* advapi32.cc (SetSecurityDescriptorDacl): Remove.
(SetSecurityDescriptorGroup): Remove. (SetSecurityDescriptorOwner): Remove. * pinfo.cc: Replace above functions throughout with their ntdll.dll equivalent. * sec_acl.cc: Ditto. * sec_helper.cc: Ditto. * security.cc: Ditto. * sec_helper.cc (__sec_user): Remove old comment.
This commit is contained in:
Corinna Vinschen
parent
206a6ee9c8
commit
fd04c2f004
|
|
@ -1,3 +1,16 @@
|
||||||
|
2011-04-28 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* advapi32.cc (SetSecurityDescriptorDacl): Remove.
|
||||||
|
(SetSecurityDescriptorGroup): Remove.
|
||||||
|
(SetSecurityDescriptorOwner): Remove.
|
||||||
|
* pinfo.cc: Replace above functions throughout with their ntdll.dll
|
||||||
|
equivalent.
|
||||||
|
* sec_acl.cc: Ditto.
|
||||||
|
* sec_helper.cc: Ditto.
|
||||||
|
* security.cc: Ditto.
|
||||||
|
|
||||||
|
* sec_helper.cc (__sec_user): Remove old comment.
|
||||||
|
|
||||||
2011-04-28 Corinna Vinschen <corinna@vinschen.de>
|
2011-04-28 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
* posix_ipc.cc (ipc_cond_timedwait): Also wait for pthread's
|
* posix_ipc.cc (ipc_cond_timedwait): Also wait for pthread's
|
||||||
|
|
|
||||||
|
|
@ -75,29 +75,6 @@ MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
|
||||||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOL WINAPI
|
|
||||||
SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl,
|
|
||||||
BOOL def)
|
|
||||||
{
|
|
||||||
NTSTATUS status = RtlSetDaclSecurityDescriptor (sd, (BOOLEAN) !!present, dacl,
|
|
||||||
(BOOLEAN) !!def);
|
|
||||||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
|
||||||
}
|
|
||||||
|
|
||||||
BOOL WINAPI
|
|
||||||
SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
|
|
||||||
{
|
|
||||||
NTSTATUS status = RtlSetGroupSecurityDescriptor (sd, sid, (BOOLEAN) !!def);
|
|
||||||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
|
||||||
}
|
|
||||||
|
|
||||||
BOOL WINAPI
|
|
||||||
SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
|
|
||||||
{
|
|
||||||
NTSTATUS status = RtlSetOwnerSecurityDescriptor (sd, sid, (BOOLEAN) !!def);
|
|
||||||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
|
||||||
}
|
|
||||||
|
|
||||||
BOOL WINAPI
|
BOOL WINAPI
|
||||||
OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok)
|
OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -351,10 +351,11 @@ pinfo::set_acl()
|
||||||
sec_acl (acl_buf, true, true, cygheap->user.sid (),
|
sec_acl (acl_buf, true, true, cygheap->user.sid (),
|
||||||
well_known_world_sid, FILE_MAP_READ);
|
well_known_world_sid, FILE_MAP_READ);
|
||||||
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
||||||
if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
|
status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl_buf, FALSE);
|
||||||
debug_printf ("SetSecurityDescriptorDacl %E");
|
if (!NT_SUCCESS (status))
|
||||||
|
debug_printf ("RtlSetDaclSecurityDescriptor %p", status);
|
||||||
else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd)))
|
else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd)))
|
||||||
debug_printf ("NtSetSecurityObject %lx", status);
|
debug_printf ("NtSetSecurityObject %p", status);
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *
|
const char *
|
||||||
|
|
|
||||||
|
|
@ -73,14 +73,16 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
|
||||||
/* Initialize local security descriptor. */
|
/* Initialize local security descriptor. */
|
||||||
SECURITY_DESCRIPTOR sd;
|
SECURITY_DESCRIPTOR sd;
|
||||||
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
||||||
if (!SetSecurityDescriptorOwner (&sd, owner, FALSE))
|
status = RtlSetOwnerSecurityDescriptor (&sd, owner, FALSE);
|
||||||
|
if (!NT_SUCCESS (status))
|
||||||
{
|
{
|
||||||
__seterrno ();
|
__seterrno_from_nt_status (status);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (!SetSecurityDescriptorGroup (&sd, group, FALSE))
|
status = RtlSetGroupSecurityDescriptor (&sd, group, FALSE);
|
||||||
|
if (!NT_SUCCESS (status))
|
||||||
{
|
{
|
||||||
__seterrno ();
|
__seterrno_from_nt_status (status);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -201,9 +203,10 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
|
||||||
acl->AclSize = acl_len;
|
acl->AclSize = acl_len;
|
||||||
debug_printf ("ACL-Size: %d", acl_len);
|
debug_printf ("ACL-Size: %d", acl_len);
|
||||||
/* Create DACL for local security descriptor. */
|
/* Create DACL for local security descriptor. */
|
||||||
if (!SetSecurityDescriptorDacl (&sd, TRUE, acl, FALSE))
|
