* sec_helper.cc (get_sids_info): New function.

* security.cc (extract_nt_dom_user): Simplify with strechr. (get_user_groups): Initialize glen to MAX_SID_LEN. (get_user_local_groups): Ditto. (get_attribute_from_acl): Define ace_sid as cygpsid. (get_nt_attribute): Define owner_sid and group_sid as cygpsid. Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member. (get_nt_object_attribute): Ditto. (alloc_sd): Define ace_sid as cygpsid.
author: Corinna Vinschen <corinna@vinschen.de> 2003-02-05 16:47:47 +0300
committer: Corinna Vinschen <corinna@vinschen.de> 2003-02-05 16:47:47 +0300
commit: 0c8455c344a3200a9969ae304c66b2c2cc809b04 (patch)
tree: 73d135e39ea79f90a0500c83d546f6cc81685446
parent: b7b6c58a20a7de41e1d88a100391363fd68802de (diff)
3 files changed, 72 insertions, 24 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 299eec166..680a07f63 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,15 @@
+2003-02-05  Pierre Humblet  <pierre.humblet@ieee.org>
+
+	* sec_helper.cc (get_sids_info): New function.
+	* security.cc (extract_nt_dom_user): Simplify with strechr.
+	(get_user_groups): Initialize glen to MAX_SID_LEN.
+	(get_user_local_groups): Ditto.
+	(get_attribute_from_acl): Define ace_sid as cygpsid.
+	(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
+	Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
+	(get_nt_object_attribute): Ditto.
+	(alloc_sd): Define ace_sid as cygpsid.
+
 2003-02-04  Thomas Pfaff  <tpfaff@gmx.net>
 
 	* syscalls.cc (struct system_cleanup_args): New struct.
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 59eba0887..e4f7419a7 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -186,6 +186,43 @@ cygsid::getfromgr (const struct __group32 *gr)
   return (*this = sp) != NULL;
 }
 
+bool
+get_sids_info (cygpsid owner_sid, cygpsid group_sid, __uid32_t * uidret, __gid32_t * gidret)
+{
+  struct passwd *pw;
+  struct __group32 *gr = NULL;
+  bool ret = false;
+
+  if (group_sid == cygheap->user.groups.pgsid)
+    *gidret = myself->gid;
+  else if ((gr = internal_getgrsid (group_sid)))
+    *gidret = gr->gr_gid;
+  else
+    *gidret = ILLEGAL_GID;
+
+  if (owner_sid == cygheap->user.sid ())
+    {
+      *uidret = myself->uid;
+      if (*gidret == myself->gid)
+	ret = true;
+      else
+	ret = (internal_getgroups (0, NULL, &group_sid) > 0);
+    }
+  else if ((pw = internal_getpwsid (owner_sid)))
+    {
+      *uidret = pw->pw_uid;
+      if (gr || (*gidret != ILLEGAL_GID
+		 && (gr = internal_getgrgid (*gidret))))
+	for (int idx = 0; gr->gr_mem[idx]; ++idx)
+	  if ((ret = strcasematch (pw->pw_name, gr->gr_mem[idx])))
+	    break;
+    }
+  else
+    *uidret = ILLEGAL_UID;
+
+  return ret;
+}
+
 BOOL
 is_grp_member (__uid32_t uid, __gid32_t gid)
 {
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index f72b89672..8c8727096 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -90,15 +90,13 @@ extract_nt_dom_user (const struct passwd *pw, char *domain, char *user)
   if ((d = strstr (pw->pw_gecos, "U-")) != NULL &&
       (d == pw->pw_gecos || d[-1] == ','))
     {
-      c = strchr (d + 2, ',');
-      if ((u = strchr (d + 2, '\\')) == NULL || (c != NULL && u > c))
+      c = strechr (d + 2, ',');
+      if ((u = strechr (d + 2, '\\')) >= c)
 	u = d + 1;
       else if (u - d <= INTERNET_MAX_HOST_NAME_LENGTH + 2)
 	strlcpy (domain, d + 2, u - d - 1);
-      if (c == NULL)
-	c = u + UNLEN + 1;
       if (c - u <= UNLEN + 1)
-	strlcpy (user, u + 1, c - u);
+        strlcpy (user, u + 1, c - u);
     }
   if (domain[0])
     return;
@@ -329,7 +327,7 @@ get_user_groups (WCHAR *wlogonserver, cygsidlist &grp_list, char *user,
   for (DWORD i = 0; i < cnt; ++i)
     {
       cygsid gsid;
-      DWORD glen = sizeof (gsid);
+      DWORD glen = MAX_SID_LEN;
       char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
       DWORD dlen = sizeof (domain);
       SID_NAME_USE use = SidTypeInvalid;
@@ -407,7 +405,7 @@ get_user_local_groups (cygsidlist &grp_list, PSID pusersid)
     if (is_group_member (buf[i].lgrpi0_name, pusersid, grp_list))
       {
 	cygsid gsid;
-	DWORD glen = sizeof (gsid);
+	DWORD glen = MAX_SID_LEN;
 	char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
 	DWORD dlen = sizeof (domain);
 
