Commit Graph

40 Commits

Author SHA1 Message Date
Corinna Vinschen 1498189ca8 * cygheap.cc (cygheap_user::set_saved_sid): Rename from set_orig_sid.
* cygheap.h (class cygheap_user): Rename orig_psid, orig_uid and
	orig_gid to saved_psid, saved_uid and saved_gid respectively.
	Rename methods orig_sid and set_orig_sid to saved_sid and set_saved_sid
	respectively.
	* sec_helper.cc (sec_acl): Accomodate above changes.
	* spawn.cc (spawn_guts): Ditto.
	* uinfo.cc (uinfo_init): Ditto.
2003-09-16 09:24:52 +00:00
Pierre Humblet c61ada9bd3 2003-09-15 Pierre Humblet <pierre.humblet@ieee.org>
* security.h (__sec_user): Add "access2" argument.
	(sec_acl): Add "original" and "access2" arguments.
	(sec_user): Add "sid2" and "access2" argument. Remove dependence on
	allow_ntsec.
	(sec_user_nih): Ditto.
	* sec_helper.cc (__sec_user): Add "has_security" test.
	Call sec_acl with new arguments, letting it handle original_sid.
	(sec_acl): Add "original" and "access2" arguments. Handle original_sid
	depending on flag but avoiding duplicates. Use "access2" for sid2.
	* pinfo.cc (pinfo::init): Use security attributes created by sec_user
	when creating the mapping.
	* security.cc (create_token): Adjust arguments in call to sec_acl.
	Call sec_user instead of __sec_user.
	* syscall.cc (seteuid32):  Adjust arguments in call to sec_acl. Remove
	now unnecessary test. Remove useless conversions to psid.
	* dcrt0.cc (dll_crt0_1): Call cygsid::init before pinfo_init.
2003-09-16 00:45:50 +00:00
Christopher Faylor c433f4617f Throughout, remove "include <errno.h>" from files which already include
cygerrno.h.
* include/cygwin/config.h (__DYNAMIC_REENT__): Define.
* include/cygwin/version.h: Bump API minor version.
* cygwin.din: Export __getreent
* cygerrno.h: Include errno.h.  Fix places where _impure_ptr is used directly
to store the errno value.
* debug.cc (__set_errno): Ditto.
* errno.cc: Remove _RRENT_ONLY define to get errno.cc compiled.
* signal.cc: Rename _reent_clib to _REENT throughout.
* thread.h (reent_clib): Remove prototype.
* thread.cc (reent_clib): Rename reent_clib to __getreent.  Return _impure_ptr
until MTinterface is initialized.
(reent_winsup): Fix a possible SEGV when _r == NULL.  Return NULL instead.
* MTinterface::fixup_after_fork: Switch reent back to _impure_ptr to keep
signal handling running when fork is called from a thread other than the
mainthread.
2003-06-16 03:24:13 +00:00
Christopher Faylor a113a3c540 whitespace cleanup 2003-03-09 20:31:07 +00:00
Corinna Vinschen 61a525994a * sec_helper.cc (get_sids_info): debug_print owner_sid and group_sid. 2003-02-26 08:34:34 +00:00
Corinna Vinschen 565e80155b * security.h: Introduce names UNKNOWN_UID and UNKNOWN_GID and delete
declaration of is_grp_member.
	* uinfo.cc (internal_getlogin): Use UNKNOWN_GID.
	* passwd.cc (pwdgrp::read_passwd): Use UNKNOWN_UID.
	* grp.cc (pwdgrp::read_group): Change group name to provide better
	feedback.
	(getgrgid): Use gid16togid32.
	* sec_helper.cc (is_grp_member): Delete.
2003-02-06 14:01:54 +00:00
Corinna Vinschen 0c8455c344 * sec_helper.cc (get_sids_info): New function.
* security.cc (extract_nt_dom_user): Simplify with strechr.
	(get_user_groups): Initialize glen to MAX_SID_LEN.
	(get_user_local_groups): Ditto.
	(get_attribute_from_acl): Define ace_sid as cygpsid.
	(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
	Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
	(get_nt_object_attribute): Ditto.
