From 2e8abfc1c50f541002610c4473caefee64183f04 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Thu, 6 Jun 2002 11:17:51 +0000 Subject: [PATCH] * sec_helper.cc (lookup_name): Suppress. * security.cc (alloc_sd): Remove logsrv argument. Remove two calls to lookup_name. (set_security_attribute): Remove logsrv argument. Remove logsrv argument in call to alloc_sd. (set_nt_attribute): Remove logsrv argument. Remove logsrv argument in call to set_security_attribute. (set_file_attribute): Remove logsrv argument. Remove logsrv argument in call to set_nt_attribute. (set_file_attribute): Remove logsrv argument. Remove logsrv argument in call to set_file_attribute. * syscalls.cc (chown_worker): Remove logserver argument in call to set_file_attribute. (chmod): Ditto. * shm.cc (shmget): Remove logsrv argument in call to alloc_sd. * uinfo.cc (internal_getlogin): Replace calls to lookup_name by call to LookupAccountName. * security.h: Remove logsrv in declarations of set_file_attribute and alloc_sd. Remove declaration of lookup_name. --- winsup/cygwin/ChangeLog | 22 ++++++++++++++++++++++ winsup/cygwin/sec_helper.cc | 2 ++ winsup/cygwin/security.cc | 19 ++++++++----------- winsup/cygwin/security.h | 8 ++------ winsup/cygwin/shm.cc | 2 +- winsup/cygwin/syscalls.cc | 4 ++-- winsup/cygwin/uinfo.cc | 18 ++++++++++-------- 7 files changed, 47 insertions(+), 28 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 369caf5aa..d0b81dcaf 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,25 @@ +2002-06-03 Pierre Humblet + + * sec_helper.cc (lookup_name): Suppress. + * security.cc (alloc_sd): Remove logsrv argument. + Remove two calls to lookup_name. + (set_security_attribute): Remove logsrv argument. + Remove logsrv argument in call to alloc_sd. + (set_nt_attribute): Remove logsrv argument. + Remove logsrv argument in call to set_security_attribute. + (set_file_attribute): Remove logsrv argument. + Remove logsrv argument in call to set_nt_attribute. + (set_file_attribute): Remove logsrv argument. + Remove logsrv argument in call to set_file_attribute. + * syscalls.cc (chown_worker): Remove logserver argument in + call to set_file_attribute. + (chmod): Ditto. + * shm.cc (shmget): Remove logsrv argument in call to alloc_sd. + * uinfo.cc (internal_getlogin): Replace calls to + lookup_name by call to LookupAccountName. + * security.h: Remove logsrv in declarations of set_file_attribute + and alloc_sd. Remove declaration of lookup_name. + 2002-06-05 Christopher Faylor * child_info.h (CHILD_INFO_MAGIC): Oops. Revert previous change. gcc diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index 7833d5a42..cfa0fafce 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -266,6 +266,7 @@ is_grp_member (__uid32_t uid, __gid32_t gid) return grp_member; } +#if 0 // unused #define SIDLEN (sidlen = MAX_SID_LEN, &sidlen) #define DOMLEN (domlen = INTERNET_MAX_HOST_NAME_LENGTH, &domlen) @@ -334,6 +335,7 @@ got_it: #undef SIDLEN #undef DOMLEN +#endif //unused int set_process_privilege (const char *privilege, BOOL enable) diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 65a5b5e58..e6414cfd4 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -1353,7 +1353,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes, } PSECURITY_DESCRIPTOR -alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute, +alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret) { BOOL dummy; @@ -1372,8 +1372,7 @@ alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute, cygsid owner_sid; struct passwd *pw = getpwuid32 (uid); strcpy (owner, pw ? pw->pw_name : getlogin ()); - if ((!pw || !owner_sid.getfrompw (pw)) - && !lookup_name (owner, logsrv, owner_sid)) + if (!pw || !owner_sid.getfrompw (pw)) return NULL; debug_printf ("owner: %s [%d]", owner, *GetSidSubAuthority(owner_sid, @@ -1384,8 +1383,7 @@ alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute, struct __group32 *grp = getgrgid32 (gid); if (grp) { - if ((!grp || !group_sid.getfromgr (grp)) - && !lookup_name (grp->gr_name, logsrv, group_sid)) + if (!grp || !group_sid.getfromgr (grp)) return NULL; } else @@ -1616,14 +1614,13 @@ set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa, InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)sd_buf, SECURITY_DESCRIPTOR_REVISION); psa->lpSecurityDescriptor = alloc_sd (geteuid32 (), getegid32 (), - cygheap->user.logsrv (), attribute, (PSECURITY_DESCRIPTOR)sd_buf, &sd_buf_size); } static int set_nt_attribute (const char *file, __uid32_t uid, __gid32_t gid, - const char *logsrv, int attribute) + int attribute) { if (!wincap.has_security ()) return 0; @@ -1640,7 +1637,7 @@ set_nt_attribute (const char *file, __uid32_t uid, __gid32_t gid, } sd_size = 4096; - if (!(psd = alloc_sd (uid, gid, logsrv, attribute, psd, &sd_size))) + if (!