diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2006-11-27 12:59:59 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2006-11-27 12:59:59 +0000 |
| commit | b825c587ba9e851002570b81f9f35196b7a96100 (patch) | |
| tree | 4f45a13329a6ac1cf399647ba96988538ccba0bf /winsup/cygwin/sec_helper.cc | |
| parent | b6bb405954f9713a2153e08dfc781f9146a42b9d (diff) | |
| download | newlib-b825c587ba9e851002570b81f9f35196b7a96100.zip newlib-b825c587ba9e851002570b81f9f35196b7a96100.tar.gz newlib-b825c587ba9e851002570b81f9f35196b7a96100.tar.bz2 | |
* cyglsa.h: New header file.
* environ.cc: Disable subauth settings.
* grp.cc: Accomodate cygsidlist's count now being a method.
* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
(mandatory_medium_integrity_sid): Remove.
(mandatory_high_integrity_sid): Remove.
(mandatory_system_integrity_sid): Remove.
(fake_logon_sid): Add.
(cygsid::get_sid): Add well_known parameter. Set well_known_sid
accordingly.
(cygsid::getfromstr): Ditto.
(cygsidlist::alloc_sids): Move here from security.cc.
(cygsidlist::free_sids): Ditto.
(cygsidlist::add): Move here from security.h. Add well_known parameter.
Set well_known_sid accordingly. Don't allow duplicate SIDs.
* security.cc: Include cyglsa.h and cygwin/version.h. Throughout
accomodate cygsidlist's count now being a method. Throughout drop
redundant "contains" tests.
(get_user_local_groups): Add local groups as well known SIDs.
(get_token_group_sidlist): Add well known groups as well known SIDs.
(get_server_groups): Ditto. Only call get_unix_group_sidlist after
get_user_local_groups to maintain "well_known_sid" attribute.
(get_initgroups_sidlist): Add well known groups as well known SIDs.
(get_setgroups_sidlist): Add usersid and struct passwd parameter to
allow calling get_server_groups from here.
(get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES
structure.
(get_priv_list): Ditto.
(create_token): Accomodate above changes. Drop misguided attempt to
add MIC SIDs to created user token. Print returned token as hex value.
(subauth): Disable.
(lsaauth): New function implementing client side of LSA authentication.
* security.h (class cygsid): Add well_known_sid attribute. Accomodate
throughout. Add *= operator to create a well known SID.
(class cygsidlist): Rename count to cnt. Make count a method.
(cygsidlist::add): Move to sec_helper.cc.
(cygsidlist::operator *=): New method to add well known SID.
(cygsidlist::non_well_known_count): New method returning number of
non well known SIDs in list.
(cygsidlist::next_non_well_known_sid): New method returning next non
well known SID by index.
(mandatory_medium_integrity_sid): Drop declaration.
(mandatory_high_integrity_sid): Drop declaration.
(mandatory_system_integrity_sid): Drop declaration.
(fake_logon_sid): Add declaration.
(subauth): Disable declaration.
(lsaauth): Add declaration.
* syscalls.cc (seteuid32): Disable subauthentication. Add LSA
authentication.
* wincap.h: Define needs_logon_sid_in_sid_list throughout.
* wincap.cc: Ditto.
Diffstat (limited to 'winsup/cygwin/sec_helper.cc')
| -rw-r--r-- | winsup/cygwin/sec_helper.cc | 60 |
1 files changed, 48 insertions, 12 deletions
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index ecb19fc..f1caf48 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -67,15 +67,8 @@ MKSID (well_known_system_sid, "S-1-5-18", MKSID (well_known_admins_sid, "S-1-5-32-544", SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS); - -#define SECURITY_MANDATORY_INTEGRITY_AUTHORITY {0,0,0,0,0,16} - -MKSID (mandatory_medium_integrity_sid, "S-1-64-8192", - SECURITY_MANDATORY_INTEGRITY_AUTHORITY, 1, 8192); -MKSID (mandatory_high_integrity_sid, "S-1-64-12288", - SECURITY_MANDATORY_INTEGRITY_AUTHORITY, 1, 12288); -MKSID (mandatory_system_integrity_sid, "S-1-64-16384", - SECURITY_MANDATORY_INTEGRITY_AUTHORITY, 1, 16384); +MKSID (fake_logon_sid, "S-1-5-5-0-0", + SECURITY_NT_AUTHORITY, 3, SECURITY_LOGON_IDS_RID, 0, 0); bool cygpsid::operator== (const char *nsidstr) const @@ -135,7 +128,7 @@ cygpsid::string (char *nsidstr) const } PSID -cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r) +cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r, bool well_known) { DWORD i; SID_IDENTIFIER_AUTHORITY sid_auth = {0,0,0,0,0,0}; @@ -150,11 +143,12 @@ cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r) InitializeSid (psid, &sid_auth, cnt); for (i = 0; i < cnt; ++i) memcpy ((char *) psid + 8 + sizeof (DWORD) * i, &r[i], sizeof (DWORD)); + well_known_sid = well_known; return psid; } const PSID -cygsid::getfromstr (const char *nsidstr) +cygsid::getfromstr (const char *nsidstr, bool well_known) { char *lasts; DWORD s, cnt = 0; @@ -166,7 +160,7 @@ cygsid::getfromstr (const char *nsidstr) while (cnt < 8 && *lasts == '-') r[cnt++] = strtoul (lasts + 1, &lasts, 10); if (!*lasts) - return get_sid (s, cnt, r); + return get_sid (s, cnt, r, well_known); } return psid = NO_SID; } @@ -185,6 +179,48 @@ cygsid::getfromgr (const struct __group32 *gr) return (*this = sp) != NULL; } +cygsid * +cygsidlist::alloc_sids (int n) +{ + if (n > 0) + return (cygsid *) cmalloc (HEAP_STR, n * sizeof (cygsid)); + else + return NULL; +} + +void +cygsidlist::free_sids () +{ + if (sids) + cfree (sids); + sids = NULL; + cnt = maxcnt = 0; + type = cygsidlist_empty; +} + +BOOL +cygsidlist::add (const PSID nsi, bool well_known) +{ + if (contains (nsi)) + return TRUE; + if (cnt >= maxcnt) + { + cygsid *tmp = new cygsid [2 * maxcnt]; + if (!tmp) + return FALSE; + maxcnt *= 2; + for (int i = 0; i < cnt; ++i) + tmp[i] = sids[i]; + delete [] sids; + sids = tmp; + } + if (well_known) + sids[cnt++] *= nsi; + else + sids[cnt++] = nsi; + return TRUE; +} + bool get_sids_info (cygpsid owner_sid, cygpsid group_sid, __uid32_t * uidret, __gid32_t * gidret) { |