* cyglsa.h: New header file.

* environ.cc: Disable subauth settings.
	* grp.cc: Accomodate cygsidlist's count now being a method.
	* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
	(mandatory_medium_integrity_sid): Remove.
	(mandatory_high_integrity_sid): Remove.
	(mandatory_system_integrity_sid): Remove.
	(fake_logon_sid): Add.
	(cygsid::get_sid): Add well_known parameter.  Set well_known_sid
	accordingly.
	(cygsid::getfromstr): Ditto.
	(cygsidlist::alloc_sids): Move here from security.cc.
	(cygsidlist::free_sids): Ditto.
	(cygsidlist::add): Move here from security.h.  Add well_known parameter.
	Set well_known_sid accordingly.  Don't allow duplicate SIDs.
	* security.cc: Include cyglsa.h and cygwin/version.h.  Throughout
	accomodate cygsidlist's count now being a method.  Throughout drop
	redundant "contains" tests.
	(get_user_local_groups): Add local groups as well known SIDs.
	(get_token_group_sidlist): Add well known groups as well known SIDs.
	(get_server_groups): Ditto.  Only call get_unix_group_sidlist after
	get_user_local_groups to maintain "well_known_sid" attribute.
	(get_initgroups_sidlist): Add well known groups as well known SIDs.
	(get_setgroups_sidlist): Add usersid and struct passwd parameter to
	allow calling get_server_groups from here.
	(get_system_priv_list): Make static.  Return size of TOKEN_PRIVILEGES
	structure.
	(get_priv_list): Ditto.
	(create_token): Accomodate above changes.  Drop misguided attempt to
	add MIC SIDs to created user token.  Print returned token as hex value.
	(subauth): Disable.
	(lsaauth): New function implementing client side of LSA authentication.
	* security.h (class cygsid): Add well_known_sid attribute.  Accomodate
	throughout.  Add *= operator to create a well known SID.
	(class cygsidlist): Rename count to cnt.  Make count a method.
	(cygsidlist::add): Move to sec_helper.cc.
	(cygsidlist::operator *=): New method to add well known SID.
	(cygsidlist::non_well_known_count): New method returning number of
	non well known SIDs in list.
	(cygsidlist::next_non_well_known_sid): New method returning next non
	well known SID by index.
	(mandatory_medium_integrity_sid): Drop declaration.
	(mandatory_high_integrity_sid): Drop declaration.
	(mandatory_system_integrity_sid): Drop declaration.
	(fake_logon_sid): Add declaration.
	(subauth): Disable declaration.
	(lsaauth): Add declaration.
	* syscalls.cc (seteuid32): Disable subauthentication.  Add LSA
	authentication.
	* wincap.h: Define needs_logon_sid_in_sid_list throughout.
	* wincap.cc: Ditto.
This commit is contained in:
Corinna Vinschen
2006-11-27 12:59:59 +00:00
parent b6bb405954
commit b825c587ba
10 changed files with 685 additions and 184 deletions

View File

@@ -34,7 +34,9 @@ extern bool ignore_case_with_glob;
extern bool allow_winsymlinks;
extern bool strip_title_path;
extern int pcheck_case;
#if 0
extern int subauth_id;
#endif
bool reset_com = false;
static bool envcache = true;
#ifdef USE_SERVER
@@ -530,6 +532,7 @@ codepage_init (const char *buf)
debug_printf ("Wrong codepage name: %s", buf);
}
#if 0
static void
subauth_id_init (const char *buf)
{
@@ -542,6 +545,7 @@ subauth_id_init (const char *buf)
if (i > 127 && i != 132 && i <= 255)
subauth_id = i;
}
#endif
static void
set_chunksize (const char *buf)
@@ -620,7 +624,9 @@ static struct parse_thing
#endif
{"smbntsec", {func: set_smbntsec}, isfunc, NULL, {{0}, {s: "yes"}}},
{"strip_title", {&strip_title_path}, justset, NULL, {{false}, {true}}},
#if 0
{"subauth_id", {func: &subauth_id_init}, isfunc, NULL, {{0}, {0}}},
#endif
{"title", {&display_title}, justset, NULL, {{false}, {true}}},
{"traverse", {func: set_traverse}, isfunc, NULL, {{0}, {s: "yes"}}},
{"tty", {NULL}, set_process_state, NULL, {{0}, {PID_USETTY}}},