JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* sec_helper.cc (get_sids_info): New function.

Browse Source 
* security.cc (extract_nt_dom_user): Simplify with strechr.
	(get_user_groups): Initialize glen to MAX_SID_LEN.
	(get_user_local_groups): Ditto.
	(get_attribute_from_acl): Define ace_sid as cygpsid.
	(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
	Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
	(get_nt_object_attribute): Ditto.
	(alloc_sd): Define ace_sid as cygpsid.
This commit is contained in:
Corinna Vinschen 2003-02-05 13:47:47 +00:00
parent b7b6c58a20
commit 0c8455c344
3 changed files with 72 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,15 @@
2003-02-05 Pierre Humblet <pierre.humblet@ieee.org>
* sec_helper.cc (get_sids_info): New function.
* security.cc (extract_nt_dom_user): Simplify with strechr.
(get_user_groups): Initialize glen to MAX_SID_LEN.
(get_user_local_groups): Ditto.
(get_attribute_from_acl): Define ace_sid as cygpsid.
(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
(get_nt_object_attribute): Ditto.
(alloc_sd): Define ace_sid as cygpsid.
2003-02-04 Thomas Pfaff <tpfaff@gmx.net> 2003-02-04 Thomas Pfaff <tpfaff@gmx.net>
* syscalls.cc (struct system_cleanup_args): New struct. * syscalls.cc (struct system_cleanup_args): New struct.

37
winsup/cygwin/sec_helper.cc
View File

@ -186,6 +186,43 @@ cygsid::getfromgr (const struct __group32 *gr)
return (*this = sp) != NULL; return (*this = sp) != NULL;
} }
bool
get_sids_info (cygpsid owner_sid, cygpsid group_sid, __uid32_t * uidret, __gid32_t * gidret)
{
struct passwd *pw;
struct __group32 *gr = NULL;
bool ret = false;
if (group_sid == cygheap->user.groups.pgsid)
*gidret = myself->gid;
else if ((gr = internal_getgrsid (group_sid)))
*gidret = gr->gr_gid;
else
*gidret = ILLEGAL_GID;
if (owner_sid == cygheap->user.sid ())
{
*uidret = myself->uid;
if (*gidret == myself->gid)
ret = true;
else
ret = (internal_getgroups (0, NULL, &group_sid) > 0);
}
else if ((pw = internal_getpwsid (owner_sid)))
{
*uidret = pw->pw_uid;
if (gr || (*gidret != ILLEGAL_GID
&& (gr = internal_getgrgid (*gidret))))
for (int idx = 0; gr->gr_mem[idx]; ++idx)
if ((ret = strcasematch (pw->pw_name, gr->gr_mem[idx])))
break;
}
else
*uidret = ILLEGAL_UID;
return ret;
}
BOOL BOOL
is_grp_member (__uid32_t uid, __gid32_t gid) is_grp_member (__uid32_t uid, __gid32_t gid)
{ {

