* advapi32.cc (InitializeSid): Remove.

(EqualPrefixSid): Remove.
	(GetLengthSid): Remove.
	(GetSidSubAuthority): Remove.
	(GetSidSubAuthorityCount): Remove.
	(GetSidIdentifierAuthority): Remove.
	* fhandler_disk_file.cc: Remove above functions throughout with their
	ntdll.dll equivalent.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
This commit is contained in:
Corinna Vinschen
2011-04-28 08:34:49 +00:00
parent 41e9c14558
commit 158e516b9d
7 changed files with 35 additions and 57 deletions

View File

@@ -1,3 +1,17 @@
2011-04-28 Corinna Vinschen <corinna@vinschen.de>
* advapi32.cc (InitializeSid): Remove.
(EqualPrefixSid): Remove.
(GetLengthSid): Remove.
(GetSidSubAuthority): Remove.
(GetSidSubAuthorityCount): Remove.
(GetSidIdentifierAuthority): Remove.
* fhandler_disk_file.cc: Remove above functions throughout with their
ntdll.dll equivalent.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
2011-04-28 Corinna Vinschen <corinna@vinschen.de> 2011-04-28 Corinna Vinschen <corinna@vinschen.de>
* advapi32.cc (AllocateLocallyUniqueId): Remove. * advapi32.cc (AllocateLocallyUniqueId): Remove.

View File

@@ -40,25 +40,12 @@ PrivilegeCheck (HANDLE tok, PPRIVILEGE_SET pset, LPBOOL res)
DEFAULT_NTSTATUS_TO_BOOL_RETURN DEFAULT_NTSTATUS_TO_BOOL_RETURN
} }
BOOL WINAPI
InitializeSid (PSID sid, PSID_IDENTIFIER_AUTHORITY auth, BYTE count)
{
NTSTATUS status = RtlInitializeSid (sid, auth, count);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI BOOL WINAPI
EqualSid (PSID sid1, PSID sid2) EqualSid (PSID sid1, PSID sid2)
{ {
return !!RtlEqualSid (sid1, sid2); return !!RtlEqualSid (sid1, sid2);
} }
BOOL WINAPI
EqualPrefixSid (PSID sid1, PSID sid2)
{
return !!RtlEqualPrefixSid (sid1, sid2);
}
BOOL WINAPI BOOL WINAPI
CopySid (DWORD len, PSID dest, PSID src) CopySid (DWORD len, PSID dest, PSID src)
{ {
@@ -66,30 +53,6 @@ CopySid (DWORD len, PSID dest, PSID src)
DEFAULT_NTSTATUS_TO_BOOL_RETURN DEFAULT_NTSTATUS_TO_BOOL_RETURN
} }
DWORD WINAPI
GetLengthSid (PSID sid)
{
return RtlLengthSid (sid);
}
PDWORD WINAPI
GetSidSubAuthority (PSID sid, DWORD subauth)
{
return RtlSubAuthoritySid (sid, subauth);
}
PUCHAR WINAPI
GetSidSubAuthorityCount (PSID sid)
{
return RtlSubAuthorityCountSid (sid);
}
PSID_IDENTIFIER_AUTHORITY WINAPI
GetSidIdentifierAuthority (PSID sid)
{
return RtlIdentifierAuthoritySid (sid);
}
BOOL WINAPI BOOL WINAPI
InitializeAcl (PACL acl, DWORD len, DWORD revision) InitializeAcl (PACL acl, DWORD len, DWORD revision)
{ {

View File

@@ -926,7 +926,8 @@ fhandler_disk_file::fchown (__uid32_t uid, __gid32_t gid)
if (old_uid == ILLEGAL_UID if (old_uid == ILLEGAL_UID
|| (sid.getfrompw (internal_getpwuid (old_uid)) || (sid.getfrompw (internal_getpwuid (old_uid))
&& EqualPrefixSid (sid, well_known_samba_unix_user_fake_sid))) && RtlEqualPrefixSid (sid,
well_known_samba_unix_user_fake_sid)))
{ {
debug_printf ("Faking chown worked on standalone Samba"); debug_printf ("Faking chown worked on standalone Samba");
res = 0; res = 0;

