2001-04-20 21:02:32 +08:00
|
|
|
/* sec_helper.cc: NT security helper functions
|
|
|
|
|
* child_info.h, cygheap.h, fhandler_clipboard.cc, fhandler_dsp.cc,
fhandler_floppy.cc, fhandler_mem.cc, fhandler_random.cc,
fhandler_tape.cc, fhandler_zero.cc, grp.cc, mmap.cc, passwd.cc,
pinfo.cc, pinfo.h, pipe.cc, sec_acl.cc, sec_helper.cc, security.cc,
security.h, thread.h, uinfo.cc, include/cygwin/acl.h: Fix copyright.
2002-02-10 21:50:13 +08:00
|
|
|
Copyright 2000, 2001, 2002 Red Hat, Inc.
|
2001-04-20 21:02:32 +08:00
|
|
|
|
|
|
|
Written by Corinna Vinschen <corinna@vinschen.de>
|
|
|
|
|
|
|
|
This file is part of Cygwin.
|
|
|
|
|
|
|
|
This software is a copyrighted work licensed under the terms of the
|
|
|
|
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
|
|
|
details. */
|
|
|
|
|
|
|
|
#include "winsup.h"
|
|
|
|
#include <grp.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <limits.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/acl.h>
|
|
|
|
#include <ctype.h>
|
|
|
|
#include <wingdi.h>
|
|
|
|
#include <winuser.h>
|
2001-05-01 02:21:48 +08:00
|
|
|
#include <wininet.h>
|
2001-04-20 21:02:32 +08:00
|
|
|
#include "cygerrno.h"
|
2001-07-27 03:22:24 +08:00
|
|
|
#include "security.h"
|
2001-04-20 21:02:32 +08:00
|
|
|
#include "fhandler.h"
|
|
|
|
#include "path.h"
|
|
|
|
#include "dtable.h"
|
|
|
|
#include "pinfo.h"
|
|
|
|
#include "cygheap.h"
|
|
|
|
|
2002-07-01 22:31:28 +08:00
|
|
|
/* General purpose security attribute objects for global use. */
|
|
|
|
SECURITY_ATTRIBUTES NO_COPY sec_none;
|
|
|
|
SECURITY_ATTRIBUTES NO_COPY sec_none_nih;
|
|
|
|
SECURITY_ATTRIBUTES NO_COPY sec_all;
|
|
|
|
SECURITY_ATTRIBUTES NO_COPY sec_all_nih;
|
|
|
|
|
2001-04-20 21:02:32 +08:00
|
|
|
SID_IDENTIFIER_AUTHORITY sid_auth[] = {
|
2001-09-08 05:32:07 +08:00
|
|
|
{SECURITY_NULL_SID_AUTHORITY},
|
|
|
|
{SECURITY_WORLD_SID_AUTHORITY},
|
|
|
|
{SECURITY_LOCAL_SID_AUTHORITY},
|
|
|
|
{SECURITY_CREATOR_SID_AUTHORITY},
|
|
|
|
{SECURITY_NON_UNIQUE_AUTHORITY},
|
|
|
|
{SECURITY_NT_AUTHORITY}
|
2001-04-20 21:02:32 +08:00
|
|
|
};
|
|
|
|
|
2001-07-16 06:40:07 +08:00
|
|
|
cygsid well_known_null_sid ("S-1-0-0");
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
cygsid well_known_world_sid ("S-1-1-0");
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
cygsid well_known_local_sid ("S-1-2-0");
|
|
|
|
cygsid well_known_creator_owner_sid ("S-1-3-0");
|
|
|
|
cygsid well_known_dialup_sid ("S-1-5-1");
|
|
|
|
cygsid well_known_network_sid ("S-1-5-2");
|
|
|
|
cygsid well_known_batch_sid ("S-1-5-3");
|
|
|
|
cygsid well_known_interactive_sid ("S-1-5-4");
|
|
|
|
cygsid well_known_service_sid ("S-1-5-6");
|
|
|
|
cygsid well_known_authenticated_users_sid ("S-1-5-11");
|
|
|
|
cygsid well_known_system_sid ("S-1-5-18");
|
2001-07-16 06:40:07 +08:00
|
|
|
cygsid well_known_admins_sid ("S-1-5-32-544");
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
|
2001-04-20 21:02:32 +08:00
|
|
|
char *
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
cygsid::string (char *nsidstr) const
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
|
|
|
char t[32];
|
|
|
|
DWORD i;
|
|
|
|
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
if (!psid || !nsidstr)
|
2001-04-20 21:02:32 +08:00
|
|
|
return NULL;
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
