* pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically. (pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf. * sec_acl.cc (setacl): Allocate acl dynamically. * sec_helper.cc (sec_acl): Add test for alignment of acl when DEBUGGING is defined. (__sec_user): Same for sa_buf. * security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR and allocate dynamically. (alloc_sd): Allocate acl dynamically. security.h (sec_user_nih): Change first parameter to SECURITY_ATTRIBUTES *. (sec_user): Ditto. * sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and allocate dynamically. * syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate dynamically. * uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES and allocate dynamically. * winbase.h (ilockincr): Mark first argument of inline assembly as earlyclobber. (ilockdecr): Ditto.
This commit is contained in:
parent
b739751db9
commit
7311cc1f0c
@ -1,3 +1,28 @@
|
||||
2005-06-06 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and
|
||||
allocate dynamically.
|
||||
(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
|
||||
* sec_acl.cc (setacl): Allocate acl dynamically.
|
||||
* sec_helper.cc (sec_acl): Add test for alignment of acl when
|
||||
DEBUGGING is defined.
|
||||
(__sec_user): Same for sa_buf.
|
||||
* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
|
||||
and allocate dynamically.
|
||||
(alloc_sd): Allocate acl dynamically.
|
||||
security.h (sec_user_nih): Change first parameter to
|
||||
SECURITY_ATTRIBUTES *.
|
||||
(sec_user): Ditto.
|
||||
* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
|
||||
allocate dynamically.
|
||||
* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
|
||||
dynamically.
|
||||
* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
|
||||
and allocate dynamically.
|
||||
* winbase.h (ilockincr): Mark first argument of inline assembly as
|
||||
earlyclobber.
|
||||
(ilockdecr): Ditto.
|
||||
|
||||
2005-06-07 Christopher Faylor <cgf@timesys.com>
|
||||
|
||||
* cygthread.cc (cygthread::detach): Make error message a little more
|
||||
|
@ -199,7 +199,7 @@ pinfo::init (pid_t n, DWORD flag, HANDLE h0)
|
||||
}
|
||||
|
||||
procinfo = NULL;
|
||||
char sa_buf[1024];
|
||||
PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
|
||||
PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, cygheap->user.sid(),
|
||||
well_known_world_sid,
|
||||
FILE_MAP_READ);
|
||||
@ -307,14 +307,14 @@ pinfo::init (pid_t n, DWORD flag, HANDLE h0)
|
||||
void
|
||||
pinfo::set_acl()
|
||||
{
|
||||
char sa_buf[1024];
|
||||
PACL acl_buf = (PACL) alloca (1024);
|
||||
SECURITY_DESCRIPTOR sd;
|
||||
|
||||
sec_acl ((PACL) sa_buf, true, true, cygheap->user.sid (),
|
||||
sec_acl (acl_buf, true, true, cygheap->user.sid (),
|
||||
well_known_world_sid, FILE_MAP_READ);
|
||||
if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION))
|
||||
debug_printf ("InitializeSecurityDescriptor %E");
|
||||
else if (!SetSecurityDescriptorDacl (&sd, TRUE, (PACL) sa_buf, FALSE))
|
||||
else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
|
||||
debug_printf ("SetSecurityDescriptorDacl %E");
|
||||
else if (!SetKernelObjectSecurity (h, DACL_SECURITY_INFORMATION, &sd))
|
||||
debug_printf ("SetKernelObjectSecurity %E");
|
||||
|
@ -94,8 +94,7 @@ setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp)
|
||||
}
|
||||
|
||||
/* Fill access control list. */
|
||||
char acl_buf[3072];
|
||||
PACL acl = (PACL) acl_buf;
|
||||
PACL acl = (PACL) alloca (3072);
|
||||
size_t acl_len = sizeof (ACL);
|
||||
int ace_off = 0;
|
||||
|
||||
|
@ -489,6 +489,10 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces
|
||||
LPVOID pAce;
|
||||
cygpsid psid;
|
||||
|
||||
#ifdef DEBUGGING
|
||||
if ((unsigned long) acl % 4)
|
||||
api_fatal ("Incorrectly aligned incoming ACL buffer!");
|
||||
#endif
|
||||
if (!InitializeAcl (acl, acl_len, ACL_REVISION))
|
||||
{
|
||||
debug_printf ("InitializeAcl %E");
|
||||
@ -531,7 +535,12 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
|
||||
((char *) sa_buf + sizeof (*psa));
|
||||
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
|
||||
|
||||
if (!wincap.has_security () || !sec_acl (acl, true, true, sid1, sid2, access2))
|
||||
#ifdef DEBUGGING
|
||||
if ((unsigned long) sa_buf % 4)
|
||||
api_fatal ("Incorrectly aligned incoming SA buffer!");
|
||||
#endif
|
||||
if (!wincap.has_security ()
|
||||
|| !sec_acl (acl, true, true, sid1, sid2, access2))
|
||||
return inherit ? &sec_none : &sec_none_nih;
|
||||
|
||||
if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
|
||||
|
@ -772,14 +772,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
|
||||
is not well_known_null_sid, it must match pgrpsid */
|
||||
if (intern && !groups.issetgroups ())
|
||||
{
|
||||
char sd_buf[MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR)];
|
||||
const DWORD sd_buf_siz = MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR);
|
||||
PSECURITY_DESCRIPTOR sd_buf = (PSECURITY_DESCRIPTOR) alloca (sd_buf_siz);
|
||||
cygpsid gsid (NO_SID);
|
||||
if (!GetKernelObjectSecurity (token, GROUP_SECURITY_INFORMATION,
|
||||
(PSECURITY_DESCRIPTOR) sd_buf,
|
||||
sizeof sd_buf, &size))
|
||||
sd_buf, sd_buf_siz, &size))
|
||||
debug_printf ("GetKernelObjectSecurity(), %E");
|
||||
else if (!GetSecurityDescriptorGroup ((PSECURITY_DESCRIPTOR) sd_buf,
|
||||
(PSID *) &gsid, (BOOL *) &size))
|
||||
else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid,
|
||||
(BOOL *) &size))
|
||||
debug_printf ("GetSecurityDescriptorGroup(), %E");
|
||||
if (well_known_null_sid != gsid)
|
||||
return gsid == groups.pgsid;
|
||||
@ -1538,8 +1538,7 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
|
||||
}
|
||||
|
||||
/* Initialize local access control list. */
|
||||
char acl_buf[3072];
|
||||
PACL acl = (PACL) acl_buf;
|
||||
PACL acl = (PACL) alloca (3072);
|
||||
if (!InitializeAcl (acl, 3072, ACL_REVISION))
|
||||
{
|
||||
__seterrno ();
|
||||
|
@ -382,13 +382,15 @@ int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int l
|
||||
BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len);
|
||||
|
||||
extern inline SECURITY_ATTRIBUTES *
|
||||
sec_user_nih (char sa_buf[], PSID sid1 = NULL, PSID sid2 = NULL, DWORD access2 = 0)
|
||||
sec_user_nih (SECURITY_ATTRIBUTES *sa_buf, PSID sid1 = NULL, PSID sid2 = NULL,
|
||||
DWORD access2 = 0)
|
||||
{
|
||||
return __sec_user (sa_buf, sid1, sid2, access2, FALSE);
|
||||
}
|
||||
|
||||
extern inline SECURITY_ATTRIBUTES *
|
||||
sec_user (char sa_buf[], PSID sid1 = NULL, PSID sid2 = NULL, DWORD access2 = 0)
|
||||
sec_user (SECURITY_ATTRIBUTES *sa_buf, PSID sid1 = NULL, PSID sid2 = NULL,
|
||||
DWORD access2 = 0)
|
||||
{
|
||||
return __sec_user (sa_buf, sid1, sid2, access2, TRUE);
|
||||
}
|
||||
|
@ -998,7 +998,7 @@ static DWORD WINAPI
|
||||
wait_sig (VOID *self)
|
||||
{
|
||||
HANDLE readsig;
|
||||
char sa_buf[1024];
|
||||
PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
|
||||
Static bool holding_signals;
|
||||
|
||||
/* Initialization */
|
||||
|
@ -2053,10 +2053,10 @@ seteuid32 (__uid32_t uid)
|
||||
&groups.pgsid, sizeof (cygsid)))
|
||||
debug_printf ("SetTokenInformation(user.token, TokenPrimaryGroup), %E");
|
||||
/* Try setting default DACL */
|
||||
char dacl_buf[MAX_DACL_LEN (5)];
|
||||
if (sec_acl ((PACL) dacl_buf, true, true, usersid))
|
||||
PACL dacl_buf = (PACL) alloca (MAX_DACL_LEN (5));
|
||||
if (sec_acl (dacl_buf, true, true, usersid))
|
||||
{
|
||||
TOKEN_DEFAULT_DACL tdacl = { (PACL) dacl_buf };
|
||||
TOKEN_DEFAULT_DACL tdacl = { dacl_buf };
|
||||
if (!SetTokenInformation (new_token, TokenDefaultDacl,
|
||||
&tdacl, sizeof (tdacl)))
|
||||
debug_printf ("SetTokenInformation (TokenDefaultDacl), %E");
|
||||
|
@ -65,7 +65,7 @@ cygheap_user::init ()
|
||||
debug_printf ("SetTokenInformation(TokenOwner), %E");
|
||||
|
||||
/* Standard way to build a security descriptor with the usual DACL */
|
||||
char sa_buf[1024];
|
||||
PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
|
||||
psd = (PSECURITY_DESCRIPTOR)
|
||||
(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
|
||||
|
||||
|
@ -19,7 +19,7 @@ ilockincr (long *m)
|
||||
movl $1,%0\n\
|
||||
lock xadd %0,%1\n\
|
||||
inc %0\n\
|
||||
": "=r" (__res), "=m" (*m): "m" (*m): "cc");
|
||||
": "=&r" (__res), "=m" (*m): "m" (*m): "cc");
|
||||
return __res;
|
||||
}
|
||||
|
||||
@ -31,7 +31,7 @@ ilockdecr (long *m)
|
||||
movl $0xffffffff,%0\n\
|
||||
lock xadd %0,%1\n\
|
||||
dec %0\n\
|
||||
": "=r" (__res), "=m" (*m): "m" (*m): "cc");
|
||||
": "=&r" (__res), "=m" (*m): "m" (*m): "cc");
|
||||
return __res;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user