pajoye Wed, 02 Sep 2009 01:59:17 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=287958
Log: - #27051, we need the thread token here, not the process Bug: http://bugs.php.net/27051 (Feedback) Impersonation with FastCGI does not EXEC process as impersonated user Changed paths: U php/php-src/branches/PHP_5_3/TSRM/tsrm_win32.c U php/php-src/trunk/TSRM/tsrm_win32.c Modified: php/php-src/branches/PHP_5_3/TSRM/tsrm_win32.c =================================================================== --- php/php-src/branches/PHP_5_3/TSRM/tsrm_win32.c 2009-09-02 01:45:14 UTC (rev 287957) +++ php/php-src/branches/PHP_5_3/TSRM/tsrm_win32.c 2009-09-02 01:59:17 UTC (rev 287958) @@ -316,6 +316,8 @@ char *cmd; int i; char *ptype = (char *)type; + HANDLE thread_token = NULL; + HANDLE token_user = NULL; TSRMLS_FETCH(); if (!type) { @@ -368,14 +370,16 @@ dwCreateFlags |= CREATE_NO_WINDOW; } + /* Get a token with the impersonated user. */ + if(OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &thread_token)) { + DuplicateTokenEx(thread_token, MAXIMUM_ALLOWED, &security, SecurityImpersonation, TokenPrimary, &token_user); + } + cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c ")+2); sprintf(cmd, "%s /c \"%s\"", TWG(comspec), command); - if(TWG(impersonation_token) == NULL) { - res = CreateProcess(NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process); - } else { - res = CreateProcessAsUser(TWG(impersonation_token), NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process); - } + res = CreateProcessAsUser(token_user, NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process); + CloseHandle(token_user); free(cmd); if (!res) { Modified: php/php-src/trunk/TSRM/tsrm_win32.c =================================================================== --- php/php-src/trunk/TSRM/tsrm_win32.c 2009-09-02 01:45:14 UTC (rev 287957) +++ php/php-src/trunk/TSRM/tsrm_win32.c 2009-09-02 01:59:17 UTC (rev 287958) @@ -317,6 +317,8 @@ char *cmd; int i; char *ptype = (char *)type; + HANDLE thread_token = NULL; + HANDLE token_user = NULL; TSRMLS_FETCH(); if (!type) { @@ -369,14 +371,16 @@ dwCreateFlags |= CREATE_NO_WINDOW; } + /* Get a token with the impersonated user. */ + if(OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &thread_token)) { + DuplicateTokenEx(thread_token, MAXIMUM_ALLOWED, &security, SecurityImpersonation, TokenPrimary, &token_user); + } + cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c ")+2); sprintf(cmd, "%s /c \"%s\"", TWG(comspec), command); - if(TWG(impersonation_token) == NULL) { - res = CreateProcess(NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process); - } else { - res = CreateProcessAsUser(TWG(impersonation_token), NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process); - } + res = CreateProcessAsUser(token_user, NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process); + CloseHandle(token_user); free(cmd); if (!res) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php