strcpy (nsidstr, "S-1-");
|
2002-09-22 11:38:57 +08:00
|
|
|
__small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
strcat (nsidstr, t);
|
2001-04-20 21:02:32 +08:00
|
|
|
for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
|
|
|
|
{
|
2002-09-22 11:38:57 +08:00
|
|
|
__small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i));
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
strcat (nsidstr, t);
|
2001-04-20 21:02:32 +08:00
|
|
|
}
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
return nsidstr;
|
2001-04-20 21:02:32 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
PSID
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
|
|
|
DWORD i;
|
|
|
|
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
if (s > 5 || cnt < 1 || cnt > 8)
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
{
|
|
|
|
psid = NO_SID;
|
|
|
|
return NULL;
|
|
|
|
}
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
set ();
|
2002-09-22 11:38:57 +08:00
|
|
|
InitializeSid (psid, &sid_auth[s], cnt);
|
2001-04-20 21:02:32 +08:00
|
|
|
for (i = 0; i < cnt; ++i)
|
|
|
|
memcpy ((char *) psid + 8 + sizeof (DWORD) * i, &r[i], sizeof (DWORD));
|
|
|
|
return psid;
|
|
|
|
}
|
|
|
|
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
const PSID
|
|
|
|
cygsid::getfromstr (const char *nsidstr)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
|
|
|
char sid_buf[256];
|
|
|
|
char *t, *lasts;
|
|
|
|
DWORD cnt = 0;
|
|
|
|
DWORD s = 0;
|
|
|
|
DWORD i, r[8];
|
|
|
|
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
if (!nsidstr || strncmp (nsidstr, "S-1-", 4))
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
{
|
|
|
|
psid = NO_SID;
|
|
|
|
return NULL;
|
|
|
|
}
|
2001-04-20 21:02:32 +08:00
|
|
|
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
strcpy (sid_buf, nsidstr);
|
2001-04-20 21:02:32 +08:00
|
|
|
|
|
|
|
for (t = sid_buf + 4, i = 0;
|
|
|
|
cnt < 8 && (t = strtok_r (t, "-", &lasts));
|
|
|
|
t = NULL, ++i)
|
|
|
|
if (i == 0)
|
|
|
|
s = strtoul (t, NULL, 10);
|
|
|
|
else
|
|
|
|
r[cnt++] = strtoul (t, NULL, 10);
|
|
|
|
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
return get_sid (s, cnt, r);
|
2001-04-20 21:02:32 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
2001-05-30 04:43:40 +08:00
|
|
|
cygsid::getfrompw (const struct passwd *pw)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
char *sp = (pw && pw->pw_gecos) ? strrchr (pw->pw_gecos, ',') : NULL;
|
|
|
|
return (*this = sp ? sp + 1 : "") != NULL;
|
2001-04-20 21:02:32 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
Change internal gid datatype from __gid16_t to __gid32_t
throughout.
* cygwin.din: Export new symbols chown32, fchown32, getegid32,
getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
setgid32, setegid32, getgrent32.
* grp.cc (grp32togrp16): New static function.
(getgrgid32): New function.
(getgrnam32): Ditto.
(getgrent32): Ditto.
(getgroups32): Change name of internal function from getgroups.
(getgroups32): New function.
(initgroups32): Ditto.
* syscalls.cc (chown32): Ditto.
(lchown32): Ditto.
(fchown32): Ditto.
(setegid32): Ditto.
(setgid32): Ditto.
* uinfo.cc (getgid32): Ditto.
(getegid32): Ditto.
* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
Declare getgrgid32() and getgrnam32() instead. Declare getgid32().
