This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Minor ntsec fixes and optimizations.

From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
To: cygwin-patches at cygwin dot com
Date: Wed, 29 Jan 2003 12:35:16 -0500
Subject: Minor ntsec fixes and optimizations.

Corinna,

This patch
1) fixes a remaining chown problem, when impersonated
2) combines is_grp_member with get_id, and uses internal_getgroups
   in a new way. This makes getting group membership almost free.
  This led me to define a new class cygpsid (same as cygsid but without
  buffer) and to make minor type changes in security.cc and passwd/group.  
3) fixes nits in security.cc

Pierre

P.S.: I am getting to the end of my "ntsec to do" list. Next I will
change sec_acl to __{u,g}id32_t.


2003/01/29  Pierre Humblet  <pierre.humblet@ieee.org>

	* security.h (class cygpsid): New class.
	(class cygsid): Use cygpsid as base. Remove members psid, get_id, 
	get_uid, get_gid, string, debug_printf and the == and != operators.
	(cygsidlist::clear_supp): Only do work if setgroups has been called.
	Declare get_sids_info. Rename DEFAULT_UID_NT to UNKNOWN_UID and 
	DEFAULT_GID to UNKNOWN_GID. Add third argument to declaration of
	set_process_privilege.
	* sec_helper.cc: Define sid_auth NO_COPY. 
	(cygpsid::operator==): New operator.
	(cygpsid::get_id): New function.
	(cygpsid::string): New function.
	(cygsid::string): Delete.
	(cygsid::get_id): Delete.
	(get_sids_info): New function.
	(set_process_privilege): Add third argument and call 
	OpenThreadToken if needed. Remove duplicate debug_printf.
	* security.cc (extract_nt_dom_user): Use strechr.
	(get_user_groups): Initialize glen to MAX_SID_LEN.
	(get_user_local_groups): Ditto.
	(get_attribute_from_acl): Define ace_sid as cygpsid.
	(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
	Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
	(get_nt_object_attribute): Ditto.
	(alloc_sd): Call set_process_privilege with three arguments.
	Define ace_sid as cygpsid.
	* autoload.cc: Autoload OpenThreadToken.
	* pwdgrp.h: Change arguments of internal_getpwsid,
	internal_getgrsid and internal_getgroups to cygpsid.
	* passwd.cc: Use UNKNOWN_UID instead of DEFAULT_UID_NT. 
	(internal_getpwsid): Change argument from cygsid to cygpsid.
	* grp.cc (internal_getgrsid): Ditto.
	(internal_getgroups): Ditto.
	* uinfo.cc (internal_getlogin): Replace DEFAULT_GID by UNKNOWN_GID.

Attachment: cygpsid.diff
Description: Text document

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]