From e122c47112e7830e156fffb469ed389ecde0151a Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Fri, 12 Feb 2010 17:40:42 +0000
Subject: [PATCH] * sec_auth.cc (get_user_local_groups): Retrieve name
of well known builtin group from system. Explain why. *
sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group. *
security.h (well_known_builtin_sid): Declare.
---
winsup/cygwin/ChangeLog | 7 +++++++
winsup/cygwin/sec_auth.cc | 42 ++++++++++++++++++++++++++-----------
winsup/cygwin/sec_helper.cc | 2 ++
winsup/cygwin/security.h | 1 +
4 files changed, 40 insertions(+), 12 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index a9bec45ce..955e256b3 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,10 @@
+2010-02-12 Corinna Vinschen <corinna@vinschen.de>
+
+ * sec_auth.cc (get_user_local_groups): Retrieve name of well known
+ builtin group from system. Explain why.
+ * sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
+ * security.h (well_known_builtin_sid): Declare.
+
2010-02-11 Pierre Humblet <Pierre.Humblet@ieee.org>
* registry.c (get_registry_hive_path): Add space in string.
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index 2cdf35235..940483b4a 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -320,20 +320,19 @@ get_user_local_groups (PWCHAR logonserver, PWCHAR domain,
}
WCHAR domlocal_grp[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
- WCHAR builtin_grp[sizeof ("BUILTIN\\") + GNLEN + 2];
- PWCHAR dg_ptr, bg_ptr;
+ WCHAR builtin_grp[2 * GNLEN + 2];
+ PWCHAR dg_ptr, bg_ptr = NULL;
SID_NAME_USE use;
dg_ptr = wcpcpy (domlocal_grp, domain);
*dg_ptr++ = L'\\';
- bg_ptr = wcpcpy (builtin_grp, L"BUILTIN\\");
for (DWORD i = 0; i < cnt; ++i)
{
cygsid gsid;
DWORD glen = MAX_SID_LEN;
WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
- DWORD domlen = sizeof (dom);
+ DWORD domlen = MAX_DOMAIN_NAME_LEN + 1;
use = SidTypeInvalid;
wcscpy (dg_ptr, buf[i].lgrpi0_name);
@@ -348,17 +347,36 @@ get_user_local_groups (PWCHAR logonserver, PWCHAR domain,
else if (GetLastError () == ERROR_NONE_MAPPED)
{
/* Check if it's a builtin group. */
- wcscpy (bg_ptr, dg_ptr);
- if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
- dom, &domlen, &use))
+ if (!bg_ptr)
{
- if (!legal_sid_type (use))
- debug_printf ("Rejecting local %W. use: %d", dg_ptr, use);
+ /* Retrieve name of builtin group from system since it's
+ localized. */
+ glen = 2 * GNLEN + 2;
+ if (!LookupAccountSidW (NULL, well_known_builtin_sid,
+ builtin_grp, &glen, domain, &domlen, &use))
+ debug_printf ("LookupAccountSid(BUILTIN), %E");
else
- grp_list *= gsid;
+ {
+ bg_ptr = builtin_grp + wcslen (builtin_grp);
+ bg_ptr = wcpcpy (builtin_grp, L"\\");
+ }
+ }
+ if (bg_ptr)
+ {
+ wcscpy (bg_ptr, dg_ptr);
+ glen = MAX_SID_LEN;
+ domlen = MAX_DOMAIN_NAME_LEN + 1;
+ if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
+ dom, &domlen, &use))
+ {
+ if (!legal_sid_type (use))
+ debug_printf ("Rejecting local %W. use: %d", dg_ptr, use);
+ else
+ grp_list *= gsid;
+ }
+ else
+ debug_printf ("LookupAccountName(%W), %E", builtin_grp);
}
- else
- debug_printf ("LookupAccountName(%W), %E", builtin_grp);
}
else
debug_printf ("LookupAccountName(%W), %E", domlocal_grp);
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 38f4901f2..dc7b89fba 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -57,6 +57,8 @@ MKSID (well_known_this_org_sid, "S-1-5-15",
SECURITY_NT_AUTHORITY, 1, 15);
MKSID (well_known_system_sid, "S-1-5-18",
SECURITY_NT_AUTHORITY, 1, SECURITY_LOCAL_SYSTEM_RID);
+MKSID (well_known_builtin_sid, "S-1-5-32",
+ SECURITY_NT_AUTHORITY, 1, SECURITY_BUILTIN_DOMAIN_RID);
MKSID (well_known_admins_sid, "S-1-5-32-544",
SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS);
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index f9538c129..d239d0714 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -327,6 +327,7 @@ extern cygpsid well_known_service_sid;
extern cygpsid well_known_authenticated_users_sid;
extern cygpsid well_known_this_org_sid;
extern cygpsid well_known_system_sid;
+extern cygpsid well_known_builtin_sid;
extern cygpsid well_known_admins_sid;
extern cygpsid well_known_users_sid;
extern cygpsid fake_logon_sid;