* advapi32.cc (InitializeAcl): Remove.
(AddAce): Remove. (FindFirstFreeAce): Remove. (GetAce): Remove. (InitializeSecurityDescriptor): Remove. (OpenProcessToken): Remove. * dcrt0.cc: Replace above functions throughout with their ntdll.dll equivalent. * fhandler_tty.cc: Ditto. * flock.cc: Ditto. * pinfo.cc: Ditto. Drop unnecessary error handling. * sec_acl.cc: Ditto. * sec_auth.cc: Ditto. * sec_helper.cc: Ditto. * security.cc: Ditto.
This commit is contained in:
		| @@ -1,3 +1,21 @@ | |||||||
|  | 2011-04-28  Corinna Vinschen  <corinna@vinschen.de> | ||||||
|  |  | ||||||
|  | 	* advapi32.cc (InitializeAcl): Remove. | ||||||
|  | 	(AddAce): Remove. | ||||||
|  | 	(FindFirstFreeAce): Remove. | ||||||
|  | 	(GetAce): Remove. | ||||||
|  | 	(InitializeSecurityDescriptor): Remove. | ||||||
|  | 	(OpenProcessToken): Remove. | ||||||
|  | 	* dcrt0.cc: Replace above functions throughout with their ntdll.dll | ||||||
|  | 	equivalent. | ||||||
|  | 	* fhandler_tty.cc: Ditto. | ||||||
|  | 	* flock.cc: Ditto. | ||||||
|  | 	* pinfo.cc: Ditto.  Drop unnecessary error handling. | ||||||
|  | 	* sec_acl.cc: Ditto. | ||||||
|  | 	* sec_auth.cc: Ditto. | ||||||
|  | 	* sec_helper.cc: Ditto. | ||||||
|  | 	* security.cc: Ditto. | ||||||
|  |  | ||||||
| 2011-04-28  Corinna Vinschen  <corinna@vinschen.de> | 2011-04-28  Corinna Vinschen  <corinna@vinschen.de> | ||||||
|  |  | ||||||
| 	* advapi32.cc (InitializeSid): Remove. | 	* advapi32.cc (InitializeSid): Remove. | ||||||
| @@ -6,7 +24,7 @@ | |||||||
| 	(GetSidSubAuthority): Remove. | 	(GetSidSubAuthority): Remove. | ||||||
| 	(GetSidSubAuthorityCount): Remove. | 	(GetSidSubAuthorityCount): Remove. | ||||||
| 	(GetSidIdentifierAuthority): Remove. | 	(GetSidIdentifierAuthority): Remove. | ||||||
| 	* fhandler_disk_file.cc: Remove above functions throughout with their | 	* fhandler_disk_file.cc: Replace above functions throughout with their | ||||||
| 	ntdll.dll equivalent. | 	ntdll.dll equivalent. | ||||||
| 	* sec_auth.cc: Ditto. | 	* sec_auth.cc: Ditto. | ||||||
| 	* sec_helper.cc: Ditto. | 	* sec_helper.cc: Ditto. | ||||||
|   | |||||||
| @@ -53,13 +53,6 @@ CopySid (DWORD len, PSID dest, PSID src) | |||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||||
| } | } | ||||||
|  |  | ||||||
| BOOL WINAPI |  | ||||||
| InitializeAcl (PACL acl, DWORD len, DWORD revision) |  | ||||||
| { |  | ||||||
|   NTSTATUS status = RtlCreateAcl (acl, len, revision); |  | ||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |  | ||||||
| } |  | ||||||
|  |  | ||||||
| BOOL WINAPI | BOOL WINAPI | ||||||
| AddAccessAllowedAce (PACL acl, DWORD revision, DWORD mask, PSID sid) | AddAccessAllowedAce (PACL acl, DWORD revision, DWORD mask, PSID sid) | ||||||
| { | { | ||||||
| @@ -74,34 +67,6 @@ AddAccessDeniedAce (PACL acl, DWORD revision, DWORD mask, PSID sid) | |||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||||
| } | } | ||||||
|  |  | ||||||
| BOOL WINAPI |  | ||||||
| AddAce (PACL acl, DWORD revision, DWORD index, LPVOID ace_list, DWORD len) |  | ||||||
| { |  | ||||||
|   NTSTATUS status = RtlAddAce (acl, revision, index, ace_list, len); |  | ||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |  | ||||||
| } |  | ||||||
|  |  | ||||||
| BOOL WINAPI |  | ||||||
| FindFirstFreeAce (PACL acl, LPVOID *ace) |  | ||||||
| { |  | ||||||
|   NTSTATUS status = RtlFirstFreeAce (acl, ace); |  | ||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |  | ||||||
| } |  | ||||||
|  |  | ||||||
| BOOL WINAPI |  | ||||||
| GetAce (PACL acl, DWORD index, LPVOID *ace) |  | ||||||
| { |  | ||||||
|   NTSTATUS status = RtlGetAce (acl, index, ace); |  | ||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |  | ||||||
| } |  | ||||||
|  |  | ||||||
| BOOL WINAPI |  | ||||||
| InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR sd, DWORD revision) |  | ||||||
| { |  | ||||||
|   NTSTATUS status = RtlCreateSecurityDescriptor (sd, revision); |  | ||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |  | ||||||
| } |  | ||||||
|  |  | ||||||
| BOOL WINAPI | BOOL WINAPI | ||||||
| MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd, | MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd, | ||||||
| 		    LPDWORD len) | 		    LPDWORD len) | ||||||
| @@ -156,13 +121,6 @@ SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def) | |||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||||
| } | } | ||||||
|  |  | ||||||
| BOOL WINAPI |  | ||||||
| OpenProcessToken (HANDLE process, DWORD access, PHANDLE tok) |  | ||||||
| { |  | ||||||
|   NTSTATUS status = NtOpenProcessToken (process, access, tok); |  | ||||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN |  | ||||||
| } |  | ||||||
|  |  | ||||||
| BOOL WINAPI | BOOL WINAPI | ||||||
| OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok) | OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok) | ||||||
| { | { | ||||||
|   | |||||||
| @@ -685,7 +685,7 @@ dll_crt0_0 () | |||||||
| 		   GetCurrentProcess (), &hMainThread, | 		   GetCurrentProcess (), &hMainThread, | ||||||
| 		   0, false, DUPLICATE_SAME_ACCESS); | 		   0, false, DUPLICATE_SAME_ACCESS); | ||||||
|  |  | ||||||
|   OpenProcessToken (GetCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken); |   NtOpenProcessToken (NtCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken); | ||||||
|   set_cygwin_privileges (hProcToken); |   set_cygwin_privileges (hProcToken); | ||||||
|  |  | ||||||
|   device::init (); |   device::init (); | ||||||
|   | |||||||
| @@ -529,7 +529,7 @@ fhandler_tty_slave::open (int flags, mode_t) | |||||||
|     /* Create security attribute.  Default permissions are 0620. */ |     /* Create security attribute.  Default permissions are 0620. */ | ||||||
|     security_descriptor sd; |     security_descriptor sd; | ||||||
|     sd.malloc (sizeof (SECURITY_DESCRIPTOR)); |     sd.malloc (sizeof (SECURITY_DESCRIPTOR)); | ||||||
|     InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); |     RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|     SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE }; |     SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE }; | ||||||
|     if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid, |     if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid, | ||||||
| 					  S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, | 					  S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, | ||||||
| @@ -1305,7 +1305,7 @@ fhandler_tty_slave::fchmod (mode_t mode) | |||||||
| 	goto errout; | 	goto errout; | ||||||
|     } |     } | ||||||
|   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); |   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); | ||||||
|   InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); |   RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|   if (!get_object_attribute (input_available_event, &uid, &gid, NULL) |   if (!get_object_attribute (input_available_event, &uid, &gid, NULL) | ||||||
|       && !create_object_sd_from_attribute (NULL, uid, gid, S_IFCHR | mode, sd)) |       && !create_object_sd_from_attribute (NULL, uid, gid, S_IFCHR | mode, sd)) | ||||||
