JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and

Browse Source 
allocate dynamically.
	(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
	* sec_acl.cc (setacl): Allocate acl dynamically.
	* sec_helper.cc (sec_acl): Add test for alignment of acl when
	DEBUGGING is defined.
	(__sec_user): Same for sa_buf.
	* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
	and allocate dynamically.
	(alloc_sd): Allocate acl dynamically.
	security.h (sec_user_nih): Change first parameter to
	SECURITY_ATTRIBUTES *.
	(sec_user): Ditto.
	* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
	allocate dynamically.
	* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
	dynamically.
	* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
	and allocate dynamically.
	* winbase.h (ilockincr): Mark first argument of inline assembly as
	earlyclobber.
	(ilockdecr): Ditto.
This commit is contained in:
Corinna Vinschen 2005-06-07 19:31:42 +00:00
parent b739751db9
commit 7311cc1f0c
10 changed files with 57 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,28 @@
2005-06-06 Corinna Vinschen <corinna@vinschen.de>
* pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically.
(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
* sec_acl.cc (setacl): Allocate acl dynamically.
* sec_helper.cc (sec_acl): Add test for alignment of acl when
DEBUGGING is defined.
(__sec_user): Same for sa_buf.
* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
and allocate dynamically.
(alloc_sd): Allocate acl dynamically.
security.h (sec_user_nih): Change first parameter to
SECURITY_ATTRIBUTES *.
(sec_user): Ditto.
* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically.
* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
dynamically.
* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
and allocate dynamically.
* winbase.h (ilockincr): Mark first argument of inline assembly as
earlyclobber.
(ilockdecr): Ditto.
2005-06-07 Christopher Faylor <cgf@timesys.com> 2005-06-07 Christopher Faylor <cgf@timesys.com>
* cygthread.cc (cygthread::detach): Make error message a little more * cygthread.cc (cygthread::detach): Make error message a little more

8
winsup/cygwin/pinfo.cc
View File

@ -199,7 +199,7 @@ pinfo::init (pid_t n, DWORD flag, HANDLE h0)
} }
procinfo = NULL; procinfo = NULL;
char sa_buf[1024]; PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, cygheap->user.sid(), PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, cygheap->user.sid(),
well_known_world_sid, well_known_world_sid,
FILE_MAP_READ); FILE_MAP_READ);
@ -307,14 +307,14 @@ pinfo::init (pid_t n, DWORD flag, HANDLE h0)
void void
pinfo::set_acl() pinfo::set_acl()
{ {
char sa_buf[1024]; PACL acl_buf = (PACL) alloca (1024);
SECURITY_DESCRIPTOR sd; SECURITY_DESCRIPTOR sd;
sec_acl ((PACL) sa_buf, true, true, cygheap->user.sid (), sec_acl (acl_buf, true, true, cygheap->user.sid (),
well_known_world_sid, FILE_MAP_READ); well_known_world_sid, FILE_MAP_READ);
if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION))
debug_printf ("InitializeSecurityDescriptor %E"); debug_printf ("InitializeSecurityDescriptor %E");
else if (!SetSecurityDescriptorDacl (&sd, TRUE, (PACL) sa_buf, FALSE)) else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
debug_printf ("SetSecurityDescriptorDacl %E"); debug_printf ("SetSecurityDescriptorDacl %E");
else if (!SetKernelObjectSecurity (h, DACL_SECURITY_INFORMATION, &sd)) else if (!SetKernelObjectSecurity (h, DACL_SECURITY_INFORMATION, &sd))
debug_printf ("SetKernelObjectSecurity %E"); debug_printf ("SetKernelObjectSecurity %E");

3
winsup/cygwin/sec_acl.cc
View File

@ -94,8 +94,7 @@ setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp)
} }
/* Fill access control list. */ /* Fill access control list. */
char acl_buf[3072]; PACL acl = (PACL) alloca (3072);
PACL acl = (PACL) acl_buf;
size_t acl_len = sizeof (ACL); size_t acl_len = sizeof (ACL);
int ace_off = 0; int ace_off = 0;

11
winsup/cygwin/sec_helper.cc
View File

@ -489,6 +489,10 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces
LPVOID pAce; LPVOID pAce;
cygpsid psid; cygpsid psid;
#ifdef DEBUGGING
if ((unsigned long) acl % 4)
api_fatal ("Incorrectly aligned incoming ACL buffer!");
#endif
if (!InitializeAcl (acl, acl_len, ACL_REVISION)) if (!InitializeAcl (acl, acl_len, ACL_REVISION))
{ {
debug_printf ("InitializeAcl %E"); debug_printf ("InitializeAcl %E");
@ -531,7 +535,12 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
((char *) sa_buf + sizeof (*psa)); ((char *) sa_buf + sizeof (*psa));
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd)); PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
if (!wincap.has_security () || !sec_acl (acl, true, true, sid1, sid2, access2)) #ifdef DEBUGGING
if ((unsigned long) sa_buf % 4)
api_fatal ("Incorrectly aligned incoming SA buffer!");
#endif
if (!wincap.has_security ()
|| !sec_acl (acl, true, true, sid1, sid2, access2))
return inherit ? &sec_none : &sec_none_nih; return inherit ? &sec_none : &sec_none_nih;
if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION)) if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))

13
winsup/cygwin/security.cc
View File

@ -772,14 +772,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
is not well_known_null_sid, it must match pgrpsid */ is not well_known_null_sid, it must match pgrpsid */
if (intern && !groups.issetgroups ()) if (intern && !groups.issetgroups ())
{ {
char sd_buf[MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR)]; const DWORD sd_buf_siz = MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR);
PSECURITY_DESCRIPTOR sd_buf = (PSECURITY_DESCRIPTOR) alloca (sd_buf_siz);
cygpsid gsid (NO_SID); cygpsid gsid (NO_SID);
if (!GetKernelObjectSecurity (token, GROUP_SECURITY_INFORMATION, if (!GetKernelObjectSecurity (token, GROUP_SECURITY_INFORMATION,
(PSECURITY_DESCRIPTOR) sd_buf, sd_buf, sd_buf_siz, &size))
sizeof sd_buf, &size))
debug_printf ("GetKernelObjectSecurity(), %E"); debug_printf ("GetKernelObjectSecurity(), %E");
else if (!GetSecurityDescriptorGroup ((PSECURITY_DESCRIPTOR) sd_buf, else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid,
(PSID *) &gsid, (BOOL *) &size)) (BOOL *) &size))
debug_printf ("GetSecurityDescriptorGroup(), %E"); debug_printf ("GetSecurityDescriptorGroup(), %E");
if (well_known_null_sid != gsid) if (well_known_null_sid != gsid)
return gsid == groups.pgsid; return gsid == groups.pgsid;
@ -1538,8 +1538,7 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
} }
/* Initialize local access control list. */ /* Initialize local access control list. */
char acl_buf[3072]; PACL acl = (PACL) alloca (3072);
PACL acl = (PACL) acl_buf;
if (!InitializeAcl (acl, 3072, ACL_REVISION)) if (!InitializeAcl (acl, 3072, ACL_REVISION))
{ {
__seterrno (); __seterrno ();

6
winsup/cygwin/security.h
View File

@ -382,13 +382,15 @@ int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int l
BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len); BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len);
extern inline SECURITY_ATTRIBUTES * extern inline SECURITY_ATTRIBUTES *
sec_user_nih (char sa_buf[], PSID sid1 = NULL, PSID sid2 = NULL, DWORD access2 = 0) sec_user_nih (SECURITY_ATTRIBUTES *sa_buf, PSID sid1 = NULL, PSID sid2 = NULL,
DWORD access2 = 0)
{ {
return __sec_user (sa_buf, sid1, sid2, access2, FALSE); return __sec_user (sa_buf, sid1, sid2, access2, FALSE);
} }
extern inline SECURITY_ATTRIBUTES * extern inline SECURITY_ATTRIBUTES *
sec_user (char sa_buf[], PSID sid1 = NULL, PSID sid2 = NULL, DWORD access2 = 0) sec_user (SECURITY_ATTRIBUTES *sa_buf, PSID sid1 = NULL, PSID sid2 = NULL,
DWORD access2 = 0)
{ {
return __sec_user (sa_buf, sid1, sid2, access2, TRUE); return __sec_user (sa_buf, sid1, sid2, access2, TRUE);
} }

2
winsup/cygwin/sigproc.cc
View File

@ -998,7 +998,7 @@ static DWORD WINAPI
wait_sig (VOID *self) wait_sig (VOID *self)
{ {
HANDLE readsig; HANDLE readsig;
char sa_buf[1024]; PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
Static bool holding_signals; Static bool holding_signals;
/* Initialization */ /* Initialization */

6
winsup/cygwin/syscalls.cc
View File

@ -2053,10 +2053,10 @@ seteuid32 (__uid32_t uid)
&groups.pgsid, sizeof (cygsid))) &groups.pgsid, sizeof (cygsid)))
debug_printf ("SetTokenInformation(user.token, TokenPrimaryGroup), %E"); debug_printf ("SetTokenInformation(user.token, TokenPrimaryGroup), %E");
/* Try setting default DACL */ /* Try setting default DACL */
char dacl_buf[MAX_DACL_LEN (5)]; PACL dacl_buf = (PACL) alloca (MAX_DACL_LEN (5));
if (sec_acl ((PACL) dacl_buf, true, true, usersid)) if (sec_acl (dacl_buf, true, true, usersid))
{ {
TOKEN_DEFAULT_DACL tdacl = { (PACL) dacl_buf }; TOKEN_DEFAULT_DACL tdacl = { dacl_buf };
if (!SetTokenInformation (new_token, TokenDefaultDacl, if (!SetTokenInformation (new_token, TokenDefaultDacl,
&tdacl, sizeof (tdacl))) &tdacl, sizeof (tdacl)))
debug_printf ("SetTokenInformation (TokenDefaultDacl), %E"); debug_printf ("SetTokenInformation (TokenDefaultDacl), %E");

2
winsup/cygwin/uinfo.cc
View File

@ -65,7 +65,7 @@ cygheap_user::init ()
debug_printf ("SetTokenInformation(TokenOwner), %E"); debug_printf ("SetTokenInformation(TokenOwner), %E");
/* Standard way to build a security descriptor with the usual DACL */ /* Standard way to build a security descriptor with the usual DACL */
char sa_buf[1024]; PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
psd = (PSECURITY_DESCRIPTOR) psd = (PSECURITY_DESCRIPTOR)
(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor; (sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;

4
winsup/cygwin/winbase.h
View File

@ -19,7 +19,7 @@ ilockincr (long *m)
movl $1,%0\n\ movl $1,%0\n\
lock xadd %0,%1\n\ lock xadd %0,%1\n\
inc %0\n\ inc %0\n\
": "=r" (__res), "=m" (*m): "m" (*m): "cc"); ": "=&r" (__res), "=m" (*m): "m" (*m): "cc");
return __res; return __res;
} }
@ -31,7 +31,7 @@ ilockdecr (long *m)
movl $0xffffffff,%0\n\ movl $0xffffffff,%0\n\
lock xadd %0,%1\n\ lock xadd %0,%1\n\
dec %0\n\ dec %0\n\
": "=r" (__res), "=m" (*m): "m" (*m): "cc"); ": "=&r" (__res), "=m" (*m): "m" (*m): "cc");
return __res; return __res;
} }