	(alloc_sd): Define ace_sid as cygpsid.
2003-02-05 13:47:47 +00:00
Corinna Vinschen 4a21c2d5c8 * security.h (class cygpsid): New class.
(class cygsid): Use cygpsid as base. Remove members psid, get_id,
	get_uid, get_gid, string, debug_printf and the == and != operators.
	(cygsidlist::clear_supp): Only do work if setgroups has been called.
	* sec_helper.cc: Define sid_auth NO_COPY.
	(cygpsid::operator==): New operator.
	(cygpsid::get_id): New function.
	(cygpsid::string): New function.
	(cygsid::string): Delete.
	(cygsid::get_id): Delete.
	* pwdgrp.h: Change arguments of internal_getpwsid,
	internal_getgrsid and internal_getgroups to cygpsid.
	* passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid.
	* grp.cc (internal_getgrsid): Ditto.
	(internal_getgroups): Ditto.
2003-02-04 14:58:04 +00:00
Corinna Vinschen 153e83c605 * security.h: Add third argument to set_process_privilege.
* autoload.cc: Add OpenThreadToken.
	* sec_helper.cc (set_process_privilege): Add and use use_thread
	argument.
	* security.cc (alloc_sd): Modify call to set_process_privilege.
	Remember the result in each process. If failed and file owner is not
	the user, fail.
2003-02-03 15:55:20 +00:00
Christopher Faylor 9a75162166 * uinfo.cc (pwdgrp::load): Regularize strace output. Add warning for
CreateFile failure.
2003-01-26 06:42:40 +00:00
Corinna Vinschen 85ecb9be00 2002-12-14 Corinna Vinschen <corinna@vinschen.de>
* dcrt0.cc (dll_crt0_1): Call well known SID initializer function.
	* security.h (cygsid::init): Declare new static method.
	* sec_helper.cc (cygsid::init): New method for initializing well
	known SIDs.

2002-12-14  Pierre Humblet  <pierre.humblet@ieee.org>

	* security.h: Declare well_known_creator_group_sid.
	* sec_helper.cc: Define and initialize well_known_creator_group_sid.
2002-12-14 17:23:42 +00:00
Corinna Vinschen d6ffc07588 2002-12-10 Pierre Humblet <pierre.humblet@ieee.org>
* pwdgrp.h (pwdgrp_check::pwdgrp_state): Replace by
	pwdgrp_check::isinitializing ().
	(pwdgrp_check::isinitializing): Create.
	* passwd.cc (grab_int): Change type to unsigned, use strtoul and
	set the pointer content to 0 if the field is invalid.
	(parse_pwd): Move validity test after getting pw_gid.
	(read_etc_passwd): Replace "passwd_state <= " by
	passwd_state::isinitializing ().
	(internal_getpwuid): Ditto.
	(internal_getpwnam): Ditto.
	(getpwent): Ditto.
	(getpass): Ditto.
	* grp.cc (parse_grp): Use strtoul for gr_gid and verify the validity.
	(read_etc_group): Replace "group_state <= " by
	group_state::isinitializing ().
	(internal_getgrgid): Ditto.
	(getgrent32): Ditto.
	(internal_getgrent): Ditto.

2002-12-10  Pierre Humblet <pierre.humblet@ieee.org>

	* security.h: Move declarations of internal_getgrent,
	internal_getpwsid and internal_getgrsid to pwdgrp.h.
	* pwdgrp.h: Declare internal_getpwsid, internal_getpwnam,
	internal_getpwuid, internal_getgrsid, internal_getgrgid,
	internal_getgrnam, internal_getgrent and internal_getgroups.
	Delete "emulated" from enum pwdgrp_state.
	(pwdgrp_check::isuninitialized): Create.
	(pwdgrp_check::pwdgrp_state): Change state to initializing
	rather than to uninitialized.
	(pwdgrp_read::gets): Remove trailing CRs.
	* passwd.cc (grab_string): Don't look for NLs.
	(grab_int): Ditto.
	(parse_pwd): Don't look for CRs. Return 0 if entry is too short.
	(search_for): Delete.
