* advapi32.cc (GetSecurityDescriptorDacl): Remove.
(GetSecurityDescriptorGroup): Remove. (GetSecurityDescriptorOwner): Remove. * sec_acl.cc: Replace above functions throughout with their ntdll.dll equivalent. Remove redundant debug output. * sec_auth.cc: Ditto. * security.cc: Ditto. * uinfo.cc: Ditto.
This commit is contained in:
		| @@ -1,3 +1,14 @@ | ||||
| 2011-04-28  Corinna Vinschen  <corinna@vinschen.de> | ||||
|  | ||||
| 	* advapi32.cc (GetSecurityDescriptorDacl): Remove. | ||||
| 	(GetSecurityDescriptorGroup): Remove. | ||||
| 	(GetSecurityDescriptorOwner): Remove. | ||||
| 	* sec_acl.cc: Replace above functions throughout with their ntdll.dll | ||||
| 	equivalent.  Remove redundant debug output. | ||||
| 	* sec_auth.cc: Ditto. | ||||
| 	* security.cc: Ditto. | ||||
| 	* uinfo.cc: Ditto. | ||||
|  | ||||
| 2011-04-28  Corinna Vinschen  <corinna@vinschen.de> | ||||
|  | ||||
| 	* advapi32.cc (InitializeAcl): Remove. | ||||
|   | ||||
| @@ -75,15 +75,6 @@ MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd, | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| GetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, LPBOOL present, PACL *dacl, | ||||
| 			   LPBOOL def) | ||||
| { | ||||
|   NTSTATUS status = RtlGetDaclSecurityDescriptor (sd, (PBOOLEAN) present, dacl, | ||||
| 						  (PBOOLEAN) def); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl, | ||||
| 			   BOOL def) | ||||
| @@ -93,13 +84,6 @@ SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl, | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| GetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID *sid, LPBOOL def) | ||||
| { | ||||
|   NTSTATUS status = RtlGetGroupSecurityDescriptor (sd, sid, (PBOOLEAN) def); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def) | ||||
| { | ||||
| @@ -107,13 +91,6 @@ SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def) | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| GetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID *sid, LPBOOL def) | ||||
| { | ||||
|   NTSTATUS status = RtlGetOwnerSecurityDescriptor (sd, sid, (PBOOLEAN) def); | ||||
|   DEFAULT_NTSTATUS_TO_BOOL_RETURN | ||||
| } | ||||
|  | ||||
| BOOL WINAPI | ||||
| SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def) | ||||
| { | ||||
|   | ||||
| @@ -47,22 +47,25 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, | ||||
|   if (get_file_sd (handle, pc, sd_ret, false)) | ||||
|     return -1; | ||||
|  | ||||
|   BOOL dummy; | ||||
|   NTSTATUS status; | ||||
|   BOOLEAN dummy; | ||||
|  | ||||
|   /* Get owner SID. */ | ||||
|   PSID owner_sid; | ||||
|   if (!GetSecurityDescriptorOwner (sd_ret, &owner_sid, &dummy)) | ||||
|   status = RtlGetOwnerSecurityDescriptor (sd_ret, &owner_sid, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     { | ||||
|       __seterrno (); | ||||
|       __seterrno_from_nt_status (status); | ||||
|       return -1; | ||||
|     } | ||||
|   cygsid owner (owner_sid); | ||||
|  | ||||
|   /* Get group SID. */ | ||||
|   PSID group_sid; | ||||
|   if (!GetSecurityDescriptorGroup (sd_ret, &group_sid, &dummy)) | ||||
|   status = RtlGetGroupSecurityDescriptor (sd_ret, &group_sid, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     { | ||||
|       __seterrno (); | ||||
|       __seterrno_from_nt_status (status); | ||||
|       return -1; | ||||
|     } | ||||
|   cygsid group (group_sid); | ||||
| @@ -272,22 +275,23 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp) | ||||
|  | ||||
|   cygpsid owner_sid; | ||||
|   cygpsid group_sid; | ||||
