JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use

Browse Source 
instead of ACL_DEFAULT_SIZE.
	* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
	* security.h (ACL_DEFAULT_SIZE): Drop definition.
	(ACL_MAXIMUM_SIZE): Define.
	(SD_MAXIMUM_SIZE): Define.
	* security.cc (get_file_sd): Allocate security_decscriptor with size
	SD_MAXIMUM_SIZE.
	(alloc_sd): Use TLS buffer to allow maximum ACL size.
This commit is contained in:
Corinna Vinschen
2010-09-10 14:53:44 +00:00
parent f65c5a0a2b
commit 4e8f539f15
5 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
winsup/cygwin/ChangeLog
View File

@@ -1,3 +1,15 @@
2010-09-10 Corinna Vinschen <corinna@vinschen.de>
* flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use
instead of ACL_DEFAULT_SIZE.
* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
* security.h (ACL_DEFAULT_SIZE): Drop definition.
(ACL_MAXIMUM_SIZE): Define.
(SD_MAXIMUM_SIZE): Define.
* security.cc (get_file_sd): Allocate security_decscriptor with size
SD_MAXIMUM_SIZE.
(alloc_sd): Use TLS buffer to allow maximum ACL size.
2010-09-10 Corinna Vinschen <corinna@vinschen.de>
* mount.cc (class fs_info_cache): New class to cache filesystem

5
winsup/cygwin/flock.cc
View File

@@ -155,10 +155,11 @@ allow_others_to_sync ()
should be more than sufficient for process ACLs. Can't use tls functions
at this point because this gets called during initialization when the tls
is not really available. */
PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (ACL_DEFAULT_SIZE);
#define MAX_PROCESS_SD_SIZE 3072
PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (MAX_PROCESS_SD_SIZE);
status = NtQuerySecurityObject (NtCurrentProcess (),
DACL_SECURITY_INFORMATION, sd,
ACL_DEFAULT_SIZE, &len);
MAX_PROCESS_SD_SIZE, &len);
if (!NT_SUCCESS (status))
{
debug_printf ("NtQuerySecurityObject: %p", status);

6
winsup/cygwin/sec_acl.cc
View File

@@ -22,6 +22,7 @@ details. */
#include "dtable.h"
#include "cygheap.h"
#include "pwdgrp.h"
#include "tls_pbuf.h"
static int
searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UID)
@@ -40,6 +41,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
bool &writable)
{
security_descriptor sd_ret;
tmp_pathbuf tp;
if (get_file_sd (handle, pc, sd_ret, false))
return -1;
@@ -83,7 +85,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
}
/* Fill access control list. */
PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE);
PACL acl = (PACL) tp.w_get ();
size_t acl_len = sizeof (ACL);
int ace_off = 0;
@@ -92,7 +94,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
struct __group32 *gr;
int pos;
if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION))
if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
{
__seterrno ();
return -1;

8
winsup/cygwin/security.cc
View File

@@ -24,6 +24,7 @@ details. */
#include "cygheap.h"
#include "ntdll.h"
#include "pwdgrp.h"
#include "tls_pbuf.h"
#include <aclapi.h>
#define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \
@@ -68,7 +69,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
else
{
NTSTATUS status;
ULONG len = 32768;
ULONG len = SD_MAXIMUM_SIZE;
if (!sd.malloc (len))
{
@@ -413,6 +414,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
security_descriptor &sd_ret)
{
BOOL dummy;
tmp_pathbuf tp;
/* NOTE: If the high bit of attribute is set, we have just created
a file or directory. See below for an explanation. */
@@ -483,8 +485,8 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
}
/* Initialize local access control list. */
PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE);
if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION))
PACL acl = (PACL) tp.w_get ();
if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
{
__seterrno ();
return NULL;

3
winsup/cygwin/security.h
View File

@@ -26,7 +26,8 @@ details. */
#define MAX_DACL_LEN(n) (sizeof (ACL) \
+ (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN))
#define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1))
#define ACL_DEFAULT_SIZE 3072
#define ACL_MAXIMUM_SIZE 65532 /* Yeah, right. 64K - sizeof (DWORD). */
#define SD_MAXIMUM_SIZE 65536
#define NO_SID ((PSID)NULL)
#ifndef SE_CREATE_TOKEN_PRIVILEGE