Return-Path: Delivered-To: apmail-commons-commits-archive@minotaur.apache.org Received: (qmail 57339 invoked from network); 8 Jan 2010 09:34:10 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 8 Jan 2010 09:34:10 -0000 Received: (qmail 80374 invoked by uid 500); 8 Jan 2010 09:34:09 -0000 Delivered-To: apmail-commons-commits-archive@commons.apache.org Received: (qmail 80285 invoked by uid 500); 8 Jan 2010 09:34:09 -0000 Mailing-List: contact commits-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@commons.apache.org Delivered-To: mailing list commits@commons.apache.org Received: (qmail 80276 invoked by uid 99); 8 Jan 2010 09:34:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jan 2010 09:34:09 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jan 2010 09:34:06 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id ECE6C2388A4B; Fri, 8 Jan 2010 09:33:44 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r897144 - in /commons/sandbox/runtime/trunk/src/main/native: include/arch/windows/acr_arch.h include/arch/windows/acr_arch_private.h os/win32/exec.c os/win32/main.c os/win32/posix.c os/win32/wusec.c Date: Fri, 08 Jan 2010 09:33:44 -0000 To: commits@commons.apache.org From: mturk@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100108093344.ECE6C2388A4B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: mturk Date: Fri Jan 8 09:33:42 2010 New Revision: 897144 URL: http://svn.apache.org/viewvc?rev=897144&view=rev Log: Add fake getsid to the windows port Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch.h commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h commons/sandbox/runtime/trunk/src/main/native/os/win32/exec.c commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c commons/sandbox/runtime/trunk/src/main/native/os/win32/posix.c commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch.h URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch.h?rev=897144&r1=897143&r2=897144&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch.h (original) +++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch.h Fri Jan 8 09:33:42 2010 @@ -589,7 +589,7 @@ case SIG_BLOCK: current |= *set; break; - case SIG_UNBLOCK: + case SIG_UNBLOCK: current &= ~*set; break; case SIG_SETMASK: Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h?rev=897144&r1=897143&r2=897144&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h (original) +++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h Fri Jan 8 09:33:42 2010 @@ -154,6 +154,7 @@ HANDLE ACR_GetCurrentAccessToken(JNIEnv *_E); PSID ACR_AllocateWellKnownSid(JNIEnv *_E, WELL_KNOWN_SID_TYPE type); DWORD ACR_SetTokenPrivilege(LPCWSTR szPrivilege, BOOL bEnablePrivilege); +DWORD ACR_EnableTokenPrivilege(HANDLE hToken, LPCWSTR szPrivilege); DWORD ACR_EnablePrivilege(LPCWSTR szPrivilege); PSID ACR_DuplicateSid(JNIEnv *_E, PSID sSID); int ACR_InitSecurityDescriptorTable(JNIEnv *); @@ -261,7 +262,8 @@ #else pid_t getppid(void); #endif - +/* Our fake getsid */ +HANDLE getsid(pid_t pid); HANDLE dup3(HANDLE, HANDLE, int); /** Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/exec.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/exec.c?rev=897144&r1=897143&r2=897144&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/exec.