JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* advapi32.cc (GetSecurityDescriptorDacl): Remove.

Browse Source 
(GetSecurityDescriptorGroup): Remove.
	(GetSecurityDescriptorOwner): Remove.
	* sec_acl.cc: Replace above functions throughout with their ntdll.dll
	equivalent.  Remove redundant debug output.
	* sec_auth.cc: Ditto.
	* security.cc: Ditto.
	* uinfo.cc: Ditto.
This commit is contained in:
Corinna Vinschen 2011-04-28 09:53:11 +00:00
parent 1754539e56
commit 1838d97b0a
6 changed files with 68 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,14 @@
2011-04-28 Corinna Vinschen <corinna@vinschen.de>
* advapi32.cc (GetSecurityDescriptorDacl): Remove.
(GetSecurityDescriptorGroup): Remove.
(GetSecurityDescriptorOwner): Remove.
* sec_acl.cc: Replace above functions throughout with their ntdll.dll
equivalent. Remove redundant debug output.
* sec_auth.cc: Ditto.
* security.cc: Ditto.
* uinfo.cc: Ditto.
2011-04-28 Corinna Vinschen <corinna@vinschen.de> 2011-04-28 Corinna Vinschen <corinna@vinschen.de>
* advapi32.cc (InitializeAcl): Remove. * advapi32.cc (InitializeAcl): Remove.

23
winsup/cygwin/advapi32.cc
View File

@ -75,15 +75,6 @@ MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
DEFAULT_NTSTATUS_TO_BOOL_RETURN DEFAULT_NTSTATUS_TO_BOOL_RETURN
} }
BOOL WINAPI
GetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, LPBOOL present, PACL *dacl,
LPBOOL def)
{
NTSTATUS status = RtlGetDaclSecurityDescriptor (sd, (PBOOLEAN) present, dacl,
(PBOOLEAN) def);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI BOOL WINAPI
SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl, SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl,
BOOL def) BOOL def)
@ -93,13 +84,6 @@ SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl,
DEFAULT_NTSTATUS_TO_BOOL_RETURN DEFAULT_NTSTATUS_TO_BOOL_RETURN
} }
BOOL WINAPI
GetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID *sid, LPBOOL def)
{
NTSTATUS status = RtlGetGroupSecurityDescriptor (sd, sid, (PBOOLEAN) def);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI BOOL WINAPI
SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def) SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
{ {
@ -107,13 +91,6 @@ SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
DEFAULT_NTSTATUS_TO_BOOL_RETURN DEFAULT_NTSTATUS_TO_BOOL_RETURN
} }
BOOL WINAPI
GetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID *sid, LPBOOL def)
{
NTSTATUS status = RtlGetOwnerSecurityDescriptor (sd, sid, (PBOOLEAN) def);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI BOOL WINAPI
SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def) SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
{ {

