JehanneOS
/
newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* passwd.cc (pg_ent::enumerate_builtin): Convert pwd_builtins and 

grp_builtins to array of cygpsid pointers.  Replace SID strings with
	pointers to well known SIDs.
	* sec_helper.cc (well_known_local_service_sid): Define.
	(well_known_network_service_sid): Define.
	(trusted_installer_sid): Define.
	* security.h (well_known_local_service_sid): Declare.
	(well_known_network_service_sid): Declare.
	(trusted_installer_sid): Declare.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Throughout set acc_type
	to SidTypeUnknown if LookupAccountXXX function failed.  Create
	simplified passwd entry for non-user accounts, except for LocalSystem.
	Add comment.
This commit is contained in:
Corinna Vinschen 2014-03-06 18:54:08 +00:00
parent 722c840b35
commit 29adfd78bd
5 changed files with 49 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,19 @@
2014-03-06 Corinna Vinschen <corinna@vinschen.de>
* passwd.cc (pg_ent::enumerate_builtin): Convert pwd_builtins and
grp_builtins to array of cygpsid pointers. Replace SID strings with
pointers to well known SIDs.
* sec_helper.cc (well_known_local_service_sid): Define.
(well_known_network_service_sid): Define.
(trusted_installer_sid): Define.
* security.h (well_known_local_service_sid): Declare.
(well_known_network_service_sid): Declare.
(trusted_installer_sid): Declare.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Throughout set acc_type
to SidTypeUnknown if LookupAccountXXX function failed. Create
simplified passwd entry for non-user accounts, except for LocalSystem.
Add comment.
2014-03-06 Corinna Vinschen <corinna@vinschen.de> 2014-03-06 Corinna Vinschen <corinna@vinschen.de>
* setlsapwd.cc (setlsapwd): Use RtlSecureZeroMemory to delete password * setlsapwd.cc (setlsapwd): Use RtlSecureZeroMemory to delete password

31
winsup/cygwin/passwd.cc
View File

@ -467,36 +467,27 @@ pg_ent::enumerate_file ()
void * void *
pg_ent::enumerate_builtin () pg_ent::enumerate_builtin ()
{ {
static const char *pwd_builtins[] = { static cygpsid *pwd_builtins[] = {
/* SYSTEM */ &well_known_system_sid,
"S-1-5-18", &well_known_local_service_sid,
/* LocalService */ &well_known_network_service_sid,
"S-1-5-19", &well_known_admins_sid,
/* NetworkService */ &trusted_installer_sid,
"S-1-5-20",
/* Administrators */
"S-1-5-32-544",
/* TrustedInstaller */
"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464",
/* The end */
NULL NULL
}; };
static const char *grp_builtins[] = { static cygpsid *grp_builtins[] = {
/* SYSTEM */ &well_known_system_sid,
"S-1-5-18", &trusted_installer_sid,
/* TrustedInstaller */
"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464",
/* The end */
NULL NULL
}; };
const char **builtins = group ? grp_builtins : pwd_builtins; cygpsid **builtins = group ? grp_builtins : pwd_builtins;
if (!builtins[cnt]) if (!builtins[cnt])
{ {
cnt = max = resume = 0; cnt = max = resume = 0;
return NULL; return NULL;
} }
cygsid sid (builtins[cnt++]); cygsid sid (*builtins[cnt++]);
fetch_user_arg_t arg; fetch_user_arg_t arg;
arg.type = SID_arg; arg.type = SID_arg;
arg.sid = &sid; arg.sid = &sid;

9
winsup/cygwin/sec_helper.cc
View File

@ -66,6 +66,10 @@ MKSID (well_known_this_org_sid, "S-1-5-15",
SECURITY_NT_AUTHORITY, 1, 15); SECURITY_NT_AUTHORITY, 1, 15);
MKSID (well_known_system_sid, "S-1-5-18", MKSID (well_known_system_sid, "S-1-5-18",
SECURITY_NT_AUTHORITY, 1, SECURITY_LOCAL_SYSTEM_RID); SECURITY_NT_AUTHORITY, 1, SECURITY_LOCAL_SYSTEM_RID);
MKSID (well_known_local_service_sid, "S-1-5-19",
SECURITY_NT_AUTHORITY, 1, SECURITY_LOCAL_SERVICE_RID);
MKSID (well_known_network_service_sid, "S-1-5-20",
SECURITY_NT_AUTHORITY, 1, SECURITY_NETWORK_SERVICE_RID);
MKSID (well_known_builtin_sid, "S-1-5-32", MKSID (well_known_builtin_sid, "S-1-5-32",
SECURITY_NT_AUTHORITY, 1, SECURITY_BUILTIN_DOMAIN_RID); SECURITY_NT_AUTHORITY, 1, SECURITY_BUILTIN_DOMAIN_RID);
MKSID (well_known_admins_sid, "S-1-5-32-544", MKSID (well_known_admins_sid, "S-1-5-32-544",
@ -74,6 +78,11 @@ MKSID (well_known_admins_sid, "S-1-5-32-544",
MKSID (well_known_users_sid, "S-1-5-32-545", MKSID (well_known_users_sid, "S-1-5-32-545",
SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID, SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_USERS); DOMAIN_ALIAS_RID_USERS);
MKSID (trusted_installer_sid,
"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464",
SECURITY_NT_AUTHORITY, SECURITY_SERVICE_ID_RID_COUNT,
SECURITY_SERVICE_ID_BASE_RID, 956008885U, 3418522649U, 1831038044U,
1853292631U, 2271478464U);
MKSID (mandatory_medium_integrity_sid, "S-1-16-8192", MKSID (mandatory_medium_integrity_sid, "S-1-16-8192",
SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_MEDIUM_RID); SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_MEDIUM_RID);
MKSID (mandatory_high_integrity_sid, "S-1-16-12288", MKSID (mandatory_high_integrity_sid, "S-1-16-12288",

