diff options
Diffstat (limited to 'winsup/cygwin/security.h')
| -rw-r--r-- | winsup/cygwin/security.h | 105 |
1 files changed, 91 insertions, 14 deletions
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index 5f2a38141..c915c1b6c 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -26,6 +26,18 @@ class cygsid { const PSID getfromstr (const char *nsidstr); PSID get_sid (DWORD s, DWORD cnt, DWORD *r); + inline const PSID assign (const PSID nsid) + { + if (!nsid) + psid = NO_SID; + else + { + psid = (PSID) sbuf; + CopySid (MAX_SID_LEN, psid, nsid); + } + return psid; + } + public: inline cygsid () : psid ((PSID) sbuf) {} inline cygsid (const PSID nsid) { *this = nsid; } @@ -40,19 +52,12 @@ public: inline int get_uid () { return get_id (FALSE); } inline int get_gid () { return get_id (TRUE); } - char *string (char *nsidstr); + char *string (char *nsidstr) const; + inline const PSID operator= (cygsid &nsid) + { return assign (nsid); } inline const PSID operator= (const PSID nsid) - { - if (!nsid) - psid = NULL; - else - { - psid = (PSID) sbuf; - CopySid (MAX_SID_LEN, psid, nsid); - } - return psid; - } + { return assign (nsid); } inline const PSID operator= (const char *nsidstr) { return getfromstr (nsidstr); } @@ -73,12 +78,77 @@ public: { return !(*this == nsidstr); } inline operator const PSID () { return psid; } + + void debug_print (const char *prefix = NULL) const + { + char buf[256]; + debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL"); + } +}; + +class cygsidlist { +public: + int count; + cygsid *sids; + + cygsidlist () : count (0), sids (NULL) {} + ~cygsidlist () { delete [] sids; } + + BOOL add (cygsid &nsi) + { + cygsid *tmp = new cygsid [count + 1]; + if (!tmp) + return FALSE; + for (int i = 0; i < count; ++i) + tmp[i] = sids[i]; + delete [] sids; + sids = tmp; + sids[count++] = nsi; + return TRUE; + } + BOOL add (const PSID nsid) { return add (nsid); } + BOOL add (const char *sidstr) + { cygsid nsi (sidstr); return add (nsi); } + + BOOL operator+= (cygsid &si) { return add (si); } + BOOL operator+= (const char *sidstr) { return add (sidstr); } + + BOOL contains (cygsid &sid) const + { + for (int i = 0; i < count; ++i) + if (sids[i] == sid) + return TRUE; + return FALSE; + } + void debug_print (const char *prefix = NULL) const + { + debug_printf ("-- begin sidlist ---"); + if (!count) + debug_printf ("No elements"); + for (int i = 0; i < count; ++i) + sids[i].debug_print (prefix); + debug_printf ("-- ende sidlist ---"); + } }; -extern cygsid well_known_admin_sid; -extern cygsid well_known_system_sid; -extern cygsid well_known_creator_owner_sid; extern cygsid well_known_world_sid; +extern cygsid well_known_local_sid; +extern cygsid well_known_creator_owner_sid; +extern cygsid well_known_dialup_sid; +extern cygsid well_known_network_sid; +extern cygsid well_known_batch_sid; +extern cygsid well_known_interactive_sid; +extern cygsid well_known_service_sid; +extern cygsid well_known_authenticated_users_sid; +extern cygsid well_known_system_sid; +extern cygsid well_known_admin_sid; + +inline BOOL +legal_sid_type (SID_NAME_USE type) +{ + return type == SidTypeUser || type == SidTypeGroup + || type == SidTypeAlias || type == SidTypeWellKnownGroup; +} extern BOOL allow_ntsec; extern BOOL allow_smbntsec; @@ -102,6 +172,13 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS /* Try a subauthentication. */ HANDLE subauth (struct passwd *pw); +/* Try creating a token directly. */ +HANDLE create_token (cygsid &usersid, cygsid &pgrpsid); + +/* Extract U-domain\user field from passwd entry. */ +void extract_nt_dom_user (const struct passwd *pw, char *domain, char *user); +/* Get default logonserver and domain for this box. */ +BOOL get_logon_server_and_user_domain (char *logonserver, char *domain); /* sec_helper.cc: Security helper functions. */ BOOL __stdcall is_grp_member (uid_t uid, gid_t gid); |