JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* advapi32.cc: Add comment.

Browse Source 
(EqualSid): Remove.
	(CopySid): Remove.
	(AddAccessAllowedAce): Remove.
	(AddAccessDeniedAce): Remove.
	(MakeSelfRelativeSD): Remove.
	* flock.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_acl.cc: Ditto.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
	* security.h: Ditto.
	(RtlEqualSid): Declare.  Explain why.
	(RtlCopySid): Ditto.
This commit is contained in:
Corinna Vinschen 2011-04-29 10:38:12 +00:00
parent 3e8e0c33c0
commit 5735d5f6f4
8 changed files with 97 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,21 @@
2011-04-29 Corinna Vinschen <corinna@vinschen.de>
* advapi32.cc: Add comment.
(EqualSid): Remove.
(CopySid): Remove.
(AddAccessAllowedAce): Remove.
(AddAccessDeniedAce): Remove.
(MakeSelfRelativeSD): Remove.
* flock.cc: Replace above functions throughout with their ntdll.dll
equivalent.
* sec_acl.cc: Ditto.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
* security.h: Ditto.
(RtlEqualSid): Declare. Explain why.
(RtlCopySid): Ditto.
2011-04-29 Corinna Vinschen <corinna@vinschen.de> 2011-04-29 Corinna Vinschen <corinna@vinschen.de>
* advapi32.cc (AccessCheck): Remove. * advapi32.cc (AccessCheck): Remove.

38
winsup/cygwin/advapi32.cc
View File

@ -19,40 +19,10 @@ details. */
SetLastError (RtlNtStatusToDosError (status)); \ SetLastError (RtlNtStatusToDosError (status)); \
return NT_SUCCESS (status); return NT_SUCCESS (status);
BOOL WINAPI /* This file should only contain non-trivial implementations of advapi32
EqualSid (PSID sid1, PSID sid2) functions, or advapi32 functions for which the ntdll.dll equivalent
{ is not easy to understand. In all other case, use the ntdll.dll
return !!RtlEqualSid (sid1, sid2); equivalent. */
}
BOOL WINAPI
CopySid (DWORD len, PSID dest, PSID src)
{
NTSTATUS status = RtlCopySid (len, dest, src);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI
AddAccessAllowedAce (PACL acl, DWORD revision, DWORD mask, PSID sid)
{
NTSTATUS status = RtlAddAccessAllowedAce (acl, revision, mask, sid);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI
AddAccessDeniedAce (PACL acl, DWORD revision, DWORD mask, PSID sid)
{
NTSTATUS status = RtlAddAccessDeniedAce (acl, revision, mask, sid);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI
MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
LPDWORD len)
{
NTSTATUS status = RtlAbsoluteToSelfRelativeSD (abs_sd, rel_sd, len);
DEFAULT_NTSTATUS_TO_BOOL_RETURN
}
BOOL WINAPI BOOL WINAPI
RevertToSelf () RevertToSelf ()

7
winsup/cygwin/flock.cc
View File

@ -171,10 +171,11 @@ allow_others_to_sync ()
dacl = (PACL) ((char *) sd + (uintptr_t) sd->Dacl); dacl = (PACL) ((char *) sd + (uintptr_t) sd->Dacl);
dacl->AclSize = NT_MAX_PATH * sizeof (WCHAR) - ((char *) dacl - (char *) sd); dacl->AclSize = NT_MAX_PATH * sizeof (WCHAR) - ((char *) dacl - (char *) sd);
/* Allow everyone to SYNCHRONIZE with this process. */ /* Allow everyone to SYNCHRONIZE with this process. */
if (!AddAccessAllowedAce (dacl, ACL_REVISION, SYNCHRONIZE, status = RtlAddAccessAllowedAce (dacl, ACL_REVISION, SYNCHRONIZE,
well_known_world_sid)) well_known_world_sid);
if (!NT_SUCCESS (status))
{ {
debug_printf ("AddAccessAllowedAce: %lu", GetLastError ()); debug_printf ("RtlAddAccessAllowedAce: %p", status);
return; return;
} }
/* Set the size of the DACL correctly. */ /* Set the size of the DACL correctly. */

7
winsup/cygwin/sec_acl.cc
View File

@ -211,7 +211,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
} }
/* Make self relative security descriptor in sd_ret. */ /* Make self relative security descriptor in sd_ret. */
DWORD sd_size = 0; DWORD sd_size = 0;
MakeSelfRelativeSD (&sd, sd_ret, &sd_size); RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
if (sd_size <= 0) if (sd_size <= 0)
{ {
__seterrno (); __seterrno ();
@ -222,9 +222,10 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
set_errno (ENOMEM); set_errno (ENOMEM);
return -1; return -1;
} }
if (!MakeSelfRelativeSD (&sd, sd_ret, &sd_size)) status = RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
if (!NT_SUCCESS (status))
{ {
__seterrno (); __seterrno_from_nt_status (status);
return -1; return -1;
} }
debug_printf ("Created SD-Size: %d", sd_ret.size ()); debug_printf ("Created SD-Size: %d", sd_ret.size ());

25
winsup/cygwin/sec_auth.cc
View File

@ -1047,13 +1047,14 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
dacl = (PACL) alloca (dsize); dacl = (PACL) alloca (dsize);
if (!NT_SUCCESS (RtlCreateAcl (dacl, dsize, ACL_REVISION))) if (!NT_SUCCESS (RtlCreateAcl (dacl, dsize, ACL_REVISION)))
goto out; goto out;
if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, usersid)) if (!NT_SUCCESS (RtlAddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL,
usersid)))
goto out; goto out;
if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, if (!NT_SUCCESS (RtlAddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL,
well_known_admins_sid)) well_known_admins_sid)))
goto out; goto out;
if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, if (!NT_SUCCESS (RtlAddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL,
well_known_system_sid)) well_known_system_sid)))
goto out; goto out;
/* Evaluate authinf size and allocate authinf. */ /* Evaluate authinf size and allocate authinf. */
@ -1096,8 +1097,8 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
/* User SID */ /* User SID */
authinf->inf.User.User.Sid = offset; authinf->inf.User.User.Sid = offset;
authinf->inf.User.User.Attributes = 0; authinf->inf.User.User.Attributes = 0;
CopySid (RtlLengthSid (usersid), (PSID) ((PBYTE) &authinf->inf + offset), RtlCopySid (RtlLengthSid (usersid), (PSID) ((PBYTE) &authinf->inf + offset),
usersid); usersid);
offset += RtlLengthSid (usersid); offset += RtlLengthSid (usersid);
/* Groups */ /* Groups */
authinf->inf.Groups = offset; authinf->inf.Groups = offset;
@ -1119,16 +1120,16 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
if (wincap.needs_logon_sid_in_sid_list () if (wincap.needs_logon_sid_in_sid_list ()
&& tmp_gsids.sids[tmpidx] == fake_logon_sid) && tmp_gsids.sids[tmpidx] == fake_logon_sid)
gsids->Groups[i].Attributes += SE_GROUP_LOGON_ID; gsids->Groups[i].Attributes += SE_GROUP_LOGON_ID;
CopySid (RtlLengthSid (tmp_gsids.sids[tmpidx]), RtlCopySid (RtlLengthSid (tmp_gsids.sids[tmpidx]),
(PSID) ((PBYTE) &authinf->inf + sids_offset), (PSID) ((PBYTE) &authinf->inf + sids_offset),
tmp_gsids.sids[tmpidx]); tmp_gsids.sids[tmpidx]);
sids_offset += RtlLengthSid (tmp_gsids.sids[tmpidx]); sids_offset += RtlLengthSid (tmp_gsids.sids[tmpidx]);
} }
offset += gsize; offset += gsize;
/* Primary Group SID */ /* Primary Group SID */
authinf->inf.PrimaryGroup.PrimaryGroup = offset; authinf->inf.PrimaryGroup.PrimaryGroup = offset;
CopySid (RtlLengthSid (pgrpsid), (PSID) ((PBYTE) &authinf->inf + offset), RtlCopySid (RtlLengthSid (pgrpsid), (PSID) ((PBYTE) &authinf->inf + offset),
pgrpsid); pgrpsid);
offset += RtlLengthSid (pgrpsid); offset += RtlLengthSid (pgrpsid);
/* Privileges */ /* Privileges */
authinf->inf.Privileges = offset; authinf->inf.Privileges = offset;