2002-05-28 22:10:55 +08:00
|
|
|
cygsid::getfromgr (const struct __group32 *gr)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
char *sp = (gr && gr->gr_passwd) ? gr->gr_passwd : NULL;
|
|
|
|
return (*this = sp ?: "") != NULL;
|
2001-04-20 21:02:32 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
cygsid::get_id (BOOL search_grp, int *type)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
if (!psid)
|
|
|
|
{
|
|
|
|
set_errno (EINVAL);
|
|
|
|
return -1;
|
|
|
|
}
|
2001-04-20 21:02:32 +08:00
|
|
|
if (!IsValidSid (psid))
|
|
|
|
{
|
|
|
|
__seterrno ();
|
2002-07-03 11:20:50 +08:00
|
|
|
system_printf ("IsValidSid failed with %E");
|
2001-04-20 21:02:32 +08:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* First try to get SID from passwd or group entry */
|
|
|
|
if (allow_ntsec)
|
|
|
|
{
|
2001-04-25 17:43:25 +08:00
|
|
|
cygsid sid;
|
2001-04-20 21:02:32 +08:00
|
|
|
int id = -1;
|
|
|
|
|
|
|
|
if (!search_grp)
|
|
|
|
{
|
|
|
|
struct passwd *pw;
|
2001-04-25 17:43:25 +08:00
|
|
|
for (int pidx = 0; (pw = internal_getpwent (pidx)); ++pidx)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
if (sid.getfrompw (pw) && sid == psid)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
|
|
|
id = pw->pw_uid;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (id >= 0)
|
|
|
|
{
|
|
|
|
if (type)
|
|
|
|
*type = USER;
|
|
|
|
return id;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (search_grp || type)
|
|
|
|
{
|
Change internal gid datatype from __gid16_t to __gid32_t
throughout.
* cygwin.din: Export new symbols chown32, fchown32, getegid32,
getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
setgid32, setegid32, getgrent32.
* grp.cc (grp32togrp16): New static function.
(getgrgid32): New function.
(getgrnam32): Ditto.
(getgrent32): Ditto.
(getgroups32): Change name of internal function from getgroups.
(getgroups32): New function.
(initgroups32): Ditto.
* syscalls.cc (chown32): Ditto.
(lchown32): Ditto.
(fchown32): Ditto.
(setegid32): Ditto.
(setgid32): Ditto.
* uinfo.cc (getgid32): Ditto.
(getegid32): Ditto.
* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
Declare getgrgid32() and getgrnam32() instead. Declare getgid32().
2002-05-28 22:10:55 +08:00
|
|
|
struct __group32 *gr;
|
2001-04-25 17:43:25 +08:00
|
|
|
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
* fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
2001-05-16 03:23:31 +08:00
|
|
|
if (sid.getfromgr (gr) && sid == psid)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
|
|
|
id = gr->gr_gid;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (id >= 0)
|
|
|
|
{
|
|
|
|
if (type)
|
|
|
|
*type = GROUP;
|
|
|
|
return id;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* We use the RID as default UID/GID */
|
2002-09-22 11:38:57 +08:00
|
|
|
int id = *GetSidSubAuthority (psid, *GetSidSubAuthorityCount (psid) - 1);
|
2001-04-20 21:02:32 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The RID maybe -1 if accountname == computername.
|
|
|
|
* In this case we search for the accountname in the passwd and group files.
|
|
|
|
* If type is needed, we search in each case.
|
|
|
|
*/
|
|
|
|
if (id == -1 || type)
|
|
|
|
{
|
2001-05-01 02:21:48 +08:00
|
|
|
char account[UNLEN + 1];
|
|
|
|
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
|
|
|
|
DWORD acc_len = UNLEN + 1;
|
|
|
|
DWORD dom_len = INTERNET_MAX_HOST_NAME_LENGTH + 1;
|
2001-04-20 21:02:32 +08:00
|
|
|
SID_NAME_USE acc_type;
|
|
|
|
|
|
|
|
if (!LookupAccountSid (NULL, psid, account, &acc_len,
|
|
|
|
domain, &dom_len, &acc_type))
|
|
|
|
{
|
|
|
|
__seterrno ();
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (acc_type)
|
|
|
|
{
|
|
|
|
case SidTypeGroup:
|
|
|
|
case SidTypeAlias:
|
|
|
|
case SidTypeWellKnownGroup:
|
|
|
|
if (type)
|
|
|
|
*type = GROUP;
|
|
|
|
if (id == -1)
|
|
|
|
{
|
Change internal gid datatype from __gid16_t to __gid32_t
throughout.
* cygwin.din: Export new symbols chown32, fchown32, getegid32,
getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
setgid32, setegid32, getgrent32.
* grp.cc (grp32togrp16): New static function.
(getgrgid32): New function.
(getgrnam32): Ditto.
(getgrent32): Ditto.
(getgroups32): Change name of internal function from getgroups.
(getgroups32): New function.
(initgroups32): Ditto.
* syscalls.cc (chown32): Ditto.
(lchown32): Ditto.
(fchown32): Ditto.
(setegid32): Ditto.
(setgid32): Ditto.
* uinfo.cc (getgid32): Ditto.
(getegid32): Ditto.
* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
Declare getgrgid32() and getgrnam32() instead. Declare getgid32().
2002-05-28 22:10:55 +08:00
|
|
|
struct __group32 *gr = getgrnam32 (account);
|
2001-04-20 21:02:32 +08:00
|
|
|
if (gr)
|
|
|
|
id = gr->gr_gid;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SidTypeUser:
|
|
|
|
if (type)
|
|
|
|
*type = USER;
|
|
|
|
if (id == -1)
|
|
|
|
{
|
|
|
|
struct passwd *pw = getpwnam (account);
|
|
|
|
if (pw)
|
|
|
|
id = pw->pw_uid;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (id == -1)
|
2002-05-29 23:04:29 +08:00
|
|
|
id = getuid32 ();
|
2001-04-20 21:02:32 +08:00
|
|
|
return id;
|
|
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
Change internal gid datatype from __gid16_t to __gid32_t
throughout.
* cygwin.din: Export new symbols chown32, fchown32, getegid32,
getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
setgid32, setegid32, getgrent32.
* grp.cc (grp32togrp16): New static function.
(getgrgid32): New function.
(getgrnam32): Ditto.
(getgrent32): Ditto.
(getgroups32): Change name of internal function from getgroups.
(getgroups32): New function.
(initgroups32): Ditto.
* syscalls.cc (chown32): Ditto.
(lchown32): Ditto.
(fchown32): Ditto.
(setegid32): Ditto.
(setgid32): Ditto.
* uinfo.cc (getgid32): Ditto.
(getegid32): Ditto.
* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
Declare getgrgid32() and getgrnam32() instead. Declare getgid32().
2002-05-28 22:10:55 +08:00
|
|
|
is_grp_member (__uid32_t uid, __gid32_t gid)
|
2001-04-20 21:02:32 +08:00
|
|
|
{
|
Change internal gid datatype from __gid16_t to __gid32_t
throughout.
* cygwin.din: Export new symbols chown32, fchown32, getegid32,
getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
setgid32, setegid32, getgrent32.
* grp.cc (grp32togrp16): New static function.
(getgrgid32): New function.
(getgrnam32): Ditto.
(getgrent32): Ditto.
(getgroups32): Change name of internal function from getgroups.
(getgroups32): New function.
(initgroups32): Ditto.
* syscalls.cc (chown32): Ditto.
(lchown32): Ditto.
(fchown32): Ditto.
(setegid32): Ditto.
(setgid32): Ditto.
* uinfo.cc (getgid32): Ditto.
(getegid32): Ditto.
* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
Declare getgrgid32() and getgrnam32() instead. Declare getgid32().
2002-05-28 22:10:55 +08:00
|
|
|
extern int getgroups32 (int, __gid32_t *, __gid32_t, const char *);
|
2001-04-20 21:02:32 +08:00
|
|
|
BOOL grp_member = TRUE;
|
|
|
|
|
2002-05-29 23:04:29 +08:00
|
|
|
struct passwd *pw = getpwuid32 (uid);
|
Change internal gid datatype from __gid16_t to __gid32_t
throughout.
* cygwin.din: Export new symbols chown32, fchown32, getegid32,
getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
setgid32, setegid32, getgrent32.
* grp.cc (grp32togrp16): New static function.
(getgrgid32): New function.
(getgrnam32): Ditto.
