diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2002-05-13 12:10:49 +0000 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2002-05-13 12:10:49 +0000 |
commit | 043bc3e1eea5042ef269f4f2b6aa6cb760b23fcd (patch) | |
tree | 997ee8941dbdca2d08d87c4d14fd98737c658ee3 /winsup/cygwin/shared.cc | |
parent | 6eabab557a557abd532eb8f1b089c7814950b37f (diff) | |
download | newlib-043bc3e1eea5042ef269f4f2b6aa6cb760b23fcd.zip newlib-043bc3e1eea5042ef269f4f2b6aa6cb760b23fcd.tar.gz newlib-043bc3e1eea5042ef269f4f2b6aa6cb760b23fcd.tar.bz2 |
* shared.cc (__sec_user): Split into sec_acl() and call orig_sid().
(sec_acl): Create from part of __sec_user(), except creator/owner.
* security.h: Define sec_acl() and MAX_DACL_LEN.
Diffstat (limited to 'winsup/cygwin/shared.cc')
-rw-r--r-- | winsup/cygwin/shared.cc | 77 |
1 files changed, 35 insertions, 42 deletions
diff --git a/winsup/cygwin/shared.cc b/winsup/cygwin/shared.cc index 5f1bc1f..a1ad5e8 100644 --- a/winsup/cygwin/shared.cc +++ b/winsup/cygwin/shared.cc @@ -236,6 +236,39 @@ get_null_sd () return null_sdp; } +BOOL +sec_acl (PACL acl, BOOL admins, PSID sid1, PSID sid2) +{ + size_t acl_len = MAX_DACL_LEN(5); + + if (!InitializeAcl (acl, acl_len, ACL_REVISION)) + { + debug_printf ("InitializeAcl %E"); + return FALSE; + } + if (sid2) + if (!AddAccessAllowedAce (acl, ACL_REVISION, + GENERIC_ALL, sid2)) + debug_printf ("AddAccessAllowedAce(sid2) %E"); + if (sid1) + if (!AddAccessAllowedAce (acl, ACL_REVISION, + GENERIC_ALL, sid1)) + debug_printf ("AddAccessAllowedAce(sid1) %E", sid1); + if (admins) + if (!AddAccessAllowedAce (acl, ACL_REVISION, + GENERIC_ALL, well_known_admins_sid)) + debug_printf ("AddAccessAllowedAce(admin) %E"); + if (!AddAccessAllowedAce (acl, ACL_REVISION, + GENERIC_ALL, well_known_system_sid)) + debug_printf ("AddAccessAllowedAce(system) %E"); +#if 0 /* Does not seem to help */ + if (!AddAccessAllowedAce (acl, ACL_REVISION, + GENERIC_ALL, well_known_creator_owner_sid)) + debug_printf ("AddAccessAllowedAce(creator_owner) %E"); +#endif + return TRUE; +} + PSECURITY_ATTRIBUTES __stdcall __sec_user (PVOID sa_buf, PSID sid2, BOOL inherit) { @@ -246,50 +279,10 @@ __sec_user (PVOID sa_buf, PSID sid2, BOOL inherit) cygsid sid; - if (cygheap->user.sid ()) - sid = cygheap->user.sid (); - else if (!lookup_name (getlogin (), cygheap->user.logsrv (), sid)) + if (!(sid = cygheap->user.orig_sid ()) || + (!sec_acl (acl, TRUE, sid, sid2))) return inherit ? &sec_none : &sec_none_nih; - size_t acl_len = sizeof (ACL) - + 4 * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD)) - + GetLengthSid (sid) - + GetLengthSid (well_known_admins_sid) - + GetLengthSid (well_known_system_sid) - + GetLengthSid (well_known_creator_owner_sid); - if (sid2) - acl_len += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) - + GetLengthSid (sid2); - - if (!InitializeAcl (acl, acl_len, ACL_REVISION)) - debug_printf ("InitializeAcl %E"); - - if (!AddAccessAllowedAce (acl, ACL_REVISION, - SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL, - sid)) - debug_printf ("AddAccessAllowedAce(%s) %E", getlogin ()); - - if (!AddAccessAllowedAce (acl, ACL_REVISION, - SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL, - well_known_admins_sid)) - debug_printf ("AddAccessAllowedAce(admin) %E"); - - if (!AddAccessAllowedAce (acl, ACL_REVISION, - SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL, - well_known_system_sid)) - debug_printf ("AddAccessAllowedAce(system) %E"); - - if (!AddAccessAllowedAce (acl, ACL_REVISION, - SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL, - well_known_creator_owner_sid)) - debug_printf ("AddAccessAllowedAce(creator_owner) %E"); - - if (sid2) - if (!AddAccessAllowedAce (acl, ACL_REVISION, - SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL, - sid2)) - debug_printf ("AddAccessAllowedAce(sid2) %E"); - if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION)) debug_printf ("InitializeSecurityDescriptor %E"); |