45
winsup/cygwin/security.cc
View File

@ -90,13 +90,11 @@ extract_nt_dom_user (const struct passwd *pw, char *domain, char *user)
if ((d = strstr (pw->pw_gecos, "U-")) != NULL && if ((d = strstr (pw->pw_gecos, "U-")) != NULL &&
(d == pw->pw_gecos || d[-1] == ',')) (d == pw->pw_gecos || d[-1] == ','))
{ {
c = strchr (d + 2, ','); c = strechr (d + 2, ',');
if ((u = strchr (d + 2, '\\')) == NULL || (c != NULL && u > c)) if ((u = strechr (d + 2, '\\')) >= c)
u = d + 1; u = d + 1;
else if (u - d <= INTERNET_MAX_HOST_NAME_LENGTH + 2) else if (u - d <= INTERNET_MAX_HOST_NAME_LENGTH + 2)
strlcpy (domain, d + 2, u - d - 1); strlcpy (domain, d + 2, u - d - 1);
if (c == NULL)
c = u + UNLEN + 1;
if (c - u <= UNLEN + 1) if (c - u <= UNLEN + 1)
strlcpy (user, u + 1, c - u); strlcpy (user, u + 1, c - u);
} }
@ -329,7 +327,7 @@ get_user_groups (WCHAR *wlogonserver, cygsidlist &grp_list, char *user,
for (DWORD i = 0; i < cnt; ++i) for (DWORD i = 0; i < cnt; ++i)
{ {
cygsid gsid; cygsid gsid;
DWORD glen = sizeof (gsid); DWORD glen = MAX_SID_LEN;
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
DWORD dlen = sizeof (domain); DWORD dlen = sizeof (domain);
SID_NAME_USE use = SidTypeInvalid; SID_NAME_USE use = SidTypeInvalid;
@ -407,7 +405,7 @@ get_user_local_groups (cygsidlist &grp_list, PSID pusersid)
if (is_group_member (buf[i].lgrpi0_name, pusersid, grp_list)) if (is_group_member (buf[i].lgrpi0_name, pusersid, grp_list))
{ {
cygsid gsid; cygsid gsid;
DWORD glen = sizeof (gsid); DWORD glen = MAX_SID_LEN;
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
DWORD dlen = sizeof (domain); DWORD dlen = sizeof (domain);
@ -1230,7 +1228,7 @@ get_attribute_from_acl (int * attribute, PACL acl, PSID owner_sid,
continue; continue;
} }
cygsid ace_sid ((PSID) &ace->SidStart); cygpsid ace_sid ((PSID) &ace->SidStart);
if (ace_sid == well_known_world_sid) if (ace_sid == well_known_world_sid)
{ {
if (ace->Mask & FILE_READ_DATA) if (ace->Mask & FILE_READ_DATA)
@ -1317,13 +1315,13 @@ get_nt_attribute (const char *file, int *attribute,
return -1; return -1;
} }
PSID owner_sid; cygpsid owner_sid;
PSID group_sid; cygpsid group_sid;
BOOL dummy; BOOL dummy;
if (!GetSecurityDescriptorOwner (psd, &owner_sid, &dummy)) if (!GetSecurityDescriptorOwner (psd, (PSID *) &owner_sid, &dummy))
debug_printf ("GetSecurityDescriptorOwner %E"); debug_printf ("GetSecurityDescriptorOwner %E");
if (!GetSecurityDescriptorGroup (psd, &group_sid, &dummy)) if (!GetSecurityDescriptorGroup (psd, (PSID *) &group_sid, &dummy))
debug_printf ("GetSecurityDescriptorGroup %E"); debug_printf ("GetSecurityDescriptorGroup %E");
PACL acl; PACL acl;
@ -1336,8 +1334,9 @@ get_nt_attribute (const char *file, int *attribute,
return -1; return -1;
} }
__uid32_t uid = cygsid (owner_sid).get_uid (); __uid32_t uid;
__gid32_t gid = cygsid (group_sid).get_gid (); __gid32_t gid;
BOOL grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid);
if (uidret) if (uidret)
*uidret = uid; *uidret = uid;
if (gidret) if (gidret)
@ -1349,8 +1348,6 @@ get_nt_attribute (const char *file, int *attribute,
return 0; return 0;
} }
BOOL grp_member = is_grp_member (uid, gid);
if (!acl_exists || !acl) if (!acl_exists || !acl)
{ {
*attribute |= S_IRWXU | S_IRWXG | S_IRWXO; *attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
@ -1420,15 +1417,16 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
return 0; return 0;
PSECURITY_DESCRIPTOR psd = NULL; PSECURITY_DESCRIPTOR psd = NULL;
PSID owner_sid; cygpsid owner_sid;
PSID group_sid; cygpsid group_sid;
PACL acl; PACL acl;
if (ERROR_SUCCESS != GetSecurityInfo (handle, object_type, if (ERROR_SUCCESS != GetSecurityInfo (handle, object_type,
DACL_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
OWNER_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION,
&owner_sid, &group_sid, (PSID *) &owner_sid,
(PSID *) &group_sid,
&acl, NULL, &psd)) &acl, NULL, &psd))
{ {
__seterrno (); __seterrno ();
@ -1436,8 +1434,10 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
return -1; return -1;
} }
__uid32_t uid = cygsid (owner_sid).get_uid (); __uid32_t uid;
__gid32_t gid = cygsid (group_sid).get_gid (); __gid32_t gid;
BOOL grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid);
if (uidret) if (uidret)
*uidret = uid; *uidret = uid;
if (gidret) if (gidret)
@ -1450,8 +1450,6 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
return 0; return 0;
} }
BOOL grp_member = is_grp_member (uid, gid);
if (!acl) if (!acl)
{ {
*attribute |= S_IRWXU | S_IRWXG | S_IRWXO; *attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
@ -1749,7 +1747,8 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
for (DWORD i = 0; i < oacl->AceCount; ++i) for (DWORD i = 0; i < oacl->AceCount; ++i)
if (GetAce (oacl, i, (PVOID *) &ace)) if (GetAce (oacl, i, (PVOID *) &ace))
{ {
cygsid ace_sid ((PSID) &ace->SidStart); cygpsid ace_sid ((PSID) &ace->SidStart);
/* Check for related ACEs. */ /* Check for related ACEs. */
if (ace_sid == well_known_null_sid) if (ace_sid == well_known_null_sid)
continue; continue;