Commit Graph

14 Commits

Author SHA1 Message Date
Corinna Vinschen b54881352d * sec_auth.cc (extract_nt_dom_user): Return domain and user name as
WCHAR.
	(cygwin_logon_user): Accommodate above change.  Convert password to
	WCHAR and call LogonUserW.
	* external.cc (cygwin_internal): Accommodate above change.
	* security.h (extract_nt_dom_user): Change prototype accordingly.
2008-07-30 12:10:20 +00:00
Corinna Vinschen 9a51257715 Change length for domain buffers from INTERNET_MAX_HOST_NAME_LENGTH to
MAX_DOMAIN_NAME_LEN throughout.
	* cyglsa.h (CYG_LSA_MAGIC): New value.
	(cyglsa_t): Define username and domain as WCHAR arrays.
	* errno.cc (errmap): Add mapping for ERROR_NONE_MAPPED.
	* sec_auth.cc: Drop 'w' prefix from WCHAR string variable names where
	appropriate.
	(extract_nt_dom_user): Prefer resolving by SID before resolving by
	domain\name pair.
	(cygwin_logon_user): Don't print cleartext password in debug output.
	Change comment.
	(get_user_groups): Revert calls to LookupAccountNameW to use NULL
	server instead of explicit server name, according to MSDN.
	(get_user_local_groups): Ditto.
	(get_server_groups): Fetch domain and user name from usersid per
	LookupAccountSidW instead of calling extract_nt_dom_user.
	(lsaauth): Fetch domain and user name from usersid per LookupAccountSidW
	instead of calling extract_nt_dom_user.
	* sec_helper.cc (cygpriv): Convert to wchar_t pointer array.
	(privilege_luid): Convert first parameter to  PWCHAR.
	(privilege_name): Return wchar_t pointer.
	(set_privileges): Accommodate debug output.
	* security.h (privilege_luid): Change prototype accordingly.
2008-07-11 10:00:36 +00:00
Corinna Vinschen c68cb84e88 * cyglsa.h (SECURITY_STRING): Define.
(enum _SECPKG_NAME_TYPE): Define.
	(struct _SECPKG_CALL_INFO): Define.
	(struct _LSA_SECPKG_FUNCS): Extend to full size.  Define unused
	functions lazily.
	(cygprf_t): Define.
	* sec_auth.cc (lsaauth): Use actual primary group if no admins group.
	Add (disabled) code to fetch token from profil data.
2008-07-10 18:01:25 +00:00
Corinna Vinschen 9035519215 * sec_auth.cc (verify_token): Allow builtin groups missing in a token
and it's still valid.  Explain why.
2008-07-09 15:45:08 +00:00
Corinna Vinschen 5558de95e5 * autoload.cc (DsGetDcNameW): Replace DsGetDcNameA.
* dcrt0.cc (child_info_spawn::handle_spawn): Drop artificial
	supplementary group list from calling setgroups in parent.
	* grp.cc (internal_getgroups): Drop 9x-only code.  Reformat.
	* sec_auth.cc (get_logon_server): Do everything in WCHAR only.
	(get_user_groups): Ditto.  Use wlogonserver in LookupAccountNameW
	calls, too.
	(is_group_member): Get logon server as first argument and use in call
	to NetLocalGroupGetMembers.
	(get_user_local_groups): Get logon server as first argument and use in
	calls to NetLocalGroupEnum and LookupAccountNameW.  Revamp to work
	more correctly in domain environments.
	(get_server_groups): Accommodate aforementioned changed function calls.
	* security.h (get_logon_server): Change prototype accordingly.
	* uinfo.cc (cygheap_user::env_logsrv): Accommodate changed
	get_logon_server call.
2008-07-09 11:58:38 +00:00
Corinna Vinschen 2827371898 * sec_auth.cc (verify_token): Disable code which returns false if
the token contains additional groups not requested by setgroups.
	Explain why.
2008-07-09 08:10:25 +00:00
Corinna Vinschen e4278ecbd2 * sec_auth.cc (DsGetDcNameA): Drop declaration.
(DS_FORCE_REDISCOVERY): Drop definition.
2008-06-17 18:54:16 +00:00
Corinna Vinschen 93e9098f7c * sec_auth.cc (lsaauth): Make returned token inheritable. 2008-06-10 15:16:01 +00:00
Corinna Vinschen b1138f3d4b * sec_auth.cc (create_token): Add integrity level SID to token on
systems supporting that.  Remove useless check for dynamically loading
	NtCreateToken function.
	* sec_helper.cc (mandatory_medium_integrity_sid): Define.
	(mandatory_high_integrity_sid): Define.
	(mandatory_system_integrity_sid): Define.
	* sec_helper.h (mandatory_medium_integrity_sid): Declare.
	(mandatory_high_integrity_sid): Declare.
