* shared.cc (__sec_user): Split into sec_acl() and call orig_sid().
(sec_acl): Create from part of __sec_user(), except creator/owner. * security.h: Define sec_acl() and MAX_DACL_LEN.
This commit is contained in:
Corinna Vinschen
parent
6eabab557a
commit
043bc3e1ee
|
|
@ -1,3 +1,9 @@
|
|||
2002-05-09 Pierre Humblet <pierre.humblet@ieee.org>
|
||||
|
||||
* shared.cc (__sec_user): Split into sec_acl() and call orig_sid().
|
||||
(sec_acl): Create from part of __sec_user(), except creator/owner.
|
||||
* security.h: Define sec_acl() and MAX_DACL_LEN.
|
||||
|
||||
2002-05-12 Christopher Faylor <cgf@redhat.com>
|
||||
|
||||
* fhandler_disk_file.cc (fhandler_disk_file::open): Avoid using
|
||||
|
|
|
|||
|
|
@ -16,6 +16,8 @@ details. */
|
|||
#define DEFAULT_GID DOMAIN_ALIAS_RID_ADMINS
|
||||
|
||||
#define MAX_SID_LEN 40
|
||||
#define MAX_DACL_LEN(n) (sizeof (ACL) \
|
||||
+ (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN))
|
||||
|
||||
#define NO_SID ((PSID)NULL)
|
||||
|
||||
|
|
@ -201,6 +203,7 @@ SECURITY_DESCRIPTOR *__stdcall get_null_sd (void);
|
|||
extern SECURITY_ATTRIBUTES sec_none, sec_none_nih, sec_all, sec_all_nih;
|
||||
extern SECURITY_ATTRIBUTES *__stdcall __sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
|
||||
__attribute__ ((regparm (3)));
|
||||
extern BOOL sec_acl (PACL acl, BOOL admins, PSID sid1 = NO_SID, PSID sid2 = NO_SID);
|
||||
|
||||
int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len);
|
||||
BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len);
|
||||
|
|
|
|||
|
|
@ -236,6 +236,39 @@ get_null_sd ()
|
|||
return null_sdp;
|
||||
}
|
||||
|
||||
BOOL
|
||||
sec_acl (PACL acl, BOOL admins, PSID sid1, PSID sid2)
|
||||
{
|
||||
size_t acl_len = MAX_DACL_LEN(5);
|
||||
|
||||
if (!InitializeAcl (acl, acl_len, ACL_REVISION))
|
||||
{
|
||||
debug_printf ("InitializeAcl %E");
|
||||
return FALSE;
|
||||
}
|
||||
if (sid2)
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
GENERIC_ALL, sid2))
|
||||
debug_printf ("AddAccessAllowedAce(sid2) %E");
|
||||
if (sid1)
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
GENERIC_ALL, sid1))
|
||||
debug_printf ("AddAccessAllowedAce(sid1) %E", sid1);
|
||||
if (admins)
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
GENERIC_ALL, well_known_admins_sid))
|
||||
debug_printf ("AddAccessAllowedAce(admin) %E");
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
GENERIC_ALL, well_known_system_sid))
|
||||
debug_printf ("AddAccessAllowedAce(system) %E");
|
||||
#if 0 /* Does not seem to help */
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
GENERIC_ALL, well_known_creator_owner_sid))
|
||||
debug_printf ("AddAccessAllowedAce(creator_owner) %E");
|
||||
#endif
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
PSECURITY_ATTRIBUTES __stdcall
|
||||
__sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
|
||||
{
|
||||
|
|
@ -246,50 +279,10 @@ __sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
|
|||
|
||||
cygsid sid;
|
||||
|
||||
if (cygheap->user.sid ())
|
||||
sid = cygheap->user.sid ();
|
||||
else if (!lookup_name (getlogin (), cygheap->user.logsrv (), sid))
|
||||
if (!(sid = cygheap->user.orig_sid ()) ||
|
||||
(!sec_acl (acl, TRUE, sid, sid2)))
|
||||
return inherit ? &sec_none : &sec_none_nih;
|
||||
|
||||
size_t acl_len = sizeof (ACL)
|
||||
+ 4 * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD))
|
||||
+ GetLengthSid (sid)
|
||||
+ GetLengthSid (well_known_admins_sid)
|
||||
+ GetLengthSid (well_known_system_sid)
|
||||
+ GetLengthSid (well_known_creator_owner_sid);
|
||||
if (sid2)
|
||||
acl_len += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD)
|
||||
+ GetLengthSid (sid2);
|
||||
|
||||
if (!InitializeAcl (acl, acl_len, ACL_REVISION))
|
||||
debug_printf ("InitializeAcl %E");
|
||||
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
|
||||
sid))
|
||||
debug_printf ("AddAccessAllowedAce(%s) %E", getlogin ());
|
||||
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
|
||||
well_known_admins_sid))
|
||||
debug_printf ("AddAccessAllowedAce(admin) %E");
|
||||
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
|
||||
well_known_system_sid))
|
||||
debug_printf ("AddAccessAllowedAce(system) %E");
|
||||
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
|
||||
well_known_creator_owner_sid))
|
||||
debug_printf ("AddAccessAllowedAce(creator_owner) %E");
|
||||
|
||||
if (sid2)
|
||||
if (!AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
|
||||
sid2))
|
||||
debug_printf ("AddAccessAllowedAce(sid2) %E");
|
||||
|
||||
if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
|
||||
debug_printf ("InitializeSecurityDescriptor %E");
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue