* autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16.

        * cygheap.cc: Include security.h.
        * grp.cc (internal_getgrent): New function.
        (getgroups): Rearranged using `internal_getgrent' and the new
        `cygsid' class.
        * passwd.cc (internal_getpwent): New function.
        * sec_acl.cc: Use new `cygsid' class throughout.
        (acl_access): Use `internal_getgrent' instead of `getgrent'.
        * sec_helper.cc: Use new `cygsid' class throughout.
        (get_id_from_sid): Use `internal_getgrent' instead of `getgrent'.
        Use `internal_getpwent' instead of `getpwent'.
        * security.cc: Use new `cygsid' class throughout.
        * security.h: Move `MAX_SID_LEN' from winsup.h to here.
        Add extern declarations for `internal_getgrent' and `internal_getpwent'.
        (class cygsid): New class.
        * shared.cc (sec_user): Use new `cygsid' class.
        * syscalls.cc (seteuid): Try to set owner to user and primary group to
        current group in impersonation token before performing impersonation.
        (setegid): Try to set primary group in process token to the new group
        if ntsec is on.
        * uinfo.cc (internal_getlogin): Use new `cygsid' class.
        Try to set owner to user and primary group to current group in process
        token if the process has been started from a non cygwin process.
        (uinfo_init): Set primary group only if the process has been started
        from a non cygwin process.
        * winsup.h: Move define for `MAX_SID_LEN' to security.h.

1 files changed, 19 insertions, 35 deletions

diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 0ae0a69a7..f4d004c7c 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -68,13 +68,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
       __seterrno ();
       return -1;
     }
-  char owner_buf[MAX_SID_LEN];
-  if (!CopySid (MAX_SID_LEN, (PSID) owner_buf, owner_sid))
-    {
-      __seterrno ();
-      return -1;
-    }
-  owner_sid = (PSID) owner_buf;
+  cygsid owner (owner_sid);
 
   /* Get group SID. */
   PSID group_sid = NULL;
@@ -83,13 +77,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
       __seterrno ();
       return -1;
     }
-  char group_buf[MAX_SID_LEN];
-  if (!CopySid (MAX_SID_LEN, (PSID) group_buf, group_sid))
-    {
-      __seterrno ();
-      return -1;
-    }
-  group_sid = (PSID) group_buf;
+  cygsid group (group_sid);
 
   /* Initialize local security descriptor. */
   SECURITY_DESCRIPTOR sd;
@@ -98,13 +86,13 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
       __seterrno ();
       return -1;
     }
-  if (!SetSecurityDescriptorOwner(&sd, owner_sid, FALSE))
+  if (!SetSecurityDescriptorOwner(&sd, owner, FALSE))
     {
       __seterrno ();
       return -1;
     }
-  if (group_sid
-      && !SetSecurityDescriptorGroup(&sd, group_sid, FALSE))
+  if (group
+      && !SetSecurityDescriptorGroup(&sd, group, FALSE))
     {
       __seterrno ();
       return -1;
@@ -116,8 +104,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
   size_t acl_len = sizeof (ACL);
   int ace_off = 0;
 
-  char sidbuf[MAX_SID_LEN];
-  PSID sid = (PSID) sidbuf;
+  cygsid sid;
   struct passwd *pw;
   struct group *gr;
   int pos;
@@ -164,7 +151,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
 	case DEF_USER_OBJ:
 	  allow |= STANDARD_RIGHTS_ALL & ~DELETE;
 	  if (!add_access_allowed_ace (acl, ace_off++, allow,
-					owner_sid, acl_len, inheritance))
+					owner, acl_len, inheritance))
 	    return -1;
 	  break;
 	case USER:
@@ -178,7 +165,7 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
 	case GROUP_OBJ:
 	case DEF_GROUP_OBJ:
 	  if (!add_access_allowed_ace (acl, ace_off++, allow,
-					group_sid, acl_len, inheritance))
+					group, acl_len, inheritance))
 	    return -1;
 	  break;
 	case GROUP:
@@ -320,21 +307,21 @@ getacl (const char *file, DWORD attr, int nentries, aclent_t *aclbufp)
       if (!GetAce (acl, i, (PVOID *) &ace))
 	continue;
 
-      PSID ace_sid = (PSID) &ace->SidStart;
+      cygsid ace_sid ((PSID) &ace->SidStart);
       int id;
       int type = 0;
 
-      if (EqualSid (ace_sid, owner_sid))
+      if (ace_sid == owner_sid)
 	{
 	  type = USER_OBJ;
 	  id = uid;
 	}
-      else if (EqualSid (ace_sid, group_sid))
+      else if (ace_sid == group_sid)
 	{
 	  type = GROUP_OBJ;
 	  id = gid;
 	}
-      else if (EqualSid (ace_sid, get_world_sid ()))
+      else if (ace_sid == get_world_sid ())
 	{
 	  type = OTHER_OBJ;
 	  id = 0;
@@ -431,23 +418,20 @@ acl_access (const char *path, int flags)
 	       * Check if user is a NT group:
 	       * Take SID from passwd, search SID in group, check is_grp_member.
 	       */
-	      char owner_sidbuf[MAX_SID_LEN];
-	      PSID owner_sid = (PSID) owner_sidbuf;
-	      char group_sidbuf[MAX_SID_LEN];
-	      PSID group_sid = (PSID) group_sidbuf;
+	      cygsid owner;
+	      cygsid group;
 	      struct passwd *pw;
 	      struct group *gr = NULL;
 
 	      if ((pw = getpwuid (acls[i].a_id)) != NULL
-		  && get_pw_sid (owner_sid, pw))
+		  && get_pw_sid (owner, pw))
 		{
-		  while ((gr = getgrent ()))
-		    if (get_gr_sid (group_sid, gr)
-			&& EqualSid (owner_sid, group_sid)
+		  for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
+		    if (get_gr_sid (group, gr)
+			&& owner == group
 			&& is_grp_member (myself->uid, gr->gr_gid))
 		      break;
-		  endgrent ();
-		}
+	        }
 	      if (!gr)
 		continue;
 	    }