From 40afcae3565fc6dee9452bf0d7c0ae64c27208d8 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Fri, 1 Apr 2011 08:41:26 +0000
Subject: [PATCH] * fhandler_random.cc
(fhandler_dev_random::crypt_gen_random): Use CryptAcquireContextW.
* ntdll.h (STATUS_PROCEDURE_NOT_FOUND): Define. * sec_auth.cc
(open_local_policy): Rename NTSTATUS variable ret to status. Drop usage of
LsaNtStatusToWinError. (verify_token): Call NtQuerySecurityObject
instead of GetKernelObjectSecurity. (create_token): Rename
NTSTATUS variable ret to status. Rename ret2 to sub_status. Drop
usage of LsaNtStatusToWinError. In case LsaLogonUser fails, report the
sub_status as well.
---
winsup/cygwin/ChangeLog | 13 +++++++
winsup/cygwin/fhandler_random.cc | 13 ++++---
winsup/cygwin/ntdll.h | 1 +
winsup/cygwin/sec_auth.cc | 59 +++++++++++++++++---------------
4 files changed, 51 insertions(+), 35 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index d66727ebb..37b560ea3 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,16 @@
+2011-04-01 Corinna Vinschen <corinna@vinschen.de>
+
+ * fhandler_random.cc (fhandler_dev_random::crypt_gen_random):
+ Use CryptAcquireContextW.
+ * ntdll.h (STATUS_PROCEDURE_NOT_FOUND): Define.
+ * sec_auth.cc (open_local_policy): Rename NTSTATUS variable ret to
+ status. Drop usage of LsaNtStatusToWinError.
+ (verify_token): Call NtQuerySecurityObject instead of
+ GetKernelObjectSecurity.
+ (create_token): Rename NTSTATUS variable ret to status. Rename ret2 to
+ sub_status. Drop usage of LsaNtStatusToWinError. In case LsaLogonUser
+ fails, report the sub_status as well.
+
2011-04-01 Corinna Vinschen <corinna@vinschen.de>
* libc/strptime.c: Remove misleading comment.
diff --git a/winsup/cygwin/fhandler_random.cc b/winsup/cygwin/fhandler_random.cc
index e5d8a4866..587a6375d 100644
--- a/winsup/cygwin/fhandler_random.cc
+++ b/winsup/cygwin/fhandler_random.cc
@@ -1,7 +1,6 @@
/* fhandler_random.cc: code to access /dev/random and /dev/urandom
- Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2009
- Red Hat, Inc.
+ Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2009, 2011 Red Hat, Inc.
Written by Corinna Vinschen (vinschen@cygnus.com)
@@ -42,11 +41,11 @@ bool
fhandler_dev_random::crypt_gen_random (void *ptr, size_t len)
{
if (!crypt_prov
- && !CryptAcquireContext (&crypt_prov, NULL, MS_DEF_PROV, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)
- && !CryptAcquireContext (&crypt_prov, NULL, MS_DEF_PROV, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET
- | CRYPT_NEWKEYSET))
+ && !CryptAcquireContextW (&crypt_prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)
+ && !CryptAcquireContextW (&crypt_prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET
+ | CRYPT_NEWKEYSET))
{
debug_printf ("%E = CryptAquireContext()");
return false;
diff --git a/winsup/cygwin/ntdll.h b/winsup/cygwin/ntdll.h
index 757291439..d0f15b90d 100644
--- a/winsup/cygwin/ntdll.h
+++ b/winsup/cygwin/ntdll.h
@@ -40,6 +40,7 @@
#define STATUS_NO_EAS_ON_FILE ((NTSTATUS) 0xc0000052)
#define STATUS_LOCK_NOT_GRANTED ((NTSTATUS) 0xc0000055)
#define STATUS_DELETE_PENDING ((NTSTATUS) 0xc0000056)
+#define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS) 0xc000007a)
#define STATUS_DISK_FULL ((NTSTATUS) 0xc000007f)
#define STATUS_WORKING_SET_QUOTA ((NTSTATUS) 0xc00000a1)
#define STATUS_INSTANCE_NOT_AVAILABLE ((NTSTATUS) 0xc00000ab)
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index 9f27f9d6d..0c86546d6 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -194,10 +194,10 @@ open_local_policy (ACCESS_MASK access)
LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
HANDLE lsa = INVALID_HANDLE_VALUE;
- NTSTATUS ret = LsaOpenPolicy (NULL, &oa, access, &lsa);
- if (ret != STATUS_SUCCESS)
+ NTSTATUS status = LsaOpenPolicy (NULL, &oa, access, &lsa);
+ if (!NT_SUCCESS (status))
{
- __seterrno_from_win_error (LsaNtStatusToWinError (ret));
+ __seterrno_from_nt_status (status);
/* Some versions of Windows set the lsa handle to NULL when
LsaOpenPolicy fails. */
lsa = INVALID_HANDLE_VALUE;
@@ -699,9 +699,11 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
const DWORD sd_buf_siz = MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR);
PSECURITY_DESCRIPTOR sd_buf = (PSECURITY_DESCRIPTOR) alloca (sd_buf_siz);
cygpsid gsid (NO_SID);
- if (!GetKernelObjectSecurity (token, GROUP_SECURITY_INFORMATION,
- sd_buf, sd_buf_siz, &size))
- debug_printf ("GetKernelObjectSecurity(), %E");
+ NTSTATUS status;
+ status = NtQuerySecurityObject (token, GROUP_SECURITY_INFORMATION,
+ sd_buf, sd_buf_siz, &size);
+ if (!NT_SUCCESS (status))
+ debug_printf ("NtQuerySecurityObject(), %p", status);
else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid,
(BOOL *) &size))
debug_printf ("GetSecurityDescriptorGroup(), %E");
@@ -774,7 +776,7 @@ done:
HANDLE
create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
{
- NTSTATUS ret;
+ NTSTATUS status;
LSA_HANDLE lsa = INVALID_HANDLE_VALUE;
cygsidlist tmp_gsids (cygsidlist_auto, 12);
@@ -894,11 +896,11 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
goto out;
/* Let's be heroic... */
- ret = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation,
- &auth_luid, &exp, &user, new_tok_gsids, privs, &owner,
- &pgrp, &dacl, &source);
- if (ret)
- __seterrno_from_nt_status (ret);
+ status = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation,
+ &auth_luid, &exp, &user, new_tok_gsids, privs, &owner,
+ &pgrp, &dacl, &source);
+ if (status)
+ __seterrno_from_nt_status (status);
else
{
/* Convert to primary token. */
@@ -933,7 +935,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
LSA_STRING name;
HANDLE lsa_hdl = NULL, lsa = INVALID_HANDLE_VALUE;
LSA_OPERATIONAL_MODE sec_mode;
- NTSTATUS ret, ret2;
+ NTSTATUS status, sub_status;
ULONG package_id, size;
LUID auth_luid = SYSTEM_LUID;
struct {
@@ -963,12 +965,12 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
/* Register as logon process. */
str2lsa (name, "Cygwin");
SetLastError (0);
- ret = LsaRegisterLogonProcess (&name, &lsa_hdl, &sec_mode);
- if (ret != STATUS_SUCCESS)
+ status = LsaRegisterLogonProcess (&name, &lsa_hdl, &sec_mode);
+ if (status != STATUS_SUCCESS)
{
- debug_printf ("LsaRegisterLogonProcess: %p", ret);
- __seterrno_from_win_error (ret == ERROR_PROC_NOT_FOUND
- ? ret : LsaNtStatusToWinError (ret));
+ debug_printf ("LsaRegisterLogonProcess: %p", status);
+ __seterrno_from_nt_status (status == ERROR_PROC_NOT_FOUND
+ ? STATUS_PROCEDURE_NOT_FOUND : status);
goto out;
}
else if (GetLastError () == ERROR_PROC_NOT_FOUND)
@@ -978,11 +980,11 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
}
/* Get handle to our own LSA package. */
str2lsa (name, CYG_LSA_PKGNAME);
- ret = LsaLookupAuthenticationPackage (lsa_hdl, &name, &package_id);
- if (ret != STATUS_SUCCESS)
+ status = LsaLookupAuthenticationPackage (lsa_hdl, &name, &package_id);
+ if (status != STATUS_SUCCESS)
{
- debug_printf ("LsaLookupAuthenticationPackage: %p", ret);
- __seterrno_from_win_error (LsaNtStatusToWinError (ret));
+ debug_printf ("LsaLookupAuthenticationPackage: %p", status);
+ __seterrno_from_nt_status (status);
goto out;
}
@@ -1135,13 +1137,14 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
authinf->checksum += *csp++;
/* Try to logon... */
- ret = LsaLogonUser (lsa_hdl, (PLSA_STRING) &origin, Interactive, package_id,
- authinf, authinf_size, NULL, &ts, &profile, &size, &luid,
- &user_token, "a, &ret2);
- if (ret != STATUS_SUCCESS)
+ status = LsaLogonUser (lsa_hdl, (PLSA_STRING) &origin, Interactive,
+ package_id, authinf, authinf_size, NULL, &ts,
+ &profile, &size, &luid, &user_token, "a,
+ &sub_status);
+ if (status != STATUS_SUCCESS)
{
- debug_printf ("LsaLogonUser: %p", ret);
- __seterrno_from_win_error (LsaNtStatusToWinError (ret));
+ debug_printf ("LsaLogonUser: %p (sub-status %p)", status, sub_status);
+ __seterrno_from_nt_status (status);
goto out;
}
if (profile)