	(mandatory_system_integrity_sid): Declare.
2008-04-22 10:45:34 +00:00
Christopher Faylor b13e6864f5 Remove unneeded header files from source files throughout. 2008-04-07 18:45:59 +00:00
Corinna Vinschen a7d2cc16e2 * Fix copyright dates. 2008-04-01 13:22:47 +00:00
Corinna Vinschen 5ab0b5cf52 * dcrt0.cc (initial_env): Only use local buffer "buf" if DEBUGGING is
enabled.  Replace calls to GetEnvironmentVariable by calls to
	GetEnvironmentVariableA for clarity.  Call GetEnvironmentVariableA
	with NULL buffer.
	(cygbench): Ditto, drop local buffer.
	* environ.cc (getearly): Call GetEnvironmentVariableA.
	(environ_init): Retrieve unicode environment and convert to current
	codepage locally.
	(getwinenveq): Ditto.
	* exceptions.cc (try_to_debug): Accommodate new sys_mbstowcs calling
	convention.
	* fhandler_clipboard.cc (set_clipboard): Call sys_mbstowcs to retrieve
	required buffer length.
	* fork.cc (frok::child): Call GetEnvironmentVariableA.
	* miscfuncs.cc: Accommodate changed arguments in calls to sys_mbstowcs.
	* sec_auth.cc: Ditto.
	* strfuncs.cc (sys_wcstombs_alloc): Fix formatting.
	(sys_mbstowcs): Change arguments to allow specifying a source string
	length.
	(sys_mbstowcs_alloc): Ditto.
	* uinfo.cc (cygheap_user::ontherange): Accommodate changed arguments in
	calls to sys_mbstowcs.
	* winsup.h (sys_mbstowcs): Adjust declaration.
	(sys_mbstowcs_alloc): Ditto.
2008-02-25 18:32:23 +00:00
Christopher Faylor 70300fdb1c Perform whitespace cleanup throughout.
* dcrt0.cc (signal_shift_subtract): Eliminate ancient backwards compatibility.
(check_sanity_and_sync): Ditto.
* winsup.h (SIGTOMASK): Ditto.  Just use constant in signal calculation.
* include/cygwin/version: Remove backwards signal mask compatibility define.
* path.cc (symlink_info::check_sysfile): Cosmetic change.
* registry.cc (get_registry_hive_path): Remove unneeded variable.
* exceptions.cc (handle_sigsuspend): Eliminate thread signal mask and use
either main sigmask or current thread sigmask.
(set_process_mask): Ditto.
(sighold): Ditto.
(sigrelse): Ditto.
(sigset): Ditto.
(set_process_mask_delta): Ditto.
(_cygtls::call_signal_handler): Ditto.
* fhandler_process.cc (format_process_status): Ditto.
* fhandler_termios.cc (fhandler_termios::bg_check): Ditto.
* pinfo.h (class pinfo): Ditto.
* select.cc (pselect): Ditto.
* signal.cc (sigprocmask): Ditto.
(abort): Ditto.
(sigpause): Ditto.
(sigsend): Ditto.
(wait_sig): Ditto.
* thread.h (pthread::parent_tls): New member.
* thread.cc (pthread::pthread): Record parent_tls here.
(pthread::thread_init_wrapper): Initialize sigmask from parent thread.
2008-02-15 17:53:11 +00:00
Corinna Vinschen eea4e48208 * fhandler.cc (fhandler_base::fhaccess): Accommodate interface changes
of access control functions throughout.
	* fhandler_disk_file.cc: Ditto.
	* fhandler_registry.cc: Ditto.
	* sec_acl.cc: Drop unnecessary includes.
	(setacl): Take path_conv instead of file name as parameter.
	Accommodate interface changes of access control functions.
	(getacl): Ditto.
	* sec_auth.cc: New file, taking over all authentication related
	functions from security.cc.
	* sec_helper.cc: Drop unnecessary includes.
	* security.cc: Ditto.  Move all authentication related functions to
	sec_auth.cc.
	(ALL_SECURITY_INFORMATION): New define.  Use throughout.
	(set_file_sd): New function, replacing read_sd and the file related
	part of get_nt_object_security.
	(get_reg_sd): Rename from get_reg_security.  Drop type parameter.
	(get_reg_attribute): New function, replacing the registry related part
	of get_nt_object_security.
	(get_file_attribute): Take path_conv instead of file name as parameter.
	Use new get_file_sd call.
	(set_file_attribute): Ditto plus new set_file_sd.  Drop unnecessary
	implementation without uid/gid parameters.
	(check_file_access): Take path_conv instead of file name as parameter.
	Use new get_file_sd call.
	(check_registry_access): Use new get_reg_sd call.
	* security.h: Accommodate above interface changes.
2007-07-20 14:29:43 +00:00