* dir.cc (mkdir): Use local security_descriptor. Call
set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
This commit is contained in:
@@ -49,11 +49,9 @@ searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UI
|
||||
static int
|
||||
setacl (const char *file, int nentries, __aclent32_t *aclbufp)
|
||||
{
|
||||
DWORD sd_size = 4096;
|
||||
char sd_buf[4096];
|
||||
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
|
||||
security_descriptor sd_ret;
|
||||
|
||||
if (read_sd (file, psd, &sd_size) <= 0)
|
||||
if (read_sd (file, sd_ret) <= 0)
|
||||
{
|
||||
debug_printf ("read_sd %E");
|
||||
return -1;
|
||||
@@ -63,7 +61,7 @@ setacl (const char *file, int nentries, __aclent32_t *aclbufp)
|
||||
|
||||
/* Get owner SID. */
|
||||
PSID owner_sid;
|
||||
if (!GetSecurityDescriptorOwner (psd, &owner_sid, &dummy))
|
||||
if (!GetSecurityDescriptorOwner (sd_ret, &owner_sid, &dummy))
|
||||
{
|
||||
__seterrno ();
|
||||
return -1;
|
||||
@@ -72,7 +70,7 @@ setacl (const char *file, int nentries, __aclent32_t *aclbufp)
|
||||
|
||||
/* Get group SID. */
|
||||
PSID group_sid;
|
||||
if (!GetSecurityDescriptorGroup (psd, &group_sid, &dummy))
|
||||
if (!GetSecurityDescriptorGroup (sd_ret, &group_sid, &dummy))
|
||||
{
|
||||
__seterrno ();
|
||||
return -1;
|
||||
@@ -206,21 +204,21 @@ setacl (const char *file, int nentries, __aclent32_t *aclbufp)
|
||||
__seterrno ();
|
||||
return -1;
|
||||
}
|
||||
/* Make self relative security descriptor in psd. */
|
||||
sd_size = 0;
|
||||
MakeSelfRelativeSD (&sd, psd, &sd_size);
|
||||
/* Make self relative security descriptor in sd_ret. */
|
||||
DWORD sd_size = 0;
|
||||
MakeSelfRelativeSD (&sd, sd_ret, &sd_size);
|
||||
if (sd_size <= 0)
|
||||
{
|
||||
__seterrno ();
|
||||
return -1;
|
||||
}
|
||||
if (!MakeSelfRelativeSD (&sd, psd, &sd_size))
|
||||
if (!MakeSelfRelativeSD (&sd, sd_ret, &sd_size))
|
||||
{
|
||||
__seterrno ();
|
||||
return -1;
|
||||
}
|
||||
debug_printf ("Created SD-Size: %d", sd_size);
|
||||
return write_sd (file, psd, sd_size);
|
||||
debug_printf ("Created SD-Size: %d", sd_ret.size ());
|
||||
return write_sd (file, sd_ret);
|
||||
}
|
||||
|
||||
/* Temporary access denied bits */
|
||||
@@ -257,12 +255,10 @@ getace (__aclent32_t &acl, int type, int id, DWORD win_ace_mask,
|
||||
static int
|
||||
getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
|
||||
{
|
||||
DWORD sd_size = 4096;
|
||||
char sd_buf[4096];
|
||||
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
|
||||
security_descriptor sd;
|
||||
|
||||
int ret;
|
||||
if ((ret = read_sd (file, psd, &sd_size)) <= 0)
|
||||
if ((ret = read_sd (file, sd)) <= 0)
|
||||
{
|
||||
debug_printf ("read_sd %E");
|
||||
return ret;
|
||||
@@ -274,7 +270,7 @@ getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
|
||||
__uid32_t uid;
|
||||
__gid32_t gid;
|
||||
|
||||
if (!GetSecurityDescriptorOwner (psd, (PSID *) &owner_sid, &dummy))
|
||||
if (!GetSecurityDescriptorOwner (sd, (PSID *) &owner_sid, &dummy))
|
||||
{
|
||||
debug_printf ("GetSecurityDescriptorOwner %E");
|
||||
__seterrno ();
|
||||
@@ -282,7 +278,7 @@ getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
|
||||
}
|
||||
uid = owner_sid.get_uid ();
|
||||
|
||||
if (!GetSecurityDescriptorGroup (psd, (PSID *) &group_sid, &dummy))
|
||||
if (!GetSecurityDescriptorGroup (sd, (PSID *) &group_sid, &dummy))
|
||||
{
|
||||
debug_printf ("GetSecurityDescriptorGroup %E");
|
||||
__seterrno ();
|
||||
@@ -305,7 +301,7 @@ getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
|
||||
PACL acl;
|
||||
BOOL acl_exists;
|
||||
|
||||
if (!GetSecurityDescriptorDacl (psd, &acl_exists, &acl, &dummy))
|
||||
if (!GetSecurityDescriptorDacl (sd, &acl_exists, &acl, &dummy))
|
||||
{
|
||||
__seterrno ();
|
||||
debug_printf ("GetSecurityDescriptorDacl %E");
|
||||
|
Reference in New Issue
Block a user