* sec_helper.cc (lookup_name): Suppress.

* security.cc (alloc_sd): Remove logsrv argument.
	Remove two calls to lookup_name.
	(set_security_attribute): Remove logsrv argument.
	Remove logsrv argument in call to alloc_sd.
	(set_nt_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_security_attribute.
	(set_file_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_nt_attribute.
	(set_file_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_file_attribute.
	* syscalls.cc (chown_worker): Remove logserver argument in
	call to set_file_attribute.
	(chmod): Ditto.
	* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
	* uinfo.cc (internal_getlogin): Replace calls to
	lookup_name by call to LookupAccountName.
	* security.h: Remove logsrv in declarations of set_file_attribute
	and alloc_sd. Remove declaration of lookup_name.
This commit is contained in:
Corinna Vinschen
2002-06-06 11:17:51 +00:00
parent ea6a35f68a
commit 2e8abfc1c5
7 changed files with 47 additions and 28 deletions

View File

@@ -1,3 +1,25 @@
2002-06-03 Pierre Humblet <pierre.humblet@ieee.org>
* sec_helper.cc (lookup_name): Suppress.
* security.cc (alloc_sd): Remove logsrv argument.
Remove two calls to lookup_name.
(set_security_attribute): Remove logsrv argument.
Remove logsrv argument in call to alloc_sd.
(set_nt_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_security_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_nt_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_file_attribute.
* syscalls.cc (chown_worker): Remove logserver argument in
call to set_file_attribute.
(chmod): Ditto.
* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
* uinfo.cc (internal_getlogin): Replace calls to
lookup_name by call to LookupAccountName.
* security.h: Remove logsrv in declarations of set_file_attribute
and alloc_sd. Remove declaration of lookup_name.
2002-06-05 Christopher Faylor <cgf@redhat.com> 2002-06-05 Christopher Faylor <cgf@redhat.com>
* child_info.h (CHILD_INFO_MAGIC): Oops. Revert previous change. gcc * child_info.h (CHILD_INFO_MAGIC): Oops. Revert previous change. gcc

View File

@@ -266,6 +266,7 @@ is_grp_member (__uid32_t uid, __gid32_t gid)
return grp_member; return grp_member;
} }
#if 0 // unused
#define SIDLEN (sidlen = MAX_SID_LEN, &sidlen) #define SIDLEN (sidlen = MAX_SID_LEN, &sidlen)
#define DOMLEN (domlen = INTERNET_MAX_HOST_NAME_LENGTH, &domlen) #define DOMLEN (domlen = INTERNET_MAX_HOST_NAME_LENGTH, &domlen)
@@ -334,6 +335,7 @@ got_it:
#undef SIDLEN #undef SIDLEN
#undef DOMLEN #undef DOMLEN
#endif //unused
int int
set_process_privilege (const char *privilege, BOOL enable) set_process_privilege (const char *privilege, BOOL enable)