36
winsup/cygwin/sec_acl.cc
View File

@ -47,22 +47,25 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
if (get_file_sd (handle, pc, sd_ret, false)) if (get_file_sd (handle, pc, sd_ret, false))
return -1; return -1;
BOOL dummy; NTSTATUS status;
BOOLEAN dummy;
/* Get owner SID. */ /* Get owner SID. */
PSID owner_sid; PSID owner_sid;
if (!GetSecurityDescriptorOwner (sd_ret, &owner_sid, &dummy)) status = RtlGetOwnerSecurityDescriptor (sd_ret, &owner_sid, &dummy);
if (!NT_SUCCESS (status))
{ {
__seterrno (); __seterrno_from_nt_status (status);
return -1; return -1;
} }
cygsid owner (owner_sid); cygsid owner (owner_sid);
/* Get group SID. */ /* Get group SID. */
PSID group_sid; PSID group_sid;
if (!GetSecurityDescriptorGroup (sd_ret, &group_sid, &dummy)) status = RtlGetGroupSecurityDescriptor (sd_ret, &group_sid, &dummy);
if (!NT_SUCCESS (status))
{ {
__seterrno (); __seterrno_from_nt_status (status);
return -1; return -1;
} }
cygsid group (group_sid); cygsid group (group_sid);
@ -272,22 +275,23 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp)
cygpsid owner_sid; cygpsid owner_sid;
cygpsid group_sid; cygpsid group_sid;
BOOL dummy; NTSTATUS status;
BOOLEAN dummy;
__uid32_t uid; __uid32_t uid;
__gid32_t gid; __gid32_t gid;
if (!GetSecurityDescriptorOwner (sd, (PSID *) &owner_sid, &dummy)) status = RtlGetOwnerSecurityDescriptor (sd, (PSID *) &owner_sid, &dummy);
if (!NT_SUCCESS (status))
{ {
debug_printf ("GetSecurityDescriptorOwner %E"); __seterrno_from_nt_status (status);
__seterrno ();
return -1; return -1;
} }
uid = owner_sid.get_uid (); uid = owner_sid.get_uid ();
if (!GetSecurityDescriptorGroup (sd, (PSID *) &group_sid, &dummy)) status = RtlGetGroupSecurityDescriptor (sd, (PSID *) &group_sid, &dummy);
if (!NT_SUCCESS (status))
{ {
debug_printf ("GetSecurityDescriptorGroup %E"); __seterrno_from_nt_status (status);
__seterrno ();
return -1; return -1;
} }
gid = group_sid.get_gid (); gid = group_sid.get_gid ();
@ -305,12 +309,12 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp)
lacl[3].a_perm = S_IROTH | S_IWOTH | S_IXOTH; lacl[3].a_perm = S_IROTH | S_IWOTH | S_IXOTH;
PACL acl; PACL acl;
BOOL acl_exists; BOOLEAN acl_exists;
if (!GetSecurityDescriptorDacl (sd, &acl_exists, &acl, &dummy)) status = RtlGetDaclSecurityDescriptor (sd, &acl_exists, &acl, &dummy);
if (!NT_SUCCESS (status))
{ {
__seterrno (); __seterrno_from_nt_status (status);
debug_printf ("GetSecurityDescriptorDacl %E");
return -1; return -1;
} }

11
winsup/cygwin/sec_auth.cc
View File

@ -692,9 +692,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
sd_buf, sd_buf_siz, &size); sd_buf, sd_buf_siz, &size);
if (!NT_SUCCESS (status)) if (!NT_SUCCESS (status))
debug_printf ("NtQuerySecurityObject(), %p", status); debug_printf ("NtQuerySecurityObject(), %p", status);
else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid, else
(BOOL *) &size)) {
debug_printf ("GetSecurityDescriptorGroup(), %E"); BOOLEAN dummy;
status = RtlGetGroupSecurityDescriptor (sd_buf, (PSID *) &gsid,
&dummy);
if (!NT_SUCCESS (status))
debug_printf ("RtlGetGroupSecurityDescriptor(), %p", status);
}
if (well_known_null_sid != gsid) if (well_known_null_sid != gsid)
return gsid == groups.pgsid; return gsid == groups.pgsid;
} }