|     ret = fch_set_sd (sd, false); |     ret = fch_set_sd (sd, false); | ||||||
| @@ -1334,7 +1334,7 @@ fhandler_tty_slave::fchown (__uid32_t uid, __gid32_t gid) | |||||||
| 	goto errout; | 	goto errout; | ||||||
|     } |     } | ||||||
|   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); |   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); | ||||||
|   InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); |   RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|   if (!get_object_attribute (input_available_event, &o_uid, &o_gid, &mode)) |   if (!get_object_attribute (input_available_event, &o_uid, &o_gid, &mode)) | ||||||
|     { |     { | ||||||
|       if ((uid == ILLEGAL_UID || uid == o_uid) |       if ((uid == ILLEGAL_UID || uid == o_uid) | ||||||
| @@ -1796,7 +1796,7 @@ fhandler_pty_master::setup (bool ispty) | |||||||
|  |  | ||||||
|   /* Create security attribute.  Default permissions are 0620. */ |   /* Create security attribute.  Default permissions are 0620. */ | ||||||
|   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); |   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); | ||||||
|   InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); |   RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|   if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid, |   if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid, | ||||||
| 					S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, | 					S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, | ||||||
| 					sd)) | 					sd)) | ||||||
|   | |||||||
| @@ -178,9 +178,10 @@ allow_others_to_sync () | |||||||
|       return; |       return; | ||||||
|     } |     } | ||||||
|   /* Set the size of the DACL correctly. */ |   /* Set the size of the DACL correctly. */ | ||||||
|   if (!FindFirstFreeAce (dacl, &ace)) |   status = RtlFirstFreeAce (dacl, &ace); | ||||||
|  |   if (!NT_SUCCESS (status)) | ||||||
|     { |     { | ||||||
|       debug_printf ("FindFirstFreeAce: %lu", GetLastError ()); |       debug_printf ("RtlFirstFreeAce: %p", status); | ||||||
|       return; |       return; | ||||||
|     } |     } | ||||||
|   dacl->AclSize = (char *) ace - (char *) dacl; |   dacl->AclSize = (char *) ace - (char *) dacl; | ||||||
|   | |||||||
| @@ -350,9 +350,8 @@ pinfo::set_acl() | |||||||
|  |  | ||||||
|   sec_acl (acl_buf, true, true, cygheap->user.sid (), |   sec_acl (acl_buf, true, true, cygheap->user.sid (), | ||||||
| 	   well_known_world_sid, FILE_MAP_READ); | 	   well_known_world_sid, FILE_MAP_READ); | ||||||
|   if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) |   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|     debug_printf ("InitializeSecurityDescriptor %E"); |   if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE)) | ||||||
|   else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE)) |  | ||||||
|     debug_printf ("SetSecurityDescriptorDacl %E"); |     debug_printf ("SetSecurityDescriptorDacl %E"); | ||||||
|   else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd))) |   else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd))) | ||||||
|     debug_printf ("NtSetSecurityObject %lx", status); |     debug_printf ("NtSetSecurityObject %lx", status); | ||||||
|   | |||||||
| @@ -21,6 +21,7 @@ details. */ | |||||||
| #include "fhandler.h" | #include "fhandler.h" | ||||||
| #include "dtable.h" | #include "dtable.h" | ||||||
| #include "cygheap.h" | #include "cygheap.h" | ||||||
|  | #include "ntdll.h" | ||||||
| #include "pwdgrp.h" | #include "pwdgrp.h" | ||||||
| #include "tls_pbuf.h" | #include "tls_pbuf.h" | ||||||
