* security.h (class cygpsid): New class.
(class cygsid): Use cygpsid as base. Remove members psid, get_id, get_uid, get_gid, string, debug_printf and the == and != operators. (cygsidlist::clear_supp): Only do work if setgroups has been called. * sec_helper.cc: Define sid_auth NO_COPY. (cygpsid::operator==): New operator. (cygpsid::get_id): New function. (cygpsid::string): New function. (cygsid::string): Delete. (cygsid::get_id): Delete. * pwdgrp.h: Change arguments of internal_getpwsid, internal_getgrsid and internal_getgroups to cygpsid. * passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid. * grp.cc (internal_getgrsid): Ditto. (internal_getgroups): Ditto.
This commit is contained in:
parent
e0c94f4793
commit
4a21c2d5c8
@ -1,3 +1,21 @@
|
||||
2003-02-04 Pierre Humblet <pierre.humblet@ieee.org>
|
||||
|
||||
* security.h (class cygpsid): New class.
|
||||
(class cygsid): Use cygpsid as base. Remove members psid, get_id,
|
||||
get_uid, get_gid, string, debug_printf and the == and != operators.
|
||||
(cygsidlist::clear_supp): Only do work if setgroups has been called.
|
||||
* sec_helper.cc: Define sid_auth NO_COPY.
|
||||
(cygpsid::operator==): New operator.
|
||||
(cygpsid::get_id): New function.
|
||||
(cygpsid::string): New function.
|
||||
(cygsid::string): Delete.
|
||||
(cygsid::get_id): Delete.
|
||||
* pwdgrp.h: Change arguments of internal_getpwsid,
|
||||
internal_getgrsid and internal_getgroups to cygpsid.
|
||||
* passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid.
|
||||
* grp.cc (internal_getgrsid): Ditto.
|
||||
(internal_getgroups): Ditto.
|
||||
|
||||
2003-02-03 Christopher Faylor <cgf@redhat.com>
|
||||
|
||||
Eliminate most unneeded this-> pointers throughout.
|
||||
|
@ -107,7 +107,7 @@ pwdgrp::read_group ()
|
||||
}
|
||||
|
||||
struct __group32 *
|
||||
internal_getgrsid (cygsid &sid)
|
||||
internal_getgrsid (cygpsid &sid)
|
||||
{
|
||||
char sid_string[128];
|
||||
|
||||
@ -231,7 +231,7 @@ internal_getgrent (int pos)
|
||||
}
|
||||
|
||||
int
|
||||
internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygsid * srchsid)
|
||||
internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygpsid * srchsid)
|
||||
{
|
||||
HANDLE hToken = NULL;
|
||||
DWORD size;
|
||||
|
@ -97,7 +97,7 @@ pwdgrp::read_passwd ()
|
||||
}
|
||||
|
||||
struct passwd *
|
||||
internal_getpwsid (cygsid &sid)
|
||||
internal_getpwsid (cygpsid &sid)
|
||||
{
|
||||
struct passwd *pw;
|
||||
char *ptr1, *ptr2, *endptr;
|
||||
|
@ -12,14 +12,14 @@ details. */
|
||||
|
||||
/* These functions are needed to allow searching and walking through
|
||||
the passwd and group lists */
|
||||
extern struct passwd *internal_getpwsid (cygsid &);
|
||||
extern struct passwd *internal_getpwsid (cygpsid &);
|
||||
extern struct passwd *internal_getpwnam (const char *, bool = FALSE);
|
||||
extern struct passwd *internal_getpwuid (__uid32_t, bool = FALSE);
|
||||
extern struct __group32 *internal_getgrsid (cygsid &);
|
||||
extern struct __group32 *internal_getgrsid (cygpsid &);
|
||||
extern struct __group32 *internal_getgrgid (__gid32_t gid, bool = FALSE);
|
||||
extern struct __group32 *internal_getgrnam (const char *, bool = FALSE);
|
||||
extern struct __group32 *internal_getgrent (int);
|
||||
int internal_getgroups (int, __gid32_t *, cygsid * = NULL);
|
||||
int internal_getgroups (int, __gid32_t *, cygpsid * = NULL);
|
||||
|
||||
#include "sync.h"
|
||||
class pwdgrp
|
||||
|
@ -39,7 +39,7 @@ SECURITY_ATTRIBUTES NO_COPY sec_none_nih;
|
||||
SECURITY_ATTRIBUTES NO_COPY sec_all;
|
||||
