Re: Name aliasing in security.cc
Corinna Vinschen wrote: > You're right but it doesn't matter since I have to open the token > anyway since I need the primary group which isn't available at that > point. Never mind. I now understand what you mean. Still the whole thing (uinfo, passwd, grp) can probably be optimized. Pierre
Re: Name aliasing in security.cc
On Thu, Jun 06, 2002 at 10:47:58AM -0400, Pierre A. Humblet wrote: > Corinna Vinschen wrote: > > > You're right but it doesn't matter since I have to open the token > > anyway since I need the primary group which isn't available at that > > point. > > Yes, but you open, read and close it and passwd.cc, and then open, read > and close it in grp.cc. Yeah, that's true. I don't think it slows down the startup as much as reading passwd and group files, though. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc.
Re: Name aliasing in security.cc
Corinna Vinschen wrote: > You're right but it doesn't matter since I have to open the token > anyway since I need the primary group which isn't available at that > point. Yes, but you open, read and close it and passwd.cc, and then open, read and close it in grp.cc. > It's faster than strcasecmp. Thanks, I will use it instead. Pierre
Re: Name aliasing in security.cc
On Thu, Jun 06, 2002 at 10:07:46AM -0400, Pierre A. Humblet wrote: > Corinna Vinschen wrote: > > > > On Wed, Jun 05, 2002 at 08:23:59PM -0400, Pierre A. Humblet wrote: > > > I saw the changes in grp.cc and passwd.cc where you make default > > > entries from the token. That's a good idea, very close to what I had > > > in mind for the "except" clause" in suggestion c) above. > > Corinna, > > Something came to my mind last night: the sid that your new code in > passwd.cc gets from the token should already be in user.sid (and > user.orig_sid). Why not get it from there instead? You're right but it doesn't matter since I have to open the token anyway since I need the primary group which isn't available at that point. > I also have a question: why does internal Cygwin code use > strcasematch() instead of !strcasecmp()? I (ignorantly) used > strcasecmp() recently, it seems to work. It's faster than strcasecmp. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc.
Re: Name aliasing in security.cc
Corinna Vinschen wrote: > > On Wed, Jun 05, 2002 at 08:23:59PM -0400, Pierre A. Humblet wrote: > > I saw the changes in grp.cc and passwd.cc where you make default > > entries from the token. That's a good idea, very close to what I had > > in mind for the "except" clause" in suggestion c) above. Corinna, Something came to my mind last night: the sid that your new code in passwd.cc gets from the token should already be in user.sid (and user.orig_sid). Why not get it from there instead? I also have a question: why does internal Cygwin code use strcasematch() instead of !strcasecmp()? I (ignorantly) used strcasecmp() recently, it seems to work. Pierre
Re: Name aliasing in security.cc
On Wed, Jun 05, 2002 at 08:23:59PM -0400, Pierre A. Humblet wrote: > I saw the changes in grp.cc and passwd.cc where you make default > entries from the token. That's a good idea, very close to what I had > in mind for the "except" clause" in suggestion c) above. > > At any rate this doesn't favor keeping lookup_name() and using it > up only in alloc_sd(). So you could still apply my patches, even if > you want to move from b) to the direction of c). Ok, applied. > >However, I think calling lookup_name in internal_getlogin() is > >somewhat useless. > I agree. My patches remove it, but replace it with something similar. > I will remove it later if you apply them. > > By the way, your ChangeLog entry is missing "* passwd.cc " :) :) :) Thanks, I've fixed that. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc.
