JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Drop unused parameter from add_access_*_ace

Browse Source 
* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
	Accommodate throughout.
	(add_access_denied_ace): Ditto.
	* sec_acl.cc: Accommodate above change throughout.
	* security.h (add_access_allowed_ace): Adjust prototype to above change.
	(add_access_denied_ace): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-04-02 13:46:04 +02:00
parent d41baf3578
commit ca973c0224
No known key found for this signature in database
GPG Key ID: F536069DAE444FA0
4 changed files with 56 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,12 @@
2015-04-02 Corinna Vinschen <corinna@vinschen.de>
* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
Accommodate throughout.
(add_access_denied_ace): Ditto.
* sec_acl.cc: Accommodate above change throughout.
* security.h (add_access_allowed_ace): Adjust prototype to above change.
(add_access_denied_ace): Ditto.
2015-04-01 Corinna Vinschen <corinna@vinschen.de> 2015-04-01 Corinna Vinschen <corinna@vinschen.de>
* include/cygwin/types.h: Include sys/_stdint.h rather than stdint.h. * include/cygwin/types.h: Include sys/_stdint.h rather than stdint.h.

46
winsup/cygwin/sec_acl.cc
View File

@ -171,7 +171,6 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
/* Fill access control list. */ /* Fill access control list. */
acl = (PACL) tp.w_get (); acl = (PACL) tp.w_get ();
size_t acl_len = sizeof (ACL); size_t acl_len = sizeof (ACL);
int ace_off = 0;
cygsid sid; cygsid sid;
struct passwd *pw; struct passwd *pw;
@ -236,37 +235,37 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
/* Set deny ACE for owner. */ /* Set deny ACE for owner. */
if (owner_deny if (owner_deny
&& !add_access_denied_ace (acl, ace_off++, owner_deny, && !add_access_denied_ace (acl, owner_deny, owner, acl_len,
owner, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return -1; return -1;
/* Set deny ACE for group here to respect the canonical order, /* Set deny ACE for group here to respect the canonical order,
if this does not impact owner */ if this does not impact owner */
if (group_deny && !(group_deny & owner_allow) && !isownergroup if (group_deny && !(group_deny & owner_allow) && !isownergroup
&& !add_access_denied_ace (acl, ace_off++, group_deny, && !add_access_denied_ace (acl, group_deny, group, acl_len,
group, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return -1; return -1;
/* Set allow ACE for owner. */ /* Set allow ACE for owner. */
if (!add_access_allowed_ace (acl, ace_off++, owner_allow, if (!add_access_allowed_ace (acl, owner_allow, owner, acl_len,
owner, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return -1; return -1;
/* Set deny ACE for group, if still needed. */ /* Set deny ACE for group, if still needed. */
if (group_deny & owner_allow && !isownergroup if (group_deny & owner_allow && !isownergroup
&& !add_access_denied_ace (acl, ace_off++, group_deny, && !add_access_denied_ace (acl, group_deny, group, acl_len,
group, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return -1; return -1;
/* Set allow ACE for group. */ /* Set allow ACE for group. */
if (!isownergroup if (!isownergroup
&& !add_access_allowed_ace (acl, ace_off++, group_allow, && !add_access_allowed_ace (acl, group_allow, group, acl_len,
group, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return -1; return -1;
/* Set allow ACE for everyone. */ /* Set allow ACE for everyone. */
if (!add_access_allowed_ace (acl, ace_off++, other_allow, if (!add_access_allowed_ace (acl, other_allow, well_known_world_sid, acl_len,
well_known_world_sid, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return -1; return -1;
/* If a NULL ACE exists, copy it verbatim. */ /* If a NULL ACE exists, copy it verbatim. */
if (null_mask) if (null_mask)
if (!add_access_allowed_ace (acl, ace_off++, null_mask, well_known_null_sid, if (!add_access_allowed_ace (acl, null_mask, well_known_null_sid, acl_len,
acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return -1; return -1;
for (int i = 0; i < nentries; ++i) for (int i = 0; i < nentries; ++i)
{ {
@ -317,8 +316,8 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
case DEF_USER_OBJ: case DEF_USER_OBJ:
allow |= STANDARD_RIGHTS_ALL allow |= STANDARD_RIGHTS_ALL
| (pc.fs_is_samba () ? 0 : FILE_WRITE_ATTRIBUTES); | (pc.fs_is_samba () ? 0 : FILE_WRITE_ATTRIBUTES);
if (!add_access_allowed_ace (acl, ace_off++, allow, if (!add_access_allowed_ace (acl, allow, well_known_creator_owner_sid,
well_known_creator_owner_sid, acl_len, inheritance)) acl_len, inheritance))
return -1; return -1;
break; break;
case USER: case USER:
@ -329,13 +328,12 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
set_errno (EINVAL); set_errno (EINVAL);
return -1; return -1;
} }
if (!add_access_allowed_ace (acl, ace_off++, allow, if (!add_access_allowed_ace (acl, allow, sid, acl_len, inheritance))
sid, acl_len, inheritance))
return -1; return -1;
break; break;
case DEF_GROUP_OBJ: case DEF_GROUP_OBJ:
if (!add_access_allowed_ace (acl, ace_off++, allow, if (!add_access_allowed_ace (acl, allow, well_known_creator_group_sid,
well_known_creator_group_sid, acl_len, inheritance)) acl_len, inheritance))
return -1; return -1;
break; break;
case GROUP: case GROUP:
@ -346,13 +344,11 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
set_errno (EINVAL); set_errno (EINVAL);
return -1; return -1;
} }
if (!add_access_allowed_ace (acl, ace_off++, allow, if (!add_access_allowed_ace (acl, allow, sid, acl_len, inheritance))
sid, acl_len, inheritance))
return -1; return -1;
break; break;
case DEF_OTHER_OBJ: case DEF_OTHER_OBJ:
if (!add_access_allowed_ace (acl, ace_off++, allow, if (!add_access_allowed_ace (acl, allow, well_known_world_sid,
well_known_world_sid,
acl_len, inheritance)) acl_len, inheritance))
return -1; return -1;
} }

50
winsup/cygwin/security.cc
View File

@ -311,8 +311,8 @@ get_file_attribute (HANDLE handle, path_conv &pc,
} }
bool bool
add_access_allowed_ace (PACL acl, int offset, DWORD attributes, add_access_allowed_ace (PACL acl, DWORD attributes, PSID sid, size_t &len_add,
PSID sid, size_t &len_add, DWORD inherit) DWORD inherit)
{ {
NTSTATUS status = RtlAddAccessAllowedAceEx (acl, ACL_REVISION, inherit, NTSTATUS status = RtlAddAccessAllowedAceEx (acl, ACL_REVISION, inherit,
attributes, sid); attributes, sid);
@ -326,8 +326,8 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
} }
bool bool
add_access_denied_ace (PACL acl, int offset, DWORD attributes, add_access_denied_ace (PACL acl, DWORD attributes, PSID sid, size_t &len_add,
PSID sid, size_t &len_add, DWORD inherit) DWORD inherit)
{ {
NTSTATUS status = RtlAddAccessDeniedAceEx (acl, ACL_REVISION, inherit, NTSTATUS status = RtlAddAccessDeniedAceEx (acl, ACL_REVISION, inherit,
attributes, sid); attributes, sid);
@ -421,7 +421,6 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
/* From here fill ACL. */ /* From here fill ACL. */
size_t acl_len = sizeof (ACL); size_t acl_len = sizeof (ACL);
int ace_off = 0;
/* Only used for sync objects (for ttys). The admins group should /* Only used for sync objects (for ttys). The admins group should
always have the right to manipulate the ACL, so we have to make sure always have the right to manipulate the ACL, so we have to make sure
that the ACL gives the admins group STANDARD_RIGHTS_ALL access. */ that the ACL gives the admins group STANDARD_RIGHTS_ALL access. */
@ -507,35 +506,35 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
/* Set deny ACE for owner. */ /* Set deny ACE for owner. */
if (owner_deny if (owner_deny
&& !add_access_denied_ace (acl, ace_off++, owner_deny, && !add_access_denied_ace (acl, owner_deny, owner_sid, acl_len,
owner_sid, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return NULL; return NULL;
/* Set deny ACE for group here to respect the canonical order, /* Set deny ACE for group here to respect the canonical order,
if this does not impact owner */ if this does not impact owner */
if (group_deny && !(group_deny & owner_allow) && !isownergroup if (group_deny && !(group_deny & owner_allow) && !isownergroup
&& !add_access_denied_ace (acl, ace_off++, group_deny, && !add_access_denied_ace (acl, group_deny, group_sid, acl_len,
group_sid, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return NULL; return NULL;
/* Set allow ACE for owner. */ /* Set allow ACE for owner. */
if (!add_access_allowed_ace (acl, ace_off++, owner_allow, if (!add_access_allowed_ace (acl, owner_allow, owner_sid, acl_len,
owner_sid, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return NULL; return NULL;
/* Set deny ACE for group, if still needed. */ /* Set deny ACE for group, if still needed. */
if ((group_deny & owner_allow) && !isownergroup if ((group_deny & owner_allow) && !isownergroup
&& !add_access_denied_ace (acl, ace_off++, group_deny, && !add_access_denied_ace (acl, group_deny, group_sid, acl_len,
group_sid, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return NULL; return NULL;
/* Set allow ACE for group. */ /* Set allow ACE for group. */
if (!isownergroup if (!isownergroup
&& !add_access_allowed_ace (acl, ace_off++, group_allow, && !add_access_allowed_ace (acl, group_allow, group_sid, acl_len,
group_sid, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return NULL; return NULL;
/* For sync objects, if we didn't see the admins group so far, add entry /* For sync objects, if we didn't see the admins group so far, add entry
with STANDARD_RIGHTS_ALL access. */ with STANDARD_RIGHTS_ALL access. */
if (S_ISCHR (attribute) && !saw_admins) if (S_ISCHR (attribute) && !saw_admins)
{ {
if (!add_access_allowed_ace (acl, ace_off++, STANDARD_RIGHTS_ALL, if (!add_access_allowed_ace (acl, STANDARD_RIGHTS_ALL,
well_known_admins_sid, acl_len, well_known_admins_sid, acl_len,
NO_INHERITANCE)) NO_INHERITANCE))
return NULL; return NULL;
@ -543,13 +542,13 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
} }
/* Set allow ACE for everyone. */ /* Set allow ACE for everyone. */
if (!add_access_allowed_ace (acl, ace_off++, other_allow, if (!add_access_allowed_ace (acl, other_allow, well_known_world_sid, acl_len,
well_known_world_sid, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return NULL; return NULL;
/* Set null ACE for special bits. */ /* Set null ACE for special bits. */
if (null_allow if (null_allow
&& !add_access_allowed_ace (acl, ace_off++, null_allow, && !add_access_allowed_ace (acl, null_allow, well_known_null_sid, acl_len,
well_known_null_sid, acl_len, NO_INHERITANCE)) NO_INHERITANCE))
return NULL; return NULL;
/* Fill ACL with unrelated ACEs from current security descriptor. */ /* Fill ACL with unrelated ACEs from current security descriptor. */
@ -637,7 +636,6 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
__seterrno_from_nt_status (status); __seterrno_from_nt_status (status);
return NULL; return NULL;
} }
ace_off++;
acl_len += ace->Header.AceSize; acl_len += ace->Header.AceSize;
} }
@ -648,18 +646,18 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
{ {
const DWORD inherit = SUB_CONTAINERS_AND_OBJECTS_INHERIT | INHERIT_ONLY; const DWORD inherit = SUB_CONTAINERS_AND_OBJECTS_INHERIT | INHERIT_ONLY;
/* Set allow ACE for owner. */ /* Set allow ACE for owner. */
if (!add_access_allowed_ace (acl, ace_off++, owner_allow, if (!add_access_allowed_ace (acl, owner_allow,
well_known_creator_owner_sid, acl_len, well_known_creator_owner_sid, acl_len,
inherit)) inherit))
return NULL; return NULL;
/* Set allow ACE for group. */ /* Set allow ACE for group. */
if (!add_access_allowed_ace (acl, ace_off++, group_allow, if (!add_access_allowed_ace (acl, group_allow,
well_known_creator_group_sid, acl_len, well_known_creator_group_sid, acl_len,
inherit)) inherit))
return NULL; return NULL;
/* Set allow ACE for everyone. */ /* Set allow ACE for everyone. */
if (!add_access_allowed_ace (acl, ace_off++, other_allow, if (!add_access_allowed_ace (acl, other_allow, well_known_world_sid,
well_known_world_sid, acl_len, inherit)) acl_len, inherit))
return NULL; return NULL;
} }
@ -955,7 +953,7 @@ convert_samba_sd (security_descriptor &sd_ret)
if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid))) if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid)))
ace_sid.getfromgr (grp); ace_sid.getfromgr (grp);
} }
if (!add_access_allowed_ace (acl, i, ace->Mask, ace_sid, acl_len, if (!add_access_allowed_ace (acl, ace->Mask, ace_sid, acl_len,
ace->Header.AceFlags)) ace->Header.AceFlags))
return; return;
} }