(psd = alloc_sd (uid, gid, attribute, psd, &sd_size))) return -1; return write_sd (file, psd, sd_size); @@ -1649,12 +1646,12 @@ set_nt_attribute (const char *file, __uid32_t uid, __gid32_t gid, int set_file_attribute (int use_ntsec, const char *file, __uid32_t uid, __gid32_t gid, - int attribute, const char *logsrv) + int attribute) { int ret = 0; if (use_ntsec && allow_ntsec) - ret = set_nt_attribute (file, uid, gid, logsrv, attribute); + ret = set_nt_attribute (file, uid, gid, attribute); else if (allow_ntea && !NTWriteEA (file, ".UNIXATTR", (char *) &attribute, sizeof (attribute))) { @@ -1671,5 +1668,5 @@ set_file_attribute (int use_ntsec, const char *file, int attribute) { return set_file_attribute (use_ntsec, file, myself->uid, myself->gid, - attribute, cygheap->user.logsrv ()); + attribute); } diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index bc5a78cac..af4b667f8 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -168,7 +168,7 @@ int __stdcall set_process_privileges (); int __stdcall get_file_attribute (int, const char *, int *, __uid32_t * = NULL, __gid32_t * = NULL); int __stdcall set_file_attribute (int, const char *, int); -int __stdcall set_file_attribute (int, const char *, __uid32_t, __gid32_t, int, const char *); +int __stdcall set_file_attribute (int, const char *, __uid32_t, __gid32_t, int); LONG __stdcall read_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, LPDWORD sd_size); LONG __stdcall write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size); BOOL __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit); @@ -191,10 +191,6 @@ BOOL get_logon_server (const char * domain, char * server, WCHAR *wserver = NULL /* sec_helper.cc: Security helper functions. */ BOOL __stdcall is_grp_member (__uid32_t uid, __gid32_t gid); -/* `lookup_name' should be called instead of LookupAccountName. - * logsrv may be NULL, in this case only the local system is used for lookup. - * The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */ -BOOL __stdcall lookup_name (const char *, const char *, PSID); int set_process_privilege (const char *privilege, BOOL enable = TRUE); /* shared.cc: */ @@ -209,7 +205,7 @@ extern BOOL sec_acl (PACL acl, BOOL admins, PSID sid1 = NO_SID, PSID sid2 = NO_S int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len); BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len); -PSECURITY_DESCRIPTOR alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute, +PSECURITY_DESCRIPTOR alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret); extern inline SECURITY_ATTRIBUTES * diff --git a/winsup/cygwin/shm.cc b/winsup/cygwin/shm.cc index 6026b20ac..baea3a60e 100644 --- a/winsup/cygwin/shm.cc +++ b/winsup/cygwin/shm.cc @@ -461,7 +461,7 @@ shmget (key_t key, size_t size, int shmflg) /* create a sd for our open requests based on shmflag & 0x01ff */ InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); - psd = alloc_sd (getuid32 (), getgid32 (), cygheap->user.logsrv (), + psd = alloc_sd (getuid32 (), getgid32 (), shmflg & 0x01ff, psd, &sd_size); if (key == (key_t) - 1) diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index bf2709d06..ed2e23611 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -805,7 +805,7 @@ chown_worker (const char *name, unsigned fmode, __uid32_t uid, __gid32_t gid) if (win32_path.isdir()) attrib |= S_IFDIR; res = set_file_attribute (win32_path.has_acls (), win32_path, uid, - gid, attrib, cygheap->user.logsrv ()); + gid, attrib); } if (res != 0 && (!win32_path.has_acls () || !allow_ntsec)) { @@ -933,7 +933,7 @@ chmod (const char *path, mode_t mode) if (win32_path.isdir ()) mode |= S_IFDIR; if (!set_file_attribute (win32_path.has_acls (), win32_path, uid, gid, - mode, cygheap->user.logsrv ()) + mode) && allow_ntsec) res = 0; diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index e41a1cbe8..20171c497 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -150,17 +150,19 @@ internal_getlogin (cygheap_user &user) and a domain user may have the same name. */ if (!ret && user.domain ()) { + char domain[DNLEN + 1]; + DWORD dlen = sizeof (domain); + siz = sizeof (tu); + SID_NAME_USE use = SidTypeInvalid; /* Concat DOMAIN\USERNAME for the next lookup */ strcat (strcat (strcpy (buf, user.domain ()), "\\"), user.name ()); - if (!(ret = lookup_name (buf, NULL, user.sid ()))) - debug_printf ("Couldn't retrieve SID locally!"); - } + if (!LookupAccountName (NULL, buf, tu, &siz, + domain, &dlen, &use) || + !legal_sid_type (use)) + debug_printf ("Couldn't retrieve SID locally!"); + else user.set_sid (tu); - /* If that fails, too, as a last resort try to get the SID from - the logon server. */ - if (!ret && !(ret = lookup_name (user.name (), user.logsrv (), - user.sid ()))) - debug_printf ("Couldn't retrieve SID from '%s'!", user.logsrv ()); + } /* If we have a SID, try to get the corresponding Cygwin user name which can be different from the Windows user name. */