41
winsup/cygwin/security.cc
View File

@ -347,12 +347,15 @@ get_info_from_sd (PSECURITY_DESCRIPTOR psd, mode_t *attribute,
cygpsid owner_sid; cygpsid owner_sid;
cygpsid group_sid; cygpsid group_sid;
BOOL dummy; NTSTATUS status;
BOOLEAN dummy;
if (!GetSecurityDescriptorOwner (psd, (PSID *) &owner_sid, &dummy)) status = RtlGetOwnerSecurityDescriptor (psd, (PSID *) &owner_sid, &dummy);
debug_printf ("GetSecurityDescriptorOwner %E"); if (!NT_SUCCESS (status))
if (!GetSecurityDescriptorGroup (psd, (PSID *) &group_sid, &dummy)) debug_printf ("RtlGetOwnerSecurityDescriptor: %p", status);
debug_printf ("GetSecurityDescriptorGroup %E"); status = RtlGetGroupSecurityDescriptor (psd, (PSID *) &group_sid, &dummy);
if (!NT_SUCCESS (status))
debug_printf ("RtlGetGroupSecurityDescriptor: %p", status);
__uid32_t uid; __uid32_t uid;
__gid32_t gid; __gid32_t gid;
@ -369,12 +372,12 @@ get_info_from_sd (PSECURITY_DESCRIPTOR psd, mode_t *attribute,
} }
PACL acl; PACL acl;
BOOL acl_exists; BOOLEAN acl_exists;
if (!GetSecurityDescriptorDacl (psd, &acl_exists, &acl, &dummy)) status = RtlGetDaclSecurityDescriptor (psd, &acl_exists, &acl, &dummy);
if (!NT_SUCCESS (status))
{ {
__seterrno (); __seterrno_from_nt_status (status);
debug_printf ("GetSecurityDescriptorDacl %E");
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO); *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO);
} }
else if (!acl_exists || !acl) else if (!acl_exists || !acl)
@ -498,7 +501,8 @@ static PSECURITY_DESCRIPTOR
alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
security_descriptor &sd_ret) security_descriptor &sd_ret)
{ {
BOOL dummy; NTSTATUS status;
BOOLEAN dummy;
tmp_pathbuf tp; tmp_pathbuf tp;
/* NOTE: If the high bit of attribute is set, we have just created /* NOTE: If the high bit of attribute is set, we have just created
@ -509,10 +513,12 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
/* Get owner and group from current security descriptor. */ /* Get owner and group from current security descriptor. */
PSID cur_owner_sid = NULL; PSID cur_owner_sid = NULL;
PSID cur_group_sid = NULL; PSID cur_group_sid = NULL;
if (!GetSecurityDescriptorOwner (sd_ret, &cur_owner_sid, &dummy)) status = RtlGetOwnerSecurityDescriptor (sd_ret, &cur_owner_sid, &dummy);
debug_printf ("GetSecurityDescriptorOwner %E"); if (!NT_SUCCESS (status))
if (!GetSecurityDescriptorGroup (sd_ret, &cur_group_sid, &dummy)) debug_printf ("RtlGetOwnerSecurityDescriptor: %p", status);
debug_printf ("GetSecurityDescriptorGroup %E"); status = RtlGetGroupSecurityDescriptor (sd_ret, &cur_group_sid, &dummy);
if (!NT_SUCCESS (status))
debug_printf ("RtlGetGroupSecurityDescriptor: %p", status);
/* Get SID of owner. */ /* Get SID of owner. */
cygsid owner_sid; cygsid owner_sid;
@ -703,12 +709,11 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
/* Fill ACL with unrelated ACEs from current security descriptor. */ /* Fill ACL with unrelated ACEs from current security descriptor. */
PACL oacl; PACL oacl;
BOOL acl_exists = FALSE; BOOLEAN acl_exists = FALSE;
ACCESS_ALLOWED_ACE *ace; ACCESS_ALLOWED_ACE *ace;
NTSTATUS status;
if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy) status = RtlGetDaclSecurityDescriptor (sd_ret, &acl_exists, &oacl, &dummy);
&& acl_exists && oacl) if (NT_SUCCESS (status) && acl_exists && oacl)
for (DWORD i = 0; i < oacl->AceCount; ++i) for (DWORD i = 0; i < oacl->AceCount; ++i)
if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace))) if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace)))
{ {

12
winsup/cygwin/uinfo.cc
View File

@ -84,12 +84,14 @@ cygheap_user::init ()
psd = (PSECURITY_DESCRIPTOR) psd = (PSECURITY_DESCRIPTOR)
(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor; (sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
BOOL acl_exists, dummy;
TOKEN_DEFAULT_DACL dacl;
if (GetSecurityDescriptorDacl (psd, &acl_exists, &dacl.DefaultDacl, &dummy)
&& acl_exists && dacl.DefaultDacl)
{
NTSTATUS status; NTSTATUS status;
BOOLEAN acl_exists, dummy;
TOKEN_DEFAULT_DACL dacl;
status = RtlGetDaclSecurityDescriptor (psd, &acl_exists, &dacl.DefaultDacl,
&dummy);
if (NT_SUCCESS (status) && acl_exists && dacl.DefaultDacl)
{
/* Set the default DACL and the process DACL */ /* Set the default DACL and the process DACL */
if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl, if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl,