From d551169a9fa38d2499840f409e0ca90992d6881a Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Wed, 25 Apr 2001 09:43:25 +0000
Subject:         * autoload.cc: Add LoadDLLfunc statements for
 SetTokenInformation@16.         * cygheap.cc: Include security.h.         *
 grp.cc (internal_getgrent): New function.         (getgroups): Rearranged
 using `internal_getgrent' and the new         `cygsid' class.         *
 passwd.cc (internal_getpwent): New function.         * sec_acl.cc: Use new
 `cygsid' class throughout.         (acl_access): Use `internal_getgrent'
 instead of `getgrent'.         * sec_helper.cc: Use new `cygsid' class
 throughout.         (get_id_from_sid): Use `internal_getgrent' instead of
 `getgrent'.         Use `internal_getpwent' instead of `getpwent'.         *
 security.cc: Use new `cygsid' class throughout.         * security.h: Move
 `MAX_SID_LEN' from winsup.h to here.         Add extern declarations for
 `internal_getgrent' and `internal_getpwent'.         (class cygsid): New
 class.         * shared.cc (sec_user): Use new `cygsid' class.         *
 syscalls.cc (seteuid): Try to set owner to user and primary group to        
 current group in impersonation token before performing impersonation.        
 (setegid): Try to set primary group in process token to the new group        
 if ntsec is on.         * uinfo.cc (internal_getlogin): Use new `cygsid'
 class.         Try to set owner to user and primary group to current group in
 process         token if the process has been started from a non cygwin
 process.         (uinfo_init): Set primary group only if the process has been
 started         from a non cygwin process.         * winsup.h: Move define
 for `MAX_SID_LEN' to security.h.

---
 winsup/cygwin/security.cc | 34 +++++++++++++++-------------------
 1 file changed, 15 insertions(+), 19 deletions(-)

(limited to 'winsup/cygwin/security.cc')

diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 33d466ef8..c814379f4 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -333,8 +333,8 @@ get_nt_attribute (const char *file, int *attribute,
 	  continue;
 	}
 
-      PSID ace_sid = (PSID) &ace->SidStart;
-      if (owner_sid && EqualSid (ace_sid, owner_sid))
+      cygsid ace_sid ((PSID) &ace->SidStart);
+      if (owner_sid && ace_sid == owner_sid)
 	{
 	  if (ace->Mask & FILE_READ_DATA)
 	    *flags |= S_IRUSR;
@@ -343,7 +343,7 @@ get_nt_attribute (const char *file, int *attribute,
 	  if (ace->Mask & FILE_EXECUTE)
 	    *flags |= S_IXUSR;
 	}
-      else if (group_sid && EqualSid (ace_sid, group_sid))
+      else if (group_sid && ace_sid == group_sid)
 	{
 	  if (ace->Mask & FILE_READ_DATA)
 	    *flags |= S_IRGRP
@@ -355,7 +355,7 @@ get_nt_attribute (const char *file, int *attribute,
 	    *flags |= S_IXGRP
 		      | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
 	}
-      else if (EqualSid (ace_sid, get_world_sid ()))
+      else if (ace_sid == get_world_sid ())
 	{
 	  if (ace->Mask & FILE_READ_DATA)
 	    *flags |= S_IROTH
@@ -469,26 +469,22 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
 
   /* Get SID and name of new owner. */
   char owner[MAX_USER_NAME];
-  char *owner_sid_buf[MAX_SID_LEN];
-  PSID owner_sid = NULL;
+  cygsid owner_sid;
   struct passwd *pw = getpwuid (uid);
   strcpy (owner, pw ? pw->pw_name : getlogin ());
-  owner_sid = (PSID) owner_sid_buf;
   if ((!pw || !get_pw_sid (owner_sid, pw))
       && !lookup_name (owner, logsrv, owner_sid))
     return NULL;
   debug_printf ("owner: %s [%d]", owner,
-		*GetSidSubAuthority((PSID) owner_sid,
-		*GetSidSubAuthorityCount((PSID) owner_sid) - 1));
+		*GetSidSubAuthority(owner_sid,
+		*GetSidSubAuthorityCount(owner_sid) - 1));
 
   /* Get SID and name of new group. */
-  char *group_sid_buf[MAX_SID_LEN];
-  PSID group_sid = NULL;
+  cygsid group_sid (NULL);
   struct group *grp = getgrgid (gid);
   if (grp)
     {
-      group_sid = (PSID) group_sid_buf;
-      if ((!grp || !get_gr_sid (group_sid, grp))
+      if ((!grp || !get_gr_sid (group_sid.set (), grp))
 	  && !lookup_name (grp->gr_name, logsrv, group_sid))
 	return NULL;
     }
@@ -643,13 +639,13 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
     for (DWORD i = 0; i < oacl->AceCount; ++i)
       if (GetAce (oacl, i, (PVOID *) &ace))
 	{
-	  PSID ace_sid = (PSID) &ace->SidStart;
+	  cygsid ace_sid ((PSID) &ace->SidStart);
 	  /* Check for related ACEs. */
-	  if ((cur_owner_sid && EqualSid (ace_sid, cur_owner_sid))
-	      || (owner_sid && EqualSid (ace_sid, owner_sid))
-	      || (cur_group_sid && EqualSid (ace_sid, cur_group_sid))
-	      || (group_sid && EqualSid (ace_sid, group_sid))
-	      || (EqualSid (ace_sid, get_world_sid ())))
+	  if ((cur_owner_sid && ace_sid == cur_owner_sid)
+	      || (owner_sid && ace_sid == owner_sid)
+	      || (cur_group_sid && ace_sid == cur_group_sid)
+	      || (group_sid && ace_sid == group_sid)
+	      || (ace_sid == get_world_sid ()))
 	    continue;
 	  /*
 	   * Add unrelated ACCESS_DENIED_ACE to the beginning but
-- 
cgit v1.2.3