diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 299eec166..680a07f63 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,15 @@ +2003-02-05 Pierre Humblet + + * sec_helper.cc (get_sids_info): New function. + * security.cc (extract_nt_dom_user): Simplify with strechr. + (get_user_groups): Initialize glen to MAX_SID_LEN. + (get_user_local_groups): Ditto. + (get_attribute_from_acl): Define ace_sid as cygpsid. + (get_nt_attribute): Define owner_sid and group_sid as cygpsid. + Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member. + (get_nt_object_attribute): Ditto. + (alloc_sd): Define ace_sid as cygpsid. + 2003-02-04 Thomas Pfaff * syscalls.cc (struct system_cleanup_args): New struct. diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index 59eba0887..e4f7419a7 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -186,6 +186,43 @@ cygsid::getfromgr (const struct __group32 *gr) return (*this = sp) != NULL; } +bool +get_sids_info (cygpsid owner_sid, cygpsid group_sid, __uid32_t * uidret, __gid32_t * gidret) +{ + struct passwd *pw; + struct __group32 *gr = NULL; + bool ret = false; + + if (group_sid == cygheap->user.groups.pgsid) + *gidret = myself->gid; + else if ((gr = internal_getgrsid (group_sid))) + *gidret = gr->gr_gid; + else + *gidret = ILLEGAL_GID; + + if (owner_sid == cygheap->user.sid ()) + { + *uidret = myself->uid; + if (*gidret == myself->gid) + ret = true; + else + ret = (internal_getgroups (0, NULL, &group_sid) > 0); + } + else if ((pw = internal_getpwsid (owner_sid))) + { + *uidret = pw->pw_uid; + if (gr || (*gidret != ILLEGAL_GID + && (gr = internal_getgrgid (*gidret)))) + for (int idx = 0; gr->gr_mem[idx]; ++idx) + if ((ret = strcasematch (pw->pw_name, gr->gr_mem[idx]))) + break; + } + else + *uidret = ILLEGAL_UID; + + return ret; +} + BOOL is_grp_member (__uid32_t uid, __gid32_t gid) { diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index f72b89672..8c8727096 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -90,15 +90,13 @@ extract_nt_dom_user (const struct passwd *pw, char *domain, char *user) if ((d = strstr (pw->pw_gecos, "U-")) != NULL && (d == pw->pw_gecos || d[-1] == ',')) { - c = strchr (d + 2, ','); - if ((u = strchr (d + 2, '\\')) == NULL || (c != NULL && u > c)) + c = strechr (d + 2, ','); + if ((u = strechr (d + 2, '\\')) >= c) u = d + 1; else if (u - d <= INTERNET_MAX_HOST_NAME_LENGTH + 2) strlcpy (domain, d + 2, u - d - 1); - if (c == NULL) - c = u + UNLEN + 1; if (c - u <= UNLEN + 1) - strlcpy (user, u + 1, c - u); + strlcpy (user, u + 1, c - u); } if (domain[0]) return; @@ -329,7 +327,7 @@ get_user_groups (WCHAR *wlogonserver, cygsidlist &grp_list, char *user, for (DWORD i = 0; i < cnt; ++i) { cygsid gsid; - DWORD glen = sizeof (gsid); + DWORD glen = MAX_SID_LEN; char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; DWORD dlen = sizeof (domain); SID_NAME_USE use = SidTypeInvalid; @@ -407,7 +405,7 @@ get_user_local_groups (cygsidlist &grp_list, PSID pusersid) if (is_group_member (buf[i].lgrpi0_name, pusersid, grp_list)) { cygsid gsid; - DWORD glen = sizeof (gsid); + DWORD glen = MAX_SID_LEN; char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; DWORD dlen = sizeof (domain); @@ -1230,7 +1228,7 @@ get_attribute_from_acl (int * attribute, PACL acl, PSID owner_sid, continue; } - cygsid ace_sid ((PSID) &ace->SidStart); + cygpsid ace_sid ((PSID) &ace->SidStart); if (ace_sid == well_known_world_sid) { if (ace->Mask & FILE_READ_DATA) @@ -1317,13 +1315,13 @@ get_nt_attribute (const char *file, int *attribute, return -1; } - PSID owner_sid; - PSID group_sid; + cygpsid owner_sid; + cygpsid group_sid; BOOL dummy; - if (!GetSecurityDescriptorOwner (psd, &owner_sid, &dummy)) + if (!GetSecurityDescriptorOwner (psd, (PSID *) &owner_sid, &dummy)) debug_printf ("GetSecurityDescriptorOwner %E"); - if (!GetSecurityDescriptorGroup (psd, &group_sid, &dummy)) + if (!GetSecurityDescriptorGroup (psd, (PSID *) &group_sid, &dummy)) debug_printf ("GetSecurityDescriptorGroup %E"); PACL acl; @@ -1336,8 +1334,9 @@ get_nt_attribute (const char *file, int *attribute, return -1; } - __uid32_t uid = cygsid (owner_sid).get_uid (); - __gid32_t gid = cygsid (group_sid).get_gid (); + __uid32_t uid; + __gid32_t gid; + BOOL grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid); if (uidret) *uidret = uid; if (gidret) @@ -1349,8 +1348,6 @@ get_nt_attribute (const char *file, int *attribute, return 0; } - BOOL grp_member = is_grp_member (uid, gid); - if (!acl_exists || !acl) { *attribute |= S_IRWXU | S_IRWXG | S_IRWXO; @@ -1420,15 +1417,16 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type, return 0; PSECURITY_DESCRIPTOR psd = NULL; - PSID owner_sid; - PSID group_sid; + cygpsid owner_sid; + cygpsid group_sid; PACL acl; if (ERROR_SUCCESS != GetSecurityInfo (handle, object_type, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION, - &owner_sid, &group_sid, + (PSID *) &owner_sid, + (PSID *) &group_sid, &acl, NULL, &psd)) { __seterrno (); @@ -1436,8 +1434,10 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type, return -1; } - __uid32_t uid = cygsid (owner_sid).get_uid (); - __gid32_t gid = cygsid (group_sid).get_gid (); + __uid32_t uid; + __gid32_t gid; + BOOL grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid); + if (uidret) *uidret = uid; if (gidret) @@ -1450,8 +1450,6 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type, return 0; } - BOOL grp_member = is_grp_member (uid, gid); - if (!acl) { *attribute |= S_IRWXU | S_IRWXG | S_IRWXO; @@ -1749,7 +1747,8 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, for (DWORD i = 0; i < oacl->AceCount; ++i) if (GetAce (oacl, i, (PVOID *) &ace)) { - cygsid ace_sid ((PSID) &ace->SidStart); + cygpsid ace_sid ((PSID) &ace->SidStart); + /* Check for related ACEs. */ if (ace_sid == well_known_null_sid) continue;