* advapi32.cc (InitializeAcl): Remove.
(AddAce): Remove. (FindFirstFreeAce): Remove. (GetAce): Remove. (InitializeSecurityDescriptor): Remove. (OpenProcessToken): Remove. * dcrt0.cc: Replace above functions throughout with their ntdll.dll equivalent. * fhandler_tty.cc: Ditto. * flock.cc: Ditto. * pinfo.cc: Ditto. Drop unnecessary error handling. * sec_acl.cc: Ditto. * sec_auth.cc: Ditto. * sec_helper.cc: Ditto. * security.cc: Ditto.
This commit is contained in:
		| @@ -1,3 +1,21 @@ | ||||
| 2011-04-28  Corinna Vinschen  <corinna@vinschen.de> | ||||
|  | ||||
| 	* advapi32.cc (InitializeAcl): Remove. | ||||
| 	(AddAce): Remove. | ||||
| 	(FindFirstFreeAce): Remove. | ||||
| 	(GetAce): Remove. | ||||
| 	(InitializeSecurityDescriptor): Remove. | ||||
| 	(OpenProcessToken): Remove. | ||||
| 	* dcrt0.cc: Replace above functions throughout with their ntdll.dll | ||||
| 	equivalent. | ||||
| 	* fhandler_tty.cc: Ditto. | ||||
| 	* flock.cc: Ditto. | ||||
| 	* pinfo.cc: Ditto.  Drop unnecessary error handling. | ||||
| 	* sec_acl.cc: Ditto. | ||||
| 	* sec_auth.cc: Ditto. | ||||
| 	* sec_helper.cc: Ditto. | ||||
| 	* security.cc: Ditto. | ||||
|  | ||||
| 2011-04-28  Corinna Vinschen  <corinna@vinschen.de> | ||||
|  | ||||
| 	* advapi32.cc (InitializeSid): Remove. | ||||
| @@ -6,7 +24,7 @@ | ||||
| 	(GetSidSubAuthority): Remove. | ||||
| 	(GetSidSubAuthorityCount): Remove. | ||||
| 	(GetSidIdentifierAuthority): Remove. | ||||
| 	* fhandler_disk_file.cc: Remove above functions throughout with their | ||||
| 	* fhandler_disk_file.cc: Replace above functions throughout with their | ||||
| 	ntdll.dll equivalent. | ||||
| 	* sec_auth.cc: Ditto. | ||||
| 	* sec_helper.cc: Ditto. | ||||
|   | ||||
| @@ -53,13 +53,6 @@ CopySid (DWORD len, PSID dest, PSID src) | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| InitializeAcl (PACL acl, DWORD len, DWORD revision) | ||||
| { | ||||
|   NTSTATUS status = RtlCreateAcl (acl, len, revision); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| AddAccessAllowedAce (PACL acl, DWORD revision, DWORD mask, PSID sid) | ||||
| { | ||||
| @@ -74,34 +67,6 @@ AddAccessDeniedAce (PACL acl, DWORD revision, DWORD mask, PSID sid) | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| AddAce (PACL acl, DWORD revision, DWORD index, LPVOID ace_list, DWORD len) | ||||
| { | ||||
|   NTSTATUS status = RtlAddAce (acl, revision, index, ace_list, len); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| FindFirstFreeAce (PACL acl, LPVOID *ace) | ||||
| { | ||||
|   NTSTATUS status = RtlFirstFreeAce (acl, ace); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| GetAce (PACL acl, DWORD index, LPVOID *ace) | ||||
| { | ||||
|   NTSTATUS status = RtlGetAce (acl, index, ace); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR sd, DWORD revision) | ||||
| { | ||||
|   NTSTATUS status = RtlCreateSecurityDescriptor (sd, revision); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd, | ||||
| 		    LPDWORD len) | ||||
| @@ -156,13 +121,6 @@ SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def) | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| OpenProcessToken (HANDLE process, DWORD access, PHANDLE tok) | ||||
| { | ||||
|   NTSTATUS status = NtOpenProcessToken (process, access, tok); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok) | ||||
| { | ||||
|   | ||||
| @@ -685,7 +685,7 @@ dll_crt0_0 () | ||||
| 		   GetCurrentProcess (), &hMainThread, | ||||
| 		   0, false, DUPLICATE_SAME_ACCESS); | ||||
|  | ||||
|   OpenProcessToken (GetCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken); | ||||
|   NtOpenProcessToken (NtCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken); | ||||
|   set_cygwin_privileges (hProcToken); | ||||
|  | ||||
|   device::init (); | ||||
|   | ||||
| @@ -529,7 +529,7 @@ fhandler_tty_slave::open (int flags, mode_t) | ||||
|     /* Create security attribute.  Default permissions are 0620. */ | ||||
|     security_descriptor sd; | ||||
|     sd.malloc (sizeof (SECURITY_DESCRIPTOR)); | ||||
|     InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|     RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|     SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE }; | ||||
|     if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid, | ||||
| 					  S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, | ||||