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/exec.c Fri Jan 8 09:33:42 2010 @@ -39,21 +39,13 @@ #define PROC_TIMEOUT_STEP 100 #define PROC_BUFFER_SIZE 512 -#define PIPE_STDINP 0 #define PIPE_STDINP_RDS 0 #define PIPE_STDINP_WRS 1 -#define PIPE_STDOUT 2 #define PIPE_STDOUT_RDS 2 #define PIPE_STDOUT_WRS 3 -#define PIPE_STDERR 4 #define PIPE_STDERR_RDS 4 #define PIPE_STDERR_WRS 5 -#define PIPE_SIGERR 6 -#define PIPE_SIGERR_RDS 6 -#define PIPE_SIGERR_WRS 7 -#define PIPE_SIGPID 8 -#define PIPE_SIGPID_RDS 8 -#define PIPE_SIGPID_WRS 9 + ACR_DECLARE(acr_exec_t *) ACR_ExecNew(int flags) { Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c?rev=897144&r1=897143&r2=897144&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c Fri Jan 8 09:33:42 2010 @@ -205,7 +205,7 @@ late_dll_handles[fnLib] = LoadLibraryA(late_dll_names[fnLib]); SetErrorMode(em); } - } + } return late_dll_handles[fnLib]; } @@ -261,7 +261,10 @@ SetErrorMode(em); } if (!late_dll_handles[fnLib] && (fnLib < SYSDLL_JVM)) { - /* Unable to load required library */ + /* Unable to load required library + * Make sure all optional libs are defined after + * SYSDLL_JVM (see win32/arc_arch.h) + */ return rc; } } @@ -318,6 +321,7 @@ L"SeCreateSymbolicLinkPrivilege", L"SeDebugPrivilege", L"SeTakeOwnershipPrivilege", + L"SeTcbPrivilege", NULL }; Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/posix.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/posix.c?rev=897144&r1=897143&r2=897144&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/posix.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/posix.c Fri Jan 8 09:33:42 2010 @@ -65,6 +65,112 @@ return ppid; } +/* Get token of the currently logged on user + * If pid is 0 the current user token is + * duplicated. + */ +HANDLE getsid(pid_t pid) +{ + pid_t psid = pid; + HANDLE snap; + HANDLE ctok = NULL; + HANDLE ptok = NULL; + PROCESSENTRY32W e; + DWORD asid; + DWORD wsid; + + asid = WTSGetActiveConsoleSessionId(); + if (asid == 0xFFFFFFFF) { + /* No logged on users + */ + return INVALID_HANDLE_VALUE; + } + + if (psid == -1) { + if (!WTSQueryUserToken(asid, &ctok)) { + /* Not running under LocalSystem account ? + */ + if (GetLastError() == ERROR_PRIVILEGE_NOT_HELD) { + /* Enable SE_TCB_NAME privilege and retry. + */ + ACR_EnablePrivilege(L"SeTcbPrivilege"); + if (!WTSQueryUserToken(asid, &ctok)) { + /* Not running under LocalSystem account + */ + ctok = NULL; + } + } + } + } + if (psid == -1 && ctok == NULL) { + /* Fallback to a standard way + */ + snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); + if (IS_INVALID_HANDLE(snap)) + return INVALID_HANDLE_VALUE; + + e.dwSize = (DWORD)sizeof(PROCESSENTRY32W); + if (!Process32FirstW(snap, &e)) { + CloseHandle(snap); + return INVALID_HANDLE_VALUE; + } + do { + if (!