Re: Name aliasing in security.cc
At 02:02 PM 6/5/2002 +0200, Corinna Vinschen wrote: >> At 07:06 PM 6/3/2002 +0200, Corinna Vinschen wrote: >> >On Thu, May 30, 2002 at 09:57:40PM -0400, Pierre A. Humblet wrote: >> >> a) keep lookup_name() as it is? >> >> b) remove it entirely? >> >> c) call it whenever a SID is missing from a passwd/group entry, using >> >> user independent search rules (except if a user looks up itself)? >> > >> >I think b) is the way to go. IMHO we should deprecate using ntsec >> >w/o SID in the passwd/group files. >> >would you mind to look over that again? I've just rearranged reading >passwd and group files and found an easy method to have useful passwd >and group info including SIDs even if both files are unavailable. Hello Corinna, I saw the changes in grp.cc and passwd.cc where you make default entries from the token. That's a good idea, very close to what I had in mind for the "except" clause" in suggestion c) above. At any rate this doesn't favor keeping lookup_name() and using it up only in alloc_sd(). So you could still apply my patches, even if you want to move from b) to the direction of c). >However, I think calling lookup_name in internal_getlogin() is >somewhat useless. I agree. My patches remove it, but replace it with something similar. I will remove it later if you apply them. By the way, your ChangeLog entry is missing "* passwd.cc " :) :) :) Pierre
Re: Name aliasing in security.cc
On Wed, Jun 05, 2002 at 02:02:51PM +0200, cygpatch wrote: > However, I think calling lookup_name is somewhat useless. If a process ^^^ from internal_getlogin() > can't read it's own token, something's really broken (and this is > in retrospect the reason you investigated in changing the security > stuff). Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc.
Re: Name aliasing in security.cc
On Mon, Jun 03, 2002 at 10:31:30PM -0400, Pierre A. Humblet wrote: > At 07:06 PM 6/3/2002 +0200, Corinna Vinschen wrote: > >On Thu, May 30, 2002 at 09:57:40PM -0400, Pierre A. Humblet wrote: > >> a) keep lookup_name() as it is? > >> b) remove it entirely? > > > >I think b) is the way to go. IMHO we should deprecate using ntsec > >w/o SID in the passwd/group files. > > Here it is. Lots of trivial changes. Tested by running chown. Hi Pierre, would you mind to look over that again? I've just rearranged reading passwd and group files and found an easy method to have useful passwd and group info including SIDs even if both files are unavailable. This slightly changes the way we could handle that situation. We're not necessarily requiring these files for a working ntsec now and AFAICS, this results in a different state of the lookup_name function. However, I think calling lookup_name is somewhat useless. If a process can't read it's own token, something's really broken (and this is in retrospect the reason you investigated in changing the security stuff). I'm sorry to step in that late. I hope you're not too frustrated... Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc.
Re: Name aliasing in security.cc
At 07:06 PM 6/3/2002 +0200, Corinna Vinschen wrote:
>On Thu, May 30, 2002 at 09:57:40PM -0400, Pierre A. Humblet wrote:
>> a) keep lookup_name() as it is?
>> b) remove it entirely?
>
>I think b) is the way to go. IMHO we should deprecate using ntsec
>w/o SID in the passwd/group files.
Here it is. Lots of trivial changes. Tested by running chown.
Pierre
2002-06-03 Pierre Humblet <[EMAIL PROTECTED]>
* sec_helper.cc (lookup_name): Suppress.
* security.cc (alloc_sd): Remove logsrv argument.
Remove two calls to lookup_name.
(set_security_attribute): Remove logsrv argument.
Remove logsrv argument in call to alloc_sd.
(set_nt_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_security_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_nt_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_file_attribute.
* syscalls.cc (chown_worker): Remove logserver argument in
call to set_file_attribute.
(chmod): Ditto.
* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
* uinfo.cc (internal_getlogin): Replace calls to
lookup_name by call to LookupAccountName.
* security.h: Remove logsrv in declarations of set_file_attribute
and alloc_sd. Remove declaration of lookup_name.
