security.cc
Pierre A. Humblet
Pierre.Humblet@ieee.org
Tue Feb 4 15:41:00 GMT 2003
Corinna,
This patch defines a new function get_sids_info that greatly reduces
the number of passwd/group lookups, compared to the current approach.
There are also minor fixes in security.cc
Pierre
2003/02/04 Pierre Humblet <pierre.humblet@ieee.org>
* sec_helper.cc (get_sids_info): New function.
* security.cc (extract_nt_dom_user): Simplify with strechr.
(get_user_groups): Initialize glen to MAX_SID_LEN.
(get_user_local_groups): Ditto.
(get_attribute_from_acl): Define ace_sid as cygpsid.
(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
(get_nt_object_attribute): Ditto.
(alloc_sd): Define ace_sid as cygpsid.
-------------- next part --------------
Index: security.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/security.cc,v
retrieving revision 1.133
diff -u -p -r1.133 security.cc
--- security.cc 3 Feb 2003 15:55:19 -0000 1.133
+++ security.cc 4 Feb 2003 15:10:02 -0000
@@ -90,15 +90,13 @@ extract_nt_dom_user (const struct passwd
if ((d = strstr (pw->pw_gecos, "U-")) != NULL &&
(d == pw->pw_gecos || d[-1] == ','))
{
- c = strchr (d + 2, ',');
- if ((u = strchr (d + 2, '\\')) == NULL || (c != NULL && u > c))
+ c = strechr (d + 2, ',');
+ if ((u = strechr (d + 2, '\\')) >= c)
u = d + 1;
else if (u - d <= INTERNET_MAX_HOST_NAME_LENGTH + 2)
strlcpy (domain, d + 2, u - d - 1);
- if (c == NULL)
- c = u + UNLEN + 1;
if (c - u <= UNLEN + 1)
- strlcpy (user, u + 1, c - u);
+ strlcpy (user, u + 1, c - u);
}
if (domain[0])
return;
@@ -329,7 +327,7 @@ get_user_groups (WCHAR *wlogonserver, cy
for (DWORD i = 0; i < cnt; ++i)
{
cygsid gsid;
- DWORD glen = sizeof (gsid);
+ DWORD glen = MAX_SID_LEN;
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
DWORD dlen = sizeof (domain);
SID_NAME_USE use = SidTypeInvalid;
@@ -407,7 +405,7 @@ get_user_local_groups (cygsidlist &grp_l
if (is_group_member (buf[i].lgrpi0_name, pusersid, grp_list))
{
cygsid gsid;
- DWORD glen = sizeof (gsid);
+ DWORD glen = MAX_SID_LEN;
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
DWORD dlen = sizeof (domain);
@@ -1230,7 +1228,7 @@ get_attribute_from_acl (int * attribute,
continue;
}
- cygsid ace_sid ((PSID) &ace->SidStart);
+ cygpsid ace_sid ((PSID) &ace->SidStart);
if (ace_sid == well_known_world_sid)
{
if (ace->Mask & FILE_READ_DATA)
@@ -1317,13 +1315,13 @@ get_nt_attribute (const char *file, int
return -1;
}
- PSID owner_sid;
- PSID group_sid;
+ cygpsid owner_sid;
+ cygpsid group_sid;
BOOL dummy;
- if (!GetSecurityDescriptorOwner (psd, &owner_sid, &dummy))
+ if (!GetSecurityDescriptorOwner (psd, (void **) &owner_sid, &dummy))
debug_printf ("GetSecurityDescriptorOwner %E");
- if (!GetSecurityDescriptorGroup (psd, &group_sid, &dummy))
+ if (!GetSecurityDescriptorGroup (psd, (void **) &group_sid, &dummy))
debug_printf ("GetSecurityDescriptorGroup %E");
PACL acl;
@@ -1336,8 +1334,9 @@ get_nt_attribute (const char *file, int
return -1;
}
- __uid32_t uid = cygsid (owner_sid).get_uid ();
