diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2006-11-08 14:38:05 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2006-11-08 14:38:05 +0300 |
| commit | 2fd2ddf3f5bacc7cccc9ac2d32b8024125808b6e (patch) | |
| tree | 1ea1f194b7aa34ea6837b16c23bc2214203518cc /winsup/cygwin/sec_helper.cc | |
| parent | 86bc8fadff6523470b68b9838fe7af2e55f3b5a3 (diff) | |
* sec_helper.cc (sid_auth): Remove.
(well_known_this_org_sid): New well known sid.
(SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Define.
(mandatory_medium_integrity_sid): New well known sid.
(mandatory_high_integrity_sid): Ditto.
(mandatory_system_integrity_sid): Ditto.
(cygsid::get_sid): Use local SID_IDENTIFIER_AUTHORITY. Allow all
authorities fitting in a UCHAR.
* security.cc (get_token_group_sidlist): Always add the local
group to the token. Add comment. Add "This Organization" group
if available in incoming group list.
(get_server_groups): Only add world and authenticated users groups
if not already in list.
(create_token): Add matching mandatory integrity SID to group list
on systems supporting Mandatory Integrity Control.
* security.h (well_known_this_org_sid): Define.
(mandatory_medium_integrity_sid): Define.
(mandatory_high_integrity_sid): Define.
(mandatory_system_integrity_sid): Define.
* wincap.h: Define has_mandatory_integrity_control throughout.
* wincap.cc: Ditto.
Diffstat (limited to 'winsup/cygwin/sec_helper.cc')
| -rw-r--r-- | winsup/cygwin/sec_helper.cc | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index 4bcca81a5..e7f65f840 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -38,15 +38,6 @@ SECURITY_ATTRIBUTES NO_COPY sec_none_nih; SECURITY_ATTRIBUTES NO_COPY sec_all; SECURITY_ATTRIBUTES NO_COPY sec_all_nih; -SID_IDENTIFIER_AUTHORITY NO_COPY sid_auth[] = { - {SECURITY_NULL_SID_AUTHORITY}, - {SECURITY_WORLD_SID_AUTHORITY}, - {SECURITY_LOCAL_SID_AUTHORITY}, - {SECURITY_CREATOR_SID_AUTHORITY}, - {SECURITY_NON_UNIQUE_AUTHORITY}, - {SECURITY_NT_AUTHORITY} -}; - SID (well_known_null_sid, "S-1-0-0", SECURITY_NULL_SID_AUTHORITY, 1, SECURITY_NULL_RID); SID (well_known_world_sid, "S-1-1-0", @@ -69,12 +60,23 @@ SID (well_known_service_sid, "S-1-5-6", SECURITY_NT_AUTHORITY, 1, SECURITY_SERVICE_RID); SID (well_known_authenticated_users_sid, "S-1-5-11", SECURITY_NT_AUTHORITY, 1, SECURITY_AUTHENTICATED_USER_RID); +SID (well_known_this_org_sid, "S-1-5-15", + SECURITY_NT_AUTHORITY, 1, 15); SID (well_known_system_sid, "S-1-5-18", SECURITY_NT_AUTHORITY, 1, SECURITY_LOCAL_SYSTEM_RID); SID (well_known_admins_sid, "S-1-5-32-544", SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS); +#define SECURITY_MANDATORY_INTEGRITY_AUTHORITY {0,0,0,0,0,16} + +SID (mandatory_medium_integrity_sid, "S-1-64-8192", + SECURITY_MANDATORY_INTEGRITY_AUTHORITY, 1, 8192); +SID (mandatory_high_integrity_sid, "S-1-64-12288", + SECURITY_MANDATORY_INTEGRITY_AUTHORITY, 1, 12288); +SID (mandatory_system_integrity_sid, "S-1-64-16384", + SECURITY_MANDATORY_INTEGRITY_AUTHORITY, 1, 16384); + bool cygpsid::operator== (const char *nsidstr) const { @@ -136,14 +138,16 @@ PSID cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r) { DWORD i; + SID_IDENTIFIER_AUTHORITY sid_auth = {0,0,0,0,0,0}; - if (s > 5 || cnt < 1 || cnt > 8) + if (s > 255 || cnt < 1 || cnt > 8) { psid = NO_SID; return NULL; } + sid_auth.Value[5] = s; set (); - InitializeSid (psid, &sid_auth[s], cnt); + InitializeSid (psid, &sid_auth, cnt); for (i = 0; i < cnt; ++i) memcpy ((char *) psid + 8 + sizeof (DWORD) * i, &r[i], sizeof (DWORD)); return psid; |