* autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16.
* cygheap.cc: Include security.h.
* grp.cc (internal_getgrent): New function.
(getgroups): Rearranged using `internal_getgrent' and the new
`cygsid' class.
* passwd.cc (internal_getpwent): New function.
* sec_acl.cc: Use new `cygsid' class throughout.
(acl_access): Use `internal_getgrent' instead of `getgrent'.
* sec_helper.cc: Use new `cygsid' class throughout.
(get_id_from_sid): Use `internal_getgrent' instead of `getgrent'.
Use `internal_getpwent' instead of `getpwent'.
* security.cc: Use new `cygsid' class throughout.
* security.h: Move `MAX_SID_LEN' from winsup.h to here.
Add extern declarations for `internal_getgrent' and `internal_getpwent'.
(class cygsid): New class.
* shared.cc (sec_user): Use new `cygsid' class.
* syscalls.cc (seteuid): Try to set owner to user and primary group to
current group in impersonation token before performing impersonation.
(setegid): Try to set primary group in process token to the new group
if ntsec is on.
* uinfo.cc (internal_getlogin): Use new `cygsid' class.
Try to set owner to user and primary group to current group in process
token if the process has been started from a non cygwin process.
(uinfo_init): Set primary group only if the process has been started
from a non cygwin process.
* winsup.h: Move define for `MAX_SID_LEN' to security.h.
This commit is contained in:
Corinna Vinschen
@@ -120,56 +120,40 @@ get_gr_sid (PSID sid, struct group *gr)
|
||||
PSID
|
||||
get_admin_sid ()
|
||||
{
|
||||
static NO_COPY char admin_sid_buf[MAX_SID_LEN];
|
||||
static NO_COPY PSID admin_sid = NULL;
|
||||
static NO_COPY cygsid admin_sid (NULL);
|
||||
|
||||
if (!admin_sid)
|
||||
{
|
||||
admin_sid = (PSID) admin_sid_buf;
|
||||
convert_string_sid_to_sid (admin_sid, "S-1-5-32-544");
|
||||
}
|
||||
convert_string_sid_to_sid (admin_sid.set (), "S-1-5-32-544");
|
||||
return admin_sid;
|
||||
}
|
||||
|
||||
PSID
|
||||
get_system_sid ()
|
||||
{
|
||||
static NO_COPY char system_sid_buf[MAX_SID_LEN];
|
||||
static NO_COPY PSID system_sid = NULL;
|
||||
static NO_COPY cygsid system_sid (NULL);
|
||||
|
||||
if (!system_sid)
|
||||
{
|
||||
system_sid = (PSID) system_sid_buf;
|
||||
convert_string_sid_to_sid (system_sid, "S-1-5-18");
|
||||
}
|
||||
convert_string_sid_to_sid (system_sid.set (), "S-1-5-18");
|
||||
return system_sid;
|
||||
}
|
||||
|
||||
PSID
|
||||
get_creator_owner_sid ()
|
||||
{
|
||||
static NO_COPY char owner_sid_buf[MAX_SID_LEN];
|
||||
static NO_COPY PSID owner_sid = NULL;
|
||||
static NO_COPY cygsid owner_sid (NULL);
|
||||
|
||||
if (!owner_sid)
|
||||
{
|
||||
owner_sid = (PSID) owner_sid_buf;
|
||||
convert_string_sid_to_sid (owner_sid, "S-1-3-0");
|
||||
}
|
||||
convert_string_sid_to_sid (owner_sid.set (), "S-1-3-0");
|
||||
return owner_sid;
|
||||
}
|
||||
|
||||
PSID
|
||||
get_world_sid ()
|
||||
{
|
||||
static NO_COPY char world_sid_buf[MAX_SID_LEN];
|
||||
static NO_COPY PSID world_sid = NULL;
|
||||
static NO_COPY cygsid world_sid (NULL);
|
||||
|
||||
if (!world_sid)
|
||||
{
|
||||
world_sid = (PSID) world_sid_buf;
|
||||
convert_string_sid_to_sid (world_sid, "S-1-1-0");
|
||||
}
|
||||
convert_string_sid_to_sid (world_sid.set (), "S-1-1-0");
|
||||
return world_sid;
|
||||
}
|
||||
|
||||
@@ -186,22 +170,20 @@ get_id_from_sid (PSID psid, BOOL search_grp, int *type)
|
||||
/* First try to get SID from passwd or group entry */
|
||||
if (allow_ntsec)
|
||||
{
|
||||
char sidbuf[MAX_SID_LEN];
|
||||
PSID sid = (PSID) sidbuf;
|
||||
cygsid sid;
|
||||
int id = -1;
|
||||
|
||||
if (!search_grp)
|
||||
{
|
||||
struct passwd *pw;
|
||||
while ((pw = getpwent ()) != NULL)
|
||||
for (int pidx = 0; (pw = internal_getpwent (pidx)); ++pidx)
|
||||
{
|
||||
if (get_pw_sid (sid, pw) && EqualSid (psid, sid))
|
||||
if (get_pw_sid (sid, pw) && sid == psid)
|
||||
{
|
||||
id = pw->pw_uid;
|
||||
break;
|
||||
}
|
||||
}
|
||||
endpwent ();
|
||||
if (id >= 0)
|
||||
{
|
||||
if (type)
|
||||
@@ -212,15 +194,14 @@ get_id_from_sid (PSID psid, BOOL search_grp, int *type)
|
||||
if (search_grp || type)
|
||||
{
|
||||
struct group *gr;
|
||||
while ((gr = getgrent ()) != NULL)
|
||||
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
|
||||
{
|
||||
if (get_gr_sid (sid, gr) && EqualSid (psid, sid))
|
||||
if (get_gr_sid (sid, gr) && sid == psid)
|
||||
{
|
||||
id = gr->gr_gid;
|
||||
break;
|
||||
}
|
||||
}
|
||||
endgrent ();
|
||||
if (id >= 0)
|
||||
{
|
||||
if (type)
|
||||
@@ -321,8 +302,7 @@ is_grp_member (uid_t uid, gid_t gid)
|
||||
BOOL
|
||||
lookup_name (const char *name, const char *logsrv, PSID ret_sid)
|
||||
{
|
||||
char sidbuf[MAX_SID_LEN];
|
||||
PSID sid = (PSID) sidbuf;
|
||||
cygsid sid;
|
||||
DWORD sidlen;
|
||||
char domuser[MAX_COMPUTERNAME_LENGTH+MAX_USER_NAME+1];
|
||||
char dom[MAX_COMPUTERNAME_LENGTH+1];
|
||||
|
||||
Reference in New Issue
Block a user