diff options
Diffstat (limited to 'winsup/cygwin/sec_auth.cc')
-rw-r--r-- | winsup/cygwin/sec_auth.cc | 51 |
1 files changed, 21 insertions, 30 deletions
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index 95e7d0bf1..dd5ee0627 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -1,7 +1,7 @@ /* sec_auth.cc: NT authentication functions Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - 2008, 2009, 2010, 2011, 2012 Red Hat, Inc. + 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc. This file is part of Cygwin. @@ -87,7 +87,7 @@ get_full_privileged_inheritable_token (HANDLE token) void set_imp_token (HANDLE token, int type) { - debug_printf ("set_imp_token (%d, %d)", token, type); + debug_printf ("set_imp_token (%p, %d)", token, type); cygheap->user.external_token = (token == INVALID_HANDLE_VALUE ? NO_IMPERSONATION : token); cygheap->user.ext_token_is_restricted = (type == CW_TOKEN_RESTRICTED); @@ -108,7 +108,7 @@ extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user) DWORD dlen = MAX_DOMAIN_NAME_LEN + 1; SID_NAME_USE use; - debug_printf ("pw_gecos %x (%s)", pw->pw_gecos, pw->pw_gecos); + debug_printf ("pw_gecos %p (%s)", pw->pw_gecos, pw->pw_gecos); if (psid.getfrompw (pw) && LookupAccountSidW (NULL, psid, user, &ulen, domain, &dlen, &use)) @@ -283,7 +283,7 @@ get_user_groups (WCHAR *logonserver, cygsidlist &grp_list, else if (legal_sid_type (use)) grp_list += gsid; else - debug_printf ("Global group %W invalid. Use: %d", dgroup, use); + debug_printf ("Global group %W invalid. Use: %u", dgroup, use); } NetApiBufferFree (buf); @@ -332,7 +332,7 @@ get_user_local_groups (PWCHAR logonserver, PWCHAR domain, else if (legal_sid_type (use)) grp_list += gsid; else - debug_printf ("Rejecting local %W. use: %d", dg_ptr, use); + debug_printf ("Rejecting local %W. use: %u", dg_ptr, use); } else if (GetLastError () == ERROR_NONE_MAPPED) { @@ -360,7 +360,7 @@ get_user_local_groups (PWCHAR logonserver, PWCHAR domain, dom, &domlen, &use)) { if (!legal_sid_type (use)) - debug_printf ("Rejecting local %W. use: %d", dg_ptr, use); + debug_printf ("Rejecting local %W. use: %u", dg_ptr, use); else grp_list *= gsid; } @@ -389,12 +389,12 @@ sid_in_token_groups (PTOKEN_GROUPS grps, cygpsid sid) static void get_unix_group_sidlist (struct passwd *pw, cygsidlist &grp_list) { - struct __group32 *gr; + struct group *gr; cygsid gsid; for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx) { - if (gr->gr_gid == (__gid32_t) pw->pw_gid) + if (gr->gr_gid == pw->pw_gid) goto found; else if (gr->gr_mem) for (int gi = 0; gr->gr_mem[gi]; ++gi) @@ -689,7 +689,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) status = NtQueryInformationToken (token, TokenSource, &ts, sizeof ts, &size); if (!NT_SUCCESS (status)) - debug_printf ("NtQueryInformationToken(), %p", status); + debug_printf ("NtQueryInformationToken(), %y", status); else *pintern = intern = !memcmp (ts.SourceName, "Cygwin.1", 8); } @@ -698,7 +698,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) status = NtQueryInformationToken (token, TokenUser, &tok_usersid, sizeof tok_usersid, &size); if (!NT_SUCCESS (status)) - debug_printf ("NtQueryInformationToken(), %p", status); + debug_printf ("NtQueryInformationToken(), %y", status); if (usersid != tok_usersid) return false; @@ -713,14 +713,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) status = NtQuerySecurityObject (token, GROUP_SECURITY_INFORMATION, sd_buf, sd_buf_siz, &size); if (!NT_SUCCESS (status)) - debug_printf ("NtQuerySecurityObject(), %p", status); + debug_printf ("NtQuerySecurityObject(), %y", status); else { BOOLEAN dummy; status = RtlGetGroupSecurityDescriptor (sd_buf, (PSID *) &gsid, &dummy); if (!NT_SUCCESS (status)) - debug_printf ("RtlGetGroupSecurityDescriptor(), %p", status); + debug_printf ("RtlGetGroupSecurityDescriptor(), %y", status); } if (well_known_null_sid != gsid) return gsid == groups.pgsid; @@ -731,14 +731,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) status = NtQueryInformationToken (token, TokenGroups, NULL, 0, &size); if (!NT_SUCCESS (status) && status != STATUS_BUFFER_TOO_SMALL) { - debug_printf ("NtQueryInformationToken(token, TokenGroups), %p", status); + debug_printf ("NtQueryInformationToken(token, TokenGroups), %y", status); return false; } my_grps = (PTOKEN_GROUPS) alloca (size); status = NtQueryInformationToken (token, TokenGroups, my_grps, size, &size); if (!NT_SUCCESS (status)) { - debug_printf ("NtQueryInformationToken(my_token, TokenGroups), %p", + debug_printf ("NtQueryInformationToken(my_token, TokenGroups), %y", status); return false; } @@ -748,7 +748,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) if (groups.issetgroups ()) /* setgroups was called */ { cygsid gsid; - struct __group32 *gr; + struct group *gr; bool saw[groups.sgsids.count ()]; memset (saw, 0, sizeof(saw)); @@ -851,7 +851,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) &stats, sizeof stats, &size); if (!NT_SUCCESS (status)) debug_printf ("NtQueryInformationToken(hProcToken, " - "TokenStatistics), %p", status); + "TokenStatistics), %y", status); else auth_luid = stats.AuthenticationId; } @@ -861,7 +861,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) status = NtQueryInformationToken (hProcToken, TokenGroups, NULL, 0, &size); if (!NT_SUCCESS (status) && status != STATUS_BUFFER_TOO_SMALL) - debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), %p", + debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), %y", status); else if (!(my_tok_gsids = (PTOKEN_GROUPS) malloc (size))) debug_printf ("malloc (my_tok_gsids) failed."); @@ -872,7 +872,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) if (!NT_SUCCESS (status)) { debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), " - "%p", status); + "%y", status); free (my_tok_gsids); my_tok_gsids = NULL; } @@ -995,7 +995,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) status = LsaRegisterLogonProcess (&name, &lsa_hdl, &sec_mode); if (status != STATUS_SUCCESS) { - debug_printf ("LsaRegisterLogonProcess: %p", status); + debug_printf ("LsaRegisterLogonProcess: %y", status); __seterrno_from_nt_status (status); goto out; } @@ -1009,7 +1009,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) status = LsaLookupAuthenticationPackage (lsa_hdl, &name, &package_id); if (status != STATUS_SUCCESS) { - debug_printf ("LsaLookupAuthenticationPackage: %p", status); + debug_printf ("LsaLookupAuthenticationPackage: %y", status); __seterrno_from_nt_status (status); goto out; } @@ -1033,11 +1033,6 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid, pw, NULL, auth_luid, auth_pos)) goto out; - /* The logon SID entry is not generated automatically on Windows 2000 - and earlier for some reason. So add fake logon sid here, which is - filled with logon id values in the authentication package. */ - if (wincap.needs_logon_sid_in_sid_list ()) - tmp_gsids += fake_logon_sid; tmp_gsids.debug_print ("tmp_gsids"); @@ -1131,10 +1126,6 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) gsids->Groups[i].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; - /* Mark logon SID as logon SID :) */ - if (wincap.needs_logon_sid_in_sid_list () - && tmp_gsids.sids[tmpidx] == fake_logon_sid) - gsids->Groups[i].Attributes += SE_GROUP_LOGON_ID; RtlCopySid (RtlLengthSid (tmp_gsids.sids[tmpidx]), (PSID) ((PBYTE) &authinf->inf + sids_offset), tmp_gsids.sids[tmpidx]); @@ -1171,7 +1162,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) &sub_status); if (status != STATUS_SUCCESS) { - debug_printf ("LsaLogonUser: %p (sub-status %p)", status, sub_status); + debug_printf ("LsaLogonUser: %y (sub-status %y)", status, sub_status); __seterrno_from_nt_status (status); goto out; } |