* security.h (class cygpsid): New class.

(class cygsid): Use cygpsid as base. Remove members psid, get_id, get_uid, get_gid, string, debug_printf and the == and != operators. (cygsidlist::clear_supp): Only do work if setgroups has been called. * sec_helper.cc: Define sid_auth NO_COPY. (cygpsid::operator==): New operator. (cygpsid::get_id): New function. (cygpsid::string): New function. (cygsid::string): Delete. (cygsid::get_id): Delete. * pwdgrp.h: Change arguments of internal_getpwsid, internal_getgrsid and internal_getgroups to cygpsid. * passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid. * grp.cc (internal_getgrsid): Ditto. (internal_getgroups): Ditto.
2003-02-04 14:58:04 +00:00
parent e0c94f4793
commit 4a21c2d5c8
6 changed files with 123 additions and 91 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,21 @@
+2003-02-04  Pierre Humblet  <pierre.humblet@ieee.org>
+
+	* security.h (class cygpsid): New class.
+	(class cygsid): Use cygpsid as base. Remove members psid, get_id,
+	get_uid, get_gid, string, debug_printf and the == and != operators.
+	(cygsidlist::clear_supp): Only do work if setgroups has been called.
+	* sec_helper.cc: Define sid_auth NO_COPY.
+	(cygpsid::operator==): New operator.
+	(cygpsid::get_id): New function.
+	(cygpsid::string): New function.
+	(cygsid::string): Delete.
+	(cygsid::get_id): Delete.
+	* pwdgrp.h: Change arguments of internal_getpwsid,
+	internal_getgrsid and internal_getgroups to cygpsid.
+	* passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid.
+	* grp.cc (internal_getgrsid): Ditto. 
+	(internal_getgroups): Ditto.
+
 2003-02-03  Christopher Faylor  <cgf@redhat.com>

 	Eliminate most unneeded this-> pointers throughout.
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@@ -107,7 +107,7 @@ pwdgrp::read_group ()
 }

 struct __group32 *
-internal_getgrsid (cygsid &sid)
+internal_getgrsid (cygpsid &sid)
 {
  char sid_string[128];

@@ -231,7 +231,7 @@ internal_getgrent (int pos)
 }

 int
-internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygsid * srchsid)
+internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygpsid * srchsid)
 {
  HANDLE hToken = NULL;
  DWORD size;
--- a/winsup/cygwin/passwd.cc
+++ b/winsup/cygwin/passwd.cc
@@ -97,7 +97,7 @@ pwdgrp::read_passwd ()
 }

 struct passwd *
-internal_getpwsid (cygsid &sid)
+internal_getpwsid (cygpsid &sid)
 {
  struct passwd *pw;
  char *ptr1, *ptr2, *endptr;
--- a/winsup/cygwin/pwdgrp.h
+++ b/winsup/cygwin/pwdgrp.h
@@ -12,14 +12,14 @@ details. */

 /* These functions are needed to allow searching and walking through
   the passwd and group lists */
-extern struct passwd *internal_getpwsid (cygsid &);
+extern struct passwd *internal_getpwsid (cygpsid &);
 extern struct passwd *internal_getpwnam (const char *, bool = FALSE);
 extern struct passwd *internal_getpwuid (__uid32_t, bool = FALSE);
-extern struct __group32 *internal_getgrsid (cygsid &);
+extern struct __group32 *internal_getgrsid (cygpsid &);
 extern struct __group32 *internal_getgrgid (__gid32_t gid, bool = FALSE);
 extern struct __group32 *internal_getgrnam (const char *, bool = FALSE);
 extern struct __group32 *internal_getgrent (int);
-int internal_getgroups (int, __gid32_t *, cygsid * = NULL);
+int internal_getgroups (int, __gid32_t *, cygpsid * = NULL);

 #include "sync.h"
 class pwdgrp
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -39,7 +39,7 @@ SECURITY_ATTRIBUTES NO_COPY sec_none_nih;
 SECURITY_ATTRIBUTES NO_COPY sec_all;
 SECURITY_ATTRIBUTES NO_COPY sec_all_nih;

-SID_IDENTIFIER_AUTHORITY sid_auth[] = {
+SID_IDENTIFIER_AUTHORITY NO_COPY sid_auth[] = {
 	{SECURITY_NULL_SID_AUTHORITY},
 	{SECURITY_WORLD_SID_AUTHORITY},
 	{SECURITY_LOCAL_SID_AUTHORITY},
@@ -62,6 +62,63 @@ cygsid well_known_authenticated_users_sid;
 cygsid well_known_system_sid;
 cygsid well_known_admins_sid;

+bool
+cygpsid::operator== (const char *nsidstr) const
+{
+  cygsid nsid (nsidstr);
+  return psid == nsid;
+}
+
+__uid32_t
+cygpsid::get_id (BOOL search_grp, int *type)
+{
+    /* First try to get SID from group, then passwd */
+  __uid32_t id = ILLEGAL_UID;
+
+  if (search_grp)
+    {
+      struct __group32 *gr;
+      if (cygheap->user.groups.pgsid == psid)
+	id = myself->gid;
+      else if ((gr = internal_getgrsid (*this)))
+	id = gr->gr_gid;
+      if (id != ILLEGAL_UID)
+        {
+	  if (type)
+	    *type = GROUP;
+	  return id;
+	}
+    }
+  if (!search_grp || type)
+    {
+      struct passwd *pw;
+      if (*this == cygheap->user.sid ())
+	id = myself->uid;
+      else if ((pw = internal_getpwsid (*this)))
+	id = pw->pw_uid;
+      if (id != ILLEGAL_UID && type)
+        *type = USER;
+    }
+  return id;
+}
+
+
+char *
+cygpsid::string (char *nsidstr) const
+{
+  char *t;
+  DWORD i;
+
+  if (!psid || !nsidstr)
+    return NULL;
+  strcpy (nsidstr, "S-1-");
+  t = nsidstr + sizeof ("S-1-") - 1;
+  t += __small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
+  for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
+    t += __small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i));
+  return nsidstr;
+}
+
 void
 cygsid::init ()
 {
@@ -80,25 +137,6 @@ cygsid::init ()
  well_known_admins_sid = "S-1-5-32-544";
 }

