diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2011-04-04 13:00:02 +0400 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2011-04-04 13:00:02 +0400 |
commit | 99edadedc90025c03e4ec4602a9c61c1bf37b7e7 (patch) | |
tree | 1fd0a16c0b5195a7c9ec6557d8ca6678a1781838 /winsup/cygwin/sec_helper.cc | |
parent | 0d6f2b0117aa7fe5470117b6a43f16dac139f5b9 (diff) |
* sec_auth.cc (get_user_groups): Mark well-known groups as well-known.
(get_user_local_groups): Ditto.
(verify_token): Drop useless label.
* sec_helper.cc (cygsid::get_sid): Check for well-known SID if
well_known isn't set.
* security.h (well_known_sid_type): New inline function.
Diffstat (limited to 'winsup/cygwin/sec_helper.cc')
-rw-r--r-- | winsup/cygwin/sec_helper.cc | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index a29900166..069eaa544 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -1,7 +1,7 @@ /* sec_helper.cc: NT security helper functions Copyright 2000, 2001, 2002, 2003, 2004, 2006, 2007, 2008, 2009, - 2010 Red Hat, Inc. + 2010, 2011 Red Hat, Inc. Written by Corinna Vinschen <corinna@vinschen.de> @@ -150,7 +150,8 @@ PSID cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r, bool well_known) { DWORD i; - SID_IDENTIFIER_AUTHORITY sid_auth = {{0,0,0,0,0,0}}; + SID_IDENTIFIER_AUTHORITY sid_auth = { SECURITY_NULL_SID_AUTHORITY }; +# define SECURITY_NT_AUTH 5 if (s > 255 || cnt < 1 || cnt > 8) { @@ -162,7 +163,17 @@ cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r, bool well_known) InitializeSid (psid, &sid_auth, cnt); for (i = 0; i < cnt; ++i) memcpy ((char *) psid + 8 + sizeof (DWORD) * i, &r[i], sizeof (DWORD)); - well_known_sid = well_known; + /* If the well_known flag isn't set explicitely, we check the SID + for being a well-known SID ourselves. That's necessary because this + cygsid is created from a SID string, usually from /etc/passwd or + /etc/group. The calling code just doesn't know if the SID is well-known + or not. All SIDs are well-known SIDs, except those in the non-unique NT + authority range. */ + if (well_known) + well_known_sid = well_known; + else + well_known_sid = (s != SECURITY_NT_AUTH + || r[0] != SECURITY_NT_NON_UNIQUE_RID); return psid; } |