|  |  | ||||||
| @@ -68,11 +69,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, | |||||||
|  |  | ||||||
|   /* Initialize local security descriptor. */ |   /* Initialize local security descriptor. */ | ||||||
|   SECURITY_DESCRIPTOR sd; |   SECURITY_DESCRIPTOR sd; | ||||||
|   if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) |   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|     { |  | ||||||
|       __seterrno (); |  | ||||||
|       return -1; |  | ||||||
|     } |  | ||||||
|   if (!SetSecurityDescriptorOwner (&sd, owner, FALSE)) |   if (!SetSecurityDescriptorOwner (&sd, owner, FALSE)) | ||||||
|     { |     { | ||||||
|       __seterrno (); |       __seterrno (); | ||||||
| @@ -94,11 +91,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, | |||||||
|   struct __group32 *gr; |   struct __group32 *gr; | ||||||
|   int pos; |   int pos; | ||||||
|  |  | ||||||
|   if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) |   RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION); | ||||||
|     { |  | ||||||
|       __seterrno (); |  | ||||||
|       return -1; |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|   writable = false; |   writable = false; | ||||||
|  |  | ||||||
| @@ -332,7 +325,7 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp) | |||||||
| 	{ | 	{ | ||||||
| 	  ACCESS_ALLOWED_ACE *ace; | 	  ACCESS_ALLOWED_ACE *ace; | ||||||
|  |  | ||||||
| 	  if (!GetAce (acl, i, (PVOID *) &ace)) | 	  if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace))) | ||||||
| 	    continue; | 	    continue; | ||||||
|  |  | ||||||
| 	  cygpsid ace_sid ((PSID) &ace->SidStart); | 	  cygpsid ace_sid ((PSID) &ace->SidStart); | ||||||
|   | |||||||
| @@ -1019,7 +1019,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) | |||||||
| 	  + RtlLengthSid (well_known_admins_sid) | 	  + RtlLengthSid (well_known_admins_sid) | ||||||
| 	  + RtlLengthSid (well_known_system_sid); | 	  + RtlLengthSid (well_known_system_sid); | ||||||
|   dacl = (PACL) alloca (dsize); |   dacl = (PACL) alloca (dsize); | ||||||
|   if (!InitializeAcl (dacl, dsize, ACL_REVISION)) |   if (!NT_SUCCESS (RtlCreateAcl (dacl, dsize, ACL_REVISION))) | ||||||
|     goto out; |     goto out; | ||||||
|   if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, usersid)) |   if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, usersid)) | ||||||
|     goto out; |     goto out; | ||||||
|   | |||||||
| @@ -463,7 +463,7 @@ get_null_sd () | |||||||
|  |  | ||||||
|   if (!null_sdp) |   if (!null_sdp) | ||||||
|     { |     { | ||||||
|       InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); |       RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|       SetSecurityDescriptorDacl (&sd, TRUE, NULL, FALSE); |       SetSecurityDescriptorDacl (&sd, TRUE, NULL, FALSE); | ||||||
|       null_sdp = &sd; |       null_sdp = &sd; | ||||||
|     } |     } | ||||||
| @@ -488,6 +488,7 @@ init_global_security () | |||||||
| bool | bool | ||||||
| sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD access2) | sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD access2) | ||||||
| { | { | ||||||
|  |   NTSTATUS status; | ||||||
|   size_t acl_len = MAX_DACL_LEN (5); |   size_t acl_len = MAX_DACL_LEN (5); | ||||||
|   LPVOID pAce; |   LPVOID pAce; | ||||||
|   cygpsid psid; |   cygpsid psid; | ||||||
| @@ -496,9 +497,10 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces | |||||||
|   if ((unsigned long) acl % 4) |   if ((unsigned long) acl % 4) | ||||||
