Drop unneeded passwd argument from security functions
* sec_auth.cc (get_server_groups): Drop unused passwd argument. Adjust calls throughout. (get_initgroups_sidlist): Ditto. (get_setgroups_sidlist): Ditto. (create_token): Ditto. (lsaauth): Ditto. * security.h (create_token): Adjust prototype to above change. (lsaauth): Ditto. (get_server_groups): Ditto. * grp.cc (get_groups): Adjust call to get_server_groups. * syscalls.cc (seteuid32): Adjust calls to lsaauth and create_token. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen
parent
6f93f1d6a5
commit
1d91d469ee
|
|
@ -1,3 +1,17 @@
|
|||
2015-03-18 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* sec_auth.cc (get_server_groups): Drop unused passwd argument. Adjust
|
||||
calls throughout.
|
||||
(get_initgroups_sidlist): Ditto.
|
||||
(get_setgroups_sidlist): Ditto.
|
||||
(create_token): Ditto.
|
||||
(lsaauth): Ditto.
|
||||
* security.h (create_token): Adjust prototype to above change.
|
||||
(lsaauth): Ditto.
|
||||
(get_server_groups): Ditto.
|
||||
* grp.cc (get_groups): Adjust call to get_server_groups.
|
||||
* syscalls.cc (seteuid32): Adjust calls to lsaauth and create_token.
|
||||
|
||||
2015-03-17 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* grp.cc (internal_getgroups): Drop unused timeout parameter.
|
||||
|
|
|
|||
|
|
@ -720,7 +720,7 @@ get_groups (const char *user, gid_t gid, cygsidlist &gsids)
|
|||
struct group *grp = internal_getgrgid (gid, &cldap);
|
||||
cygsid usersid, grpsid;
|
||||
if (usersid.getfrompw (pw))
|
||||
get_server_groups (gsids, usersid, pw);
|
||||
get_server_groups (gsids, usersid);
|
||||
if (gid != ILLEGAL_GID && grpsid.getfromgr (grp))
|
||||
gsids += grpsid;
|
||||
cygheap->user.reimpersonate ();
|
||||
|
|
|
|||
|
|
@ -544,7 +544,7 @@ get_token_group_sidlist (cygsidlist &grp_list, PTOKEN_GROUPS my_grps,
|
|||
}
|
||||
|
||||
bool
|
||||
get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
|
||||
get_server_groups (cygsidlist &grp_list, PSID usersid)
|
||||
{
|
||||
WCHAR user[UNLEN + 1];
|
||||
WCHAR domain[MAX_DOMAIN_NAME_LEN + 1];
|
||||
|
|
@ -581,8 +581,7 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
|
|||
}
|
||||
|
||||
static bool
|
||||
get_initgroups_sidlist (cygsidlist &grp_list,
|
||||
PSID usersid, PSID pgrpsid, struct passwd *pw,
|
||||
get_initgroups_sidlist (cygsidlist &grp_list, PSID usersid, PSID pgrpsid,
|
||||
PTOKEN_GROUPS my_grps, LUID auth_luid, int &auth_pos)
|
||||
{
|
||||
grp_list *= well_known_world_sid;
|
||||
|
|
@ -591,7 +590,7 @@ get_initgroups_sidlist (cygsidlist &grp_list,
|
|||
auth_pos = -1;
|
||||
else
|
||||
get_token_group_sidlist (grp_list, my_grps, auth_luid, auth_pos);
|
||||
if (!get_server_groups (grp_list, usersid, pw))
|
||||
if (!get_server_groups (grp_list, usersid))
|
||||
return false;
|
||||
|
||||
/* special_pgrp true if pgrpsid is not in normal groups */
|
||||
|
|
@ -600,14 +599,14 @@ get_initgroups_sidlist (cygsidlist &grp_list,
|
|||
}
|
||||
|
||||
static void
|
||||
get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid, struct passwd *pw,
|
||||
get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid,
|
||||
PTOKEN_GROUPS my_grps, user_groups &groups,
|
||||
LUID auth_luid, int &auth_pos)
|
||||
{
|
||||
tmp_list *= well_known_world_sid;
|
||||
tmp_list *= well_known_authenticated_users_sid;
|
||||
get_token_group_sidlist (tmp_list, my_grps, auth_luid, auth_pos);
|
||||
get_server_groups (tmp_list, usersid, pw);
|
||||
get_server_groups (tmp_list, usersid);
|
||||
for (int gidx = 0; gidx < groups.sgsids.count (); gidx++)
