* cyglsa.h: New header file.

* environ.cc: Disable subauth settings. * grp.cc: Accomodate cygsidlist's count now being a method. * sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove. (mandatory_medium_integrity_sid): Remove. (mandatory_high_integrity_sid): Remove. (mandatory_system_integrity_sid): Remove. (fake_logon_sid): Add. (cygsid::get_sid): Add well_known parameter. Set well_known_sid accordingly. (cygsid::getfromstr): Ditto. (cygsidlist::alloc_sids): Move here from security.cc. (cygsidlist::free_sids): Ditto. (cygsidlist::add): Move here from security.h. Add well_known parameter. Set well_known_sid accordingly. Don't allow duplicate SIDs. * security.cc: Include cyglsa.h and cygwin/version.h. Throughout accomodate cygsidlist's count now being a method. Throughout drop redundant "contains" tests. (get_user_local_groups): Add local groups as well known SIDs. (get_token_group_sidlist): Add well known groups as well known SIDs. (get_server_groups): Ditto. Only call get_unix_group_sidlist after get_user_local_groups to maintain "well_known_sid" attribute. (get_initgroups_sidlist): Add well known groups as well known SIDs. (get_setgroups_sidlist): Add usersid and struct passwd parameter to allow calling get_server_groups from here. (get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES structure. (get_priv_list): Ditto. (create_token): Accomodate above changes. Drop misguided attempt to add MIC SIDs to created user token. Print returned token as hex value. (subauth): Disable. (lsaauth): New function implementing client side of LSA authentication. * security.h (class cygsid): Add well_known_sid attribute. Accomodate throughout. Add *= operator to create a well known SID. (class cygsidlist): Rename count to cnt. Make count a method. (cygsidlist::add): Move to sec_helper.cc. (cygsidlist::operator *=): New method to add well known SID. (cygsidlist::non_well_known_count): New method returning number of non well known SIDs in list. (cygsidlist::next_non_well_known_sid): New method returning next non well known SID by index. (mandatory_medium_integrity_sid): Drop declaration. (mandatory_high_integrity_sid): Drop declaration. (mandatory_system_integrity_sid): Drop declaration. (fake_logon_sid): Add declaration. (subauth): Disable declaration. (lsaauth): Add declaration. * syscalls.cc (seteuid32): Disable subauthentication. Add LSA authentication. * wincap.h: Define needs_logon_sid_in_sid_list throughout. * wincap.cc: Ditto.
2006-11-27 12:59:59 +00:00
parent b6bb405954
commit b825c587ba
10 changed files with 685 additions and 184 deletions
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@@ -69,6 +69,7 @@ static NO_COPY wincaps wincap_unknown = {
  has_exclusiveaddruse:false,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };

 static NO_COPY wincaps wincap_95 = {
@@ -129,6 +130,7 @@ static NO_COPY wincaps wincap_95 = {
  has_exclusiveaddruse:false,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };

 static NO_COPY wincaps wincap_95osr2 = {
@@ -189,6 +191,7 @@ static NO_COPY wincaps wincap_95osr2 = {
  has_exclusiveaddruse:false,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };

 static NO_COPY wincaps wincap_98 = {
@@ -249,6 +252,7 @@ static NO_COPY wincaps wincap_98 = {
  has_exclusiveaddruse:false,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };

 static NO_COPY wincaps wincap_98se = {
@@ -309,6 +313,7 @@ static NO_COPY wincaps wincap_98se = {
  has_exclusiveaddruse:false,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };

 static NO_COPY wincaps wincap_me = {
@@ -369,6 +374,7 @@ static NO_COPY wincaps wincap_me = {
  has_exclusiveaddruse:false,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };

 static NO_COPY wincaps wincap_nt3 = {
@@ -429,6 +435,7 @@ static NO_COPY wincaps wincap_nt3 = {
  has_exclusiveaddruse:false,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:true,
 };

 static NO_COPY wincaps wincap_nt4 = {
@@ -489,6 +496,7 @@ static NO_COPY wincaps wincap_nt4 = {
  has_exclusiveaddruse:false,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:true,
 };

 static NO_COPY wincaps wincap_nt4sp4 = {
@@ -549,6 +557,7 @@ static NO_COPY wincaps wincap_nt4sp4 = {
  has_exclusiveaddruse:true,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:true,
 };

 static NO_COPY wincaps wincap_2000 = {
@@ -609,6 +618,7 @@ static NO_COPY wincaps wincap_2000 = {
  has_exclusiveaddruse:true,
  has_buggy_restart_scan:true,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:true,
 };

 static NO_COPY wincaps wincap_xp = {
@@ -669,6 +679,7 @@ static NO_COPY wincaps wincap_xp = {
  has_exclusiveaddruse:true,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };

 static NO_COPY wincaps wincap_2003 = {
@@ -729,6 +740,7 @@ static NO_COPY wincaps wincap_2003 = {
  has_exclusiveaddruse:true,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };

 static NO_COPY wincaps wincap_vista = {
@@ -789,6 +801,7 @@ static NO_COPY wincaps wincap_vista = {
  has_exclusiveaddruse:true,
  has_buggy_restart_scan:false,
  has_mandatory_integrity_control:true,
+  needs_logon_sid_in_sid_list:false,
 };

 wincapc wincap __attribute__((section (".cygwin_dll_common"), shared));