	(read_etc_passwd): Simplify tests to actually read the file.
	Set state to loaded before making internal_getpwXX calls.
	Replace search_for calls by equivalent internal_pwgetXX calls.
	(internal_getpwsid): Use passwd_state.isuninitialized to decide
	to call read_etc_passwd.
	(internal_getpwuid): Create.
	(internal_getpwnam): Create.
	(getpwuid32): Simply call internal_getpwuid.
	(getpwuid_r32): Call internal_getpwuid.
	(getpwnam): Simply call internal_getpwnam.
	(getpwnam_r): Call internal_getpwnam.
	* grp.cc (parse_grp): Don't look for CRs. Adjust blank space.
	(add_grp_line): Adjust blank space.
	(class group_lock): Ditto.
	(read_etc_group): Simplify tests to actually read the file.
	Set state to loaded before making internal_getgrXX calls.
	Replace getgrXX calls by equivalent internal calls.
	(internal_getgrsid): Use group_state.isuninitialized to decide
	to call read_etc_group.
	(internal_getgrgid): Create.
	(internal_getgrnam): Create.
	(getgroups32): Simply call internal_getgrgid.
	(getgrnam32): Simply call internal_getgrnam.
	(internal_getgrent): Call group_state.isuninitialized.
	(internal_getgroups): Create from the former getgroups32, using
	two of the four arguments. Set gid to myself->gid and username
	to cygheap->user.name ().
	(getgroups32): Simply call internal_getgroup.
	(getgroups): Call internal_getgroup instead of getgroups32.
	(setgroups32): Call internal versions of get{pw,gr}XX.
	* sec_helper.cc: Include pwdgrp.h.
	(is_grp_member): Call internal versions of get{pw,gr}XX.
	* security.cc: Include pwdgrp.h.
	(alloc_sd): Call internal versions of get{pw,gr}XX.
	* syscalls.cc: Include pwdgrp.h.
	(seteuid32): Call internal versions of get{pw,gr}XX.
	(setegid32): Ditto.
	* uinfo.cc: Include pwdgrp.h.
	(internal_getlogin): Call internal versions of get{pw,gr}XX.
	(cygheap_user::ontherange): Ditto.
	* sec_acl.cc: Include pwdgrp.h.
	(setacl): Call internal versions of get{pw,gr}XX.
	(acl_access): Ditto and simplify logic.
	(aclfromtext): Ditto.
2002-12-10 12:43:49 +00:00
Corinna Vinschen 647b92a7d4 * security.h: Declare internal_getpwsid and internal_getgrsid.
Undeclare internal_getpwent.  Define DEFAULT_UID_NT.  Change
	DEFAULT_GID.
	* passwd.cc (internal_getpwsid): New function.
	(internal_getpwent): Suppress.
	(read_etc_passwd): Make static.  Rewrite the code for the completion
	line.  Set curr_lines to 0.
	(parse_pwd): Change type to static int.  Return 0 for short lines.
	(add_pwd_line): Pay attention to the value of parse_pwd.
	(search_for): Do not look for nor return the DEFAULT_UID.
	* grp.cc (read_etc_group): Make static.  Free gr_mem and set
	curr_lines to 0.  Always call add_pwd_line.  Rewrite the code for the
	completion line.
	(internal_getgrsid): New function.
	(parse_grp): If grp.gr_mem is empty, set it to &null_ptr.
	Never NULL gr_passwd.
	(getgrgid32): Only return the default if ntsec is off and the gid is
	ILLEGAL_GID.
	* sec_helper.cc (cygsid::get_id): Use getpwsid and getgrsid.
	(cygsid_getfrompw): Clean up last line.
	(cygsid_getfromgr): Ditto.
	(is_grp_member): Use getpwuid32 and getgrgid32.
	* uinfo.cc (internal_getlogin): Set DEFAULT_GID at start.
	Use getpwsid. Move the read of /etc/group after the second access
	to /etc/passwd.  Change some debug_printf.
2002-11-20 17:10:05 +00:00
Corinna Vinschen 4ce377c9d4 * grp.cc (getgroups32): Revert previous patch. Use impersonation
token if process is in impersonated state.