View File

@@ -1353,7 +1353,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes,
} }
PSECURITY_DESCRIPTOR PSECURITY_DESCRIPTOR
alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute, alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret) PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret)
{ {
BOOL dummy; BOOL dummy;
@@ -1372,8 +1372,7 @@ alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute,
cygsid owner_sid; cygsid owner_sid;
struct passwd *pw = getpwuid32 (uid); struct passwd *pw = getpwuid32 (uid);
strcpy (owner, pw ? pw->pw_name : getlogin ()); strcpy (owner, pw ? pw->pw_name : getlogin ());
if ((!pw || !owner_sid.getfrompw (pw)) if (!pw || !owner_sid.getfrompw (pw))
&& !lookup_name (owner, logsrv, owner_sid))
return NULL; return NULL;
debug_printf ("owner: %s [%d]", owner, debug_printf ("owner: %s [%d]", owner,
*GetSidSubAuthority(owner_sid, *GetSidSubAuthority(owner_sid,
@@ -1384,8 +1383,7 @@ alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute,
struct __group32 *grp = getgrgid32 (gid); struct __group32 *grp = getgrgid32 (gid);
if (grp) if (grp)
{ {
if ((!grp || !group_sid.getfromgr (grp)) if (!grp || !group_sid.getfromgr (grp))
&& !lookup_name (grp->gr_name, logsrv, group_sid))
return NULL; return NULL;
} }
else else
@@ -1616,14 +1614,13 @@ set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)sd_buf, InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)sd_buf,
SECURITY_DESCRIPTOR_REVISION); SECURITY_DESCRIPTOR_REVISION);
psa->lpSecurityDescriptor = alloc_sd (geteuid32 (), getegid32 (), psa->lpSecurityDescriptor = alloc_sd (geteuid32 (), getegid32 (),
cygheap->user.logsrv (),
attribute, (PSECURITY_DESCRIPTOR)sd_buf, attribute, (PSECURITY_DESCRIPTOR)sd_buf,
&sd_buf_size); &sd_buf_size);
} }
static int static int
set_nt_attribute (const char *file, __uid32_t uid, __gid32_t gid, set_nt_attribute (const char *file, __uid32_t uid, __gid32_t gid,
const char *logsrv, int attribute) int attribute)
{ {
if (!wincap.has_security ()) if (!wincap.has_security ())
return 0; return 0;
@@ -1640,7 +1637,7 @@ set_nt_attribute (const char *file, __uid32_t uid, __gid32_t gid,
} }
sd_size = 4096; sd_size = 4096;
if (!(psd = alloc_sd (uid, gid, logsrv, attribute, psd, &sd_size))) if (!(psd = alloc_sd (uid, gid, attribute, psd, &sd_size)))
return -1; return -1;
return write_sd (file, psd, sd_size); return write_sd (file, psd, sd_size);
@@ -1649,12 +1646,12 @@ set_nt_attribute (const char *file, __uid32_t uid, __gid32_t gid,
int int
set_file_attribute (int use_ntsec, const char *file, set_file_attribute (int use_ntsec, const char *file,
__uid32_t uid, __gid32_t gid, __uid32_t uid, __gid32_t gid,
int attribute, const char *logsrv) int attribute)
{ {
int ret = 0; int ret = 0;
if (use_ntsec && allow_ntsec) if (use_ntsec && allow_ntsec)
ret = set_nt_attribute (file, uid, gid, logsrv, attribute); ret = set_nt_attribute (file, uid, gid, attribute);
else if (allow_ntea && !NTWriteEA (file, ".UNIXATTR", (char *) &attribute, else if (allow_ntea && !NTWriteEA (file, ".UNIXATTR", (char *) &attribute,
sizeof (attribute))) sizeof (attribute)))
{ {
@@ -1671,5 +1668,5 @@ set_file_attribute (int use_ntsec, const char *file, int attribute)
{ {
return set_file_attribute (use_ntsec, file, return set_file_attribute (use_ntsec, file,
myself->uid, myself->gid, myself->uid, myself->gid,
attribute, cygheap->user.logsrv ()); attribute);
} }

View File

@@ -168,7 +168,7 @@ int __stdcall set_process_privileges ();
int __stdcall get_file_attribute (int, const char *, int *, int __stdcall get_file_attribute (int, const char *, int *,
__uid32_t * = NULL, __gid32_t * = NULL); __uid32_t * = NULL, __gid32_t * = NULL);
int __stdcall set_file_attribute (int, const char *, int); int __stdcall set_file_attribute (int, const char *, int);
int __stdcall set_file_attribute (int, const char *, __uid32_t, __gid32_t, int, const char *); int __stdcall set_file_attribute (int, const char *, __uid32_t, __gid32_t, int);
LONG __stdcall read_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, LPDWORD sd_size); LONG __stdcall read_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, LPDWORD sd_size);
LONG __stdcall write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size); LONG __stdcall write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size);
BOOL __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit); BOOL __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);
@@ -191,10 +191,6 @@ BOOL get_logon_server (const char * domain, char * server, WCHAR *wserver = NULL
/* sec_helper.cc: Security helper functions. */ /* sec_helper.cc: Security helper functions. */
BOOL __stdcall is_grp_member (__uid32_t uid, __gid32_t gid); BOOL __stdcall is_grp_member (__uid32_t uid, __gid32_t gid);
/* `lookup_name' should be called instead of LookupAccountName.
* logsrv may be NULL, in this case only the local system is used for lookup.
* The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */
BOOL __stdcall lookup_name (const char *, const char *, PSID);
int set_process_privilege (const char *privilege, BOOL enable = TRUE); int set_process_privilege (const char *privilege, BOOL enable = TRUE);
/* shared.cc: */ /* shared.cc: */
@@ -209,7 +205,7 @@ extern BOOL sec_acl (PACL acl, BOOL admins, PSID sid1 = NO_SID, PSID sid2 = NO_S
int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len); int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len);
BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len); BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len);
PSECURITY_DESCRIPTOR alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute, PSECURITY_DESCRIPTOR alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret); PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret);
extern inline SECURITY_ATTRIBUTES * extern inline SECURITY_ATTRIBUTES *