_wcsicmp(e.szExeFile, L"winlogon.exe")) { + if (ProcessIdToSessionId(e.th32ProcessID, &wsid)) { + if (wsid == asid) { + /* We found winlogon with active session id. + */ + psid = e.th32ProcessID; + break; + } + } + } + + } while (Process32NextW(snap, &e)); + CloseHandle(snap); + } + if (psid != -1) { + HANDLE process; + if (psid) + process = OpenProcess(MAXIMUM_ALLOWED, FALSE, psid); + else + process = GetCurrentProcess(); + if (process != NULL) { + if (!OpenProcessToken(process, + TOKEN_ADJUST_PRIVILEGES | + TOKEN_QUERY | + TOKEN_DUPLICATE | + TOKEN_ASSIGN_PRIMARY | + TOKEN_ADJUST_SESSIONID | + TOKEN_READ|TOKEN_WRITE, + &ctok)) { + /* Unable to open the process token + */ + CloseHandle(process); + return INVALID_HANDLE_VALUE; + } + CloseHandle(process); + + } + } + if (IS_VALID_HANDLE(ctok)) { + if (DuplicateTokenEx(ctok, + TOKEN_ASSIGN_PRIMARY | TOKEN_ALL_ACCESS, + 0, + SecurityImpersonation, + TokenPrimary, + &ptok)) { + /* Allow debug privilege to the token + */ + ACR_EnableTokenPrivilege(ptok, L"SeDebugPrivilege"); + } + else + ptok = INVALID_HANDLE_VALUE; + CloseHandle(ctok); + } + return ptok; +} + HANDLE dup3(HANDLE oldfd, HANDLE newfd, int flags) { int osfd; @@ -77,10 +183,13 @@ ACR_SET_OS_ERROR(ACR_EINVAL); return INVALID_HANDLE_VALUE; } - if (oldfd == newfd) + if (oldfd == newfd) { + /* If the descriptors are equal + * return the newfd + */ return newfd; - - if (newfd == GetStdHandle(STD_INPUT_HANDLE)) { + } + else if (newfd == GetStdHandle(STD_INPUT_HANDLE)) { fflush(stdin); setvbuf(stdin, NULL, _IONBF, 0); _commit(STDIN_FILENO); @@ -97,7 +206,6 @@ duph = (HANDLE)_get_osfhandle(STDIN_FILENO); if (IS_VALID_HANDLE(duph) && flags) SetHandleInformation(duph, HANDLE_FLAG_INHERIT, 0); - return duph; } else if (newfd == GetStdHandle(STD_OUTPUT_HANDLE)) { fflush(stdout); @@ -116,7 +224,6 @@ duph = (HANDLE)_get_osfhandle(STDOUT_FILENO); if (IS_VALID_HANDLE(duph) && flags) SetHandleInformation(duph, HANDLE_FLAG_INHERIT, 0); - return duph; } else if (newfd == GetStdHandle(STD_ERROR_HANDLE)) { fflush(stderr); @@ -135,18 +242,18 @@ duph = (HANDLE)_get_osfhandle(STDERR_FILENO); if (IS_VALID_HANDLE(duph) && flags) SetHandleInformation(duph, HANDLE_FLAG_INHERIT, 0); - return duph; } - if (!DuplicateHandle(GetCurrentProcess(), - oldfd, - GetCurrentProcess(), - &duph, - 0, - flags ? FALSE : TRUE, - DUPLICATE_SAME_ACCESS)) - return INVALID_HANDLE_VALUE; - - - CloseHandle(newfd); + else { + if (!DuplicateHandle(GetCurrentProcess(), + oldfd, + GetCurrentProcess(), + &duph, + 0, + flags ? FALSE : TRUE, + DUPLICATE_SAME_ACCESS)) + duph = INVALID_HANDLE_VALUE; + else + CloseHandle(newfd); + } return duph; } Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c?rev=897144&r1=897143&r2=897144&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Fri Jan 8 09:33:42 2010 @@ -268,21 +268,15 @@ return dwError; } -DWORD ACR_EnablePrivilege(LPCWSTR szPrivilege) +DWORD ACR_EnableTokenPrivilege(HANDLE hToken, LPCWSTR szPrivilege) { DWORD dwError; - HANDLE hToken; TOKEN_PRIVILEGES tp; LUID luid; if (!LookupPrivilegeValueW(NULL, szPrivilege, &luid)) return ERROR_NO_SUCH_PRIVILEGE; - if (!OpenProcessToken(GetCurrentProcess(), - TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, - &hToken)) - return GetLastError(); - tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; @@ -294,6 +288,21 @@ NULL, NULL); dwError = GetLastError(); + + return dwError; +} + +DWORD ACR_EnablePrivilege(LPCWSTR szPrivilege) +{ + DWORD dwError; + HANDLE hToken; + + if (!OpenProcessToken(GetCurrentProcess(), + TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, + &hToken)) + return GetLastError(); + + dwError = ACR_EnableTokenPrivilege(hToken, szPrivilege); CloseHandle(hToken); return dwError;