	* sec_helper.cc (is_grp_member): Rewrite.  Call getgroups32 only
	for current user.  Scan passwd and group info otherwise.
2002-11-14 19:19:39 +00:00
Corinna Vinschen 7a11fe607e * syscalls.cc (chmod): Simplify conditional.
* sec_helper (cygsid::getfromstr): Reorganize to remove
	calls to strcpy and strtok_r.
	(cygsid::getfromgr): Change type to __uid32_t instead of int.
	Keep only the allow_ntsec branch. Never call LookupAccountSid
	which calls PDCs, simply return -1 in case of failure.
	Use cygsid == instead of calling EqualSid and remove test
	for NULL psid.
	* security.h: Declare cygsid::getfromgr as __uid32_t.
2002-11-12 15:51:11 +00:00
Christopher Faylor 329b9ead3e * sec_helper.cc (cygsid::get_id): If the sid matches a sid stored in
cygheap->user, return the uid or gid from myself.
* security.cc (alloc_sd): If gid == myself->gid, return the group sid from
cygheap->user.  Remove the test for uid == original_uid, which is
counter-productive.
2002-10-22 16:22:10 +00:00
Christopher Faylor c90e1cf179 * fhandler.cc (fhandler_base::dup): Don't set handle on failure. Caller has
already taken care of that.
* fhandler_console.cc (fhandler_console::open): Initialize handles to NULL.
(fhandler_console::close): Ditto.  GNUify non-GNU formatted functions calls
throughout.
2002-09-22 03:38:57 +00:00
Corinna Vinschen b7e664540b Patch by Joe Buehler <jbuehler@hekimian.com>:
* sec_helper.cc (sec_acl): remove extraneous arg to debug_printf.
2002-08-08 14:16:14 +00:00
Christopher Faylor 4558638014 * cygheap.cc (init_cheap): Rearrange error message.
(cygheap_fixup_in_child): Ditto.
* dtable.cc: Remove if 0'ed code.
* fhandler_dsp.cc (fhandler_dev_dsp::open): Force binmode.
* sec_helper.cc (cygsid::get_id): Use system_printf for error message.
* tty.cc (tty::common_init): Ditto.
2002-07-03 03:20:50 +00:00
Christopher Faylor 96edd0a9da * syscalls.c (seteuid32): Do not return an error when the token cannot be
created only because of a problem with the gid.
2002-07-01 23:42:05 +00:00
Corinna Vinschen 73d97618a7 * shared.cc (sec_none): Move to sec_helper.cc.
(sec_none_nih): Ditto.
	(sec_all): Ditto.
	(sec_all_nih): Ditto.
	(get_null_sd): Ditto.
	(sec_acl): Ditto.
	(__sec_user): Ditto.
	* sec_helper.cc (sec_none): Move from shared.cc to here.
	(sec_none_nih): Ditto.
	(sec_all): Ditto.
	(sec_all_nih): Ditto.
	(get_null_sd): Ditto.
	(sec_acl): Ditto.
	(__sec_user): Ditto.
2002-07-01 14:31:28 +00:00
Corinna Vinschen 2e8abfc1c5 * sec_helper.cc (lookup_name): Suppress.
* security.cc (alloc_sd): Remove logsrv argument.
	Remove two calls to lookup_name.
	(set_security_attribute): Remove logsrv argument.
	Remove logsrv argument in call to alloc_sd.
	(set_nt_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_security_attribute.
	(set_file_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_nt_attribute.
	(set_file_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_file_attribute.
	* syscalls.cc (chown_worker): Remove logserver argument in
	call to set_file_attribute.
	(chmod): Ditto.
	* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
	* uinfo.cc (internal_getlogin): Replace calls to
	lookup_name by call to LookupAccountName.
	* security.h: Remove logsrv in declarations of set_file_attribute
	and alloc_sd. Remove declaration of lookup_name.
2002-06-06 11:17:51 +00:00
Christopher Faylor 6b7cd251c7 Remove unneeded sigproc.h includes throughout.
