2nd ntsec patches, take two.
Pierre A. Humblet
Pierre.Humblet@ieee.org
Sat Apr 5 23:28:00 GMT 2003
2003-04-05 Pierre Humblet <pierre.humblet@ieee.org>
* main.cc (set_default_sec): Set token owner from token user.
Always try to set the token primary group to Users or Admins.
-------------- next part --------------
Index: main.cc
===================================================================
RCS file: /cvs/cygwin-apps/setup/main.cc,v
retrieving revision 2.26
diff -u -p -r2.26 main.cc
--- main.cc 2 Apr 2003 14:26:27 -0000 2.26
+++ main.cc 3 Apr 2003 16:58:44 -0000
@@ -220,18 +220,11 @@ private:
Setup::SIDWrapper everyOneSID, administratorsSID, usid;
Setup::HANDLEWrapper token;
bool failed_;
- struct GroupInfo {
- GroupInfo() : failed_ (false) {}
- void get(Setup::HANDLEWrapper &token);
- bool failed() const {return failed_;}
- void fail() { failed_ = true; }
- struct {
- PSID psid;
- char buf[MAX_SID_LEN];
- } gsid;
- DWORD size;
- bool failed_;
- } primaryGroupInfo;
+ struct {
+ PSID psid;
+ char buf[MAX_SID_LEN];
+ } osid;
+ DWORD size;
};
void
@@ -338,16 +331,6 @@ NTSecurity::setDefaultDACL ()
}
void
-NTSecurity::GroupInfo::get(Setup::HANDLEWrapper &token)
-{
- if (!GetTokenInformation (token.theHANDLE(), TokenPrimaryGroup, &gsid, sizeof gsid, &size))
- {
- NoteFailedAPI ("GetTokenInformation");
- fail();
- }
-}
-
-void
NTSecurity::setDefaultSecurity ()
{
@@ -355,42 +338,20 @@ NTSecurity::setDefaultSecurity ()
if (failed())
return;
- primaryGroupInfo.get(token);
- if (primaryGroupInfo.failed())
- return;
-
- /* Get the computer name */
- char compname[MAX_COMPUTERNAME_LENGTH + 1];
- DWORD size = sizeof (compname);
- if (!GetComputerName (compname, &size))
+ /* Get the user */
+ if (!GetTokenInformation (token.theHANDLE(), TokenUser, &osid,
+ sizeof osid, &size))
{
- NoteFailedAPI("GetComputerName");
+ NoteFailedAPI("GetTokenInformation");
return;
}
-
- /* Get the local domain SID */
- SID_NAME_USE use;
- char domain[MAX_COMPUTERNAME_LENGTH + 1];
- char lsid[MAX_SID_LEN];
- size = sizeof (lsid);
- DWORD sz = sizeof (domain);
- if (!LookupAccountName (NULL, compname, lsid, &size,
- domain, &sz, &use))
+ /* Make it the owner */
+ if (!SetTokenInformation (token.theHANDLE(), TokenOwner, &osid,
+ sizeof osid))
{
- NoteFailedAPI("LookupAccountName");
+ NoteFailedAPI("SetTokenInformation");
return;
}
- /* Create the None SID from the domain SID.
- On NT the last subauthority of a domain is -1 and it is replaced by the RID.
- On other systems the RID is appended. */
- sz = *GetSidSubAuthorityCount (lsid);
- if (*GetSidSubAuthority (lsid, sz -1) != (DWORD) -1)
- *GetSidSubAuthorityCount (lsid) = ++sz;
- *GetSidSubAuthority (lsid, sz -1) = DOMAIN_GROUP_RID_USERS;
-
- /* See if the group is None */
- if (!EqualSid (primaryGroupInfo.gsid.psid, lsid))
- return;
SID_IDENTIFIER_AUTHORITY sid_auth;
sid_auth = (SID_IDENTIFIER_AUTHORITY) { SECURITY_NT_AUTHORITY };
More information about the Cygwin-apps
mailing list