diff options
Diffstat (limited to 'winsup/cygwin/security.h')
-rw-r--r-- | winsup/cygwin/security.h | 80 |
1 files changed, 12 insertions, 68 deletions
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index eb3e0f1e5..940afc5d7 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -12,51 +12,18 @@ details. */ #pragma once #include <accctrl.h> -#include <dsgetdc.h> /* Special file attribute set, for instance, in open() and mkdir() to flag that a file has just been created. Used in alloc_sd, see there. */ #define S_JUSTCREATED 0x80000000 -/* UID/GID */ -void uinfo_init (); - -#define ILLEGAL_UID ((uid_t)-1) -#define ILLEGAL_GID ((gid_t)-1) - -/* Offset for accounts in the primary domain of the machine. */ -#define PRIMARY_POSIX_OFFSET (0x00100000) - -/* Fake POSIX offsets used in scenarios in which the account has no permission - to fetch the POSIX offset, or when the admins have set the offset to an - unreasonable low value. The values are chosen in the hope that they won't - collide with "real" offsets. */ -#define NOACCESS_POSIX_OFFSET (0xfe500000) -#define UNUSABLE_POSIX_OFFSET (0xfea00000) - -/* For UNIX accounts not mapped to Windows accounts via winbind, Samba returns - SIDs of the form S-1-22-x-y, with x == 1 for users and x == 2 for groups, - and y == UNIX uid/gid. NFS returns no SIDs at all, but the plain UNIX - uid/gid values. - - UNIX uid/gid values are mapped to Cygwin uid/gid values 0xff000000 + - unix uid/gid. This *might* collide with a posix_offset of some trusted - domain, but it's *very* unlikely. Define the mapping as macro. */ -#define UNIX_POSIX_OFFSET (0xff000000) -#define UNIX_POSIX_MASK (0x00ffffff) -#define MAP_UNIX_TO_CYGWIN_ID(id) (UNIX_POSIX_OFFSET \ - | ((id) & UNIX_POSIX_MASK)) - -#ifndef __x86_64__ -#define ILLEGAL_UID16 ((__uid16_t)-1) -#define ILLEGAL_GID16 ((__gid16_t)-1) -#define uid16touid32(u16) ((u16)==ILLEGAL_UID16?ILLEGAL_UID:(uid_t)(u16)) -#define gid16togid32(g16) ((g16)==ILLEGAL_GID16?ILLEGAL_GID:(gid_t)(g16)) -#endif +#define DEFAULT_UID DOMAIN_USER_RID_ADMIN +#define UNKNOWN_UID 400 /* Non conflicting number */ +#define UNKNOWN_GID 401 +#define MAX_SID_LEN 40 #define MAX_DACL_LEN(n) (sizeof (ACL) \ - + (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) \ - + SECURITY_MAX_SID_SIZE)) + + (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN)) #define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1)) #define ACL_MAXIMUM_SIZE 65532 /* Yeah, right. 64K - sizeof (DWORD). */ #define SD_MAXIMUM_SIZE 65536 @@ -108,7 +75,7 @@ typedef struct { BYTE Revision; BYTE SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority; - DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES]; + DWORD SubAuthority[8]; } DBGSID, *PDBGSID; /* Macro to define variable length SID structures */ @@ -125,16 +92,6 @@ cygpsid NO_COPY name = (PSID) &name##_struct; #define FILE_WRITE_BITS (FILE_WRITE_DATA | GENERIC_WRITE | GENERIC_ALL) #define FILE_EXEC_BITS (FILE_EXECUTE | GENERIC_EXECUTE | GENERIC_ALL) -/* Convenience macros. The Windows SID access functions are crude. */ -#define sid_id_auth(s) \ - (RtlIdentifierAuthoritySid (s)->Value[5]) -#define sid_sub_auth_count(s) \ - (*RtlSubAuthorityCountSid ((s))) -#define sid_sub_auth(s,i) \ - (*RtlSubAuthoritySid ((s),(i))) -#define sid_sub_auth_rid(s) \ - (*RtlSubAuthoritySid ((s), (*RtlSubAuthorityCountSid ((s)) - 1))) - #ifdef __cplusplus extern "C" { @@ -147,8 +104,6 @@ extern "C" } #endif -class cyg_ldap; - class cygpsid { protected: PSID psid; @@ -157,13 +112,11 @@ public: cygpsid (PSID nsid) { psid = nsid; } operator PSID () const { return psid; } const PSID operator= (PSID nsid) { return psid = nsid;} - uid_t get_id (BOOL search_grp, int *type, cyg_ldap *pldap); - int get_uid (cyg_ldap *pldap) { return get_id (FALSE, NULL, pldap); } - int get_gid (cyg_ldap *pldap) { return get_id (TRUE, NULL, pldap); } + uid_t get_id (BOOL search_grp, int *type = NULL); + int get_uid () { return get_id (FALSE); } + int get_gid () { return get_id (TRUE); } - PWCHAR pstring (PWCHAR nsidstr) const; PWCHAR string (PWCHAR nsidstr) const; - char *pstring (char *nsidstr) const; char *string (char *nsidstr) const; bool operator== (const PSID nsid) const @@ -186,10 +139,9 @@ public: }; class cygsid : public cygpsid { - char sbuf[SECURITY_MAX_SID_SIZE]; + char sbuf[MAX_SID_LEN]; bool well_known_sid; - const PSID getfromstr (PCWSTR nsidstr, bool well_known); const PSID getfromstr (const char *nsidstr, bool well_known); PSID get_sid (DWORD s, DWORD cnt, DWORD *r, bool well_known); @@ -200,7 +152,7 @@ class cygsid : public cygpsid { else { psid = (PSID) sbuf; - RtlCopySid (SECURITY_MAX_SID_SIZE, psid, nsid); + RtlCopySid (MAX_SID_LEN, psid, nsid); well_known_sid = well_known; } return psid; @@ -217,23 +169,18 @@ public: { return assign (nsid, nsid.well_known_sid); } inline const PSID operator= (const PSID nsid) { return assign (nsid, false); } - inline const PSID operator= (PCWSTR nsidstr) - { return getfromstr (nsidstr, false); } inline const PSID operator= (const char *nsidstr) { return getfromstr (nsidstr, false); } inline const PSID operator*= (cygsid &nsid) { return assign (nsid, true); } inline const PSID operator*= (const PSID nsid) { return assign (nsid, true); } - inline const PSID operator*= (PCWSTR nsidstr) - { return getfromstr (nsidstr, true); } inline const PSID operator*= (const char *nsidstr) { return getfromstr (nsidstr, true); } inline cygsid () : cygpsid ((PSID) sbuf), well_known_sid (false) {} inline cygsid (const PSID nsid) { *this = nsid; } inline cygsid (const char *nstrsid) { *this = nstrsid; } - inline cygsid (cygsid &nsid) { *this = nsid; } inline PSID set () { return psid = (PSID) sbuf; } @@ -394,12 +341,9 @@ extern cygpsid well_known_service_sid; extern cygpsid well_known_authenticated_users_sid; extern cygpsid well_known_this_org_sid; extern cygpsid well_known_system_sid; -extern cygpsid well_known_local_service_sid; -extern cygpsid well_known_network_service_sid; extern cygpsid well_known_builtin_sid; extern cygpsid well_known_admins_sid; extern cygpsid well_known_users_sid; -extern cygpsid trusted_installer_sid; extern cygpsid mandatory_medium_integrity_sid; extern cygpsid mandatory_high_integrity_sid; extern cygpsid mandatory_system_integrity_sid; @@ -470,7 +414,7 @@ bool get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw); /* Extract U-domain\user field from passwd entry. */ void extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user); /* Get default logonserver for a domain. */ -bool get_logon_server (PWCHAR domain, PWCHAR wserver, ULONG flags); +bool get_logon_server (PWCHAR domain, PWCHAR wserver, bool rediscovery); HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access); void lsa_close_policy (HANDLE lsa); |