Drop unneeded passwd argument from security functions

* sec_auth.cc (get_server_groups): Drop unused passwd argument.  Adjust
	calls throughout.
	(get_initgroups_sidlist): Ditto.
	(get_setgroups_sidlist): Ditto.
	(create_token): Ditto.
	(lsaauth): Ditto.
	* security.h (create_token): Adjust prototype to above change.
	(lsaauth): Ditto.
	(get_server_groups): Ditto.
	* grp.cc (get_groups): Adjust call to get_server_groups.
	* syscalls.cc (seteuid32): Adjust calls to lsaauth and create_token.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-03-18 16:54:19 +01:00
parent 6f93f1d6a5
commit 1d91d469ee
No known key found for this signature in database
GPG Key ID: F536069DAE444FA0
5 changed files with 31 additions and 18 deletions

View File

@ -1,3 +1,17 @@
2015-03-18 Corinna Vinschen <corinna@vinschen.de>
* sec_auth.cc (get_server_groups): Drop unused passwd argument. Adjust
calls throughout.
(get_initgroups_sidlist): Ditto.
(get_setgroups_sidlist): Ditto.
(create_token): Ditto.
(lsaauth): Ditto.
* security.h (create_token): Adjust prototype to above change.
(lsaauth): Ditto.
(get_server_groups): Ditto.
* grp.cc (get_groups): Adjust call to get_server_groups.
* syscalls.cc (seteuid32): Adjust calls to lsaauth and create_token.
2015-03-17 Corinna Vinschen <corinna@vinschen.de>
* grp.cc (internal_getgroups): Drop unused timeout parameter.

View File

@ -720,7 +720,7 @@ get_groups (const char *user, gid_t gid, cygsidlist &gsids)
struct group *grp = internal_getgrgid (gid, &cldap);
cygsid usersid, grpsid;
if (usersid.getfrompw (pw))
get_server_groups (gsids, usersid, pw);
get_server_groups (gsids, usersid);
if (gid != ILLEGAL_GID && grpsid.getfromgr (grp))
gsids += grpsid;
cygheap->user.reimpersonate ();

View File

@ -544,7 +544,7 @@ get_token_group_sidlist (cygsidlist &grp_list, PTOKEN_GROUPS my_grps,
}
bool
get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
get_server_groups (cygsidlist &grp_list, PSID usersid)
{
WCHAR user[UNLEN + 1];
WCHAR domain[MAX_DOMAIN_NAME_LEN + 1];
@ -581,8 +581,7 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
}
static bool
get_initgroups_sidlist (cygsidlist &grp_list,
PSID usersid, PSID pgrpsid, struct passwd *pw,
get_initgroups_sidlist (cygsidlist &grp_list, PSID usersid, PSID pgrpsid,
PTOKEN_GROUPS my_grps, LUID auth_luid, int &auth_pos)
{
grp_list *= well_known_world_sid;
@ -591,7 +590,7 @@ get_initgroups_sidlist (cygsidlist &grp_list,
auth_pos = -1;
else
get_token_group_sidlist (grp_list, my_grps, auth_luid, auth_pos);
if (!get_server_groups (grp_list, usersid, pw))
if (!get_server_groups (grp_list, usersid))
return false;
/* special_pgrp true if pgrpsid is not in normal groups */
@ -600,14 +599,14 @@ get_initgroups_sidlist (cygsidlist &grp_list,
}
static void
get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid, struct passwd *pw,
get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid,
PTOKEN_GROUPS my_grps, user_groups &groups,
LUID auth_luid, int &auth_pos)
{
tmp_list *= well_known_world_sid;
tmp_list *= well_known_authenticated_users_sid;
get_token_group_sidlist (tmp_list, my_grps, auth_luid, auth_pos);
get_server_groups (tmp_list, usersid, pw);
get_server_groups (tmp_list, usersid);
for (int gidx = 0; gidx < groups.sgsids.count (); gidx++)
tmp_list += groups.sgsids.sids[gidx];
tmp_list += groups.pgsid;
@ -875,7 +874,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
}
HANDLE
create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
create_token (cygsid &usersid, user_groups &new_groups)
{
NTSTATUS status;
LSA_HANDLE lsa = NULL;
@ -964,9 +963,9 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
/* Create list of groups, the user is member in. */
int auth_pos;
if (new_groups.issetgroups ())
get_setgroups_sidlist (tmp_gsids, usersid, pw, my_tok_gsids, new_groups,
get_setgroups_sidlist (tmp_gsids, usersid, my_tok_gsids, new_groups,
auth_luid, auth_pos);
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid, pw,
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid,
my_tok_gsids, auth_luid, auth_pos))
goto out;
@ -1037,7 +1036,7 @@ out:
}
HANDLE
lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
lsaauth (cygsid &usersid, user_groups &new_groups)
{
cygsidlist tmp_gsids (cygsidlist_auto, 12);
cygpsid pgrpsid;
@ -1111,9 +1110,9 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
/* Create list of groups, the user is member in. */
int auth_pos;
if (new_groups.issetgroups ())
get_setgroups_sidlist (tmp_gsids, usersid, pw, NULL, new_groups, auth_luid,
get_setgroups_sidlist (tmp_gsids, usersid, NULL, new_groups, auth_luid,
auth_pos);
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid, pw,
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid,
NULL, auth_luid, auth_pos))
goto out;

View File

@ -457,15 +457,15 @@ int setacl (HANDLE, path_conv &, int, struct acl *, bool &);
/* Set impersonation or restricted token. */
void set_imp_token (HANDLE token, int type);
/* Function creating a token by calling NtCreateToken. */
HANDLE create_token (cygsid &usersid, user_groups &groups, struct passwd * pw);
HANDLE create_token (cygsid &usersid, user_groups &groups);
/* LSA authentication function. */
HANDLE lsaauth (cygsid &, user_groups &, struct passwd *);
HANDLE lsaauth (cygsid &, user_groups &);
/* LSA private key storage authentication, same as when using service logons. */
HANDLE lsaprivkeyauth (struct passwd *pw);
/* Verify an existing token */
bool verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern = NULL);
/* Get groups of a user */
bool get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw);
bool get_server_groups (cygsidlist &grp_list, PSID usersid);
/* Extract U-domain\user field from passwd entry. */
void extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user);

View File

@ -3374,10 +3374,10 @@ seteuid32 (uid_t uid)
if (!new_token)
{
debug_printf ("lsaprivkeyauth failed, try lsaauth.");
if (!(new_token = lsaauth (usersid, groups, pw_new)))
if (!(new_token = lsaauth (usersid, groups)))
{
debug_printf ("lsaauth failed, try create_token.");
new_token = create_token (usersid, groups, pw_new);
new_token = create_token (usersid, groups);
if (new_token == INVALID_HANDLE_VALUE)
{
debug_printf ("create_token failed, bail out of here");