View File

@@ -1,7 +1,7 @@
/* sec_acl.cc: Sun compatible ACL functions. /* sec_acl.cc: Sun compatible ACL functions.
Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
2009, 2010 Red Hat, Inc. 2009, 2010, 2011 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de> Written by Corinna Vinschen <corinna@vinschen.de>

View File

@@ -1007,7 +1007,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
tmpidx = -1; tmpidx = -1;
for (int i = 0; i < non_well_known_cnt; ++i) for (int i = 0; i < non_well_known_cnt; ++i)
if ((tmpidx = tmp_gsids.next_non_well_known_sid (tmpidx)) >= 0) if ((tmpidx = tmp_gsids.next_non_well_known_sid (tmpidx)) >= 0)
gsize += GetLengthSid (tmp_gsids.sids[tmpidx]); gsize += RtlLengthSid (tmp_gsids.sids[tmpidx]);
/* Retrieve list of privileges of that user. */ /* Retrieve list of privileges of that user. */
if (!(privs = get_priv_list (lsa, usersid, tmp_gsids, psize))) if (!(privs = get_priv_list (lsa, usersid, tmp_gsids, psize)))
@@ -1015,9 +1015,9 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
/* Create DefaultDacl. */ /* Create DefaultDacl. */
dsize = sizeof (ACL) + 3 * sizeof (ACCESS_ALLOWED_ACE) dsize = sizeof (ACL) + 3 * sizeof (ACCESS_ALLOWED_ACE)
+ GetLengthSid (usersid) + RtlLengthSid (usersid)
+ GetLengthSid (well_known_admins_sid) + RtlLengthSid (well_known_admins_sid)
+ GetLengthSid (well_known_system_sid); + RtlLengthSid (well_known_system_sid);
dacl = (PACL) alloca (dsize); dacl = (PACL) alloca (dsize);
if (!InitializeAcl (dacl, dsize, ACL_REVISION)) if (!InitializeAcl (dacl, dsize, ACL_REVISION))
goto out; goto out;
@@ -1032,7 +1032,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
/* Evaluate authinf size and allocate authinf. */ /* Evaluate authinf size and allocate authinf. */
authinf_size = (authinf->data - (PBYTE) authinf); authinf_size = (authinf->data - (PBYTE) authinf);
authinf_size += GetLengthSid (usersid); /* User SID */ authinf_size += RtlLengthSid (usersid); /* User SID */
authinf_size += gsize; /* Groups + Group SIDs */ authinf_size += gsize; /* Groups + Group SIDs */
/* When trying to define the admins group as primary group on Vista, /* When trying to define the admins group as primary group on Vista,
LsaLogonUser fails with error STATUS_INVALID_OWNER. As workaround LsaLogonUser fails with error STATUS_INVALID_OWNER. As workaround
@@ -1043,7 +1043,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
else else
pgrpsid = new_groups.pgsid; pgrpsid = new_groups.pgsid;
authinf_size += GetLengthSid (pgrpsid); /* Primary Group SID */ authinf_size += RtlLengthSid (pgrpsid); /* Primary Group SID */
authinf_size += psize; /* Privileges */ authinf_size += psize; /* Privileges */
authinf_size += 0; /* Owner SID */ authinf_size += 0; /* Owner SID */
@@ -1070,9 +1070,9 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
/* User SID */ /* User SID */
authinf->inf.User.User.Sid = offset; authinf->inf.User.User.Sid = offset;
authinf->inf.User.User.Attributes = 0; authinf->inf.User.User.Attributes = 0;
CopySid (GetLengthSid (usersid), (PSID) ((PBYTE) &authinf->inf + offset), CopySid (RtlLengthSid (usersid), (PSID) ((PBYTE) &authinf->inf + offset),
usersid); usersid);
offset += GetLengthSid (usersid); offset += RtlLengthSid (usersid);
/* Groups */ /* Groups */
authinf->inf.Groups = offset; authinf->inf.Groups = offset;
gsids = (PCYG_TOKEN_GROUPS) ((PBYTE) &authinf->inf + offset); gsids = (PCYG_TOKEN_GROUPS) ((PBYTE) &authinf->inf + offset);
@@ -1093,17 +1093,17 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
if (wincap.needs_logon_sid_in_sid_list () if (wincap.needs_logon_sid_in_sid_list ()
&& tmp_gsids.sids[tmpidx] == fake_logon_sid) && tmp_gsids.sids[tmpidx] == fake_logon_sid)
gsids->Groups[i].Attributes += SE_GROUP_LOGON_ID; gsids->Groups[i].Attributes += SE_GROUP_LOGON_ID;
CopySid (GetLengthSid (tmp_gsids.sids[tmpidx]), CopySid (RtlLengthSid (tmp_gsids.sids[tmpidx]),
(PSID) ((PBYTE) &authinf->inf + sids_offset), (PSID) ((PBYTE) &authinf->inf + sids_offset),
tmp_gsids.sids[tmpidx]); tmp_gsids.sids[tmpidx]);
sids_offset += GetLengthSid (tmp_gsids.sids[tmpidx]); sids_offset += RtlLengthSid (tmp_gsids.sids[tmpidx]);
} }
offset += gsize; offset += gsize;
/* Primary Group SID */ /* Primary Group SID */
authinf->inf.PrimaryGroup.PrimaryGroup = offset; authinf->inf.PrimaryGroup.PrimaryGroup = offset;
CopySid (GetLengthSid (pgrpsid), (PSID) ((PBYTE) &authinf->inf + offset), CopySid (RtlLengthSid (pgrpsid), (PSID) ((PBYTE) &authinf->inf + offset),
pgrpsid); pgrpsid);
offset += GetLengthSid (pgrpsid); offset += RtlLengthSid (pgrpsid);
/* Privileges */ /* Privileges */
authinf->inf.Privileges = offset; authinf->inf.Privileges = offset;
memcpy ((PBYTE) &authinf->inf + offset, privs, psize); memcpy ((PBYTE) &authinf->inf + offset, privs, psize);

