From 043878df18006f7243ae2547bcb0c9c43404fa82 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Fri, 6 Feb 2004 10:37:37 +0000
Subject: [PATCH] 	* uinfo.cc (cygheap_user::init): Use sec_user_nih to
 build a 	security descriptor. Set both the process and the default
 DACLs. 	* fork.cc (fork_parent): Use sec_none_nih security attributes.
 	* spawn.cc (spawn_guts): Ditto.

---
 winsup/cygwin/ChangeLog |  7 +++++++
 winsup/cygwin/fork.cc   |  6 ++----
 winsup/cygwin/spawn.cc  | 15 ++++----------
 winsup/cygwin/uinfo.cc  | 45 ++++++++++++++++-------------------------
 4 files changed, 30 insertions(+), 43 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index e467112f5..0aac1ab56 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,10 @@
+2004-02-06  Pierre Humblet <pierre.humblet@ieee.org>
+
+	* uinfo.cc (cygheap_user::init): Use sec_user_nih to build a
+	security descriptor. Set both the process and the default DACLs.
+	* fork.cc (fork_parent): Use sec_none_nih security attributes.
+	* spawn.cc (spawn_guts): Ditto.
+
 2004-02-05  Christopher Faylor  <cgf@redhat.com>
 
 	* cygwin.din: Make many more functions SIGFE.
diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc
index 681675a62..8a5e5bfa0 100644
--- a/winsup/cygwin/fork.cc
+++ b/winsup/cygwin/fork.cc
@@ -456,8 +456,6 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
  out:
 #endif
 
-  char sa_buf[1024];
-  PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf);
   syscall_printf ("CreateProcess (%s, %s, 0, 0, 1, %x, 0, 0, %p, %p)",
 		  myself->progname, myself->progname, c_flags, &si, &pi);
   __malloc_lock ();
@@ -465,8 +463,8 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
   newheap = cygheap_setup_for_child (&ch, cygheap->fdtab.need_fixup_before ());
   rc = CreateProcess (myself->progname, /* image to run */
 		      myself->progname, /* what we send in arg0 */
-		      sec_attribs,
-		      sec_attribs,
+		      &sec_none_nih,
+		      &sec_none_nih,
 		      TRUE,	  /* inherit handles from parent */
 		      c_flags,
 		      NULL,	  /* environment filled in later */
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index e5246b8d0..bfb94bd4b 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -639,8 +639,6 @@ spawn_guts (const char * prog_arg, const char *const *argv,
   syscall_printf ("null_app_name %d (%s, %.9500s)", null_app_name, runpath, one_line.buf);
 
   void *newheap;
-  /* Preallocated buffer for `sec_user' call */
-  char sa_buf[1024];
 
   cygbench ("spawn-guts");
 
@@ -656,14 +654,13 @@ spawn_guts (const char * prog_arg, const char *const *argv,
 	  && cygheap->user.saved_gid == cygheap->user.real_gid
 	  && !cygheap->user.groups.issetgroups ()))
     {
-      PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf);
       ciresrv.moreinfo->envp = build_env (envp, envblock, ciresrv.moreinfo->envc,
 					  real_path.iscygexec ());
       newheap = cygheap_setup_for_child (&ciresrv, cygheap->fdtab.need_fixup_before ());
       rc = CreateProcess (runpath,	/* image name - with full path */
 			  one_line.buf,	/* what was passed to exec */
-			  sec_attribs,	/* process security attrs */
-			  sec_attribs,	/* thread security attrs */
+			  &sec_none_nih,/* process security attrs */
+			  &sec_none_nih,/* thread security attrs */
 			  TRUE,		/* inherit handles from parent */
 			  flags,
 			  envblock,	/* environment */
@@ -673,14 +670,10 @@ spawn_guts (const char * prog_arg, const char *const *argv,
     }
   else
     {
-      PSID sid = cygheap->user.sid ();
       /* Give access to myself */
       if (mode == _P_OVERLAY)
 	myself.set_acl();
 
-      /* Set security attributes with sid */
-      PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);
-
       /* allow the child to interact with our window station/desktop */
       HANDLE hwst, hdsk;
       SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
@@ -704,8 +697,8 @@ spawn_guts (const char * prog_arg, const char *const *argv,
       rc = CreateProcessAsUser (cygheap->user.token (),
 		       runpath,		/* image name - with full path */
 		       one_line.buf,	/* what was passed to exec */
-		       sec_attribs,     /* process security attrs */
-		       sec_attribs,     /* thread security attrs */
+		       &sec_none_nih,   /* process security attrs */
+		       &sec_none_nih,   /* thread security attrs */
 		       TRUE,		/* inherit handles from parent */
 		       flags,
 		       envblock,	/* environment */
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 81dd7f4f9..62ed0f207 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -46,8 +46,7 @@ cygheap_user::init ()
 
   HANDLE ptok;
   DWORD siz;
-  char pdacl_buf [sizeof (PTOKEN_DEFAULT_DACL) + ACL_DEFAULT_SIZE];
-  PTOKEN_DEFAULT_DACL pdacl = (PTOKEN_DEFAULT_DACL) pdacl_buf;
+  PSECURITY_DESCRIPTOR psd;
 
   if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
 			 &ptok))
@@ -70,34 +69,24 @@ cygheap_user::init ()
   if (!SetTokenInformation (ptok, TokenOwner, &effec_cygsid, sizeof (cygsid)))
     debug_printf ("SetTokenInformation(TokenOwner): %E");
 
-  /* Add the user in the default DACL if needed */
-  if (!GetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (pdacl_buf), &siz))
-    system_printf ("GetTokenInformation (TokenDefaultDacl): %E");
-  else if (pdacl->DefaultDacl) /* Running with security */
-    {
-      PACL pAcl = pdacl->DefaultDacl;
-      PACCESS_ALLOWED_ACE pAce;
+  /* Standard way to build a security descriptor with the usual DACL */
+  char sa_buf[1024];
+  psd = (PSECURITY_DESCRIPTOR) (sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
 
-      for (int i = 0; i < pAcl->AceCount; i++)
-        {
-	  if (!GetAce (pAcl, i, (LPVOID *) &pAce))
-	    system_printf ("GetAce: %E");
-	  else if (pAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE
-		   && effec_cygsid == &pAce->SidStart)
-	    goto out;
-	}
-      pAcl->AclSize = &pdacl_buf[sizeof (pdacl_buf)] - (char *) pAcl;
-      if (!AddAccessAllowedAce (pAcl, ACL_REVISION, GENERIC_ALL, effec_cygsid))
-	system_printf ("AddAccessAllowedAce: %E");
-      else if (FindFirstFreeAce (pAcl, (LPVOID *) &pAce), !(pAce))
-	debug_printf ("FindFirstFreeAce %E");
-      else
-        {
-          pAcl->AclSize = (char *) pAce - (char *) pAcl;
-	  if (!SetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (* pdacl)))
-	    system_printf ("SetTokenInformation (TokenDefaultDacl): %E");
-        }
+  BOOL acl_exists, dummy;
+  TOKEN_DEFAULT_DACL dacl;
+  if (GetSecurityDescriptorDacl (psd, &acl_exists, 
+				 &dacl.DefaultDacl, &dummy)
+      && acl_exists && dacl.DefaultDacl)
+    {
+      /* Set the default DACL and the process DACL */
+      if (!SetTokenInformation (ptok, TokenDefaultDacl, &dacl, sizeof (dacl)))
+	system_printf ("SetTokenInformation (TokenDefaultDacl): %E");
+      if (!SetKernelObjectSecurity (hMainProc, DACL_SECURITY_INFORMATION, psd))
+	system_printf ("SetKernelObjectSecurity: %E");
     }
+  else
+    system_printf("Cannot get dacl: %E");
  out:
   CloseHandle (ptok);
 }