(getgrent32): Ditto.
(getgroups32): Change name of internal function from getgroups.
(getgroups32): New function.
(initgroups32): Ditto.
* syscalls.cc (chown32): Ditto.
(lchown32): Ditto.
(fchown32): Ditto.
(setegid32): Ditto.
(setgid32): Ditto.
* uinfo.cc (getgid32): Ditto.
(getegid32): Ditto.
* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
Declare getgrgid32() and getgrnam32() instead. Declare getgid32().
2002-05-28 22:10:55 +08:00
|
|
|
__gid32_t grps[NGROUPS_MAX];
|
|
|
|
int cnt = getgroups32 (NGROUPS_MAX, grps,
|
|
|
|
pw ? pw->pw_gid : myself->gid,
|
|
|
|
pw ? pw->pw_name : cygheap->user.name ());
|
2001-04-20 21:02:32 +08:00
|
|
|
int i;
|
|
|
|
for (i = 0; i < cnt; ++i)
|
|
|
|
if (grps[i] == gid)
|
|
|
|
break;
|
|
|
|
grp_member = (i < cnt);
|
|
|
|
return grp_member;
|
|
|
|
}
|
|
|
|
|
2002-06-06 19:17:51 +08:00
|
|
|
#if 0 // unused
|
2001-05-01 02:21:48 +08:00
|
|
|
#define SIDLEN (sidlen = MAX_SID_LEN, &sidlen)
|
|
|
|
#define DOMLEN (domlen = INTERNET_MAX_HOST_NAME_LENGTH, &domlen)
|
|
|
|
|
2001-04-20 21:02:32 +08:00
|
|
|
BOOL
|
|
|
|
lookup_name (const char *name, const char *logsrv, PSID ret_sid)
|
|
|
|
{
|
2001-04-25 17:43:25 +08:00
|
|
|
cygsid sid;
|
2001-04-20 21:02:32 +08:00
|
|
|
DWORD sidlen;
|
2001-05-01 02:21:48 +08:00
|
|
|
char domuser[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2];
|
|
|
|
char dom[INTERNET_MAX_HOST_NAME_LENGTH + 1];
|
2001-04-20 21:02:32 +08:00
|
|
|
DWORD domlen;
|
|
|
|
SID_NAME_USE acc_type;
|
|
|
|
|
|
|
|
debug_printf ("name : %s", name ? name : "NULL");
|
|
|
|
|
|
|
|
if (!name)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if (cygheap->user.domain ())
|
|
|
|
{
|
|
|
|
strcat (strcat (strcpy (domuser, cygheap->user.domain ()), "\\"), name);
|
2001-05-01 02:21:48 +08:00
|
|
|
if (LookupAccountName (NULL, domuser, sid, SIDLEN, dom, DOMLEN, &acc_type)
|
2001-04-20 21:02:32 +08:00
|
|
|
&& legal_sid_type (acc_type))
|
|
|
|
goto got_it;
|
|
|
|
if (logsrv && *logsrv
|
2001-05-01 02:21:48 +08:00
|
|
|
&& LookupAccountName (logsrv, domuser, sid, SIDLEN,
|
|
|
|
dom, DOMLEN, &acc_type)
|
2001-04-20 21:02:32 +08:00
|
|
|
&& legal_sid_type (acc_type))
|
|
|
|
goto got_it;
|
|
|
|
}
|
|
|
|
if (logsrv && *logsrv)
|
|
|
|
{
|
2001-05-01 02:21:48 +08:00
|
|
|
if (LookupAccountName (logsrv, name, sid, SIDLEN, dom, DOMLEN, &acc_type)
|
2001-04-20 21:02:32 +08:00
|
|
|
&& legal_sid_type (acc_type))
|
|
|
|
goto got_it;
|
|
|
|
if (acc_type == SidTypeDomain)
|
|
|
|
{
|
|
|
|
strcat (strcat (strcpy (domuser, dom), "\\"), name);
|
2001-05-01 02:21:48 +08:00
|
|
|
if (LookupAccountName (logsrv, domuser, sid, SIDLEN,
|
|
|
|
dom, DOMLEN, &acc_type))
|
2001-04-20 21:02:32 +08:00
|
|
|
goto got_it;
|
|
|
|
}
|
|
|
|
}
|
2001-05-01 02:21:48 +08:00
|
|
|
if (LookupAccountName (NULL, name, sid, SIDLEN, dom, DOMLEN, &acc_type)
|
2001-04-20 21:02:32 +08:00
|
|
|
&& legal_sid_type (acc_type))
|
|
|
|
goto got_it;
|
|
|
|
if (acc_type == SidTypeDomain)
|
|
|
|
{
|
|
|
|
strcat (strcat (strcpy (domuser, dom), "\\"), name);
|
2001-05-01 02:21:48 +08:00
|
|
|
if (LookupAccountName (NULL, domuser, sid, SIDLEN, dom, DOMLEN,&acc_type))