* fhandler.h (fhandler_proc::fill_filebuf): Take a pinfo argument.
* fhandler_proc.cc (fhandler_proc::get_proc_fhandler): Simplify search for
given pid.
(fhandler_proc::readdir): Assume that pid exists if it shows up in the winpid
list.
* fhandler_process.cc (fhandler_process::open): Simplify search for given pid.
Call fill_filebuf with pinfo argument.
(fhandler_process::fill_filebuf): Pass pinfo here and assume that it exists.
* pinfo.h (pinfo::remember): Define differently if sigproc.h is not included.
* dll_init.cc (dll_list::detach): Don't run destructor on exit.
2002-06-02 06:07:01 +00:00
Corinna Vinschen a8d7ae61e7 Change internal uid datatype from __uid16_t to __uid32_t
throughout.
	* cygwin.din: Export new symbols getpwuid32, getpwuid_r32, getuid32,
	geteuid32, setuid32, seteuid32.
	* passwd.cc (getpwuid32): New function.
	(getpwuid_r32): Ditto.
	* syscalls.cc (seteuid32): Ditto.
	(setuid32): Ditto.
	* uinfo.cc (getuid32): Ditto.
	(geteuid32): Ditto.
	* winsup.h (uid16touid32): New macro, correclt casting from __uid16_t
	to __uid32_t.
	(gid16togid32): Ditto fir gids.
	(getuid32): Declare.
	(geteuid32): Ditto.
	(getpwuid32): Ditto.
	* include/sys/cygwin.h (struct external_pinfo): Add members uid32 and
	gid32.
2002-05-29 15:04:29 +00:00
Corinna Vinschen 5719640581 Change internal gid datatype from __gid16_t to __gid32_t
throughout.
	* cygwin.din: Export new symbols chown32, fchown32, getegid32,
	getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
	setgid32, setegid32, getgrent32.
	* grp.cc (grp32togrp16): New static function.
	(getgrgid32): New function.
	(getgrnam32): Ditto.
	(getgrent32): Ditto.
	(getgroups32): Change name of internal function from getgroups.
	(getgroups32): New function.
	(initgroups32): Ditto.
	* syscalls.cc (chown32): Ditto.
	(lchown32): Ditto.
	(fchown32): Ditto.
	(setegid32): Ditto.
	(setgid32): Ditto.
	* uinfo.cc (getgid32): Ditto.
	(getegid32): Ditto.
	* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
	Declare getgrgid32() and getgrnam32() instead.  Declare getgid32().
2002-05-28 14:10:55 +00:00
Christopher Faylor d7b4a30001 Remove unneeded sync.h, where appropriate, throughout. Remove unneeded heap.h,
where appropriate, throughout.  Remove unneeded exceptions.h, where
appropriate, throughout.  Remove unneeded perprocess.h, where appropriate,
throughout.
2002-05-25 02:22:50 +00:00
Corinna Vinschen b31c68c447 * child_info.h, cygheap.h, fhandler_clipboard.cc, fhandler_dsp.cc,
fhandler_floppy.cc, fhandler_mem.cc, fhandler_random.cc,
	fhandler_tape.cc, fhandler_zero.cc, grp.cc, mmap.cc, passwd.cc,
	pinfo.cc, pinfo.h, pipe.cc, sec_acl.cc, sec_helper.cc, security.cc,
	security.h, thread.h, uinfo.cc, include/cygwin/acl.h: Fix copyright.
2002-02-10 13:50:13 +00:00
Corinna Vinschen de4e0d3001 * (child_info.h, cygheap.h, dcrt0.cc, dir.cc, fhandler.cc, fhandler.h,
fhandler_clipboard.cc, fhandler_disk_file.cc, fhandler_dsp.cc,
	fhandler_floppy.cc, fhandler_mem.cc, fhandler_random.cc,
	fhandler_tape.cc, fhandler_zero.cc, grp.cc, mmap.cc, passwd.cc,
	pinfo.cc, pinfo.h, pipe.cc, sec_acl.cc, sec_helper.cc, security.cc,
	security.h, spawn.cc, syscalls.cc, thread.h, uinfo.cc, winsup.h):
	Change usage of uid_t to __uid16_t, gid_t to __gid16_t and
	off_t to __off32_t throughout.  Use INVALID_UID, INVALID_GID and
	INVALID_SEEK instead casting -1 to the appropriate type.