View File

@@ -140,9 +140,9 @@ cygpsid::string (char *nsidstr) const
return NULL; return NULL;
strcpy (nsidstr, "S-1-"); strcpy (nsidstr, "S-1-");
t = nsidstr + sizeof ("S-1-") - 1; t = nsidstr + sizeof ("S-1-") - 1;
t += __small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]); t += __small_sprintf (t, "%u", RtlIdentifierAuthoritySid (psid)->Value[5]);
for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i) for (i = 0; i < *RtlSubAuthorityCountSid (psid); ++i)
t += __small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i)); t += __small_sprintf (t, "-%lu", *RtlSubAuthoritySid (psid, i));
return nsidstr; return nsidstr;
} }
@@ -160,7 +160,7 @@ cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r, bool well_known)
} }
sid_auth.Value[5] = s; sid_auth.Value[5] = s;
set (); set ();
InitializeSid (psid, &sid_auth, cnt); RtlInitializeSid (psid, &sid_auth, cnt);
for (i = 0; i < cnt; ++i) for (i = 0; i < cnt; ++i)
memcpy ((char *) psid + 8 + sizeof (DWORD) * i, &r[i], sizeof (DWORD)); memcpy ((char *) psid + 8 + sizeof (DWORD) * i, &r[i], sizeof (DWORD));
/* If the well_known flag isn't set explicitely, we check the SID /* If the well_known flag isn't set explicitely, we check the SID

View File

@@ -474,7 +474,7 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
ACCESS_ALLOWED_ACE *ace; ACCESS_ALLOWED_ACE *ace;
if (inherit && GetAce (acl, offset, (PVOID *) &ace)) if (inherit && GetAce (acl, offset, (PVOID *) &ace))
ace->Header.AceFlags |= inherit; ace->Header.AceFlags |= inherit;
len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + GetLengthSid (sid); len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
return true; return true;
} }
@@ -490,7 +490,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes,
ACCESS_DENIED_ACE *ace; ACCESS_DENIED_ACE *ace;
if (inherit && GetAce (acl, offset, (PVOID *) &ace)) if (inherit && GetAce (acl, offset, (PVOID *) &ace))
ace->Header.AceFlags |= inherit; ace->Header.AceFlags |= inherit;
len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + GetLengthSid (sid); len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
return true; return true;
} }