|
||||
tmp_list += groups.sgsids.sids[gidx];
|
||||
tmp_list += groups.pgsid;
|
||||
|
|
@ -875,7 +874,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
|
|||
}
|
||||
|
||||
HANDLE
|
||||
create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
|
||||
create_token (cygsid &usersid, user_groups &new_groups)
|
||||
{
|
||||
NTSTATUS status;
|
||||
LSA_HANDLE lsa = NULL;
|
||||
|
|
@ -964,9 +963,9 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
|
|||
/* Create list of groups, the user is member in. */
|
||||
int auth_pos;
|
||||
if (new_groups.issetgroups ())
|
||||
get_setgroups_sidlist (tmp_gsids, usersid, pw, my_tok_gsids, new_groups,
|
||||
get_setgroups_sidlist (tmp_gsids, usersid, my_tok_gsids, new_groups,
|
||||
auth_luid, auth_pos);
|
||||
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid, pw,
|
||||
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid,
|
||||
my_tok_gsids, auth_luid, auth_pos))
|
||||
goto out;
|
||||
|
||||
|
|
@ -1037,7 +1036,7 @@ out:
|
|||
}
|
||||
|
||||
HANDLE
|
||||
lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
|
||||
lsaauth (cygsid &usersid, user_groups &new_groups)
|
||||
{
|
||||
cygsidlist tmp_gsids (cygsidlist_auto, 12);
|
||||
cygpsid pgrpsid;
|
||||
|
|
@ -1111,9 +1110,9 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
|
|||
/* Create list of groups, the user is member in. */
|
||||
int auth_pos;
|
||||
if (new_groups.issetgroups ())
|
||||
get_setgroups_sidlist (tmp_gsids, usersid, pw, NULL, new_groups, auth_luid,
|
||||
get_setgroups_sidlist (tmp_gsids, usersid, NULL, new_groups, auth_luid,
|
||||
auth_pos);
|
||||
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid, pw,
|
||||
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid,
|
||||
NULL, auth_luid, auth_pos))
|
||||
goto out;
|
||||
|
||||
|
|
|
|||
|
|
@ -457,15 +457,15 @@ int setacl (HANDLE, path_conv &, int, struct acl *, bool &);
|
|||
/* Set impersonation or restricted token. */
|
||||
void set_imp_token (HANDLE token, int type);
|
||||
/* Function creating a token by calling NtCreateToken. */
|
||||
HANDLE create_token (cygsid &usersid, user_groups &groups, struct passwd * pw);
|
||||
HANDLE create_token (cygsid &usersid, user_groups &groups);
|
||||
/* LSA authentication function. */
|
||||
HANDLE lsaauth (cygsid &, user_groups &, struct passwd *);
|
||||
HANDLE lsaauth (cygsid &, user_groups &);
|
||||
/* LSA private key storage authentication, same as when using service logons. */
|
||||
HANDLE lsaprivkeyauth (struct passwd *pw);
|
||||
/* Verify an existing token */
|
||||
bool verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern = NULL);
|
||||
/* Get groups of a user */
|
||||
bool get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw);
|
||||
bool get_server_groups (cygsidlist &grp_list, PSID usersid);
|
||||
|
||||
/* Extract U-domain\user field from passwd entry. */
|
||||
void extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user);
|
||||
|
|
|
|||
|
|
@ -3374,10 +3374,10 @@ seteuid32 (uid_t uid)
|
|||
if (!new_token)
|
||||
{
|
||||
debug_printf ("lsaprivkeyauth failed, try lsaauth.");
|
||||
if (!(new_token = lsaauth (usersid, groups, pw_new)))
|
||||
if (!(new_token = lsaauth (usersid, groups)))
|
||||
{
|
||||
debug_printf ("lsaauth failed, try create_token.");
|
||||
new_token = create_token (usersid, groups, pw_new);
|
||||
new_token = create_token (usersid, groups);
|
||||
if (new_token == INVALID_HANDLE_VALUE)
|
||||
{
|
||||
debug_printf ("create_token failed, bail out of here");
|
||||
|
|
|
|||
Loading…
Reference in New Issue