|     api_fatal ("Incorrectly aligned incoming ACL buffer!"); |     api_fatal ("Incorrectly aligned incoming ACL buffer!"); | ||||||
| #endif | #endif | ||||||
|   if (!InitializeAcl (acl, acl_len, ACL_REVISION)) |   status = RtlCreateAcl (acl, acl_len, ACL_REVISION); | ||||||
|  |   if (!NT_SUCCESS (status)) | ||||||
|     { |     { | ||||||
|       debug_printf ("InitializeAcl %E"); |       debug_printf ("RtlCreateAcl: %p", status); | ||||||
|       return false; |       return false; | ||||||
|     } |     } | ||||||
|   if (sid1) |   if (sid1) | ||||||
| @@ -521,11 +523,11 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces | |||||||
|   if (!AddAccessAllowedAce (acl, ACL_REVISION, |   if (!AddAccessAllowedAce (acl, ACL_REVISION, | ||||||
| 			    GENERIC_ALL, well_known_system_sid)) | 			    GENERIC_ALL, well_known_system_sid)) | ||||||
|     debug_printf ("AddAccessAllowedAce(system) %E"); |     debug_printf ("AddAccessAllowedAce(system) %E"); | ||||||
|   FindFirstFreeAce (acl, &pAce); |   status = RtlFirstFreeAce (acl, &pAce); | ||||||
|   if (pAce) |   if (NT_SUCCESS (status) && pAce) | ||||||
|     acl->AclSize = (char *) pAce - (char *) acl; |     acl->AclSize = (char *) pAce - (char *) acl; | ||||||
|   else |   else | ||||||
|     debug_printf ("FindFirstFreeAce %E"); |     debug_printf ("RtlFirstFreeAce: %p", status); | ||||||
|  |  | ||||||
|   return true; |   return true; | ||||||
| } | } | ||||||
| @@ -545,8 +547,7 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit) | |||||||
|   if (!sec_acl (acl, true, true, sid1, sid2, access2)) |   if (!sec_acl (acl, true, true, sid1, sid2, access2)) | ||||||
|     return inherit ? &sec_none : &sec_none_nih; |     return inherit ? &sec_none : &sec_none_nih; | ||||||
|  |  | ||||||
|   if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION)) |   RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|     debug_printf ("InitializeSecurityDescriptor %E"); |  | ||||||
|  |  | ||||||
| /* | /* | ||||||
|  * Setting the owner lets the created security attribute not work |  * Setting the owner lets the created security attribute not work | ||||||
| @@ -574,13 +575,14 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit) | |||||||
| PSECURITY_DESCRIPTOR | PSECURITY_DESCRIPTOR | ||||||
| _everyone_sd (void *buf, ACCESS_MASK access) | _everyone_sd (void *buf, ACCESS_MASK access) | ||||||
| { | { | ||||||
|  |   NTSTATUS status; | ||||||
|   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) buf; |   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) buf; | ||||||
|  |  | ||||||
|   if (psd) |   if (psd) | ||||||
|     { |     { | ||||||
|       InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); |       RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|       PACL dacl = (PACL) (psd + 1); |       PACL dacl = (PACL) (psd + 1); | ||||||
|       InitializeAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION); |       RtlCreateAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION); | ||||||
|       if (!AddAccessAllowedAce (dacl, ACL_REVISION, access, |       if (!AddAccessAllowedAce (dacl, ACL_REVISION, access, | ||||||
| 				well_known_world_sid)) | 				well_known_world_sid)) | ||||||
| 	{ | 	{ | ||||||
| @@ -588,9 +590,10 @@ _everyone_sd (void *buf, ACCESS_MASK access) | |||||||
| 	  return NULL; | 	  return NULL; | ||||||
| 	} | 	} | ||||||
|       LPVOID ace; |       LPVOID ace; | ||||||
|       if (!FindFirstFreeAce (dacl, &ace)) |       status = RtlFirstFreeAce (dacl, &ace); | ||||||
|  |       if (!NT_SUCCESS (status)) | ||||||
| 	{ | 	{ | ||||||
