From 4a21c2d5c8c87d5df8151300085fcc333a5ffefe Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Tue, 4 Feb 2003 14:58:04 +0000 Subject: [PATCH] * security.h (class cygpsid): New class. (class cygsid): Use cygpsid as base. Remove members psid, get_id, get_uid, get_gid, string, debug_printf and the == and != operators. (cygsidlist::clear_supp): Only do work if setgroups has been called. * sec_helper.cc: Define sid_auth NO_COPY. (cygpsid::operator==): New operator. (cygpsid::get_id): New function. (cygpsid::string): New function. (cygsid::string): Delete. (cygsid::get_id): Delete. * pwdgrp.h: Change arguments of internal_getpwsid, internal_getgrsid and internal_getgroups to cygpsid. * passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid. * grp.cc (internal_getgrsid): Ditto. (internal_getgroups): Ditto. --- winsup/cygwin/ChangeLog | 18 ++++++ winsup/cygwin/grp.cc | 4 +- winsup/cygwin/passwd.cc | 2 +- winsup/cygwin/pwdgrp.h | 6 +- winsup/cygwin/sec_helper.cc | 111 +++++++++++++++++++----------------- winsup/cygwin/security.h | 73 +++++++++++++----------- 6 files changed, 123 insertions(+), 91 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 4ad4441a4..adcd66861 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,21 @@ +2003-02-04 Pierre Humblet + + * security.h (class cygpsid): New class. + (class cygsid): Use cygpsid as base. Remove members psid, get_id, + get_uid, get_gid, string, debug_printf and the == and != operators. + (cygsidlist::clear_supp): Only do work if setgroups has been called. + * sec_helper.cc: Define sid_auth NO_COPY. + (cygpsid::operator==): New operator. + (cygpsid::get_id): New function. + (cygpsid::string): New function. + (cygsid::string): Delete. + (cygsid::get_id): Delete. + * pwdgrp.h: Change arguments of internal_getpwsid, + internal_getgrsid and internal_getgroups to cygpsid. + * passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid. + * grp.cc (internal_getgrsid): Ditto. + (internal_getgroups): Ditto. + 2003-02-03 Christopher Faylor Eliminate most unneeded this-> pointers throughout. diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc index f252e3cb8..41f2484b0 100644 --- a/winsup/cygwin/grp.cc +++ b/winsup/cygwin/grp.cc @@ -107,7 +107,7 @@ pwdgrp::read_group () } struct __group32 * -internal_getgrsid (cygsid &sid) +internal_getgrsid (cygpsid &sid) { char sid_string[128]; @@ -231,7 +231,7 @@ internal_getgrent (int pos) } int -internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygsid * srchsid) +internal_getgroups (int gidsetsize, __gid32_t *grouplist, cygpsid * srchsid) { HANDLE hToken = NULL; DWORD size; diff --git a/winsup/cygwin/passwd.cc b/winsup/cygwin/passwd.cc index 1a6654c21..ad784adac 100644 --- a/winsup/cygwin/passwd.cc +++ b/winsup/cygwin/passwd.cc @@ -97,7 +97,7 @@ pwdgrp::read_passwd () } struct passwd * -internal_getpwsid (cygsid &sid) +internal_getpwsid (cygpsid &sid) { struct passwd *pw; char *ptr1, *ptr2, *endptr; diff --git a/winsup/cygwin/pwdgrp.h b/winsup/cygwin/pwdgrp.h index 738ee601c..40b1eeb6f 100644 --- a/winsup/cygwin/pwdgrp.h +++ b/winsup/cygwin/pwdgrp.h @@ -12,14 +12,14 @@ details. */ /* These functions are needed to allow searching and walking through the passwd and group lists */ -extern struct passwd *internal_getpwsid (cygsid &); +extern struct passwd *internal_getpwsid (cygpsid &); extern struct passwd *internal_getpwnam (const char *, bool = FALSE); extern struct passwd *internal_getpwuid (__uid32_t, bool = FALSE); -extern struct __group32 *internal_getgrsid (cygsid &); +extern struct __group32 *internal_getgrsid (cygpsid &); extern struct __group32 *internal_getgrgid (__gid32_t gid, bool = FALSE); extern struct __group32 *internal_getgrnam (const char *, bool = FALSE); extern struct __group32 *internal_getgrent (int); -int internal_getgroups (int, __gid32_t *, cygsid * = NULL); +int internal_getgroups (int, __gid32_t *, cygpsid * = NULL); #include "sync.h" class pwdgrp diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index 9c49c0a59..59eba0887 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -39,7 +39,7 @@ SECURITY_ATTRIBUTES NO_COPY sec_none_nih; SECURITY_ATTRIBUTES NO_COPY sec_all; SECURITY_ATTRIBUTES NO_COPY sec_all_nih; -SID_IDENTIFIER_AUTHORITY sid_auth[] = { +SID_IDENTIFIER_AUTHORITY NO_COPY sid_auth[] = { {SECURITY_NULL_SID_AUTHORITY}, {SECURITY_WORLD_SID_AUTHORITY}, {SECURITY_LOCAL_SID_AUTHORITY}, @@ -62,6 +62,63 @@ cygsid well_known_authenticated_users_sid; cygsid well_known_system_sid; cygsid well_known_admins_sid; +bool +cygpsid::operator== (const char *nsidstr) const +{ + cygsid nsid (nsidstr); + return psid == nsid; +} + +__uid32_t +cygpsid::get_id (BOOL search_grp, int *type) +{ + /* First try to get SID from group, then passwd */ + __uid32_t id = ILLEGAL_UID; + + if (search_grp) + { + struct __group32 *gr; + if (cygheap->user.groups.pgsid == psid) + id = myself->gid; + else if ((gr = internal_getgrsid (*this))) + id = gr->gr_gid; + if (id != ILLEGAL_UID) + { + if (type) + *type = GROUP; + return id; + } + } + if (!search_grp || type) + { + struct passwd *pw; + if (*this == cygheap->user.sid ()) + id = myself->uid; + else if ((pw = internal_getpwsid (*this))) + id = pw->pw_uid; + if (id != ILLEGAL_UID && type) + *type = USER; + } + return id; +} + + +char * +cygpsid::string (char *nsidstr) const +{ + char *t; + DWORD i; + + if (!psid || !nsidstr) + return NULL; + strcpy (nsidstr, "S-1-"); + t = nsidstr + sizeof ("S-1-") - 1; + t += __small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]); + for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i) + t += __small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i)); + return nsidstr; +} + void cygsid::init () { @@ -80,25 +137,6 @@ cygsid::init () well_known_admins_sid = "S-1-5-32-544"; } -char * -cygsid::string (char *nsidstr) const -{ - char t[32]; - DWORD i; - - if (!psid || !nsidstr) - return NULL; - strcpy (nsidstr, "S-1-"); - __small_sprintf (t, "%u", GetSidIdentifierAuthority (psid)->Value[5]); - strcat (nsidstr, t); - for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i) - { - __small_sprintf (t, "-%lu", *GetSidSubAuthority (psid, i)); - strcat (nsidstr, t); - } - return nsidstr; -} - PSID cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r) { @@ -148,39 +186,6 @@ cygsid::getfromgr (const struct __group32 *gr) return (*this = sp) != NULL; } -__uid32_t -cygsid::get_id (BOOL search_grp, int *type) -{ - /* First try to get SID from passwd or group entry */ - __uid32_t id = ILLEGAL_UID; - - if (!search_grp) - { - struct passwd *pw; - if (*this == cygheap->user.sid ()) - id = myself->uid; - else if ((pw = internal_getpwsid (*this))) - id = pw->pw_uid; - if (id != ILLEGAL_UID) - { - if (type) - *type = USER; - return id; - } - } - if (search_grp || type) - { - struct __group32 *gr; - if (cygheap->user.groups.pgsid == psid) - id = myself->gid; - else if ((gr = internal_getgrsid (*this))) - id = gr->gr_gid; - if (id != ILLEGAL_UID && type) - *type = GROUP; - } - return id; -} - BOOL is_grp_member (__uid32_t uid, __gid32_t gid) { diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index a2a46a433..d789d18ea 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -20,8 +20,40 @@ details. */ #define NO_SID ((PSID)NULL) -class cygsid { +class cygpsid { +protected: PSID psid; +public: + cygpsid () {} + cygpsid (PSID nsid) { psid = nsid; } + operator const PSID () { return psid; } + const PSID operator= (PSID nsid) { return psid = nsid;} + __uid32_t get_id (BOOL search_grp, int *type = NULL); + int get_uid () { return get_id (FALSE); } + int get_gid () { return get_id (TRUE); } + + char *string (char *nsidstr) const; + + bool operator== (const PSID nsid) const + { + if (!psid || !nsid) + return nsid == psid; + return EqualSid (psid, nsid); + } + bool operator!= (const PSID nsid) const + { return !(*this == nsid); } + bool operator== (const char *nsidstr) const; + bool operator!= (const char *nsidstr) const + { return !(*this == nsidstr); } + + void debug_print (const char *prefix = NULL) const + { + char buf[256]; + debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL"); + } +}; + +class cygsid : public cygpsid { char sbuf[MAX_SID_LEN]; const PSID getfromstr (const char *nsidstr); @@ -50,7 +82,7 @@ public: inline const PSID operator= (const char *nsidstr) { return getfromstr (nsidstr); } - inline cygsid () : psid ((PSID) sbuf) {} + inline cygsid () : cygpsid ((PSID) sbuf) {} inline cygsid (const PSID nsid) { *this = nsid; } inline cygsid (const char *nstrsid) { *this = nstrsid; } @@ -58,34 +90,6 @@ public: BOOL getfrompw (const struct passwd *pw); BOOL getfromgr (const struct __group32 *gr); - - __uid32_t get_id (BOOL search_grp, int *type = NULL); - inline int get_uid () { return get_id (FALSE); } - inline int get_gid () { return get_id (TRUE); } - - char *string (char *nsidstr) const; - - inline BOOL operator== (const PSID nsid) const - { - if (!psid || !nsid) - return nsid == psid; - return EqualSid (psid, nsid); - } - inline BOOL operator== (const char *nsidstr) const - { - cygsid nsid (nsidstr); - return *this == nsid; - } - inline BOOL operator!= (const PSID nsid) const - { return !(*this == nsid); } - inline BOOL operator!= (const char *nsidstr) const - { return !(*this == nsidstr); } - - void debug_print (const char *prefix = NULL) const - { - char buf[256]; - debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL"); - } }; typedef enum { cygsidlist_empty, cygsidlist_alloc, cygsidlist_auto } cygsidlist_type; @@ -171,8 +175,11 @@ public: } void clear_supp () { - sgsids.free_sids (); - ischanged = TRUE; + if (issetgroups ()) + { + sgsids.free_sids (); + ischanged = TRUE; + } } void update_pgrp (const PSID sid) { @@ -222,6 +229,8 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa, void *sd_buf, DWORD sd_buf_size); +bool get_sids_info (cygpsid, cygpsid, __uid32_t * , __gid32_t *); + /* Try a subauthentication. */ HANDLE subauth (struct passwd *pw); /* Try creating a token directly. */