diff options
author | Robert Collins <rbtcollins@hotmail.com> | 2002-01-04 06:56:17 +0300 |
---|---|---|
committer | Robert Collins <rbtcollins@hotmail.com> | 2002-01-04 06:56:17 +0300 |
commit | b59c74abba6d2238c4dc58fa7d61b2519f2d0ea8 (patch) | |
tree | 5aa3c386ebe83a1646a3494862e6a01437e3c401 /winsup/cygwin/security.cc | |
parent | 9783ce28caf426c5ab39d1d6aefa31cfdb1b8234 (diff) |
Merged changes from HEAD
Diffstat (limited to 'winsup/cygwin/security.cc')
-rw-r--r-- | winsup/cygwin/security.cc | 49 |
1 files changed, 37 insertions, 12 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index d4dd03c70..77ea8fbcc 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -157,7 +157,7 @@ str2buf2lsa (LSA_STRING &tgt, char *buf, const char *srcstr) memcpy(buf, srcstr, tgt.MaximumLength); } -static void +void str2buf2uni (UNICODE_STRING &tgt, WCHAR *buf, const char *srcstr) { tgt.Length = strlen (srcstr) * sizeof (WCHAR); @@ -181,9 +181,9 @@ static LSA_HANDLE open_local_policy () { LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; - LSA_HANDLE lsa = INVALID_HANDLE_VALUE; + LSA_HANDLE lsa = NULL; - NTSTATUS ret = LsaOpenPolicy(NULL, &oa, POLICY_ALL_ACCESS, &lsa); + NTSTATUS ret = LsaOpenPolicy(NULL, &oa, POLICY_EXECUTE, &lsa); if (ret != STATUS_SUCCESS) set_errno (LsaNtStatusToWinError (ret)); return lsa; @@ -326,11 +326,8 @@ is_group_member (WCHAR *wlogonserver, WCHAR *wgroup, NET_API_STATUS ret; BOOL retval = FALSE; - ret = NetLocalGroupGetMembers (wlogonserver, wgroup, 0, (LPBYTE *) &buf, + ret = NetLocalGroupGetMembers (NULL, wgroup, 0, (LPBYTE *) &buf, MAX_PREFERRED_LENGTH, &cnt, &tot, NULL); - if (ret == ERROR_BAD_NETPATH || ret == RPC_S_SERVER_UNAVAILABLE) - ret = NetLocalGroupGetMembers (NULL, wgroup, 0, (LPBYTE *) &buf, - MAX_PREFERRED_LENGTH, &cnt, &tot, NULL); if (ret) return FALSE; @@ -354,11 +351,8 @@ get_user_local_groups (WCHAR *wlogonserver, const char *logonserver, DWORD cnt, tot; NET_API_STATUS ret; - ret = NetLocalGroupEnum (wlogonserver, 0, (LPBYTE *) &buf, + ret = NetLocalGroupEnum (NULL, 0, (LPBYTE *) &buf, MAX_PREFERRED_LENGTH, &cnt, &tot, NULL); - if (ret == ERROR_BAD_NETPATH || ret == RPC_S_SERVER_UNAVAILABLE) - ret = NetLocalGroupEnum (NULL, 0, (LPBYTE *) &buf, - MAX_PREFERRED_LENGTH, &cnt, &tot, NULL); if (ret) { debug_printf ("%d = NetLocalGroupEnum ()", ret); @@ -454,6 +448,30 @@ get_user_primary_group (WCHAR *wlogonserver, const char *user, return retval; } +static int +get_supplementary_group_sidlist (const char *username, cygsidlist &grp_list) +{ + struct group *gr; + int cnt = 0; + + for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx) + { + if (gr->gr_mem) + for (int gi = 0; gr->gr_mem[gi]; ++gi) + if (strcasematch (username, gr->gr_mem[gi])) + { + if (gr->gr_passwd && *gr->gr_passwd) + { + cygsid sid (gr->gr_passwd); + if ((PSID)sid && grp_list.add (sid)) + ++cnt; + } + break; + } + } + return cnt; +} + static BOOL get_group_sidlist (const char *logonserver, cygsidlist &grp_list, cygsid &usersid, cygsid &pgrpsid, @@ -465,6 +483,7 @@ get_group_sidlist (const char *logonserver, cygsidlist &grp_list, DWORD ulen = INTERNET_MAX_HOST_NAME_LENGTH + 1; DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1; SID_NAME_USE use; + cygsidlist sup_list; auth_pos = -1; sys_mbstowcs (wserver, logonserver, INTERNET_MAX_HOST_NAME_LENGTH + 1); @@ -520,6 +539,12 @@ get_group_sidlist (const char *logonserver, cygsidlist &grp_list, return FALSE; if (!grp_list.contains (pgrpsid)) grp_list += pgrpsid; + if (get_supplementary_group_sidlist (user, sup_list)) + { + for (int i = 0; i < sup_list.count; ++i) + if (!grp_list.contains (sup_list.sids[i])) + grp_list += sup_list.sids[i]; + } return TRUE; } @@ -714,7 +739,7 @@ create_token (cygsid &usersid, cygsid &pgrpsid) goto out; /* Open policy object. */ - if ((lsa = open_local_policy ()) == INVALID_HANDLE_VALUE) + if (!(lsa = open_local_policy ())) goto out; /* Get logon server. */ |