain, PWCHAR wserver, bool rediscovery);
-HANDLE open_local_policy (ACCESS_MASK access);
+HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access);
+void lsa_close_policy (HANDLE lsa);
/* sec_helper.cc: Security helper functions. */
int set_privilege (HANDLE token, DWORD privilege, bool enable);
diff --git a/winsup/cygwin/setlsapwd.cc b/winsup/cygwin/setlsapwd.cc
index 8e1baa9..e86696b 100644
--- a/winsup/cygwin/setlsapwd.cc
+++ b/winsup/cygwin/setlsapwd.cc
@@ -1,6 +1,6 @@
/* setlsapwd.cc: Set LSA private data password for current user.
- Copyright 2008, 2009, 2011 Red Hat, Inc.
+ Copyright 2008, 2009, 2011, 2014 Red Hat, Inc.
This file is part of Cygwin.
@@ -71,8 +71,7 @@ setlsapwd (const char *passwd, const char *username)
if (data_buf)
RtlInitUnicodeString (&data, data_buf);
/* First try it locally. Works for admin accounts. */
- if ((lsa = open_local_policy (POLICY_CREATE_SECRET))
- != INVALID_HANDLE_VALUE)
+ if (!(lsa = lsa_open_policy (NULL, POLICY_CREATE_SECRET)))
{
NTSTATUS status = LsaStorePrivateData (lsa, &key,
data.Length ? &data : NULL);
@@ -83,7 +82,7 @@ setlsapwd (const char *passwd, const char *username)
ret = 0;
else
__seterrno_from_nt_status (status);
- LsaClose (lsa);
+ lsa_close_policy (lsa);
}
else if (ret && !username)
{