SECURITY_ATTRIBUTES NO_COPY sec_all_nih;
|
||||
|
||||
SID_IDENTIFIER_AUTHORITY sid_auth[] = {
|
||||
SID_IDENTIFIER_AUTHORITY NO_COPY sid_auth[] = {
|
||||
{SECURITY_NULL_SID_AUTHORITY},
|
||||
{SECURITY_WORLD_SID_AUTHORITY},
|
||||
{SECURITY_LOCAL_SID_AUTHORITY},
|
||||
@ -62,6 +62,63 @@ cygsid well_known_authenticated_users_sid;
|
||||
cygsid well_known_system_sid;
|
||||
cygsid well_known_admins_sid;
|
||||
|
||||
bool
|
||||
cygpsid::operator== (const char *nsidstr) const
|
||||
{
|
||||
cygsid nsid (nsidstr);
|
||||
return psid == nsid;
|
||||
}
|
||||
|
||||
__uid32_t
|
||||
cygpsid::get_id (BOOL search_grp, int *type)
|
||||
{
|
||||
/* First try to get SID from group, then passwd */
|
||||
__uid32_t id = ILLEGAL_UID;
|
||||
|
||||
if (search_grp)
|
||||
{
|
||||
struct __group32 *gr;
|
||||
if (cygheap->user.groups.pgsid == psid)
|
||||
id = myself->gid;
|
||||
else if ((gr = internal_getgrsid (*this)))
|
||||
id = gr->gr_gid;
|
||||
if (id != ILLEGAL_UID)
|
||||
{
|
||||
if (type)
|
||||
*type = GROUP;
|
||||
return id;
|
||||
}
|
||||
}
|
||||
if (!search_grp || type)
|
||||
{
|
||||
struct passwd *pw;
|
||||
if (*this == cygheap->user.sid ())
|
||||
id = myself->uid;
|
||||
else if ((pw = internal_getpwsid (*this)))
|
||||
id = pw->pw_uid;
|
||||
if (id != ILLEGAL_UID && type)
|
||||
*type = USER;
|
||||
}
|
||||
return id;
|
||||
}
|
||||
|
||||
|
||||
char *
|
||||
cygpsid::string (char *nsidstr) const
|
||||
{
|
||||
char *t;
|
||||
DWORD i;
|
||||
|
||||
if (!psid || !nsidstr)
|
||||
return NULL;
|
||||
strcpy (nsidstr, "S-1-");
|
||||
t = nsidstr + sizeof ("S-1-") - 1;
|
||||
t += __small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
|
||||
for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
|
||||
t += __small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i));
|
||||
return nsidstr;
|
||||
}
|
||||
|
||||
void
|
||||
cygsid::init ()
|
||||
{
|
||||
@ -80,25 +137,6 @@ cygsid::init ()
|
||||
well_known_admins_sid = "S-1-5-32-544";
|
||||
}
|
||||
|
||||
char *
|
||||
cygsid::string (char *nsidstr) const
|
||||
{
|
||||
char t[32];
|
||||
DWORD i;
|
||||
|
||||
if (!psid || !nsidstr)
|
||||
return NULL;
|
||||
strcpy (nsidstr, "S-1-");
|
||||
__small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
|
||||
strcat (nsidstr, t);
|
||||
for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
|
||||
{
|
||||
__small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i));
|
||||
strcat (nsidstr, t);
|
||||
}
|
||||
return nsidstr;
|
||||
}
|
||||
|
||||
PSID
|
||||
cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r)
|
||||
{
|
||||
@ -148,39 +186,6 @@ cygsid::getfromgr (const struct __group32 *gr)
|
||||
return (*this = sp) != NULL;
|
||||
}
|
||||
|
||||
__uid32_t
|
||||
cygsid::get_id (BOOL search_grp, int *type)
|
||||
{
|
||||
/* First try to get SID from passwd or group entry */
|
||||
__uid32_t id = ILLEGAL_UID;
|
||||
|
||||
if (!search_grp)
|
||||
{
|
||||
struct passwd *pw;
|
||||
if (*this == cygheap->user.sid ())
|
||||
id = myself->uid;
|
||||
else if ((pw = internal_getpwsid (*this)))
|
||||
id = pw->pw_uid;
|
||||
if (id != ILLEGAL_UID)
|
||||
{
|
||||
if (type)
|
||||
*type = USER;
|
||||
return id;
|
||||
}
|
||||
}
|
||||
if (search_grp || type)
|
||||
{
|
||||
struct __group32 *gr;
|
||||
if (cygheap->user.groups.pgsid == psid)
|
||||
id = myself->gid;
|
||||
else if ((gr = internal_getgrsid (*this)))
|
||||
id = gr->gr_gid;
|
||||
if (id != ILLEGAL_UID && type)
|
||||
*type = GROUP;
|
||||
}
|
||||
return id;
|
||||
}
|
||||
|
||||
BOOL
|
||||
is_grp_member (__uid32_t uid, __gid32_t gid)
|
||||
{
|
||||
|
@ -20,8 +20,40 @@ details. */
|
||||
|
||||
#define NO_SID ((PSID)NULL)
|
||||
|
||||
class cygsid {
|
||||
class cygpsid {
|
||||
protected:
|
||||
PSID psid;
|
||||
public:
|
||||
cygpsid () {}
|
||||
cygpsid (PSID nsid) { psid = nsid; }
|
||||
operator const PSID () { return psid; }
|
||||
const PSID operator= (PSID nsid) { return psid = nsid;}
|
||||
__uid32_t get_id (BOOL search_grp, int *type = NULL);
|
||||
int get_uid () { return get_id (FALSE); }
|
||||
int get_gid () { return get_id (TRUE); }
|
||||
|
||||
char *string (char *nsidstr) const;
|
||||
|
||||
bool operator== (const PSID nsid) const
|
||||
{
|
||||
if (!psid || !nsid)
|
||||
return nsid == psid;
|
||||
return EqualSid (psid, nsid);
|
||||
}
|
||||
bool operator!= (const PSID nsid) const
|
||||
{ return !(*this == nsid); }
|
||||
bool operator== (const char *nsidstr) const;
|
||||
bool operator!= (const char *nsidstr) const
|
||||
{ return !(*this == nsidstr); }
|
||||
|
||||
void debug_print (const char *prefix = NULL) const
|
||||
{
|
||||
char buf[256];
|
||||
debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL");
|
||||
}
|
||||
};
|
||||
|
||||
class cygsid : public cygpsid {
|
||||
char sbuf[MAX_SID_LEN];
|
||||
|
||||
const PSID getfromstr (const char *nsidstr);
|
||||
@ -50,7 +82,7 @@ public:
|
||||
inline const PSID operator= (const char *nsidstr)
|
||||
{ return getfromstr (nsidstr); }
|
||||
|
||||
inline cygsid () : psid ((PSID) sbuf) {}
|
||||
inline cygsid () : cygpsid ((PSID) sbuf) {}
|
||||
inline cygsid (const PSID nsid) { *this = nsid; }
|
||||
inline cygsid (const char *nstrsid) { *this = nstrsid; }
|
||||
|
||||
@ -58,34 +90,6 @@ public:
|
||||
|
||||
BOOL getfrompw (const struct passwd *pw);
|
||||
BOOL getfromgr (const struct __group32 *gr);
|
||||
|
||||
__uid32_t get_id (BOOL search_grp, int *type = NULL);
|
||||
inline int get_uid () { return get_id (FALSE); }
|
||||
inline int get_gid () { return get_id (TRUE); }
|
||||
|
||||
char *string (char *nsidstr) const;
|
||||
|
||||
inline BOOL operator== (const PSID nsid) const
|
||||
{
|
||||
if (!psid || !nsid)
|
||||
return nsid == psid;
|
||||
return EqualSid (psid, nsid);
|
||||
}
|
||||
inline BOOL operator== (const char *nsidstr) const
|
||||
{
|
||||
cygsid nsid (nsidstr);
|
||||
return *this == nsid;
|
||||
}
|
||||
inline BOOL operator!= (const PSID nsid) const
|
||||
{ return !(*this == nsid); }
|
||||
inline BOOL operator!= (const char *nsidstr) const
|
||||
{ return !(*this == nsidstr); }
|
||||
|
||||
void debug_print (const char *prefix = NULL) const
|
||||
{
|
||||
char buf[256];
|
||||
debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL");
|
||||
}
|
||||
};
|
||||
|
||||
typedef enum { cygsidlist_empty, cygsidlist_alloc, cygsidlist_auto } cygsidlist_type;
|
||||
@ -171,8 +175,11 @@ public:
|
||||
}
|
||||
void clear_supp ()
|
||||
{
|
||||
sgsids.free_sids ();
|
||||
ischanged = TRUE;
|
||||
if (issetgroups ())
|
||||
{
|
||||
sgsids.free_sids ();
|
||||
ischanged = TRUE;
|
||||
}
|
||||
}
|
||||
void update_pgrp (const PSID sid)
|
||||
{
|
||||
@ -222,6 +229,8 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS
|
||||
void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
|
||||
void *sd_buf, DWORD sd_buf_size);
|
||||
|
||||
bool get_sids_info (cygpsid, cygpsid, __uid32_t * , __gid32_t *);
|
||||
|
||||
/* Try a subauthentication. */
|
||||
HANDLE subauth (struct passwd *pw);
|
||||
/* Try creating a token directly. */
|
||||
|
Loading…
Reference in New Issue
Block a user