47
winsup/cygwin/sec_helper.cc
View File

@ -504,25 +504,35 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces
return false; return false;
} }
if (sid1) if (sid1)
if (!AddAccessAllowedAce (acl, ACL_REVISION, {
GENERIC_ALL, sid1)) status = RtlAddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL, sid1);
debug_printf ("AddAccessAllowedAce(sid1) %E"); if (!NT_SUCCESS (status))
debug_printf ("RtlAddAccessAllowedAce(sid1) %p", status);
}
if (original && (psid = cygheap->user.saved_sid ()) if (original && (psid = cygheap->user.saved_sid ())
&& psid != sid1 && psid != well_known_system_sid) && psid != sid1 && psid != well_known_system_sid)
if (!AddAccessAllowedAce (acl, ACL_REVISION, {
GENERIC_ALL, psid)) status = RtlAddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL, psid);
debug_printf ("AddAccessAllowedAce(original) %E"); if (!NT_SUCCESS (status))
debug_printf ("RtlAddAccessAllowedAce(original) %p", status);
}
if (sid2) if (sid2)
if (!AddAccessAllowedAce (acl, ACL_REVISION, {
access2, sid2)) status = RtlAddAccessAllowedAce (acl, ACL_REVISION, access2, sid2);
debug_printf ("AddAccessAllowedAce(sid2) %E"); if (!NT_SUCCESS (status))
debug_printf ("RtlAddAccessAllowedAce(sid2) %p", status);
}
if (admins) if (admins)
if (!AddAccessAllowedAce (acl, ACL_REVISION, {
GENERIC_ALL, well_known_admins_sid)) status = RtlAddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL,
debug_printf ("AddAccessAllowedAce(admin) %E"); well_known_admins_sid);
if (!AddAccessAllowedAce (acl, ACL_REVISION, if (!NT_SUCCESS (status))
GENERIC_ALL, well_known_system_sid)) debug_printf ("RtlAddAccessAllowedAce(admin) %p", status);
debug_printf ("AddAccessAllowedAce(system) %E"); }
status = RtlAddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL,
well_known_system_sid);
if (!NT_SUCCESS (status))
debug_printf ("RtlAddAccessAllowedAce(system) %p", status);
status = RtlFirstFreeAce (acl, &pAce); status = RtlFirstFreeAce (acl, &pAce);
if (NT_SUCCESS (status) && pAce) if (NT_SUCCESS (status) && pAce)
acl->AclSize = (char *) pAce - (char *) acl; acl->AclSize = (char *) pAce - (char *) acl;
@ -574,10 +584,11 @@ _everyone_sd (void *buf, ACCESS_MASK access)
RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
PACL dacl = (PACL) (psd + 1); PACL dacl = (PACL) (psd + 1);
RtlCreateAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION); RtlCreateAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION);
if (!AddAccessAllowedAce (dacl, ACL_REVISION, access, status = RtlAddAccessAllowedAce (dacl, ACL_REVISION, access,
well_known_world_sid)) well_known_world_sid);
if (!NT_SUCCESS (status))
{ {
debug_printf ("AddAccessAllowedAce: %lu", GetLastError ()); debug_printf ("RtlAddAccessAllowedAce: %p", status);
return NULL; return NULL;
} }
LPVOID ace; LPVOID ace;