status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl, FALSE);
|
||||||
|
if (!NT_SUCCESS (status))
|
||||||
{
|
{
|
||||||
__seterrno ();
|
__seterrno_from_nt_status (status);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
/* Make self relative security descriptor in sd_ret. */
|
/* Make self relative security descriptor in sd_ret. */
|
||||||
|
|
|
||||||
|
|
@ -464,7 +464,7 @@ get_null_sd ()
|
||||||
if (!null_sdp)
|
if (!null_sdp)
|
||||||
{
|
{
|
||||||
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
||||||
SetSecurityDescriptorDacl (&sd, TRUE, NULL, FALSE);
|
RtlSetDaclSecurityDescriptor (&sd, TRUE, NULL, FALSE);
|
||||||
null_sdp = &sd;
|
null_sdp = &sd;
|
||||||
}
|
}
|
||||||
return null_sdp;
|
return null_sdp;
|
||||||
|
|
@ -539,6 +539,7 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
|
||||||
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)
|
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)
|
||||||
((char *) sa_buf + sizeof (*psa));
|
((char *) sa_buf + sizeof (*psa));
|
||||||
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
|
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
|
||||||
|
NTSTATUS status;
|
||||||
|
|
||||||
#ifdef DEBUGGING
|
#ifdef DEBUGGING
|
||||||
if ((unsigned long) sa_buf % 4)
|
if ((unsigned long) sa_buf % 4)
|
||||||
|
|
@ -548,19 +549,9 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
|
||||||
return inherit ? &sec_none : &sec_none_nih;
|
return inherit ? &sec_none : &sec_none_nih;
|
||||||
|
|
||||||
RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
|
RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
|
||||||
|
status = RtlSetDaclSecurityDescriptor (psd, TRUE, acl, FALSE);
|
||||||
/*
|
if (!NT_SUCCESS (status))
|
||||||
* Setting the owner lets the created security attribute not work
|
debug_printf ("RtlSetDaclSecurityDescriptor %p", status);
|
||||||
* on NT4 SP3 Server. Don't know why, but the function still does
|
|
||||||
* what it should do also if the owner isn't set.
|
|
||||||
*/
|
|
||||||
#if 0
|
|
||||||
if (!SetSecurityDescriptorOwner (psd, sid, FALSE))
|
|
||||||
debug_printf ("SetSecurityDescriptorOwner %E");
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!SetSecurityDescriptorDacl (psd, TRUE, acl, FALSE))
|
|
||||||
debug_printf ("SetSecurityDescriptorDacl %E");
|
|
||||||
|
|
||||||
psa->nLength = sizeof (SECURITY_ATTRIBUTES);
|
psa->nLength = sizeof (SECURITY_ATTRIBUTES);
|
||||||
psa->lpSecurityDescriptor = psd;
|
psa->lpSecurityDescriptor = psd;
|
||||||
|
|
@ -597,7 +588,7 @@ _everyone_sd (void *buf, ACCESS_MASK access)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
dacl->AclSize = (char *) ace - (char *) dacl;
|
dacl->AclSize = (char *) ace - (char *) dacl;
|
||||||
SetSecurityDescriptorDacl (psd, TRUE, dacl, FALSE);
|
RtlSetDaclSecurityDescriptor (psd, TRUE, dacl, FALSE);
|
||||||
}
|
}
|
||||||
return psd;
|
return psd;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -557,16 +557,18 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
|
||||||
RtlSetControlSecurityDescriptor (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
|
RtlSetControlSecurityDescriptor (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
|
||||||
|
|
||||||
/* Create owner for local security descriptor. */
|
/* Create owner for local security descriptor. */
|
||||||
if (!SetSecurityDescriptorOwner (&sd, owner_sid, FALSE))
|
status = RtlSetOwnerSecurityDescriptor (&sd, owner_sid, FALSE);
|
||||||
|
if (!NT_SUCCESS (status))
|
||||||
{
|
{
|
||||||
__seterrno ();
|
__seterrno_from_nt_status (status);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Create group for local security descriptor. */
|
/* Create group for local security descriptor. */
|
||||||
if (!SetSecurityDescriptorGroup (&sd, group_sid, FALSE))
|
status = RtlSetGroupSecurityDescriptor (&sd, group_sid, FALSE);
|
||||||
|
if (!NT_SUCCESS (status))
|
||||||
{
|
{
|
||||||
__seterrno ();
|
__seterrno_from_nt_status (status);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -828,9 +830,10 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
|
||||||
debug_printf ("ACL-Size: %d", acl_len);
|
debug_printf ("ACL-Size: %d", acl_len);
|
||||||
|
|
||||||
/* Create DACL for local security descriptor. */
|
/* Create DACL for local security descriptor. */
|
||||||
if (!SetSecurityDescriptorDacl (&sd, TRUE, acl, FALSE))
|
status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl, FALSE);
|
||||||
|
if (!NT_SUCCESS (status))
|
||||||
{
|
{
|
||||||
__seterrno ();
|
__seterrno_from_nt_status (status);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue