JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* advapi32.cc (AccessCheck): Remove.

Browse Source 
(PrivilegeCheck): Remove.
	(OpenThreadToken): Remove.
	* fhandler_tty.cc: Replace above functions throughout with their
	ntdll.dll equivalent.
	* security.cc: Ditto.
This commit is contained in:
Corinna Vinschen 2011-04-29 09:48:25 +00:00
parent bd139e52b4
commit 3e8e0c33c0
4 changed files with 41 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,12 @@
2011-04-29 Corinna Vinschen <corinna@vinschen.de>
* advapi32.cc (AccessCheck): Remove.
(PrivilegeCheck): Remove.
(OpenThreadToken): Remove.
* fhandler_tty.cc: Replace above functions throughout with their
ntdll.dll equivalent.
* security.cc: Ditto.
2011-04-29 Corinna Vinschen <corinna@vinschen.de> 2011-04-29 Corinna Vinschen <corinna@vinschen.de>
* ntdll.h (IsEventSignalled): New inline function. * ntdll.h (IsEventSignalled): New inline function.

28
winsup/cygwin/advapi32.cc
View File

@ -19,27 +19,6 @@ details. */
SetLastError (RtlNtStatusToDosError (status)); \ SetLastError (RtlNtStatusToDosError (status)); \
return NT_SUCCESS (status); return NT_SUCCESS (status);
BOOL WINAPI
AccessCheck (PSECURITY_DESCRIPTOR sd, HANDLE tok, DWORD access,
PGENERIC_MAPPING mapping, PPRIVILEGE_SET pset, LPDWORD psetlen,
LPDWORD granted, LPBOOL allowed)
{
NTSTATUS status, astatus;
status = NtAccessCheck (sd, tok, access, mapping, pset, psetlen, granted,
&astatus);
if (NT_SUCCESS (status))
*allowed = NT_SUCCESS (astatus);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI
PrivilegeCheck (HANDLE tok, PPRIVILEGE_SET pset, LPBOOL res)
{
NTSTATUS status = NtPrivilegeCheck (tok, pset, (PBOOLEAN) res);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI BOOL WINAPI
EqualSid (PSID sid1, PSID sid2) EqualSid (PSID sid1, PSID sid2)
{ {
@ -75,13 +54,6 @@ MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
DEFAULT_NTSTATUS_TO_BOOL_RETURN DEFAULT_NTSTATUS_TO_BOOL_RETURN
} }
BOOL WINAPI
OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok)
{
NTSTATUS status = NtOpenThreadToken (thread, access, as_self, tok);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI BOOL WINAPI
RevertToSelf () RevertToSelf ()
{ {

26
winsup/cygwin/fhandler_tty.cc
View File

@ -1644,15 +1644,16 @@ fhandler_pty_master::pty_master_thread ()
security_descriptor sd; security_descriptor sd;
HANDLE token; HANDLE token;
PRIVILEGE_SET ps; PRIVILEGE_SET ps;
BOOL ret;
DWORD pid; DWORD pid;
NTSTATUS status;
termios_printf ("Entered"); termios_printf ("Entered");
while (!exit && (ConnectNamedPipe (master_ctl, NULL) || GetLastError () == ERROR_PIPE_CONNECTED)) while (!exit && (ConnectNamedPipe (master_ctl, NULL)
|| GetLastError () == ERROR_PIPE_CONNECTED))
{ {
pipe_reply repl = { NULL, NULL, 0 }; pipe_reply repl = { NULL, NULL, 0 };
bool deimp = false; bool deimp = false;
BOOL allow = FALSE; NTSTATUS allow = STATUS_ACCESS_DENIED;
ACCESS_MASK access = EVENT_MODIFY_STATE; ACCESS_MASK access = EVENT_MODIFY_STATE;
HANDLE client = NULL; HANDLE client = NULL;
@ -1678,17 +1679,22 @@ fhandler_pty_master::pty_master_thread ()
termios_printf ("ImpersonateNamedPipeClient, %E"); termios_printf ("ImpersonateNamedPipeClient, %E");
goto reply; goto reply;
} }
if (!OpenThreadToken (GetCurrentThread (), TOKEN_QUERY, TRUE, &token)) status = NtOpenThreadToken (GetCurrentThread (), TOKEN_QUERY, TRUE,
&token);
if (!NT_SUCCESS (status))
{ {
termios_printf ("OpenThreadToken, %E"); termios_printf ("NtOpenThreadToken, %p", status);
SetLastError (RtlNtStatusToDosError (status));
goto reply; goto reply;
} }
len = sizeof ps; len = sizeof ps;
ret = AccessCheck (sd, token, access, &map, &ps, &len, &access, &allow); status = NtAccessCheck (sd, token, access, &map, &ps, &len, &access,
CloseHandle (token); &allow);
if (!ret) NtClose (token);
if (!NT_SUCCESS (status))
{ {
termios_printf ("AccessCheck, %E"); termios_printf ("NtAccessCheck, %p", status);
SetLastError (RtlNtStatusToDosError (status));
goto reply; goto reply;
} }
if (!RevertToSelf ()) if (!RevertToSelf ())
@ -1705,7 +1711,7 @@ fhandler_pty_master::pty_master_thread ()
exit = true; exit = true;
goto reply; goto reply;
} }
if (allow) if (NT_SUCCESS (allow))
{ {
client = OpenProcess (PROCESS_DUP_HANDLE, FALSE, pid); client = OpenProcess (PROCESS_DUP_HANDLE, FALSE, pid);
if (!client) if (!client)

24
winsup/cygwin/security.cc
View File

@ -972,11 +972,11 @@ set_file_attribute (HANDLE handle, path_conv &pc,
static int static int
check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
DWORD desired, int flags, bool effective) ACCESS_MASK desired, int flags, bool effective)
{ {
int ret = -1; int ret = -1;
BOOL status; NTSTATUS status, allow;
DWORD granted; ACCESS_MASK granted;
DWORD plen = sizeof (PRIVILEGE_SET) + 3 * sizeof (LUID_AND_ATTRIBUTES); DWORD plen = sizeof (PRIVILEGE_SET) + 3 * sizeof (LUID_AND_ATTRIBUTES);
PPRIVILEGE_SET pset = (PPRIVILEGE_SET) alloca (plen); PPRIVILEGE_SET pset = (PPRIVILEGE_SET) alloca (plen);
HANDLE tok = ((effective && cygheap->user.issetuid ()) HANDLE tok = ((effective && cygheap->user.issetuid ())
@ -995,9 +995,11 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
tok = hProcImpToken; tok = hProcImpToken;
} }
if (!AccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted, &status)) status = NtAccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted,
&allow);
if (!NT_SUCCESS (status))
__seterrno (); __seterrno ();
else if (!status) else if (!NT_SUCCESS (allow))
{ {
/* CV, 2006-10-16: Now, that's really weird. Imagine a user who has no /* CV, 2006-10-16: Now, that's really weird. Imagine a user who has no
standard access to a file, but who has backup and restore privileges standard access to a file, but who has backup and restore privileges
@ -1012,6 +1014,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
case the access check fails, another check against the user's case the access check fails, another check against the user's
backup/restore privileges has to be made. Sigh. */ backup/restore privileges has to be made. Sigh. */
int granted_flags = 0; int granted_flags = 0;
BOOLEAN has_priv;
if (flags & R_OK) if (flags & R_OK)
{ {
pset->PrivilegeCount = 1; pset->PrivilegeCount = 1;
@ -1019,7 +1023,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
pset->Privilege[0].Luid.HighPart = 0L; pset->Privilege[0].Luid.HighPart = 0L;
pset->Privilege[0].Luid.LowPart = SE_BACKUP_PRIVILEGE; pset->Privilege[0].Luid.LowPart = SE_BACKUP_PRIVILEGE;
pset->Privilege[0].Attributes = 0; pset->Privilege[0].Attributes = 0;
if (PrivilegeCheck (tok, pset, &status) && status) status = NtPrivilegeCheck (tok, pset, &has_priv);
if (NT_SUCCESS (status) && has_priv)
granted_flags |= R_OK; granted_flags |= R_OK;
} }
if (flags & W_OK) if (flags & W_OK)
@ -1029,7 +1034,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
pset->Privilege[0].Luid.HighPart = 0L; pset->Privilege[0].Luid.HighPart = 0L;
pset->Privilege[0].Luid.LowPart = SE_RESTORE_PRIVILEGE; pset->Privilege[0].Luid.LowPart = SE_RESTORE_PRIVILEGE;
pset->Privilege[0].Attributes = 0; pset->Privilege[0].Attributes = 0;
if (PrivilegeCheck (tok, pset, &status) && status) status = NtPrivilegeCheck (tok, pset, &has_priv);
if (NT_SUCCESS (status) && has_priv)
granted_flags |= W_OK; granted_flags |= W_OK;
} }
if (granted_flags == flags) if (granted_flags == flags)
@ -1047,7 +1053,7 @@ check_file_access (path_conv &pc, int flags, bool effective)
{ {
security_descriptor sd; security_descriptor sd;
int ret = -1; int ret = -1;
DWORD desired = 0; ACCESS_MASK desired = 0;
if (flags & R_OK) if (flags & R_OK)
desired |= FILE_READ_DATA; desired |= FILE_READ_DATA;
if (flags & W_OK) if (flags & W_OK)
@ -1069,7 +1075,7 @@ check_registry_access (HANDLE hdl, int flags, bool effective)
KEY_WRITE, KEY_WRITE,
KEY_EXECUTE, KEY_EXECUTE,
KEY_ALL_ACCESS }; KEY_ALL_ACCESS };
DWORD desired = 0; ACCESS_MASK desired = 0;
if (flags & R_OK) if (flags & R_OK)
desired |= KEY_ENUMERATE_SUB_KEYS; desired |= KEY_ENUMERATE_SUB_KEYS;
if (flags & W_OK) if (flags & W_OK)