19
winsup/cygwin/security.cc
View File

@ -316,7 +316,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
} }
} }
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID); *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
if (owner_sid && group_sid && EqualSid (owner_sid, group_sid) if (owner_sid && group_sid && RtlEqualSid (owner_sid, group_sid)
/* FIXME: temporary exception for /var/empty */ /* FIXME: temporary exception for /var/empty */
&& well_known_system_sid != group_sid) && well_known_system_sid != group_sid)
{ {
@ -469,9 +469,10 @@ bool
add_access_allowed_ace (PACL acl, int offset, DWORD attributes, add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
PSID sid, size_t &len_add, DWORD inherit) PSID sid, size_t &len_add, DWORD inherit)
{ {
if (!AddAccessAllowedAce (acl, ACL_REVISION, attributes, sid)) NTSTATUS status = RtlAddAccessAllowedAce (acl, ACL_REVISION, attributes, sid);
if (!NT_SUCCESS (status))
{ {
__seterrno (); __seterrno_from_nt_status (status);
return false; return false;
} }
ACCESS_ALLOWED_ACE *ace; ACCESS_ALLOWED_ACE *ace;
@ -485,9 +486,10 @@ bool
add_access_denied_ace (PACL acl, int offset, DWORD attributes, add_access_denied_ace (PACL acl, int offset, DWORD attributes,
PSID sid, size_t &len_add, DWORD inherit) PSID sid, size_t &len_add, DWORD inherit)
{ {
if (!AddAccessDeniedAce (acl, ACL_REVISION, attributes, sid)) NTSTATUS status = RtlAddAccessDeniedAce (acl, ACL_REVISION, attributes, sid);
if (!NT_SUCCESS (status))
{ {
__seterrno (); __seterrno_from_nt_status (status);
return false; return false;
} }
ACCESS_DENIED_ACE *ace; ACCESS_DENIED_ACE *ace;
@ -839,7 +841,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
/* Make self relative security descriptor. */ /* Make self relative security descriptor. */
DWORD sd_size = 0; DWORD sd_size = 0;
MakeSelfRelativeSD (&sd, sd_ret, &sd_size); RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
if (sd_size <= 0) if (sd_size <= 0)
{ {
__seterrno (); __seterrno ();
@ -850,9 +852,10 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
set_errno (ENOMEM); set_errno (ENOMEM);
return NULL; return NULL;
} }
if (!MakeSelfRelativeSD (&sd, sd_ret, &sd_size)) status = RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
if (!NT_SUCCESS (status))
{ {
__seterrno (); __seterrno_from_nt_status (status);
return NULL; return NULL;
} }
debug_printf ("Created SD-Size: %u", sd_ret.size ()); debug_printf ("Created SD-Size: %u", sd_ret.size ());

16
winsup/cygwin/security.h
View File

@ -95,6 +95,18 @@ cygpsid NO_COPY name = (PSID) &name##_struct;
#define FILE_WRITE_BITS (FILE_WRITE_DATA | GENERIC_WRITE | GENERIC_ALL) #define FILE_WRITE_BITS (FILE_WRITE_DATA | GENERIC_WRITE | GENERIC_ALL)
#define FILE_EXEC_BITS (FILE_EXECUTE | GENERIC_EXECUTE | GENERIC_ALL) #define FILE_EXEC_BITS (FILE_EXECUTE | GENERIC_EXECUTE | GENERIC_ALL)
#ifdef __cplusplus
extern "C"
{
#endif
/* We need these declarations, otherwise g++ complains that the below
inline methods use an undefined function, if ntdll.h isn't included. */
BOOLEAN NTAPI RtlEqualSid (PSID, PSID);
NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID);
#ifdef __cplusplus
}
#endif
class cygpsid { class cygpsid {
protected: protected:
PSID psid; PSID psid;
@ -114,7 +126,7 @@ public:
{ {
if (!psid || !nsid) if (!psid || !nsid)
return nsid == psid; return nsid == psid;
return EqualSid (psid, nsid); return RtlEqualSid (psid, nsid);
} }
bool operator!= (const PSID nsid) const bool operator!= (const PSID nsid) const
{ return !(*this == nsid); } { return !(*this == nsid); }
@ -143,7 +155,7 @@ class cygsid : public cygpsid {
else else
{ {
psid = (PSID) sbuf; psid = (PSID) sbuf;
CopySid (MAX_SID_LEN, psid, nsid); RtlCopySid (MAX_SID_LEN, psid, nsid);
well_known_sid = well_known; well_known_sid = well_known;
} }
return psid; return psid;