| 	  debug_printf ("FindFirstFreeAce: %lu", GetLastError ()); | 	  debug_printf ("RtlFirstFreeAce: %p", status); | ||||||
| 	  return NULL; | 	  return NULL; | ||||||
| 	} | 	} | ||||||
|       dacl->AclSize = (char *) ace - (char *) dacl; |       dacl->AclSize = (char *) ace - (char *) dacl; | ||||||
|   | |||||||
| @@ -139,7 +139,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, | |||||||
|       if (NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd, &exists, &dacl, &def)) |       if (NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd, &exists, &dacl, &def)) | ||||||
| 	  && exists && dacl) | 	  && exists && dacl) | ||||||
| 	for (ULONG idx = 0; idx < dacl->AceCount; ++idx) | 	for (ULONG idx = 0; idx < dacl->AceCount; ++idx) | ||||||
| 	  if (RtlGetAce (dacl, idx, (PVOID *) &ace) | 	  if (NT_SUCCESS (RtlGetAce (dacl, idx, (PVOID *) &ace)) | ||||||
| 	      && (ace->Header.AceFlags & INHERITED_ACE)) | 	      && (ace->Header.AceFlags & INHERITED_ACE)) | ||||||
| 	    return 0; | 	    return 0; | ||||||
|       /* Otherwise, open the parent directory with READ_CONTROL... */ |       /* Otherwise, open the parent directory with READ_CONTROL... */ | ||||||
| @@ -245,7 +245,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid, | |||||||
|  |  | ||||||
|   for (DWORD i = 0; i < acl->AceCount; ++i) |   for (DWORD i = 0; i < acl->AceCount; ++i) | ||||||
|     { |     { | ||||||
|       if (!GetAce (acl, i, (PVOID *) &ace)) |       if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace))) | ||||||
| 	continue; | 	continue; | ||||||
|       if (ace->Header.AceFlags & INHERIT_ONLY_ACE) |       if (ace->Header.AceFlags & INHERIT_ONLY_ACE) | ||||||
| 	continue; | 	continue; | ||||||
| @@ -472,7 +472,7 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes, | |||||||
|       return false; |       return false; | ||||||
|     } |     } | ||||||
|   ACCESS_ALLOWED_ACE *ace; |   ACCESS_ALLOWED_ACE *ace; | ||||||
|   if (inherit && GetAce (acl, offset, (PVOID *) &ace)) |   if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace))) | ||||||
|     ace->Header.AceFlags |= inherit; |     ace->Header.AceFlags |= inherit; | ||||||
|   len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid); |   len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid); | ||||||
|   return true; |   return true; | ||||||
| @@ -488,7 +488,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes, | |||||||
|       return false; |       return false; | ||||||
|     } |     } | ||||||
|   ACCESS_DENIED_ACE *ace; |   ACCESS_DENIED_ACE *ace; | ||||||
|   if (inherit && GetAce (acl, offset, (PVOID *) &ace)) |   if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace))) | ||||||
|     ace->Header.AceFlags |= inherit; |     ace->Header.AceFlags |= inherit; | ||||||
|   len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid); |   len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid); | ||||||
|   return true; |   return true; | ||||||
| @@ -544,11 +544,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | |||||||
|  |  | ||||||
|   /* Initialize local security descriptor. */ |   /* Initialize local security descriptor. */ | ||||||
|   SECURITY_DESCRIPTOR sd; |   SECURITY_DESCRIPTOR sd; | ||||||
|   if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) |   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||||
|     { |  | ||||||
|       __seterrno (); |  | ||||||
|       return NULL; |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|   /* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being |   /* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being | ||||||