-char *
-cygsid::string (char *nsidstr) const
-{
-  char t[32];
-  DWORD i;
-
-  if (!psid || !nsidstr)
-    return NULL;
-  strcpy (nsidstr, "S-1-");
-  __small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
-  strcat (nsidstr, t);
-  for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
-    {
-      __small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i));
-      strcat (nsidstr, t);
-    }
-  return nsidstr;
-}
-
 PSID
 cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r)
 {
@@ -148,39 +186,6 @@ cygsid::getfromgr (const struct __group32 *gr)
  return (*this = sp) != NULL;
 }

-__uid32_t
-cygsid::get_id (BOOL search_grp, int *type)
-{
-  /* First try to get SID from passwd or group entry */
-  __uid32_t id = ILLEGAL_UID;
-
-  if (!search_grp)
-    {
-      struct passwd *pw;
-      if (*this == cygheap->user.sid ())
-	id = myself->uid;
-      else if ((pw = internal_getpwsid (*this)))
-	id = pw->pw_uid;
-      if (id != ILLEGAL_UID)
-	{
-	  if (type)
-	    *type = USER;
-	   return id;
-	}
-    }
-  if (search_grp || type)
-    {
-      struct __group32 *gr;
-      if (cygheap->user.groups.pgsid == psid)
-	id = myself->gid;
-      else if ((gr = internal_getgrsid (*this)))
-	id = gr->gr_gid;
-      if (id != ILLEGAL_UID && type)
-	*type = GROUP;
-    }
-  return id;
-}
-
 BOOL
 is_grp_member (__uid32_t uid, __gid32_t gid)
 {
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -20,8 +20,40 @@ details. */

 #define NO_SID ((PSID)NULL)

-class cygsid {
+class cygpsid {
+protected:
  PSID psid;
+public:
+  cygpsid () {}
+  cygpsid (PSID nsid) { psid = nsid; }
+  operator const PSID () { return psid; }
+  const PSID operator= (PSID nsid) { return psid = nsid;}
+  __uid32_t get_id (BOOL search_grp, int *type = NULL);
+  int get_uid () { return get_id (FALSE); }
+  int get_gid () { return get_id (TRUE); }
+
+  char *string (char *nsidstr) const;
+
+  bool operator== (const PSID nsid) const
+    {
+      if (!psid || !nsid)
+	return nsid == psid;
+      return EqualSid (psid, nsid);
+    }
+  bool operator!= (const PSID nsid) const
+    { return !(*this == nsid); }
+  bool operator== (const char *nsidstr) const;
+  bool operator!= (const char *nsidstr) const
+    { return !(*this == nsidstr); }
+
+  void debug_print (const char *prefix = NULL) const
+    {
+      char buf[256];
+      debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL");
+    }
+};
+
+class cygsid : public cygpsid {
  char sbuf[MAX_SID_LEN];

  const PSID getfromstr (const char *nsidstr);
@@ -50,7 +82,7 @@ public:
  inline const PSID operator= (const char *nsidstr)
    { return getfromstr (nsidstr); }

-  inline cygsid () : psid ((PSID) sbuf) {}
+  inline cygsid () : cygpsid ((PSID) sbuf) {}
  inline cygsid (const PSID nsid) { *this = nsid; }
  inline cygsid (const char *nstrsid) { *this = nstrsid; }

@@ -58,34 +90,6 @@ public:

  BOOL getfrompw (const struct passwd *pw);
  BOOL getfromgr (const struct __group32 *gr);
-
-  __uid32_t get_id (BOOL search_grp, int *type = NULL);
-  inline int get_uid () { return get_id (FALSE); }
-  inline int get_gid () { return get_id (TRUE); }
-
-  char *string (char *nsidstr) const;
-
-  inline BOOL operator== (const PSID nsid) const
-    {
-      if (!psid || !nsid)
-	return nsid == psid;
-      return EqualSid (psid, nsid);
-    }
-  inline BOOL operator== (const char *nsidstr) const
-    {
-      cygsid nsid (nsidstr);
-      return *this == nsid;
-    }
-  inline BOOL operator!= (const PSID nsid) const
-    { return !(*this == nsid); }
-  inline BOOL operator!= (const char *nsidstr) const
-    { return !(*this == nsidstr); }
-
-  void debug_print (const char *prefix = NULL) const
-    {
-      char buf[256];
-      debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL");
-    }
 };

 typedef enum { cygsidlist_empty, cygsidlist_alloc, cygsidlist_auto } cygsidlist_type;
@@ -170,10 +174,13 @@ public:
      ischanged = TRUE;
    }
  void clear_supp ()
+    {
+      if (issetgroups ())
        {
 	  sgsids.free_sids ();
 	  ischanged = TRUE;
 	}
+    }
  void update_pgrp (const PSID sid)
    {
      pgsid = sid;
@@ -222,6 +229,8 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS
 void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
 			     void *sd_buf, DWORD sd_buf_size);

+bool get_sids_info (cygpsid, cygpsid, __uid32_t * , __gid32_t *);
+
 /* Try a subauthentication. */
 HANDLE subauth (struct passwd *pw);
 /* Try creating a token directly. */