| @@ -1305,7 +1305,7 @@ fhandler_tty_slave::fchmod (mode_t mode) | ||||
| 	goto errout; | ||||
|     } | ||||
|   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); | ||||
|   InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|   RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|   if (!get_object_attribute (input_available_event, &uid, &gid, NULL) | ||||
|       && !create_object_sd_from_attribute (NULL, uid, gid, S_IFCHR | mode, sd)) | ||||
|     ret = fch_set_sd (sd, false); | ||||
| @@ -1334,7 +1334,7 @@ fhandler_tty_slave::fchown (__uid32_t uid, __gid32_t gid) | ||||
| 	goto errout; | ||||
|     } | ||||
|   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); | ||||
|   InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|   RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|   if (!get_object_attribute (input_available_event, &o_uid, &o_gid, &mode)) | ||||
|     { | ||||
|       if ((uid == ILLEGAL_UID || uid == o_uid) | ||||
| @@ -1796,7 +1796,7 @@ fhandler_pty_master::setup (bool ispty) | ||||
|  | ||||
|   /* Create security attribute.  Default permissions are 0620. */ | ||||
|   sd.malloc (sizeof (SECURITY_DESCRIPTOR)); | ||||
|   InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|   RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|   if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid, | ||||
| 					S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, | ||||
| 					sd)) | ||||
|   | ||||
| @@ -178,9 +178,10 @@ allow_others_to_sync () | ||||
|       return; | ||||
|     } | ||||
|   /* Set the size of the DACL correctly. */ | ||||
|   if (!FindFirstFreeAce (dacl, &ace)) | ||||
|   status = RtlFirstFreeAce (dacl, &ace); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     { | ||||
|       debug_printf ("FindFirstFreeAce: %lu", GetLastError ()); | ||||
|       debug_printf ("RtlFirstFreeAce: %p", status); | ||||
|       return; | ||||
|     } | ||||
|   dacl->AclSize = (char *) ace - (char *) dacl; | ||||
|   | ||||
| @@ -350,9 +350,8 @@ pinfo::set_acl() | ||||
|  | ||||
|   sec_acl (acl_buf, true, true, cygheap->user.sid (), | ||||
| 	   well_known_world_sid, FILE_MAP_READ); | ||||
|   if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) | ||||
|     debug_printf ("InitializeSecurityDescriptor %E"); | ||||
|   else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE)) | ||||
|   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|   if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE)) | ||||
|     debug_printf ("SetSecurityDescriptorDacl %E"); | ||||
|   else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd))) | ||||
|     debug_printf ("NtSetSecurityObject %lx", status); | ||||
|   | ||||
| @@ -21,6 +21,7 @@ details. */ | ||||
| #include "fhandler.h" | ||||
| #include "dtable.h" | ||||
| #include "cygheap.h" | ||||
| #include "ntdll.h" | ||||
| #include "pwdgrp.h" | ||||
| #include "tls_pbuf.h" | ||||
|  | ||||
| @@ -68,11 +69,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, | ||||
|  | ||||
|   /* Initialize local security descriptor. */ | ||||
|   SECURITY_DESCRIPTOR sd; | ||||
|   if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) | ||||
|     { | ||||
|       __seterrno (); | ||||
|       return -1; | ||||
|     } | ||||
|   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|   if (!SetSecurityDescriptorOwner (&sd, owner, FALSE)) | ||||
|     { | ||||
|       __seterrno (); | ||||
| @@ -94,11 +91,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, | ||||
|   struct __group32 *gr; | ||||
|   int pos; | ||||
|  | ||||
|   if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) | ||||
|     { | ||||
|       __seterrno (); | ||||
|       return -1; | ||||
|     } | ||||
|   RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION); | ||||
|  | ||||
|   writable = false; | ||||
|  | ||||
| @@ -332,7 +325,7 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp) | ||||
| 	{ | ||||
| 	  ACCESS_ALLOWED_ACE *ace; | ||||
|  | ||||
| 	  if (!GetAce (acl, i, (PVOID *) &ace)) | ||||
| 	  if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace))) | ||||
| 	    continue; | ||||
|  | ||||
| 	  cygpsid ace_sid ((PSID) &ace->SidStart); | ||||
|   | ||||
| @@ -1019,7 +1019,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) | ||||
| 	  + RtlLengthSid (well_known_admins_sid) | ||||
| 	  + RtlLengthSid (well_known_system_sid); | ||||
|   dacl = (PACL) alloca (dsize); | ||||
|   if (!InitializeAcl (dacl, dsize, ACL_REVISION)) | ||||
|   if (!NT_SUCCESS (RtlCreateAcl (dacl, dsize, ACL_REVISION))) | ||||
|     goto out; | ||||
|   if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, usersid)) | ||||
|     goto out; | ||||
|   | ||||
| @@ -463,7 +463,7 @@ get_null_sd () | ||||
|  | ||||
|   if (!null_sdp) | ||||
|     { | ||||
|       InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|       RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|       SetSecurityDescriptorDacl (&sd, TRUE, NULL, FALSE); | ||||
|       null_sdp = &sd; | ||||
|     } | ||||
| @@ -488,6 +488,7 @@ init_global_security () | ||||
| bool | ||||
| sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD access2) | ||||
| { | ||||
|   NTSTATUS status; | ||||
|   size_t acl_len = MAX_DACL_LEN (5); | ||||
|   LPVOID pAce; | ||||
|   cygpsid psid; | ||||
| @@ -496,9 +497,10 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces | ||||
|   if ((unsigned long) acl % 4) | ||||
|     api_fatal ("Incorrectly aligned incoming ACL buffer!"); | ||||
| #endif | ||||
|   if (!InitializeAcl (acl, acl_len, ACL_REVISION)) | ||||
|   status = RtlCreateAcl (acl, acl_len, ACL_REVISION); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     { | ||||
|       debug_printf ("InitializeAcl %E"); | ||||
|       debug_printf ("RtlCreateAcl: %p", status); | ||||
|       return false; | ||||
|     } | ||||
|   if (sid1) | ||||
| @@ -521,11 +523,11 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces | ||||
|   if (!AddAccessAllowedAce (acl, ACL_REVISION, | ||||
| 			    GENERIC_ALL, well_known_system_sid)) | ||||
|     debug_printf ("AddAccessAllowedAce(system) %E"); | ||||
|   FindFirstFreeAce (acl, &pAce); | ||||
|   if (pAce) | ||||
|   status = RtlFirstFreeAce (acl, &pAce); | ||||
|   if (NT_SUCCESS (status) && pAce) | ||||
|     acl->AclSize = (char *) pAce - (char *) acl; | ||||
|   else | ||||
|     debug_printf ("FindFirstFreeAce %E"); | ||||
|     debug_printf ("RtlFirstFreeAce: %p", status); | ||||
|  | ||||
|   return true; | ||||
| } | ||||
| @@ -545,8 +547,7 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit) | ||||
|   if (!sec_acl (acl, true, true, sid1, sid2, access2)) | ||||
|     return inherit ? &sec_none : &sec_none_nih; | ||||
|  | ||||
|   if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION)) | ||||
|     debug_printf ("InitializeSecurityDescriptor %E"); | ||||
|   RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); | ||||
|  | ||||
| /* | ||||
|  * Setting the owner lets the created security attribute not work | ||||
| @@ -574,13 +575,14 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit) | ||||
| PSECURITY_DESCRIPTOR | ||||
| _everyone_sd (void *buf, ACCESS_MASK access) | ||||
| { | ||||
|   NTSTATUS status; | ||||
|   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) buf; | ||||
|  | ||||
|   if (psd) | ||||
|     { | ||||
|       InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); | ||||
|       RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); | ||||
|       PACL dacl = (PACL) (psd + 1); | ||||
|       InitializeAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION); | ||||
|       RtlCreateAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION); | ||||
|       if (!AddAccessAllowedAce (dacl, ACL_REVISION, access, | ||||
| 				well_known_world_sid)) | ||||
| 	{ | ||||
| @@ -588,9 +590,10 @@ _everyone_sd (void *buf, ACCESS_MASK access) | ||||
| 	  return NULL; | ||||
| 	} | ||||
|       LPVOID ace; | ||||
|       if (!FindFirstFreeAce (dacl, &ace)) | ||||
|       status = RtlFirstFreeAce (dacl, &ace); | ||||
|       if (!NT_SUCCESS (status)) | ||||
| 	{ | ||||
| 	  debug_printf ("FindFirstFreeAce: %lu", GetLastError ()); | ||||
| 	  debug_printf ("RtlFirstFreeAce: %p", status); | ||||
| 	  return NULL; | ||||
| 	} | ||||
|       dacl->AclSize = (char *) ace - (char *) dacl; | ||||
|   | ||||
| @@ -139,7 +139,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, | ||||
|       if (NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd, &exists, &dacl, &def)) | ||||
| 	  && exists && dacl) | ||||
| 	for (ULONG idx = 0; idx < dacl->AceCount; ++idx) | ||||
| 	  if (RtlGetAce (dacl, idx, (PVOID *) &ace) | ||||
| 	  if (NT_SUCCESS (RtlGetAce (dacl, idx, (PVOID *) &ace)) | ||||
| 	      && (ace->Header.AceFlags & INHERITED_ACE)) | ||||