4
winsup/cygwin/security.h
View File

@ -449,8 +449,8 @@ int __reg3 set_object_sd (HANDLE, security_descriptor &, bool);
int __reg3 get_reg_attribute (HKEY hkey, mode_t *, uid_t *, gid_t *); int __reg3 get_reg_attribute (HKEY hkey, mode_t *, uid_t *, gid_t *);
LONG __reg3 get_file_sd (HANDLE fh, path_conv &, security_descriptor &, bool); LONG __reg3 get_file_sd (HANDLE fh, path_conv &, security_descriptor &, bool);
LONG __reg3 set_file_sd (HANDLE fh, path_conv &, security_descriptor &, bool); LONG __reg3 set_file_sd (HANDLE fh, path_conv &, security_descriptor &, bool);
bool __reg3 add_access_allowed_ace (PACL, int, DWORD, PSID, size_t &, DWORD); bool __reg3 add_access_allowed_ace (PACL, DWORD, PSID, size_t &, DWORD);
bool __reg3 add_access_denied_ace (PACL, int, DWORD, PSID, size_t &, DWORD); bool __reg3 add_access_denied_ace (PACL, DWORD, PSID, size_t &, DWORD);
int __reg3 check_file_access (path_conv &, int, bool); int __reg3 check_file_access (path_conv &, int, bool);
int __reg3 check_registry_access (HANDLE, int, bool); int __reg3 check_registry_access (HANDLE, int, bool);