3
winsup/cygwin/security.h
View File

@ -385,9 +385,12 @@ extern cygpsid well_known_service_sid;
extern cygpsid well_known_authenticated_users_sid; extern cygpsid well_known_authenticated_users_sid;
extern cygpsid well_known_this_org_sid; extern cygpsid well_known_this_org_sid;
extern cygpsid well_known_system_sid; extern cygpsid well_known_system_sid;
extern cygpsid well_known_local_service_sid;
extern cygpsid well_known_network_service_sid;
extern cygpsid well_known_builtin_sid; extern cygpsid well_known_builtin_sid;
extern cygpsid well_known_admins_sid; extern cygpsid well_known_admins_sid;
extern cygpsid well_known_users_sid; extern cygpsid well_known_users_sid;
extern cygpsid trusted_installer_sid;
extern cygpsid mandatory_medium_integrity_sid; extern cygpsid mandatory_medium_integrity_sid;
extern cygpsid mandatory_high_integrity_sid; extern cygpsid mandatory_high_integrity_sid;
extern cygpsid mandatory_system_integrity_sid; extern cygpsid mandatory_system_integrity_sid;

10
winsup/cygwin/uinfo.cc
View File

@ -1721,6 +1721,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
uid = 0xffe; uid = 0xffe;
wcpcpy (name = namebuf, L"OtherSession"); wcpcpy (name = namebuf, L"OtherSession");
} }
acc_type = SidTypeUnknown;
} }
else if (sid_id_auth (sid) == 18) else if (sid_id_auth (sid) == 18)
{ {
@ -1733,6 +1734,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
? (PWCHAR) L"Authentication authority asserted identity" ? (PWCHAR) L"Authentication authority asserted identity"
: (PWCHAR) L"Service asserted identity"); : (PWCHAR) L"Service asserted identity");
name_style = plus_prepended; name_style = plus_prepended;
acc_type = SidTypeUnknown;
} }
else if (sid_id_auth (sid) == 22) else if (sid_id_auth (sid) == 22)
{ {
@ -1747,6 +1749,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
wcpcpy (p, sid_sub_auth (sid, 0) == 1 ? L"User" : L"Group"); wcpcpy (p, sid_sub_auth (sid, 0) == 1 ? L"User" : L"Group");
__small_swprintf (name = namebuf, L"%d", uid & UNIX_POSIX_MASK); __small_swprintf (name = namebuf, L"%d", uid & UNIX_POSIX_MASK);
name_style = fully_qualified; name_style = fully_qualified;
acc_type = SidTypeUnknown;
} }
else else
{ {
@ -1787,6 +1790,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
wcpcpy (name = namebuf, group ? L"Group" : L"User"); wcpcpy (name = namebuf, group ? L"Group" : L"User");
} }
name_style = fully_qualified; name_style = fully_qualified;
acc_type = SidTypeUnknown;
} }
tmp_pathbuf tp; tmp_pathbuf tp;
@ -1806,6 +1810,12 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
if (group) if (group)
__small_swprintf (linebuf, L"%W:%W:%u:", __small_swprintf (linebuf, L"%W:%W:%u:",
posix_name, sid.string (sidstr), uid); posix_name, sid.string (sidstr), uid);
/* For non-users, create a passwd entry which doesn't allow interactive
logon. Unless it's the SYSTEM account. This conveniently allows to
long interactively as SYSTEM for debugging purposes. */
else if (acc_type != SidTypeUser && sid != well_known_system_sid)
__small_swprintf (linebuf, L"%W:*:%u:%u:,%W:/:/sbin/nologin",
posix_name, uid, gid, sid.string (sidstr));
else else
__small_swprintf (linebuf, L"%W:*:%u:%u:%W%WU-%W\\%W,%W:%W%W:%W", __small_swprintf (linebuf, L"%W:*:%u:%u:%W%WU-%W\\%W,%W:%W%W:%W",
posix_name, uid, gid, posix_name, uid, gid,