--- sec_helper.cc.orig 2002-06-03 18:20:48.0 -0400
+++ sec_helper.cc 2002-06-03 18:27:30.0 -0400
@@ -266,6 +266,7 @@
return grp_member;
}
+#if 0 // unused
#define SIDLEN (sidlen = MAX_SID_LEN, &sidlen)
#define DOMLEN (domlen = INTERNET_MAX_HOST_NAME_LENGTH, &domlen)
@@ -334,6 +335,7 @@
#undef SIDLEN
#undef DOMLEN
+#endif //unused
int
set_process_privilege (const char *privilege, BOOL enable)
--- security.cc.orig2002-06-03 18:20:48.0 -0400
+++ security.cc 2002-06-03 18:51:12.0 -0400
@@ -1353,7 +1353,7 @@
}
PSECURITY_DESCRIPTOR
-alloc_sd (__uid32_t uid, __gid32_t gid, const char *logsrv, int attribute,
+alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret)
{
BOOL dummy;
@@ -1372,8 +1372,7 @@
cygsid owner_sid;
struct passwd *pw = getpwuid32 (uid);
strcpy (owner, pw ? pw->pw_name : getlogin ());
- if ((!pw || !owner_sid.getfrompw (pw))
- && !lookup_name (owner, logsrv, owner_sid))
+ if (!pw || !owner_sid.getfrompw (pw))
return NULL;
debug_printf ("owner: %s [%d]", owner,
*GetSidSubAuthority(owner_sid,
@@ -1384,8 +1383,7 @@
struct __group32 *grp = getgrgid32 (gid);
if (grp)
{
- if ((!grp || !group_sid.getfromgr (grp))
- && !lookup_name (grp->gr_name, logsrv, group_sid))
+ if (!grp || !group_sid.getfromgr (grp))
return NULL;
}
else
@@ -1616,14 +1614,13 @@
InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)sd_buf,
SECURITY_DESCRIPTOR_REVISION);
psa->lpSecurityDescriptor = alloc_sd (geteuid32 (), getegid32 (),
- cygheap->user.logsrv (),
attribute, (PSECURITY_DESCRIPTOR)sd_buf,
&sd_buf_size);
}
static int
set_nt_attribute (const char *file, __uid32_t uid, __gid32_t gid,
- const char *logsrv, int attribute)
+ int attribute)
{
if (!wincap.has_security ())
return 0;
@@ -1640,7 +1637,7 @@
}
sd_size = 4096;
- if (!(psd = alloc_sd (uid, gid, logsrv, attribute, psd, &sd_size)))
+ if (!(psd = alloc_sd (uid, gid, attribute, psd, &sd_size)))
return -1;
return write_sd (file, psd, sd_size);
@@ -1649,12 +1646,12 @@
int
set_file_attribute (int use_ntsec, const char *file,
__uid32_t uid, __gid32_t gid,
- int attribute, const char *logsrv)
+ int attribute)
{
int ret = 0;
if (use_ntsec && allow_ntsec)
-ret = set_nt_attribute (file, uid, gid, logsrv, attribute);
+ret = set_nt_attribute (file, uid, gid, attribute);
else if (allow_ntea && !NTWriteEA (file, ".UNIXATTR", (char *) &attribute,
sizeof (attribute)))
{
@@ -1671,5 +1668,5 @@
{
return set_file_attribute (use_ntsec, file,
myself->uid, myself->gid,
-attribute, cygheap->user.logsrv ());
+attribute);
}
--- security.h.orig 2002-06-03 18:20:50.0 -0400
+++ security.h 2002-06-03 19:59:46.0 -0400
@@ -168,7 +168,7 @@
int __stdcall get_file_attribute (int, const char *, int *,
__uid32_t * = NULL, __gid32_t * = NULL);
int __stdcall set_file_attribute (int, const char *, int);
-int __stdcall set_file_attribute (int, const char *, __uid32_t, __gid32_t, int, const
char *);
Re: Name aliasing in security.cc
On Thu, May 30, 2002 at 09:57:40PM -0400, Pierre A. Humblet wrote: > a) keep lookup_name() as it is? > b) remove it entirely? > c) call it whenever a SID is missing from a passwd/group entry, using > user independent search rules (except if a user looks up itself)? I think b) is the way to go. IMHO we should deprecate using ntsec w/o SID in the passwd/group files. > 2002-05-30 Pierre Humblet <[EMAIL PROTECTED]> > > * security.cc (lsa2wchar): Suppressed. > (get_lsa_srv_inf): Suppressed. > (get_logon_server_and_user_domain): Suppressed. > (get_logon_server): Essentially new. > (get_user_groups): Add "domain" argument. Only lookup the > designated server and use "domain" in LookupAccountName. > (is_group_member): Simplify the arguments. > (get_user_local_groups): Simplify the arguments. Do only a > local lookup. Use "BUILTIN" and local domain in LookupAccountName. > (get_user_primary_group). Only lookup the designated server. > (get_group_sidlist): Remove logonserver argument. Do not lookup > any server for the SYSTEM account. > (create_token): Delete logonserver and call to get_logon_server. > Adjust arguments of get_group_sidlist, see above. > * security.h: Delete declaration of get_logon_server_and_user_domain > and add declaration of get_logon_server. > * uinfo.cc (internal_get_login): Call get_logon_server instead of > get_logon_server_and_user_domain. Applied. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc.