	* winsup.h: Define INVALID_UID, INVALID_GID and INVALID_SEEK.
	* include/cygwin/acl.h: Define internal __aclent16_t and __aclent32_t
	types.  Don't declare acl functions when compiling Cygwin.
	* include/cygwin/grp.h: Declare getgrgid() and getgrnam() with
	correct types for internal usage.
2002-02-10 13:38:51 +00:00
Christopher Faylor e3c25c4a47 Update copyrights. 2001-09-11 20:01:02 +00:00
Christopher Faylor 1ff9f4b937 * cygheap.h (init_cygheap): Move heap pointers here.
* include/sys/cygwin.h (perprocess): Remove heap pointers.
* dcrt0.cc (__cygwin_user_data): Reflect obsolete perprocess stuff.
(_dll_crt0): Don't initialize heap pointers.
(cygwin_dll_init): Ditto.
(release_upto): Use heap pointers from cygheap.
* heap.h: Ditto.
* fork.cc (fork_parent): Ditto.  Don't set heap pointers in ch.
(fork_child): Remove obsolete sigproc_fixup_after_fork.
* shared.cc (memory_init): Reorganize so that cygheap initialization is called
prior to regular heap since regular heap uses cygheap now.
* sigproc.cc (proc_subproc): Eliminate zombies allocation.
(sigproc_init): Move zombies alloation here.  Don't free up array on fork, just
reuse it.
(sigproc_fixup_after_fork): Eliminate.
* sigproc.h: Ditto.
* include/cygwin/version.h: Reflect change to perprocess structure.
2001-09-07 21:32:07 +00:00
Christopher Faylor 6b91b8d53b Throughout, reorganize header file inclusion to put security.h prior to
fhandler.h.
* fhandler.h (fhandler_base::get_inheritance): New method.
* fhandler_socket.cc (fhandler_socket::create_secret_event): Use proper
close-on-exec inheritance when creating.
(fhandler_socket::check_peer_secret_event): Create handle as non-inheritable.
2001-07-26 19:22:24 +00:00
Corinna Vinschen 3a157c0d0d Change well_known_admin_sid to well_known_admins_sid throughout.
* sec_acl.cc (setacl): Never set DELETE permission. Set
        FILE_DELETE_CHILD only on readable and executable directories.
        * sec_helper.cc: Add constructor for `well_known_null_sid'.
        * security.cc (get_nt_attribute): Set S_ISVTX for directories if
        FILE_WRITE_DATA and FILE_EXECUTE but not FILE_DELETE_CHILD is set.
        Add evaluation of S_ISVTX, S_ISGID and S_ISUID from NULL ACE.
        (alloc_sd): Never set DELETE permission. Set FILE_DELETE_CHILD
        only on readable and executable directories.
        Add creation of NULL ACE for S_ISVTX, S_ISGID and S_ISUID permissions.
        * security.h: Add extern declaration for `well_known_null_sid'.
2001-07-15 22:40:07 +00:00
Corinna Vinschen b2939a814c * sec_helper.cc (cygsid::getfrompw): Change parameter to `const'.
(cygsid::getfromgr): Ditto.
        * security.cc: Use `sys_mbstowcs' and `sys_wcstombs' throughout.
        (extract_nt_dom_user): Try to get user and domain from SID in
        pw->pw_gecos first.
        * security.h (class cygsid): Change parameter of getfrompw() and
        getfromgr() to `const'.
        * uinfo.cc (internal_getlogin): Change order for evaluating user
        information in winNT case. Drop usage of NetWkstaUserGetInfo().
2001-05-29 20:43:40 +00:00
Corinna Vinschen 1fcc912f13 * autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
        `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
        `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
        `NtCreateToken'.
        * ntdll.h: Add declaration for `NtCreateToken'.
        * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
        `well_known_network_sid', `well_known_batch_sid',
        `well_known_interactive_sid', `well_known_service_sid' and
        `well_known_authenticated_users_sid'.
        (cygsid::string): Define as const method.
        (cygsid::get_sid): Set psid to NO_SID on error.
        (cygsid::getfromstr): Ditto.
        (cygsid::getfrompw): Simplify.
        (cygsid::getfromgr): Check for gr == NULL.
        (legal_sid_type): Move to security.h.
        (set_process_privilege): Return -1 on error, otherwise 0 or 1 related
        to previous privilege setting.
        * security.cc (extract_nt_dom_user): Remove `static'.
        (lsa2wchar): New function.
        (open_local_policy): Ditto.
        (close_local_policy): Ditto.
        (get_lsa_srv_inf): Ditto.
        (get_logon_server): Ditto.
        (get_logon_server_and_user_domain): Ditto.
        (get_user_groups): Ditto.
        (is_group_member): Ditto.
        (get_user_local_groups): Ditto.
        (sid_in_token_groups): Ditto.
        (get_user_primary_group): Ditto.
        (get_group_sidlist): Ditto.
        (get_system_priv_list): Ditto.
        (get_priv_list): Ditto.
        (get_dacl): Ditto.
        (create_token): Ditto.
        (subauth): Return immediately if SE_TCB_NAME can't be assigned.
        Change all return statements in case of error to jumps to `out'
        label. Add `out' label to support cleanup.
        * security.h: Add extern declarations for `well_known_local_sid',
        `well_known_dialup_sid', `well_known_network_sid',
        `well_known_batch_sid', `well_known_interactive_sid',
        `well_known_service_sid' and `well_known_authenticated_users_sid'.
        Add extern declarations for functions `create_token',
        `extract_nt_dom_user' and `get_logon_server_and_user_domain'.
        (class cygsid): Add method `assign'. Change operator= to call new
        `assign' method. Add `debug_print' method.
        (class cygsidlist): New class.
        (legal_sid_type): Moved from sec_helper.cc to here.
        * spawn.cc (spawn_guts) Revert reversion of previous patch.
        Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
        again.
        * syscalls.cc (seteuid): Rearranged. Call `create_token' now when
        needed. Call `subauth' if `create_token' fails. Try setting token
        owner and primary group only if token was not explicitely created
        by `create_token'.
        * uinfo.cc (internal_getlogin): Try harder to generate correct user
        information. Especially don't trust return value of `GetUserName'.
2001-05-20 08:10:47 +00:00
Corinna Vinschen 486212579e * sec_helper.cc (legal_sid_type): Fix conditional. Change to
inline function.
2001-05-16 07:25:31 +00:00
Corinna Vinschen 2b0a111fcf * fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
        moved to methods into class cygsid.
        (class cygsid): Declare new methods `getfromstr', `get_sid',
        `getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
        and new constructors and operators =, == and !=.
        Declare new global cygsids `well_known_XXX_sid' substituting the
        corresponding `get_XXX_sid' functions. Remove declarations of
        these functions.
        * sec_helper.cc (well_known_admin_sid): New global variable.
        (well_known_system_sid): Ditto
        (well_known_creator_owner_sid): Ditto
        (well_known_world_sid): Ditto
        (cygsid::string): New method, substituting `convert_sid_to_string_sid'.
        (cygsid::get_sid): New method, substituting `get_sid'.
        (cygsid::getfromstr): New method, substituting
        `convert_string_sid_to_sid'.
        (cygsid::getfrompw): New method, substituting `get_pw_sid'.
        (cygsid::getfromgr): New method, substituting `get_gr_sid'.
        (cygsid::get_id): New method, substituting `get_id_from_sid'.
        (get_admin_sid): Eliminated.
        (get_system_sid): Ditto.
        (get_creator_owner_sid): Ditto.
        (get_world_sid): Ditto.
        * grp.cc: Use new cygsid methods and well known sids throughout.
        * registry.cc: Ditto.
        * sec_acl.cc: Ditto.
        * security.cc: Ditto.
        * shared.cc: Ditto.
        * syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
        * uinfo.cc (internal_getlogin): Ditto.