|      modified by inheritable ACEs. */ |      modified by inheritable ACEs. */ | ||||||
| @@ -570,11 +566,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | |||||||
|  |  | ||||||
|   /* Initialize local access control list. */ |   /* Initialize local access control list. */ | ||||||
|   PACL acl = (PACL) tp.w_get (); |   PACL acl = (PACL) tp.w_get (); | ||||||
|   if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) |   RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION); | ||||||
|     { |  | ||||||
|       __seterrno (); |  | ||||||
|       return NULL; |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|   /* From here fill ACL. */ |   /* From here fill ACL. */ | ||||||
|   size_t acl_len = sizeof (ACL); |   size_t acl_len = sizeof (ACL); | ||||||
| @@ -713,10 +705,12 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | |||||||
|   PACL oacl; |   PACL oacl; | ||||||
|   BOOL acl_exists = FALSE; |   BOOL acl_exists = FALSE; | ||||||
|   ACCESS_ALLOWED_ACE *ace; |   ACCESS_ALLOWED_ACE *ace; | ||||||
|  |   NTSTATUS status; | ||||||
|  |  | ||||||
|   if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy) |   if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy) | ||||||
|       && acl_exists && oacl) |       && acl_exists && oacl) | ||||||
|     for (DWORD i = 0; i < oacl->AceCount; ++i) |     for (DWORD i = 0; i < oacl->AceCount; ++i) | ||||||
|       if (GetAce (oacl, i, (PVOID *) &ace)) |       if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace))) | ||||||
| 	{ | 	{ | ||||||
| 	  cygpsid ace_sid ((PSID) &ace->SidStart); | 	  cygpsid ace_sid ((PSID) &ace->SidStart); | ||||||
|  |  | ||||||
| @@ -767,12 +761,13 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | |||||||
| 	   * behind the owner_deny, ACCESS_ALLOWED_ACE to the end. | 	   * behind the owner_deny, ACCESS_ALLOWED_ACE to the end. | ||||||
| 	   * FIXME: this would break the order of the inherit-only ACEs | 	   * FIXME: this would break the order of the inherit-only ACEs | ||||||
| 	   */ | 	   */ | ||||||
| 	  if (!AddAce (acl, ACL_REVISION, | 	  status = RtlAddAce (acl, ACL_REVISION, | ||||||
| 		       ace->Header.AceType == ACCESS_DENIED_ACE_TYPE | 			      ace->Header.AceType == ACCESS_DENIED_ACE_TYPE | ||||||
| 		       ?  (owner_deny ? 1 : 0) : MAXDWORD, | 			      ?  (owner_deny ? 1 : 0) : MAXDWORD, | ||||||
| 		       (LPVOID) ace, ace->Header.AceSize)) | 			      (LPVOID) ace, ace->Header.AceSize); | ||||||
|  | 	  if (!NT_SUCCESS (status)) | ||||||
| 	    { | 	    { | ||||||
| 	      __seterrno (); | 	      __seterrno_from_nt_status (status); | ||||||
| 	      return NULL; | 	      return NULL; | ||||||
| 	    } | 	    } | ||||||
| 	  ace_off++; | 	  ace_off++; | ||||||
| @@ -862,7 +857,7 @@ set_security_attribute (path_conv &pc, int attribute, PSECURITY_ATTRIBUTES psa, | |||||||
| 			security_descriptor &sd) | 			security_descriptor &sd) | ||||||
| { | { | ||||||
|   psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH); |   psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH); | ||||||
|   InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)psa->lpSecurityDescriptor, |   RtlCreateSecurityDescriptor ((PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor, | ||||||
| 				SECURITY_DESCRIPTOR_REVISION); | 				SECURITY_DESCRIPTOR_REVISION); | ||||||
|   psa->lpSecurityDescriptor = alloc_sd (pc, geteuid32 (), getegid32 (), |   psa->lpSecurityDescriptor = alloc_sd (pc, geteuid32 (), getegid32 (), | ||||||
| 					attribute, sd); | 					attribute, sd); | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user