2nd ntsec patches, take two.

Sat Apr 5 23:28:00 GMT 2003

2003-04-05  Pierre Humblet  <pierre.humblet@ieee.org>

	* main.cc (set_default_sec): Set token owner from token user.
	Always try to set the token primary group to Users or Admins.
-------------- next part --------------
Index: main.cc
===================================================================
RCS file: /cvs/cygwin-apps/setup/main.cc,v
retrieving revision 2.26
diff -u -p -r2.26 main.cc

--- main.cc	2 Apr 2003 14:26:27 -0000	2.26
+++ main.cc	3 Apr 2003 16:58:44 -0000
@@ -220,18 +220,11 @@ private:
   Setup::SIDWrapper everyOneSID, administratorsSID, usid;
   Setup::HANDLEWrapper token;
   bool failed_;
-  struct GroupInfo {
-    GroupInfo() : failed_ (false) {}
-    void get(Setup::HANDLEWrapper &token);
-    bool failed() const {return failed_;}
-    void fail() { failed_ = true; }
-    struct {
-      PSID psid;
-      char buf[MAX_SID_LEN];
-    } gsid;
-    DWORD size;
-    bool failed_;
-  } primaryGroupInfo;
+  struct {
+    PSID psid;
+    char buf[MAX_SID_LEN];
+  } osid;
+  DWORD size;
 };

 void
@@ -338,16 +331,6 @@ NTSecurity::setDefaultDACL ()
 }

 void
-NTSecurity::GroupInfo::get(Setup::HANDLEWrapper &token)
-{
-  if (!GetTokenInformation (token.theHANDLE(), TokenPrimaryGroup, &gsid, sizeof gsid, &size))
-    {
-      NoteFailedAPI ("GetTokenInformation");
-      fail();
-    }
-}
-
-void
 NTSecurity::setDefaultSecurity ()
 {

@@ -355,42 +338,20 @@ NTSecurity::setDefaultSecurity ()
   if (failed())
     return;

-  primaryGroupInfo.get(token);
-  if (primaryGroupInfo.failed())
-    return;
-
-  /* Get the computer name */
-  char compname[MAX_COMPUTERNAME_LENGTH + 1];
-  DWORD size = sizeof (compname);
-  if (!GetComputerName (compname, &size))
+  /* Get the user */
+  if (!GetTokenInformation (token.theHANDLE(), TokenUser, &osid,
+			    sizeof osid, &size))
     {
-      NoteFailedAPI("GetComputerName");
+      NoteFailedAPI("GetTokenInformation");
       return;
     }
-
-  /* Get the local domain SID */
-  SID_NAME_USE use;
-  char domain[MAX_COMPUTERNAME_LENGTH + 1];
-  char lsid[MAX_SID_LEN];
-  size = sizeof (lsid);
-  DWORD sz = sizeof (domain);
-  if (!LookupAccountName (NULL, compname, lsid, &size,
-			  domain, &sz, &use))
+  /* Make it the owner */
+  if (!SetTokenInformation (token.theHANDLE(), TokenOwner, &osid,
+			    sizeof osid))
     {
-      NoteFailedAPI("LookupAccountName");
+      NoteFailedAPI("SetTokenInformation");
       return;
     }
-  /* Create the None SID from the domain SID.
-     On NT the last subauthority of a domain is -1 and it is replaced by the RID.
-     On other systems the RID is appended. */
-  sz = *GetSidSubAuthorityCount (lsid);
-  if (*GetSidSubAuthority (lsid, sz -1) != (DWORD) -1)
-    *GetSidSubAuthorityCount (lsid) = ++sz;
-  *GetSidSubAuthority (lsid, sz -1) = DOMAIN_GROUP_RID_USERS;
-
-  /* See if the group is None */
-  if (!EqualSid (primaryGroupInfo.gsid.psid, lsid))
-    return;

   SID_IDENTIFIER_AUTHORITY sid_auth;
   sid_auth = (SID_IDENTIFIER_AUTHORITY) { SECURITY_NT_AUTHORITY };