|
2001-04-20 21:02:32 +08:00
|
|
|
goto got_it;
|
|
|
|
}
|
2002-09-22 11:38:57 +08:00
|
|
|
debug_printf ("LookupAccountName (%s) %E", name);
|
2001-04-20 21:02:32 +08:00
|
|
|
__seterrno ();
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
got_it:
|
2002-09-22 11:38:57 +08:00
|
|
|
debug_printf ("sid : [%d]", *GetSidSubAuthority ((PSID) sid,
|
|
|
|
*GetSidSubAuthorityCount ((PSID) sid) - 1));
|
2001-04-20 21:02:32 +08:00
|
|
|
|
|
|
|
if (ret_sid)
|
|
|
|
memcpy (ret_sid, sid, sidlen);
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
2001-04-21 04:36:13 +08:00
|
|
|
|
2001-05-01 02:21:48 +08:00
|
|
|
#undef SIDLEN
|
|
|
|
#undef DOMLEN
|
2002-06-06 19:17:51 +08:00
|
|
|
#endif //unused
|
2001-05-01 02:21:48 +08:00
|
|
|
|
2001-04-21 04:36:13 +08:00
|
|
|
int
|
|
|
|
set_process_privilege (const char *privilege, BOOL enable)
|
|
|
|
{
|
|
|
|
HANDLE hToken = NULL;
|
|
|
|
LUID restore_priv;
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
TOKEN_PRIVILEGES new_priv, orig_priv;
|
2001-04-21 04:36:13 +08:00
|
|
|
int ret = -1;
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
DWORD size;
|
2001-04-21 04:36:13 +08:00
|
|
|
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
if (!OpenProcessToken (hMainProc, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
|
2001-09-08 05:32:07 +08:00
|
|
|
&hToken))
|
2001-04-21 04:36:13 +08:00
|
|
|
{
|
|
|
|
__seterrno ();
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!LookupPrivilegeValue (NULL, privilege, &restore_priv))
|
|
|
|
{
|
|
|
|
__seterrno ();
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
new_priv.PrivilegeCount = 1;
|
|
|
|
new_priv.Privileges[0].Luid = restore_priv;
|
|
|
|
new_priv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;
|
|
|
|
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv,
|
2001-09-08 05:32:07 +08:00
|
|
|
sizeof orig_priv, &orig_priv, &size))
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
{
|
|
|
|
__seterrno ();
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
/* AdjustTokenPrivileges returns TRUE even if the privilege could not
|
2002-09-22 11:38:57 +08:00
|
|
|
be enabled. GetLastError () returns an correct error code, though. */
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
if (enable && GetLastError () == ERROR_NOT_ALL_ASSIGNED)
|
2001-04-21 04:36:13 +08:00
|
|
|
{
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
debug_printf ("Privilege %s couldn't be assigned", privilege);
|
2001-04-21 04:36:13 +08:00
|
|
|
__seterrno ();
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
ret = orig_priv.Privileges[0].Attributes == SE_PRIVILEGE_ENABLED ? 1 : 0;
|
2001-04-21 04:36:13 +08:00
|
|
|
|
|
|
|
out:
|
|
|
|
if (hToken)
|
|
|
|
CloseHandle (hToken);
|
|
|
|
|
2002-07-02 07:42:05 +08:00
|
|
|
syscall_printf ("%d = set_process_privilege (%s, %d)", ret, privilege, enable);
|
2001-04-21 04:36:13 +08:00
|
|
|
return ret;
|
|
|
|
}
|
2002-07-01 22:31:28 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Function to return a common SECURITY_DESCRIPTOR * that
|
|
|
|
* allows all access.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static NO_COPY SECURITY_DESCRIPTOR *null_sdp = 0;
|
|
|
|
|
|
|
|
SECURITY_DESCRIPTOR *__stdcall
|
|
|
|
get_null_sd ()
|
|
|
|
{
|
|
|
|
static NO_COPY SECURITY_DESCRIPTOR sd;
|
|
|
|
|
|
|
|
if (null_sdp == 0)
|
|
|
|
{
|
|
|
|
InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
|
|
|
SetSecurityDescriptorDacl (&sd, TRUE, 0, FALSE);
|
|
|
|
null_sdp = &sd;
|
|
|
|
}
|
|
|
|
return null_sdp;
|
|
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
|
|
|
sec_acl (PACL acl, BOOL admins, PSID sid1, PSID sid2)
|
|
|
|
{
|
|
|
|
size_t acl_len = MAX_DACL_LEN(5);
|
|
|
|
|
|
|
|
if (!InitializeAcl (acl, acl_len, ACL_REVISION))
|
|
|
|
{
|
|
|
|
debug_printf ("InitializeAcl %E");
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
if (sid2)
|
|
|
|
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
|
|
|
GENERIC_ALL, sid2))
|
|
|
|
debug_printf ("AddAccessAllowedAce(sid2) %E");
|
|
|
|
if (sid1)
|
|
|
|
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
|
|
|
GENERIC_ALL, sid1))
|
2002-08-08 22:16:14 +08:00
|
|
|
debug_printf ("AddAccessAllowedAce(sid1) %E");
|
2002-07-01 22:31:28 +08:00
|
|
|
if (admins)
|
|
|
|
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
|
|
|
GENERIC_ALL, well_known_admins_sid))
|
|
|
|
debug_printf ("AddAccessAllowedAce(admin) %E");
|
|
|
|
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
|
|
|
GENERIC_ALL, well_known_system_sid))
|
|
|
|
debug_printf ("AddAccessAllowedAce(system) %E");
|
|
|
|
#if 0 /* Does not seem to help */
|
|
|
|
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
|
|
|
GENERIC_ALL, well_known_creator_owner_sid))
|
|
|
|
debug_printf ("AddAccessAllowedAce(creator_owner) %E");
|
|
|
|
#endif
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
PSECURITY_ATTRIBUTES __stdcall
|
|
|
|
__sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
|
|
|
|
{
|
|
|
|
PSECURITY_ATTRIBUTES psa = (PSECURITY_ATTRIBUTES) sa_buf;
|
|
|
|
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)
|
|
|
|
((char *) sa_buf + sizeof (*psa));
|
|
|
|
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
|
|
|
|
|
|
|
|
cygsid sid;
|
|
|
|
|
|
|
|
if (!(sid = cygheap->user.orig_sid ()) ||
|
|
|
|
(!sec_acl (acl, TRUE, sid, sid2)))
|
|
|
|
return inherit ? &sec_none : &sec_none_nih;
|
|
|
|
|
|
|
|
if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
|
|
|
|
debug_printf ("InitializeSecurityDescriptor %E");
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Setting the owner lets the created security attribute not work
|
|
|
|
* on NT4 SP3 Server. Don't know why, but the function still does
|
|
|
|
* what it should do also if the owner isn't set.
|
|
|
|
*/
|
|
|
|
#if 0
|
|
|
|
if (!SetSecurityDescriptorOwner (psd, sid, FALSE))
|
|
|
|
debug_printf ("SetSecurityDescriptorOwner %E");
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (!SetSecurityDescriptorDacl (psd, TRUE, acl, FALSE))
|
|
|
|
debug_printf ("SetSecurityDescriptorDacl %E");
|
|
|
|
|
|
|
|
psa->nLength = sizeof (SECURITY_ATTRIBUTES);
|
|
|
|
psa->lpSecurityDescriptor = psd;
|
|
|
|
psa->bInheritHandle = inherit;
|
|
|
|
return psa;
|
|
|
|
}
|