View File

@@ -461,7 +461,7 @@ shmget (key_t key, size_t size, int shmflg)
/* create a sd for our open requests based on shmflag & 0x01ff */ /* create a sd for our open requests based on shmflag & 0x01ff */
InitializeSecurityDescriptor (psd, InitializeSecurityDescriptor (psd,
SECURITY_DESCRIPTOR_REVISION); SECURITY_DESCRIPTOR_REVISION);
psd = alloc_sd (getuid32 (), getgid32 (), cygheap->user.logsrv (), psd = alloc_sd (getuid32 (), getgid32 (),
shmflg & 0x01ff, psd, &sd_size); shmflg & 0x01ff, psd, &sd_size);
if (key == (key_t) - 1) if (key == (key_t) - 1)

View File

@@ -805,7 +805,7 @@ chown_worker (const char *name, unsigned fmode, __uid32_t uid, __gid32_t gid)
if (win32_path.isdir()) if (win32_path.isdir())
attrib |= S_IFDIR; attrib |= S_IFDIR;
res = set_file_attribute (win32_path.has_acls (), win32_path, uid, res = set_file_attribute (win32_path.has_acls (), win32_path, uid,
gid, attrib, cygheap->user.logsrv ()); gid, attrib);
} }
if (res != 0 && (!win32_path.has_acls () || !allow_ntsec)) if (res != 0 && (!win32_path.has_acls () || !allow_ntsec))
{ {
@@ -933,7 +933,7 @@ chmod (const char *path, mode_t mode)
if (win32_path.isdir ()) if (win32_path.isdir ())
mode |= S_IFDIR; mode |= S_IFDIR;
if (!set_file_attribute (win32_path.has_acls (), win32_path, uid, gid, if (!set_file_attribute (win32_path.has_acls (), win32_path, uid, gid,
mode, cygheap->user.logsrv ()) mode)
&& allow_ntsec) && allow_ntsec)
res = 0; res = 0;

View File

@@ -150,17 +150,19 @@ internal_getlogin (cygheap_user &user)
and a domain user may have the same name. */ and a domain user may have the same name. */
if (!ret && user.domain ()) if (!ret && user.domain ())
{ {
char domain[DNLEN + 1];
DWORD dlen = sizeof (domain);
siz = sizeof (tu);
SID_NAME_USE use = SidTypeInvalid;
/* Concat DOMAIN\USERNAME for the next lookup */ /* Concat DOMAIN\USERNAME for the next lookup */
strcat (strcat (strcpy (buf, user.domain ()), "\\"), user.name ()); strcat (strcat (strcpy (buf, user.domain ()), "\\"), user.name ());
if (!(ret = lookup_name (buf, NULL, user.sid ()))) if (!LookupAccountName (NULL, buf, tu, &siz,
debug_printf ("Couldn't retrieve SID locally!"); domain, &dlen, &use) ||
} !legal_sid_type (use))
debug_printf ("Couldn't retrieve SID locally!");
else user.set_sid (tu);
/* If that fails, too, as a last resort try to get the SID from }
the logon server. */
if (!ret && !(ret = lookup_name (user.name (), user.logsrv (),
user.sid ())))
debug_printf ("Couldn't retrieve SID from '%s'!", user.logsrv ());
/* If we have a SID, try to get the corresponding Cygwin user name /* If we have a SID, try to get the corresponding Cygwin user name
which can be different from the Windows user name. */ which can be different from the Windows user name. */