@@ -1230,7 +1228,7 @@ get_attribute_from_acl (int * attribute, PACL acl, PSID owner_sid,
 	  continue;
 	}
 
-      cygsid ace_sid ((PSID) &ace->SidStart);
+      cygpsid ace_sid ((PSID) &ace->SidStart);
       if (ace_sid == well_known_world_sid)
 	{
 	  if (ace->Mask & FILE_READ_DATA)
@@ -1317,13 +1315,13 @@ get_nt_attribute (const char *file, int *attribute,
       return -1;
     }
 
-  PSID owner_sid;
-  PSID group_sid;
+  cygpsid owner_sid;
+  cygpsid group_sid;
   BOOL dummy;
 
-  if (!GetSecurityDescriptorOwner (psd, &owner_sid, &dummy))
+  if (!GetSecurityDescriptorOwner (psd, (PSID *) &owner_sid, &dummy))
     debug_printf ("GetSecurityDescriptorOwner %E");
-  if (!GetSecurityDescriptorGroup (psd, &group_sid, &dummy))
+  if (!GetSecurityDescriptorGroup (psd, (PSID *) &group_sid, &dummy))
     debug_printf ("GetSecurityDescriptorGroup %E");
 
   PACL acl;
@@ -1336,8 +1334,9 @@ get_nt_attribute (const char *file, int *attribute,
       return -1;
     }
 
-  __uid32_t uid = cygsid (owner_sid).get_uid ();
-  __gid32_t gid = cygsid (group_sid).get_gid ();
+  __uid32_t uid;
+  __gid32_t gid;
+  BOOL grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid);
   if (uidret)
     *uidret = uid;
   if (gidret)
@@ -1349,8 +1348,6 @@ get_nt_attribute (const char *file, int *attribute,
       return 0;
     }
 
-  BOOL grp_member = is_grp_member (uid, gid);
-
   if (!acl_exists || !acl)
     {
       *attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
@@ -1420,15 +1417,16 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
     return 0;
 
   PSECURITY_DESCRIPTOR psd = NULL;
-  PSID owner_sid;
-  PSID group_sid;
+  cygpsid owner_sid;
+  cygpsid group_sid;
   PACL acl;
 
   if (ERROR_SUCCESS != GetSecurityInfo (handle, object_type,
 					DACL_SECURITY_INFORMATION |
 					GROUP_SECURITY_INFORMATION |
 					OWNER_SECURITY_INFORMATION,
-					&owner_sid, &group_sid,
+					(PSID *) &owner_sid,
+					(PSID *) &group_sid,
 					&acl, NULL, &psd))
     {
       __seterrno ();
@@ -1436,8 +1434,10 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
       return -1;
     }
 
-  __uid32_t uid = cygsid (owner_sid).get_uid ();
-  __gid32_t gid = cygsid (group_sid).get_gid ();
+  __uid32_t uid;
+  __gid32_t gid;
+  BOOL grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid);
+
   if (uidret)
     *uidret = uid;
   if (gidret)
@@ -1450,8 +1450,6 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
       return 0;
     }
 
-  BOOL grp_member = is_grp_member (uid, gid);
-
   if (!acl)
     {
       *attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
@@ -1749,7 +1747,8 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
     for (DWORD i = 0; i < oacl->AceCount; ++i)
       if (GetAce (oacl, i, (PVOID *) &ace))
 	{
-	  cygsid ace_sid ((PSID) &ace->SidStart);
+	  cygpsid ace_sid ((PSID) &ace->SidStart);
+
 	  /* Check for related ACEs. */
 	  if (ace_sid == well_known_null_sid)
 	    continue;
author	Corinna Vinschen <corinna@vinschen.de>	2003-02-05 16:47:47 +0300
committer	Corinna Vinschen <corinna@vinschen.de>	2003-02-05 16:47:47 +0300
commit	0c8455c344a3200a9969ae304c66b2c2cc809b04 (patch)
tree	73d135e39ea79f90a0500c83d546f6cc81685446
parent	b7b6c58a20a7de41e1d88a100391363fd68802de (diff)