* external.cc (cygwin_internal): Use security_descriptor::copy method.

* sec_helper.cc (security_descriptor::malloc): Use own free method.
	Set type.
	(security_descriptor::realloc): Handle the case that psd has been
	allocated using LocalAlloc.  Set type.
	(security_descriptor::free): Ditto.
	* security.cc (get_nt_attribute): Remove.
	(get_reg_security): Remove.
	(get_nt_object_security): Use GetSecurityInfo which handles all
	securable objects.
	(get_nt_object_attribute): Remove.
	(get_object_attribute): Call get_nt_object_security instead of
	get_nt_object_attribute.
	(get_file_attribute): Ditto.
	(check_registry_access): Call get_nt_object_security instead of
	get_reg_security.
	* security.h (cygpsid::operator PSID): Make method const, not the
	result.
	(class security_descriptor): Add type member.  Accomodate throughout.
	(security_descriptor::copy): New method.
	(security_descriptor::operator PSECURITY_DESCRIPTOR *): New operator.
This commit is contained in:
Corinna Vinschen
2006-10-22 14:57:43 +00:00
parent 2b26c2fc41
commit 2be593d961
5 changed files with 96 additions and 106 deletions

View File

@ -1389,113 +1389,43 @@ get_info_from_sd (PSECURITY_DESCRIPTOR psd, mode_t *attribute,
(!acl_exists || !acl)?"NO ":"", *attribute, uid, gid);
}
static void
get_nt_attribute (const char *file, mode_t *attribute,
__uid32_t *uidret, __gid32_t *gidret)
{
security_descriptor sd;
if (read_sd (file, sd) <= 0)
debug_printf ("read_sd %E");
get_info_from_sd (sd, attribute, uidret, gidret);
}
static int
get_reg_security (HANDLE handle, security_descriptor &sd_ret)
{
LONG ret;
DWORD len = 0;
ret = RegGetKeySecurity ((HKEY) handle,
DACL_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
sd_ret, &len);
if (ret == ERROR_INSUFFICIENT_BUFFER)
{
if (!sd_ret.malloc (len))
set_errno (ENOMEM);
else
ret = RegGetKeySecurity ((HKEY) handle,
DACL_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
sd_ret, &len);
}
if (ret != ERROR_SUCCESS)
{
__seterrno ();
return -1;
}
return 0;
}
int
get_nt_object_security (HANDLE handle, SE_OBJECT_TYPE object_type,
security_descriptor &sd_ret)
{
NTSTATUS ret;
ULONG len = 0;
/* Unfortunately, NtQuerySecurityObject doesn't work on predefined registry
keys like HKEY_LOCAL_MACHINE. It fails with "Invalid Handle". So we
have to retreat to the Win32 registry functions for registry keys.
What bugs me is that RegGetKeySecurity is obviously just a wrapper
around NtQuerySecurityObject, but there seems to be no function to
convert pseudo HKEY values to real handles. */
if (object_type == SE_REGISTRY_KEY)
return get_reg_security (handle, sd_ret);
ret = NtQuerySecurityObject (handle,
sd_ret.free ();
/* Don't use NtQuerySecurityObject. It doesn't recognize predefined
registry keys. */
DWORD ret = GetSecurityInfo (handle, object_type,
DACL_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
sd_ret, len, &len);
if (ret == STATUS_BUFFER_TOO_SMALL)
NULL, NULL, NULL, NULL, sd_ret);
if (ret != ERROR_SUCCESS)
{
if (!sd_ret.malloc (len))
set_errno (ENOMEM);
else
ret = NtQuerySecurityObject (handle,
DACL_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
sd_ret, len, &len);
}
if (ret != STATUS_SUCCESS)
{
__seterrno_from_nt_status (ret);
__seterrno_from_win_error (ret);
return -1;
}
return 0;
}
static int
get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
mode_t *attribute, __uid32_t *uidret,
__gid32_t *gidret)
{
security_descriptor sd;
PSECURITY_DESCRIPTOR psd = NULL;
if (get_nt_object_security (handle, object_type, sd))
{
if (object_type == SE_FILE_OBJECT)
return -1;
}
else
psd = sd;
get_info_from_sd (psd, attribute, uidret, gidret);
return 0;
}
int
get_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
mode_t *attribute, __uid32_t *uidret, __gid32_t *gidret)
{
if (allow_ntsec)
{
get_nt_object_attribute (handle, object_type, attribute, uidret, gidret);
security_descriptor sd;
PSECURITY_DESCRIPTOR psd = NULL;
if (get_nt_object_security (handle, object_type, sd))
{
if (object_type == SE_FILE_OBJECT)
return -1;
}
else
psd = sd;
get_info_from_sd (psd, attribute, uidret, gidret);
return 0;
}
/* The entries are already set to default values */
@ -1511,9 +1441,11 @@ get_file_attribute (int use_ntsec, HANDLE handle, const char *file,
if (use_ntsec && allow_ntsec)
{
if (!handle || get_nt_object_attribute (handle, SE_FILE_OBJECT,
attribute, uidret, gidret))
get_nt_attribute (file, attribute, uidret, gidret);
security_descriptor sd;
if (!handle || get_nt_object_security (handle, SE_FILE_OBJECT, sd))
read_sd (file, sd);
get_info_from_sd (sd, attribute, uidret, gidret);
return 0;
}
@ -2039,7 +1971,7 @@ check_registry_access (HANDLE hdl, int flags)
desired |= KEY_SET_VALUE;
if (flags & X_OK)
desired |= KEY_QUERY_VALUE;
if (!get_reg_security (hdl, sd))
if (!get_nt_object_security (hdl, SE_REGISTRY_KEY, sd))
ret = check_access (sd, mapping, desired, flags);
debug_printf ("flags %x, ret %d", flags, ret);
return ret;