|   BOOL dummy; | ||||
|   NTSTATUS status; | ||||
|   BOOLEAN dummy; | ||||
|   __uid32_t uid; | ||||
|   __gid32_t gid; | ||||
|  | ||||
|   if (!GetSecurityDescriptorOwner (sd, (PSID *) &owner_sid, &dummy)) | ||||
|   status = RtlGetOwnerSecurityDescriptor (sd, (PSID *) &owner_sid, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     { | ||||
|       debug_printf ("GetSecurityDescriptorOwner %E"); | ||||
|       __seterrno (); | ||||
|       __seterrno_from_nt_status (status); | ||||
|       return -1; | ||||
|     } | ||||
|   uid = owner_sid.get_uid (); | ||||
|  | ||||
|   if (!GetSecurityDescriptorGroup (sd, (PSID *) &group_sid, &dummy)) | ||||
|   status = RtlGetGroupSecurityDescriptor (sd, (PSID *) &group_sid, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     { | ||||
|       debug_printf ("GetSecurityDescriptorGroup %E"); | ||||
|       __seterrno (); | ||||
|       __seterrno_from_nt_status (status); | ||||
|       return -1; | ||||
|     } | ||||
|   gid = group_sid.get_gid (); | ||||
| @@ -305,12 +309,12 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp) | ||||
|   lacl[3].a_perm = S_IROTH | S_IWOTH | S_IXOTH; | ||||
|  | ||||
|   PACL acl; | ||||
|   BOOL acl_exists; | ||||
|   BOOLEAN acl_exists; | ||||
|  | ||||
|   if (!GetSecurityDescriptorDacl (sd, &acl_exists, &acl, &dummy)) | ||||
|   status = RtlGetDaclSecurityDescriptor (sd, &acl_exists, &acl, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     { | ||||
|       __seterrno (); | ||||
|       debug_printf ("GetSecurityDescriptorDacl %E"); | ||||
|       __seterrno_from_nt_status (status); | ||||
|       return -1; | ||||
|     } | ||||
|  | ||||
|   | ||||
| @@ -692,9 +692,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) | ||||
| 				      sd_buf, sd_buf_siz, &size); | ||||
|       if (!NT_SUCCESS (status)) | ||||
| 	debug_printf ("NtQuerySecurityObject(), %p", status); | ||||
|       else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid, | ||||
| 					    (BOOL *) &size)) | ||||
| 	debug_printf ("GetSecurityDescriptorGroup(), %E"); | ||||
|       else | ||||
| 	{ | ||||
| 	  BOOLEAN dummy; | ||||
| 	  status = RtlGetGroupSecurityDescriptor (sd_buf, (PSID *) &gsid, | ||||
| 						  &dummy); | ||||
| 	  if (!NT_SUCCESS (status)) | ||||
| 	    debug_printf ("RtlGetGroupSecurityDescriptor(), %p", status); | ||||
| 	} | ||||
|       if (well_known_null_sid != gsid) | ||||
| 	return gsid == groups.pgsid; | ||||
|     } | ||||
|   | ||||
| @@ -347,12 +347,15 @@ get_info_from_sd (PSECURITY_DESCRIPTOR psd, mode_t *attribute, | ||||
|  | ||||
|   cygpsid owner_sid; | ||||
|   cygpsid group_sid; | ||||
|   BOOL dummy; | ||||
|   NTSTATUS status; | ||||
|   BOOLEAN dummy; | ||||
|  | ||||
|   if (!GetSecurityDescriptorOwner (psd, (PSID *) &owner_sid, &dummy)) | ||||
|     debug_printf ("GetSecurityDescriptorOwner %E"); | ||||
|   if (!GetSecurityDescriptorGroup (psd, (PSID *) &group_sid, &dummy)) | ||||
|     debug_printf ("GetSecurityDescriptorGroup %E"); | ||||
|   status = RtlGetOwnerSecurityDescriptor (psd, (PSID *) &owner_sid, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     debug_printf ("RtlGetOwnerSecurityDescriptor: %p", status); | ||||
|   status = RtlGetGroupSecurityDescriptor (psd, (PSID *) &group_sid, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     debug_printf ("RtlGetGroupSecurityDescriptor: %p", status); | ||||
|  | ||||
|   __uid32_t uid; | ||||
|   __gid32_t gid; | ||||
| @@ -369,12 +372,12 @@ get_info_from_sd (PSECURITY_DESCRIPTOR psd, mode_t *attribute, | ||||
|     } | ||||
|  | ||||
|   PACL acl; | ||||
|   BOOL acl_exists; | ||||
|   BOOLEAN acl_exists; | ||||
|  | ||||
|   if (!GetSecurityDescriptorDacl (psd, &acl_exists, &acl, &dummy)) | ||||
|   status = RtlGetDaclSecurityDescriptor (psd, &acl_exists, &acl, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     { | ||||
|       __seterrno (); | ||||
|       debug_printf ("GetSecurityDescriptorDacl %E"); | ||||
|       __seterrno_from_nt_status (status); | ||||
|       *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO); | ||||
|     } | ||||
|   else if (!acl_exists || !acl) | ||||
| @@ -498,7 +501,8 @@ static PSECURITY_DESCRIPTOR | ||||
| alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | ||||
| 	  security_descriptor &sd_ret) | ||||
| { | ||||
|   BOOL dummy; | ||||
|   NTSTATUS status; | ||||
|   BOOLEAN dummy; | ||||
|   tmp_pathbuf tp; | ||||
|  | ||||
|   /* NOTE: If the high bit of attribute is set, we have just created | ||||
| @@ -509,10 +513,12 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | ||||
|   /* Get owner and group from current security descriptor. */ | ||||
|   PSID cur_owner_sid = NULL; | ||||
|   PSID cur_group_sid = NULL; | ||||
|   if (!GetSecurityDescriptorOwner (sd_ret, &cur_owner_sid, &dummy)) | ||||
|     debug_printf ("GetSecurityDescriptorOwner %E"); | ||||
|   if (!GetSecurityDescriptorGroup (sd_ret, &cur_group_sid, &dummy)) | ||||
|     debug_printf ("GetSecurityDescriptorGroup %E"); | ||||
|   status = RtlGetOwnerSecurityDescriptor (sd_ret, &cur_owner_sid, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     debug_printf ("RtlGetOwnerSecurityDescriptor: %p", status); | ||||
|   status = RtlGetGroupSecurityDescriptor (sd_ret, &cur_group_sid, &dummy); | ||||
|   if (!NT_SUCCESS (status)) | ||||
|     debug_printf ("RtlGetGroupSecurityDescriptor: %p", status); | ||||
|  | ||||
|   /* Get SID of owner. */ | ||||
|   cygsid owner_sid; | ||||
| @@ -703,12 +709,11 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, | ||||
|  | ||||
|   /* Fill ACL with unrelated ACEs from current security descriptor. */ | ||||
|   PACL oacl; | ||||
|   BOOL acl_exists = FALSE; | ||||
|   BOOLEAN acl_exists = FALSE; | ||||
|   ACCESS_ALLOWED_ACE *ace; | ||||
|   NTSTATUS status; | ||||
|  | ||||
|   if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy) | ||||
|       && acl_exists && oacl) | ||||
|   status = RtlGetDaclSecurityDescriptor (sd_ret, &acl_exists, &oacl, &dummy); | ||||
|   if (NT_SUCCESS (status) && acl_exists && oacl) | ||||
|     for (DWORD i = 0; i < oacl->AceCount; ++i) | ||||
|       if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace))) | ||||
| 	{ | ||||
|   | ||||
| @@ -84,12 +84,14 @@ cygheap_user::init () | ||||
|   psd = (PSECURITY_DESCRIPTOR) | ||||
|   		(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor; | ||||
|  | ||||
|   BOOL acl_exists, dummy; | ||||
|   NTSTATUS status; | ||||
|   BOOLEAN acl_exists, dummy; | ||||
|   TOKEN_DEFAULT_DACL dacl; | ||||
|   if (GetSecurityDescriptorDacl (psd, &acl_exists, &dacl.DefaultDacl, &dummy) | ||||
|       && acl_exists && dacl.DefaultDacl) | ||||
|  | ||||
|   status = RtlGetDaclSecurityDescriptor (psd, &acl_exists, &dacl.DefaultDacl, | ||||
| 					 &dummy); | ||||
|   if (NT_SUCCESS (status) && acl_exists && dacl.DefaultDacl) | ||||
|     { | ||||
|       NTSTATUS status; | ||||
|  | ||||
|       /* Set the default DACL and the process DACL */ | ||||
|       if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl, | ||||
|   | ||||
		Reference in New Issue
	
	Block a user