JehanneOS
/
newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* advapi32.cc (AccessCheck): Remove. 

(PrivilegeCheck): Remove.
	(OpenThreadToken): Remove.
	* fhandler_tty.cc: Replace above functions throughout with their
	ntdll.dll equivalent.
	* security.cc: Ditto.
This commit is contained in:
Corinna Vinschen 2011-04-29 09:48:25 +00:00
parent bd139e52b4
commit 3e8e0c33c0
4 changed files with 41 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,12 @@
2011-04-29 Corinna Vinschen <corinna@vinschen.de>
* advapi32.cc (AccessCheck): Remove.
(PrivilegeCheck): Remove.
(OpenThreadToken): Remove.
* fhandler_tty.cc: Replace above functions throughout with their
ntdll.dll equivalent.
* security.cc: Ditto.
2011-04-29 Corinna Vinschen <corinna@vinschen.de>
* ntdll.h (IsEventSignalled): New inline function.

28
winsup/cygwin/advapi32.cc
View File

@ -19,27 +19,6 @@ details. */
SetLastError (RtlNtStatusToDosError (status)); \
return NT_SUCCESS (status);
BOOL WINAPI
AccessCheck (PSECURITY_DESCRIPTOR sd, HANDLE tok, DWORD access,
PGENERIC_MAPPING mapping, PPRIVILEGE_SET pset, LPDWORD psetlen,
LPDWORD granted, LPBOOL allowed)
{
NTSTATUS status, astatus;
status = NtAccessCheck (sd, tok, access, mapping, pset, psetlen, granted,
&astatus);
if (NT_SUCCESS (status))
*allowed = NT_SUCCESS (astatus);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI
PrivilegeCheck (HANDLE tok, PPRIVILEGE_SET pset, LPBOOL res)
{
NTSTATUS status = NtPrivilegeCheck (tok, pset, (PBOOLEAN) res);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI
EqualSid (PSID sid1, PSID sid2)
{
@ -75,13 +54,6 @@ MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI
OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok)
{
NTSTATUS status = NtOpenThreadToken (thread, access, as_self, tok);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI
RevertToSelf ()
{

26
winsup/cygwin/fhandler_tty.cc
View File

@ -1644,15 +1644,16 @@ fhandler_pty_master::pty_master_thread ()
security_descriptor sd;
HANDLE token;
PRIVILEGE_SET ps;
BOOL ret;
DWORD pid;
NTSTATUS status;
termios_printf ("Entered");
while (!exit && (ConnectNamedPipe (master_ctl, NULL) || GetLastError () == ERROR_PIPE_CONNECTED))
while (!exit && (ConnectNamedPipe (master_ctl, NULL)
|| GetLastError () == ERROR_PIPE_CONNECTED))
{
pipe_reply repl = { NULL, NULL, 0 };
bool deimp = false;
BOOL allow = FALSE;
NTSTATUS allow = STATUS_ACCESS_DENIED;
ACCESS_MASK access = EVENT_MODIFY_STATE;
HANDLE client = NULL;
@ -1678,17 +1679,22 @@ fhandler_pty_master::pty_master_thread ()
termios_printf ("ImpersonateNamedPipeClient, %E");
goto reply;
}
if (!OpenThreadToken (GetCurrentThread (), TOKEN_QUERY, TRUE, &token))
status = NtOpenThreadToken (GetCurrentThread (), TOKEN_QUERY, TRUE,
&token);
if (!NT_SUCCESS (status))
{
termios_printf ("OpenThreadToken, %E");
termios_printf ("NtOpenThreadToken, %p", status);
SetLastError (RtlNtStatusToDosError (status));
goto reply;
}
len = sizeof ps;
ret = AccessCheck (sd, token, access, &map, &ps, &len, &access, &allow);
CloseHandle (token);
if (!ret)
status = NtAccessCheck (sd, token, access, &map, &ps, &len, &access,
&allow);
NtClose (token);
if (!NT_SUCCESS (status))
{
termios_printf ("AccessCheck, %E");
termios_printf ("NtAccessCheck, %p", status);
SetLastError (RtlNtStatusToDosError (status));
goto reply;
}
if (!RevertToSelf ())
@ -1705,7 +1711,7 @@ fhandler_pty_master::pty_master_thread ()
exit = true;
goto reply;
}
if (allow)
if (NT_SUCCESS (allow))
{
client = OpenProcess (PROCESS_DUP_HANDLE, FALSE, pid);
if (!client)

24
winsup/cygwin/security.cc
View File

@ -972,11 +972,11 @@ set_file_attribute (HANDLE handle, path_conv &pc,
static int
check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
DWORD desired, int flags, bool effective)
ACCESS_MASK desired, int flags, bool effective)
{
int ret = -1;
BOOL status;
DWORD granted;
NTSTATUS status, allow;
ACCESS_MASK granted;
DWORD plen = sizeof (PRIVILEGE_SET) + 3 * sizeof (LUID_AND_ATTRIBUTES);
PPRIVILEGE_SET pset = (PPRIVILEGE_SET) alloca (plen);
HANDLE tok = ((effective && cygheap->user.issetuid ())
@ -995,9 +995,11 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
tok = hProcImpToken;
}
if (!AccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted, &status))
status = NtAccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted,
&allow);
if (!NT_SUCCESS (status))
__seterrno ();
else if (!status)
else if (!NT_SUCCESS (allow))
{
/* CV, 2006-10-16: Now, that's really weird. Imagine a user who has no
standard access to a file, but who has backup and restore privileges
@ -1012,6 +1014,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
case the access check fails, another check against the user's
backup/restore privileges has to be made. Sigh. */
int granted_flags = 0;
BOOLEAN has_priv;
if (flags & R_OK)
{
pset->PrivilegeCount = 1;
@ -1019,7 +1023,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
pset->Privilege[0].Luid.HighPart = 0L;
pset->Privilege[0].Luid.LowPart = SE_BACKUP_PRIVILEGE;
pset->Privilege[0].Attributes = 0;
if (PrivilegeCheck (tok, pset, &status) && status)
status = NtPrivilegeCheck (tok, pset, &has_priv);
if (NT_SUCCESS (status) && has_priv)
granted_flags |= R_OK;
}
if (flags & W_OK)
@ -1029,7 +1034,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
pset->Privilege[0].Luid.HighPart = 0L;
pset->Privilege[0].Luid.LowPart = SE_RESTORE_PRIVILEGE;
pset->Privilege[0].Attributes = 0;
if (PrivilegeCheck (tok, pset, &status) && status)
status = NtPrivilegeCheck (tok, pset, &has_priv);
if (NT_SUCCESS (status) && has_priv)
granted_flags |= W_OK;
}
if (granted_flags == flags)
@ -1047,7 +1053,7 @@ check_file_access (path_conv &pc, int flags, bool effective)
{
security_descriptor sd;
int ret = -1;
DWORD desired = 0;
ACCESS_MASK desired = 0;
if (flags & R_OK)
desired |= FILE_READ_DATA;
if (flags & W_OK)
@ -1069,7 +1075,7 @@ check_registry_access (HANDLE hdl, int flags, bool effective)
KEY_WRITE,
KEY_EXECUTE,
KEY_ALL_ACCESS };
DWORD desired = 0;
ACCESS_MASK desired = 0;
if (flags & R_OK)
desired |= KEY_ENUMERATE_SUB_KEYS;
if (flags & W_OK)