summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--winsup/cygwin/ChangeLog18
-rw-r--r--winsup/cygwin/grp.cc4
-rw-r--r--winsup/cygwin/passwd.cc2
-rw-r--r--winsup/cygwin/pwdgrp.h6
-rw-r--r--winsup/cygwin/sec_helper.cc111
-rw-r--r--winsup/cygwin/security.h73
6 files changed, 123 insertions, 91 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 4ad4441a4..adcd66861 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,21 @@
+2003-02-04 Pierre Humblet <pierre.humblet@ieee.org>
+
+ * security.h (class cygpsid): New class.
+ (class cygsid): Use cygpsid as base. Remove members psid, get_id,
+ get_uid, get_gid, string, debug_printf and the == and != operators.
+ (cygsidlist::clear_supp): Only do work if setgroups has been called.
+ * sec_helper.cc: Define sid_auth NO_COPY.
+ (cygpsid::operator==): New operator.
+ (cygpsid::get_id): New function.
+ (cygpsid::string): New function.
+ (cygsid::string): Delete.
+ (cygsid::get_id): Delete.
+ * pwdgrp.h: Change arguments of internal_getpwsid,
+ internal_getgrsid and internal_getgroups to cygpsid.
+ * passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid.
+ * grp.cc (internal_getgrsid): Ditto.
+ (internal_getgroups): Ditto.
+
2003-02-03 Christopher Faylor <cgf@redhat.com>
Eliminate most unneeded this-> pointers throughout.
diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc
index f252e3cb8..41f2484b0 100644
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@@ -107,7 +107,7 @@ pwdgrp::read_group ()
}
struct __group32 *
-internal_getgrsid (cygsid &sid)
+internal_getgrsid (cygpsid &sid)
{
char sid_string[128];
@@ -231,7 +231,7 @@ internal_getgrent (int pos)
}
int
-internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygsid * srchsid)
+internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygpsid * srchsid)
{
HANDLE hToken = NULL;
DWORD size;
diff --git a/winsup/cygwin/passwd.cc b/winsup/cygwin/passwd.cc
index 1a6654c21..ad784adac 100644
--- a/winsup/cygwin/passwd.cc
+++ b/winsup/cygwin/passwd.cc
@@ -97,7 +97,7 @@ pwdgrp::read_passwd ()
}
struct passwd *
-internal_getpwsid (cygsid &sid)
+internal_getpwsid (cygpsid &sid)
{
struct passwd *pw;
char *ptr1, *ptr2, *endptr;
diff --git a/winsup/cygwin/pwdgrp.h b/winsup/cygwin/pwdgrp.h
index 738ee601c..40b1eeb6f 100644
--- a/winsup/cygwin/pwdgrp.h
+++ b/winsup/cygwin/pwdgrp.h
@@ -12,14 +12,14 @@ details. */
/* These functions are needed to allow searching and walking through
the passwd and group lists */
-extern struct passwd *internal_getpwsid (cygsid &);
+extern struct passwd *internal_getpwsid (cygpsid &);
extern struct passwd *internal_getpwnam (const char *, bool = FALSE);
extern struct passwd *internal_getpwuid (__uid32_t, bool = FALSE);
-extern struct __group32 *internal_getgrsid (cygsid &);
+extern struct __group32 *internal_getgrsid (cygpsid &);
extern struct __group32 *internal_getgrgid (__gid32_t gid, bool = FALSE);
extern struct __group32 *internal_getgrnam (const char *, bool = FALSE);
extern struct __group32 *internal_getgrent (int);
-int internal_getgroups (int, __gid32_t *, cygsid * = NULL);
+int internal_getgroups (int, __gid32_t *, cygpsid * = NULL);
#include "sync.h"
class pwdgrp
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 9c49c0a59..59eba0887 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -39,7 +39,7 @@ SECURITY_ATTRIBUTES NO_COPY sec_none_nih;
SECURITY_ATTRIBUTES NO_COPY sec_all;
SECURITY_ATTRIBUTES NO_COPY sec_all_nih;
-SID_IDENTIFIER_AUTHORITY sid_auth[] = {
+SID_IDENTIFIER_AUTHORITY NO_COPY sid_auth[] = {
{SECURITY_NULL_SID_AUTHORITY},
{SECURITY_WORLD_SID_AUTHORITY},
{SECURITY_LOCAL_SID_AUTHORITY},
@@ -62,6 +62,63 @@ cygsid well_known_authenticated_users_sid;
cygsid well_known_system_sid;
cygsid well_known_admins_sid;
+bool
+cygpsid::operator== (const char *nsidstr) const
+{
+ cygsid nsid (nsidstr);
+ return psid == nsid;
+}
+
+__uid32_t
+cygpsid::get_id (BOOL search_grp, int *type)
+{
+ /* First try to get SID from group, then passwd */
+ __uid32_t id = ILLEGAL_UID;
+
+ if (search_grp)
+ {
+ struct __group32 *gr;
+ if (cygheap->user.groups.pgsid == psid)
+ id = myself->gid;
+ else if ((gr = internal_getgrsid (*this)))
+ id = gr->gr_gid;
+ if (id != ILLEGAL_UID)
+ {
+ if (type)
+ *type = GROUP;
+ return id;
+ }
+ }
+ if (!search_grp || type)
+ {
+ struct passwd *pw;
+ if (*this == cygheap->user.sid ())
+ id = myself->uid;
+ else if ((pw = internal_getpwsid (*this)))
+ id = pw->pw_uid;
+ if (id != ILLEGAL_UID && type)
+ *type = USER;
+ }
+ return id;
+}
+
+
+char *
+cygpsid::string (char *nsidstr) const
+{
+ char *t;
+ DWORD i;
+
+ if (!psid || !nsidstr)
+ return NULL;
+ strcpy (nsidstr, "S-1-");
+ t = nsidstr + sizeof ("S-1-") - 1;
+ t += __small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
+ for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
+ t += __small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i));
+ return nsidstr;
+}
+
void
cygsid::init ()
{
@@ -80,25 +137,6 @@ cygsid::init ()
well_known_admins_sid = "S-1-5-32-544";
}
-char *
-cygsid::string (char *nsidstr) const
-{
- char t[32];
- DWORD i;
-
- if (!psid || !nsidstr)
- return NULL;
- strcpy (nsidstr, "S-1-");
- __small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
- strcat (nsidstr, t);
- for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
- {
- __small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i));
- strcat (nsidstr, t);
- }
- return nsidstr;
-}
-
PSID
cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r)
{
@@ -148,39 +186,6 @@ cygsid::getfromgr (const struct __group32 *gr)
return (*this = sp) != NULL;
}
-__uid32_t
-cygsid::get_id (BOOL search_grp, int *type)
-{
- /* First try to get SID from passwd or group entry */
- __uid32_t id = ILLEGAL_UID;
-
- if (!search_grp)
- {
- struct passwd *pw;
- if (*this == cygheap->user.sid ())
- id = myself->uid;
- else if ((pw = internal_getpwsid (*this)))
- id = pw->pw_uid;
- if (id != ILLEGAL_UID)
- {
- if (type)
- *type = USER;
- return id;
- }
- }
- if (search_grp || type)
- {
- struct __group32 *gr;
- if (cygheap->user.groups.pgsid == psid)
- id = myself->gid;
- else if ((gr = internal_getgrsid (*this)))
- id = gr->gr_gid;
- if (id != ILLEGAL_UID && type)
- *type = GROUP;
- }
- return id;
-}
-
BOOL
is_grp_member (__uid32_t uid, __gid32_t gid)
{
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index a2a46a433..d789d18ea 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -20,8 +20,40 @@ details. */
#define NO_SID ((PSID)NULL)
-class cygsid {
+class cygpsid {
+protected:
PSID psid;
+public:
+ cygpsid () {}
+ cygpsid (PSID nsid) { psid = nsid; }
+ operator const PSID () { return psid; }
+ const PSID operator= (PSID nsid) { return psid = nsid;}
+ __uid32_t get_id (BOOL search_grp, int *type = NULL);
+ int get_uid () { return get_id (FALSE); }
+ int get_gid () { return get_id (TRUE); }
+
+ char *string (char *nsidstr) const;
+
+ bool operator== (const PSID nsid) const
+ {
+ if (!psid || !nsid)
+ return nsid == psid;
+ return EqualSid (psid, nsid);
+ }
+ bool operator!= (const PSID nsid) const
+ { return !(*this == nsid); }
+ bool operator== (const char *nsidstr) const;
+ bool operator!= (const char *nsidstr) const
+ { return !(*this == nsidstr); }
+
+ void debug_print (const char *prefix = NULL) const
+ {
+ char buf[256];
+ debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL");
+ }
+};
+
+class cygsid : public cygpsid {
char sbuf[MAX_SID_LEN];
const PSID getfromstr (const char *nsidstr);
@@ -50,7 +82,7 @@ public:
inline const PSID operator= (const char *nsidstr)
{ return getfromstr (nsidstr); }
- inline cygsid () : psid ((PSID) sbuf) {}
+ inline cygsid () : cygpsid ((PSID) sbuf) {}
inline cygsid (const PSID nsid) { *this = nsid; }
inline cygsid (const char *nstrsid) { *this = nstrsid; }
@@ -58,34 +90,6 @@ public:
BOOL getfrompw (const struct passwd *pw);
BOOL getfromgr (const struct __group32 *gr);
-
- __uid32_t get_id (BOOL search_grp, int *type = NULL);
- inline int get_uid () { return get_id (FALSE); }
- inline int get_gid () { return get_id (TRUE); }
-
- char *string (char *nsidstr) const;
-
- inline BOOL operator== (const PSID nsid) const
- {
- if (!psid || !nsid)
- return nsid == psid;
- return EqualSid (psid, nsid);
- }
- inline BOOL operator== (const char *nsidstr) const
- {
- cygsid nsid (nsidstr);
- return *this == nsid;
- }
- inline BOOL operator!= (const PSID nsid) const
- { return !(*this == nsid); }
- inline BOOL operator!= (const char *nsidstr) const
- { return !(*this == nsidstr); }
-
- void debug_print (const char *prefix = NULL) const
- {
- char buf[256];
- debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL");
- }
};
typedef enum { cygsidlist_empty, cygsidlist_alloc, cygsidlist_auto } cygsidlist_type;
@@ -171,8 +175,11 @@ public:
}
void clear_supp ()
{
- sgsids.free_sids ();
- ischanged = TRUE;
+ if (issetgroups ())
+ {
+ sgsids.free_sids ();
+ ischanged = TRUE;
+ }
}
void update_pgrp (const PSID sid)
{
@@ -222,6 +229,8 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS
void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
void *sd_buf, DWORD sd_buf_size);
+bool get_sids_info (cygpsid, cygpsid, __uid32_t * , __gid32_t *);
+
/* Try a subauthentication. */
HANDLE subauth (struct passwd *pw);
/* Try creating a token directly. */
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 10:58:02 +0000