Rob Shearman : server: Add a simple mapping from Unix uids to NT SIDs.
Alexandre Julliard
julliard at winehq.org
Thu Oct 4 06:21:20 CDT 2007
Module: wine
Branch: master
Commit: 8184bcc91a506a16923a9b98578ee8ebbb82e412
URL: http://source.winehq.org/git/wine.git/?a=commit;h=8184bcc91a506a16923a9b98578ee8ebbb82e412
Author: Rob Shearman <rob at codeweavers.com>
Date: Wed Oct 3 13:09:33 2007 +0100
server: Add a simple mapping from Unix uids to NT SIDs.
---
server/security.h | 1 +
server/token.c | 15 ++++++++++++---
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/server/security.h b/server/security.h
index 88b437d..74ff2bb 100644
--- a/server/security.h
+++ b/server/security.h
@@ -55,6 +55,7 @@ extern const SID *token_get_user( struct token *token );
extern const SID *token_get_primary_group( struct token *token );
extern void security_set_thread_token( struct thread *thread, obj_handle_t handle );
+extern const SID *security_unix_uid_to_sid( uid_t uid );
extern int check_object_access( struct object *obj, unsigned int *access );
static inline int thread_single_check_privilege( struct thread *thread, const LUID *priv)
diff --git a/server/token.c b/server/token.c
index 00cd6db..892fbab 100644
--- a/server/token.c
+++ b/server/token.c
@@ -26,6 +26,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
+#include <unistd.h>
#include "ntstatus.h"
#define WIN32_NO_STATUS
@@ -66,6 +67,7 @@ const LUID SeCreateGlobalPrivilege = { 30, 0 };
static const SID world_sid = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } };
static const SID local_sid = { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } };
static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } };
+static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } };
static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
static const PSID security_world_sid = (PSID)&world_sid;
@@ -196,6 +198,15 @@ static const ACE_HEADER *ace_next( const ACE_HEADER *ace )
return (const ACE_HEADER *)((const char *)ace + ace->AceSize);
}
+const SID *security_unix_uid_to_sid( uid_t uid )
+{
+ /* very simple mapping: either the current user or not the current user */
+ if (uid == getuid())
+ return &interactive_sid;
+ else
+ return &anonymous_logon_sid;
+}
+
static int acl_is_valid( const ACL *acl, data_size_t size )
{
ULONG i;
@@ -639,9 +650,7 @@ struct token *token_create_admin( void )
{ logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
};
static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
- /* note: we just set the user sid to be the interactive builtin sid -
- * we should really translate the UNIX user id to a sid */
- token = create_token( TRUE, &interactive_sid,
+ token = create_token( TRUE, security_unix_uid_to_sid( getuid() ),
admin_groups, sizeof(admin_groups)/sizeof(admin_groups[0]),
admin_privs, sizeof(admin_privs)/sizeof(admin_privs[0]),
default_dacl, admin_source, NULL, -1 );
More information about the wine-cvs
mailing list