Commit cb124c9b authored by Rob Shearman's avatar Rob Shearman Committed by Alexandre Julliard

server: Add primitive support for setting and getting the security descriptor of…

server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions.
parent c1707d89
...@@ -39,7 +39,9 @@ extern const LUID SeManageVolumePrivilege; ...@@ -39,7 +39,9 @@ extern const LUID SeManageVolumePrivilege;
extern const LUID SeImpersonatePrivilege; extern const LUID SeImpersonatePrivilege;
extern const LUID SeCreateGlobalPrivilege; extern const LUID SeCreateGlobalPrivilege;
extern const PSID security_world_sid;
extern const PSID security_interactive_sid; extern const PSID security_interactive_sid;
extern const PSID security_local_system_sid;
/* token functions */ /* token functions */
...@@ -54,6 +56,17 @@ extern const ACL *token_get_default_dacl( struct token *token ); ...@@ -54,6 +56,17 @@ extern const ACL *token_get_default_dacl( struct token *token );
extern const SID *token_get_user( struct token *token ); extern const SID *token_get_user( struct token *token );
extern const SID *token_get_primary_group( struct token *token ); extern const SID *token_get_primary_group( struct token *token );
static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
{
return (const ACE_HEADER *)((const char *)ace + ace->AceSize);
}
static inline int security_equal_sid( const SID *sid1, const SID *sid2 )
{
return ((sid1->SubAuthorityCount == sid2->SubAuthorityCount) &&
!memcmp( sid1, sid2, FIELD_OFFSET(SID, SubAuthority[sid1->SubAuthorityCount]) ));
}
extern void security_set_thread_token( struct thread *thread, obj_handle_t handle ); extern void security_set_thread_token( struct thread *thread, obj_handle_t handle );
extern const SID *security_unix_uid_to_sid( uid_t uid ); extern const SID *security_unix_uid_to_sid( uid_t uid );
extern int check_object_access( struct object *obj, unsigned int *access ); extern int check_object_access( struct object *obj, unsigned int *access );
......
...@@ -70,11 +70,11 @@ static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, ...@@ -70,11 +70,11 @@ static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY },
static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } }; static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } };
static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } }; static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } }; static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
static const PSID security_world_sid = (PSID)&world_sid; const PSID security_world_sid = (PSID)&world_sid;
static const PSID security_local_sid = (PSID)&local_sid; static const PSID security_local_sid = (PSID)&local_sid;
const PSID security_interactive_sid = (PSID)&interactive_sid; const PSID security_interactive_sid = (PSID)&interactive_sid;
static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid; static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid;
static const PSID security_local_system_sid = (PSID)&local_system_sid; const PSID security_local_system_sid = (PSID)&local_system_sid;
static luid_t prev_luid_value = { 1000, 0 }; static luid_t prev_luid_value = { 1000, 0 };
...@@ -166,12 +166,6 @@ static SID *security_sid_alloc( const SID_IDENTIFIER_AUTHORITY *idauthority, int ...@@ -166,12 +166,6 @@ static SID *security_sid_alloc( const SID_IDENTIFIER_AUTHORITY *idauthority, int
return sid; return sid;
} }
static inline int security_equal_sid( const SID *sid1, const SID *sid2 )
{
return ((sid1->SubAuthorityCount == sid2->SubAuthorityCount) &&
!memcmp( sid1, sid2, FIELD_OFFSET(SID, SubAuthority[sid1->SubAuthorityCount]) ));
}
void security_set_thread_token( struct thread *thread, obj_handle_t handle ) void security_set_thread_token( struct thread *thread, obj_handle_t handle )
{ {
if (!handle) if (!handle)
...@@ -195,11 +189,6 @@ void security_set_thread_token( struct thread *thread, obj_handle_t handle ) ...@@ -195,11 +189,6 @@ void security_set_thread_token( struct thread *thread, obj_handle_t handle )
} }
} }
static const ACE_HEADER *ace_next( const ACE_HEADER *ace )
{
return (const ACE_HEADER *)((const char *)ace + ace->AceSize);
}
const SID *security_unix_uid_to_sid( uid_t uid ) const SID *security_unix_uid_to_sid( uid_t uid )
{ {
/* very simple mapping: either the current user or not the current user */ /* very simple mapping: either the current user or not the current user */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment