2003-04-05 Pierre Humblet <[EMAIL PROTECTED]> * main.cc (set_default_sec): Set token owner from token user. Always try to set the token primary group to Users or Admins.
Index: main.cc =================================================================== RCS file: /cvs/cygwin-apps/setup/main.cc,v retrieving revision 2.26 diff -u -p -r2.26 main.cc --- main.cc 2 Apr 2003 14:26:27 -0000 2.26 +++ main.cc 3 Apr 2003 16:58:44 -0000 @@ -220,18 +220,11 @@ private: Setup::SIDWrapper everyOneSID, administratorsSID, usid; Setup::HANDLEWrapper token; bool failed_; - struct GroupInfo { - GroupInfo() : failed_ (false) {} - void get(Setup::HANDLEWrapper &token); - bool failed() const {return failed_;} - void fail() { failed_ = true; } - struct { - PSID psid; - char buf[MAX_SID_LEN]; - } gsid; - DWORD size; - bool failed_; - } primaryGroupInfo; + struct { + PSID psid; + char buf[MAX_SID_LEN]; + } osid; + DWORD size; };
void @@ -338,16 +331,6 @@ NTSecurity::setDefaultDACL () } void -NTSecurity::GroupInfo::get(Setup::HANDLEWrapper &token) -{ - if (!GetTokenInformation (token.theHANDLE(), TokenPrimaryGroup, &gsid, sizeof gsid, &size)) - { - NoteFailedAPI ("GetTokenInformation"); - fail(); - } -} - -void NTSecurity::setDefaultSecurity () { @@ -355,42 +338,20 @@ NTSecurity::setDefaultSecurity () if (failed()) return; - primaryGroupInfo.get(token); - if (primaryGroupInfo.failed()) - return; - - /* Get the computer name */ - char compname[MAX_COMPUTERNAME_LENGTH + 1]; - DWORD size = sizeof (compname); - if (!GetComputerName (compname, &size)) + /* Get the user */ + if (!GetTokenInformation (token.theHANDLE(), TokenUser, &osid, + sizeof osid, &size)) { - NoteFailedAPI("GetComputerName"); + NoteFailedAPI("GetTokenInformation"); return; } - - /* Get the local domain SID */ - SID_NAME_USE use; - char domain[MAX_COMPUTERNAME_LENGTH + 1]; - char lsid[MAX_SID_LEN]; - size = sizeof (lsid); - DWORD sz = sizeof (domain); - if (!LookupAccountName (NULL, compname, lsid, &size, - domain, &sz, &use)) + /* Make it the owner */ + if (!SetTokenInformation (token.theHANDLE(), TokenOwner, &osid, + sizeof osid)) { - NoteFailedAPI("LookupAccountName"); + NoteFailedAPI("SetTokenInformation"); return; } - /* Create the None SID from the domain SID. - On NT the last subauthority of a domain is -1 and it is replaced by the RID. - On other systems the RID is appended. */ - sz = *GetSidSubAuthorityCount (lsid); - if (*GetSidSubAuthority (lsid, sz -1) != (DWORD) -1) - *GetSidSubAuthorityCount (lsid) = ++sz; - *GetSidSubAuthority (lsid, sz -1) = DOMAIN_GROUP_RID_USERS; - - /* See if the group is None */ - if (!EqualSid (primaryGroupInfo.gsid.psid, lsid)) - return; SID_IDENTIFIER_AUTHORITY sid_auth; sid_auth = (SID_IDENTIFIER_AUTHORITY) { SECURITY_NT_AUTHORITY };