| 	    return 0; | ||||
|       /* Otherwise, open the parent directory with READ_CONTROL... */ | ||||
| @@ -245,7 +245,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid, | ||||
|  | ||||
|   for (DWORD i = 0; i < acl->AceCount; ++i) | ||||
|     { | ||||
|       if (!GetAce (acl, i, (PVOID *) &ace)) | ||||
|       if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace))) | ||||
| 	continue; | ||||
|       if (ace->Header.AceFlags & INHERIT_ONLY_ACE) | ||||
| 	continue; | ||||
| @@ -472,7 +472,7 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes, | ||||
|       return false; | ||||
|     } | ||||
|   ACCESS_ALLOWED_ACE *ace; | ||||
|   if (inherit && GetAce (acl, offset, (PVOID *) &ace)) | ||||
|   if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace))) | ||||
|     ace->Header.AceFlags |= inherit; | ||||
|   len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid); | ||||
|   return true; | ||||
| @@ -488,7 +488,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes, | ||||
|       return false; | ||||
|     } | ||||
|   ACCESS_DENIED_ACE *ace; | ||||
|   if (inherit && GetAce (acl, offset, (PVOID *) &ace)) | ||||
|   if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace))) | ||||
|     ace->Header.AceFlags |= inherit; | ||||
|   len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid); | ||||
|   return true; | ||||
| @@ -544,11 +544,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | ||||
|  | ||||
|   /* Initialize local security descriptor. */ | ||||
|   SECURITY_DESCRIPTOR sd; | ||||
|   if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) | ||||
|     { | ||||
|       __seterrno (); | ||||
|       return NULL; | ||||
|     } | ||||
|   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); | ||||
|  | ||||
|   /* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being | ||||
|      modified by inheritable ACEs. */ | ||||
| @@ -570,11 +566,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | ||||
|  | ||||
|   /* Initialize local access control list. */ | ||||
|   PACL acl = (PACL) tp.w_get (); | ||||
|   if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) | ||||
|     { | ||||
|       __seterrno (); | ||||
|       return NULL; | ||||
|     } | ||||
|   RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION); | ||||
|  | ||||
|   /* From here fill ACL. */ | ||||
|   size_t acl_len = sizeof (ACL); | ||||
| @@ -713,10 +705,12 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | ||||
|   PACL oacl; | ||||
|   BOOL acl_exists = FALSE; | ||||
|   ACCESS_ALLOWED_ACE *ace; | ||||
|   NTSTATUS status; | ||||
|  | ||||
|   if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy) | ||||
|       && acl_exists && oacl) | ||||
|     for (DWORD i = 0; i < oacl->AceCount; ++i) | ||||
|       if (GetAce (oacl, i, (PVOID *) &ace)) | ||||
|       if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace))) | ||||
| 	{ | ||||
| 	  cygpsid ace_sid ((PSID) &ace->SidStart); | ||||
|  | ||||
| @@ -767,12 +761,13 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | ||||
| 	   * behind the owner_deny, ACCESS_ALLOWED_ACE to the end. | ||||
| 	   * FIXME: this would break the order of the inherit-only ACEs | ||||
| 	   */ | ||||
| 	  if (!AddAce (acl, ACL_REVISION, | ||||
| 	  status = RtlAddAce (acl, ACL_REVISION, | ||||
| 			      ace->Header.AceType == ACCESS_DENIED_ACE_TYPE | ||||
| 			      ?  (owner_deny ? 1 : 0) : MAXDWORD, | ||||
| 		       (LPVOID) ace, ace->Header.AceSize)) | ||||
| 			      (LPVOID) ace, ace->Header.AceSize); | ||||
| 	  if (!NT_SUCCESS (status)) | ||||
| 	    { | ||||
| 	      __seterrno (); | ||||
| 	      __seterrno_from_nt_status (status); | ||||
| 	      return NULL; | ||||
| 	    } | ||||
| 	  ace_off++; | ||||
| @@ -862,7 +857,7 @@ set_security_attribute (path_conv &pc, int attribute, PSECURITY_ATTRIBUTES psa, | ||||
| 			security_descriptor &sd) | ||||
| { | ||||
|   psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH); | ||||
|   InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)psa->lpSecurityDescriptor, | ||||
|   RtlCreateSecurityDescriptor ((PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor, | ||||
| 				SECURITY_DESCRIPTOR_REVISION); | ||||
|   psa->lpSecurityDescriptor = alloc_sd (pc, geteuid32 (), getegid32 (), | ||||
| 					attribute, sd); | ||||
|   | ||||
		Reference in New Issue
	
	Block a user