- __gid32_t gid = cygsid (group_sid).get_gid ();
+ __uid32_t uid;
+ __gid32_t gid;
+ BOOL grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid);
if (uidret)
*uidret = uid;
if (gidret)
@@ -1349,8 +1348,6 @@ get_nt_attribute (const char *file, int
return 0;
}
- BOOL grp_member = is_grp_member (uid, gid);
-
if (!acl_exists || !acl)
{
*attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
@@ -1420,15 +1417,15 @@ get_nt_object_attribute (HANDLE handle,
return 0;
PSECURITY_DESCRIPTOR psd = NULL;
- PSID owner_sid;
- PSID group_sid;
+ cygpsid owner_sid;
+ cygpsid group_sid;
PACL acl;
if (ERROR_SUCCESS != GetSecurityInfo (handle, object_type,
DACL_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
OWNER_SECURITY_INFORMATION,
- &owner_sid, &group_sid,
+ (void **) &owner_sid, (void **) &group_sid,
&acl, NULL, &psd))
{
__seterrno ();
@@ -1436,8 +1433,10 @@ get_nt_object_attribute (HANDLE handle,
return -1;
}
- __uid32_t uid = cygsid (owner_sid).get_uid ();
- __gid32_t gid = cygsid (group_sid).get_gid ();
+ __uid32_t uid;
+ __gid32_t gid;
+ BOOL grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid);
+
if (uidret)
*uidret = uid;
if (gidret)
@@ -1450,8 +1449,6 @@ get_nt_object_attribute (HANDLE handle,
return 0;
}
- BOOL grp_member = is_grp_member (uid, gid);
-
if (!acl)
{
*attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
@@ -1749,7 +1746,8 @@ alloc_sd (__uid32_t uid, __gid32_t gid,
for (DWORD i = 0; i < oacl->AceCount; ++i)
if (GetAce (oacl, i, (PVOID *) &ace))
{
- cygsid ace_sid ((PSID) &ace->SidStart);
+ cygpsid ace_sid ((PSID) &ace->SidStart);
+
/* Check for related ACEs. */
if (ace_sid == well_known_null_sid)
continue;
Index: sec_helper.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/sec_helper.cc,v
retrieving revision 1.34
diff -u -p -r1.34 sec_helper.cc
--- sec_helper.cc 4 Feb 2003 14:58:04 -0000 1.34
+++ sec_helper.cc 4 Feb 2003 15:10:45 -0000
@@ -186,6 +186,43 @@ cygsid::getfromgr (const struct __group3
return (*this = sp) != NULL;
}
+bool
+get_sids_info (cygpsid owner_sid, cygpsid group_sid, __uid32_t * uidret, __gid32_t * gidret)
+{
+ struct passwd *pw;
+ struct __group32 *gr = NULL;
+ bool ret = false;
+
+ if (group_sid == cygheap->user.groups.pgsid)
+ *gidret = myself->gid;
+ else if ((gr = internal_getgrsid (group_sid)))
+ *gidret = gr->gr_gid;
+ else
+ *gidret = ILLEGAL_GID;
+
+ if (owner_sid == cygheap->user.sid ())
+ {
+ *uidret = myself->uid;
+ if (*gidret == myself->gid)
+ ret = true;
+ else
+ ret = (internal_getgroups (0, NULL, &group_sid) > 0);
+ }
+ else if ((pw = internal_getpwsid (owner_sid)))
+ {
+ *uidret = pw->pw_uid;
+ if (gr || (*gidret != ILLEGAL_GID
+ && (gr = internal_getgrgid (*gidret))))
+ for (int idx = 0; gr->gr_mem[idx]; ++idx)
+ if ((ret = strcasematch (pw->pw_name, gr->gr_mem[idx])))
+ break;
+ }
+ else
+ *uidret = ILLEGAL_UID;
+
+ return ret;
+}
+
BOOL
is_grp_member (__uid32_t uid, __gid32_t gid)
{
More information about the Cygwin-patches
mailing list