diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2001-05-15 19:23:31 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2001-05-15 19:23:31 +0000 |
| commit | 2b0a111fcf0a2e7276f9c0f1cb9e56dc5d14361c (patch) | |
| tree | 16b8d3c8656971ba11a9fe6e86483314ea4ae3fa /winsup/cygwin/security.h | |
| parent | 75f9ca7b0c317ba96a06f089cf44c0da46ee4996 (diff) | |
| download | cygnal-2b0a111fcf0a2e7276f9c0f1cb9e56dc5d14361c.tar.gz cygnal-2b0a111fcf0a2e7276f9c0f1cb9e56dc5d14361c.tar.bz2 cygnal-2b0a111fcf0a2e7276f9c0f1cb9e56dc5d14361c.zip | |
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
Diffstat (limited to 'winsup/cygwin/security.h')
| -rw-r--r-- | winsup/cygwin/security.h | 59 |
1 files changed, 39 insertions, 20 deletions
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index 11bf7d938..5f2a38141 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -12,21 +12,37 @@ details. */ #define INHERIT_ALL (CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE) #define INHERIT_ONLY (INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE) -#define MAX_SID_LEN 40 - #define DEFAULT_UID DOMAIN_USER_RID_ADMIN #define DEFAULT_GID DOMAIN_ALIAS_RID_ADMINS +#define MAX_SID_LEN 40 + +#define NO_SID ((PSID)NULL) + class cygsid { PSID psid; char sbuf[MAX_SID_LEN]; + + const PSID getfromstr (const char *nsidstr); + PSID get_sid (DWORD s, DWORD cnt, DWORD *r); + public: inline cygsid () : psid ((PSID) sbuf) {} - inline cygsid (PSID nsid) { *this = nsid; } + inline cygsid (const PSID nsid) { *this = nsid; } + inline cygsid (const char *nstrsid) { *this = nstrsid; } inline PSID set () { return psid = (PSID) sbuf; } - inline const PSID operator= (PSID nsid) + BOOL getfrompw (struct passwd *pw); + BOOL getfromgr (struct group *gr); + + int get_id (BOOL search_grp, int *type = NULL); + inline int get_uid () { return get_id (FALSE); } + inline int get_gid () { return get_id (TRUE); } + + char *string (char *nsidstr); + + inline const PSID operator= (const PSID nsid) { if (!nsid) psid = NULL; @@ -37,15 +53,33 @@ public: } return psid; } - inline BOOL operator== (PSID nsid) + inline const PSID operator= (const char *nsidstr) + { return getfromstr (nsidstr); } + + inline BOOL operator== (const PSID nsid) const { if (!psid || !nsid) return nsid == psid; return EqualSid (psid, nsid); } + inline BOOL operator== (const char *nsidstr) const + { + cygsid nsid (nsidstr); + return *this == nsid; + } + inline BOOL operator!= (const PSID nsid) const + { return !(*this == nsid); } + inline BOOL operator!= (const char *nsidstr) const + { return !(*this == nsidstr); } + inline operator const PSID () { return psid; } }; +extern cygsid well_known_admin_sid; +extern cygsid well_known_system_sid; +extern cygsid well_known_creator_owner_sid; +extern cygsid well_known_world_sid; + extern BOOL allow_ntsec; extern BOOL allow_smbntsec; @@ -70,18 +104,6 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS HANDLE subauth (struct passwd *pw); /* sec_helper.cc: Security helper functions. */ -char *__stdcall convert_sid_to_string_sid (PSID psid, char *sid_str); -PSID __stdcall convert_string_sid_to_sid (PSID psid, const char *sid_str); -PSID __stdcall get_sid (PSID psid, DWORD s, DWORD cnt, DWORD *r); -BOOL __stdcall get_pw_sid (PSID sid, struct passwd *pw); -BOOL __stdcall get_gr_sid (PSID sid, struct group *gr); -PSID __stdcall get_admin_sid (); -PSID __stdcall get_system_sid (); -PSID __stdcall get_creator_owner_sid (); -PSID __stdcall get_world_sid (); -int get_id_from_sid (PSID psid, BOOL search_grp, int *type); -int __stdcall get_id_from_sid (PSID psid, BOOL search_grp); -BOOL __stdcall legal_sid_type (SID_NAME_USE type); BOOL __stdcall is_grp_member (uid_t uid, gid_t gid); /* `lookup_name' should be called instead of LookupAccountName. * logsrv may be NULL, in this case only the local system is used for lookup. @@ -89,9 +111,6 @@ BOOL __stdcall is_grp_member (uid_t uid, gid_t gid); BOOL __stdcall lookup_name (const char *, const char *, PSID); int set_process_privilege (const char *privilege, BOOL enable = TRUE); -extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);} -extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); } - /* shared.cc: */ /* Retrieve a security descriptor that allows all access */ SECURITY_DESCRIPTOR *__stdcall get_null_sd (void); |