        * spawn.cc (spawn_guts) Revert previous patch.
2001-05-15 19:23:31 +00:00
Corinna Vinschen 17db110558 * grp.cc: Eliminate MAX_DOMAIN_NAME define.
(read_etc_group): Substitute MAX_DOMAIN_NAME by
        INTERNET_MAX_HOST_NAME_LENGTH.
        * passwd.cc (parse_pwd): Don't force pw_name to be lower case.
        * sec_helper.cc: Substitute MAX_USER_NAME by UNLEN,
        MAX_COMPUTERNAME_LENGTH by INTERNET_MAX_HOST_NAME_LENGTH throughout.
        (lookup_name): Slight cleanup.
        * security.cc (alloc_sd): Substitute MAX_USER_NAME by UNLEN.
        * security.h: Define DEFAULT_UID as DOMAIN_USER_RID_ADMIN and
        DEFAULT_GID as DOMAIN_ALIAS_RID_ADMINS.
        * shared.cc (memory_init): Substitute MAX_USER_NAME by UNLEN.
        * thread.h: Ditto.
        * uinfo.cc (internal_getlogin): Substitute MAX_USER_NAME by UNLEN.
        Substitute MAX_COMPUTERNAME_LENGTH and MAX_HOST_NAME by
        INTERNET_MAX_HOST_NAME_LENGTH.
        * winsup.h: Include lmcons.h. Eliminate MAX_USER_NAME and
        MAX_HOST_NAME. Move DEFAULT_UID and DEFAULT_GID to security.h.
2001-04-30 18:21:48 +00:00
Corinna Vinschen d551169a9f * autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16.
* cygheap.cc: Include security.h.
        * grp.cc (internal_getgrent): New function.
        (getgroups): Rearranged using `internal_getgrent' and the new
        `cygsid' class.
        * passwd.cc (internal_getpwent): New function.
        * sec_acl.cc: Use new `cygsid' class throughout.
        (acl_access): Use `internal_getgrent' instead of `getgrent'.
        * sec_helper.cc: Use new `cygsid' class throughout.
        (get_id_from_sid): Use `internal_getgrent' instead of `getgrent'.
        Use `internal_getpwent' instead of `getpwent'.
        * security.cc: Use new `cygsid' class throughout.
        * security.h: Move `MAX_SID_LEN' from winsup.h to here.
        Add extern declarations for `internal_getgrent' and `internal_getpwent'.
        (class cygsid): New class.
        * shared.cc (sec_user): Use new `cygsid' class.
        * syscalls.cc (seteuid): Try to set owner to user and primary group to
        current group in impersonation token before performing impersonation.
        (setegid): Try to set primary group in process token to the new group
        if ntsec is on.
        * uinfo.cc (internal_getlogin): Use new `cygsid' class.
        Try to set owner to user and primary group to current group in process
        token if the process has been started from a non cygwin process.
        (uinfo_init): Set primary group only if the process has been started
        from a non cygwin process.
        * winsup.h: Move define for `MAX_SID_LEN' to security.h.
2001-04-25 09:43:25 +00:00
Corinna Vinschen 3c8e92d9fc * security.cc (set_process_privileges): Swap out.
* sec_helper.cc (set_process_privilege): Rename from
        `set_process_privileges'. Takes the privilege to enable or disable
        as parameter now.
        * security.h: Add prototype for `set_process_privileges'.
2001-04-20 20:36:13 +00:00
Corinna Vinschen c0d1968a18 * Makefile.in: Add object files `sec_helper.cc' and `sec_acl.cc'.
* security.cc: Swap out several functions.
        * sec_acl.cc: New file. Move Sun compatibel ACL functions from
        `security.cc' to here.
        * sec_helper.cc: New file. Move security helper functions from
        `security.cc' to here.
        * security.h: Changed to accomodate the above changes.

        * grp.cc: Replace `group_in_memory_p' by `group_state'.
        Eliminate group_sem throughout.
        (enum grp_state): New enumeration type.
        (read_etc_group): Make race safe.
        * security.cc: Eliminate group_sem throughout.
2001-04-20 13:02:32 +00:00