* advapi32.cc (GetSecurityDescriptorDacl): Remove.
(GetSecurityDescriptorGroup): Remove. (GetSecurityDescriptorOwner): Remove. * sec_acl.cc: Replace above functions throughout with their ntdll.dll equivalent. Remove redundant debug output. * sec_auth.cc: Ditto. * security.cc: Ditto. * uinfo.cc: Ditto.
This commit is contained in:
Corinna Vinschen
parent
1754539e56
commit
1838d97b0a
|
|
@ -1,3 +1,14 @@
|
|||
2011-04-28 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* advapi32.cc (GetSecurityDescriptorDacl): Remove.
|
||||
(GetSecurityDescriptorGroup): Remove.
|
||||
(GetSecurityDescriptorOwner): Remove.
|
||||
* sec_acl.cc: Replace above functions throughout with their ntdll.dll
|
||||
equivalent. Remove redundant debug output.
|
||||
* sec_auth.cc: Ditto.
|
||||
* security.cc: Ditto.
|
||||
* uinfo.cc: Ditto.
|
||||
|
||||
2011-04-28 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* advapi32.cc (InitializeAcl): Remove.
|
||||
|
|
|
|||
|
|
@ -75,15 +75,6 @@ MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
|
|||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
||||
}
|
||||
|
||||
BOOL WINAPI
|
||||
GetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, LPBOOL present, PACL *dacl,
|
||||
LPBOOL def)
|
||||
{
|
||||
NTSTATUS status = RtlGetDaclSecurityDescriptor (sd, (PBOOLEAN) present, dacl,
|
||||
(PBOOLEAN) def);
|
||||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
||||
}
|
||||
|
||||
BOOL WINAPI
|
||||
SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl,
|
||||
BOOL def)
|
||||
|
|
@ -93,13 +84,6 @@ SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl,
|
|||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
||||
}
|
||||
|
||||
BOOL WINAPI
|
||||
GetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID *sid, LPBOOL def)
|
||||
{
|
||||
NTSTATUS status = RtlGetGroupSecurityDescriptor (sd, sid, (PBOOLEAN) def);
|
||||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
||||
}
|
||||
|
||||
BOOL WINAPI
|
||||
SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
|
||||
{
|
||||
|
|
@ -107,13 +91,6 @@ SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
|
|||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
||||
}
|
||||
|
||||
BOOL WINAPI
|
||||
GetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID *sid, LPBOOL def)
|
||||
{
|
||||
NTSTATUS status = RtlGetOwnerSecurityDescriptor (sd, sid, (PBOOLEAN) def);
|
||||
DEFAULT_NTSTATUS_TO_BOOL_RETURN
|
||||
}
|
||||
|
||||
BOOL WINAPI
|
||||
SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -47,22 +47,25 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
|
|||
if (get_file_sd (handle, pc, sd_ret, false))
|
||||
return -1;
|
||||
|
||||
BOOL dummy;
|
||||
NTSTATUS status;
|
||||
BOOLEAN dummy;
|
||||
|
||||
/* Get owner SID. */
|
||||
PSID owner_sid;
|
||||
if (!GetSecurityDescriptorOwner (sd_ret, &owner_sid, &dummy))
|
||||
status = RtlGetOwnerSecurityDescriptor (sd_ret, &owner_sid, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
__seterrno ();
|
||||
__seterrno_from_nt_status (status);
|
||||
return -1;
|
||||
}
|
||||
cygsid owner (owner_sid);
|
||||
|
||||
/* Get group SID. */
|
||||
PSID group_sid;
|
||||
if (!GetSecurityDescriptorGroup (sd_ret, &group_sid, &dummy))
|
||||
status = RtlGetGroupSecurityDescriptor (sd_ret, &group_sid, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
__seterrno ();
|
||||
__seterrno_from_nt_status (status);
|
||||
return -1;
|
||||
}
|
||||
cygsid group (group_sid);
|
||||
|
|
@ -272,22 +275,23 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp)
|
|||
|
||||
cygpsid owner_sid;
|
||||
cygpsid group_sid;
|
||||
BOOL dummy;
|
||||
NTSTATUS status;
|
||||
BOOLEAN dummy;
|
||||
__uid32_t uid;
|
||||
__gid32_t gid;
|
||||
|
||||
if (!GetSecurityDescriptorOwner (sd, (PSID *) &owner_sid, &dummy))
|
||||
status = RtlGetOwnerSecurityDescriptor (sd, (PSID *) &owner_sid, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
debug_printf ("GetSecurityDescriptorOwner %E");
|
||||
__seterrno ();
|
||||
__seterrno_from_nt_status (status);
|
||||
return -1;
|
||||
}
|
||||
uid = owner_sid.get_uid ();
|
||||
|
||||
if (!GetSecurityDescriptorGroup (sd, (PSID *) &group_sid, &dummy))
|
||||
status = RtlGetGroupSecurityDescriptor (sd, (PSID *) &group_sid, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
debug_printf ("GetSecurityDescriptorGroup %E");
|
||||
__seterrno ();
|
||||
__seterrno_from_nt_status (status);
|
||||
return -1;
|
||||
}
|
||||
gid = group_sid.get_gid ();
|
||||
|
|
@ -305,12 +309,12 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp)
|
|||
lacl[3].a_perm = S_IROTH | S_IWOTH | S_IXOTH;
|
||||
|
||||
PACL acl;
|
||||
BOOL acl_exists;
|
||||
BOOLEAN acl_exists;
|
||||
|
||||
if (!GetSecurityDescriptorDacl (sd, &acl_exists, &acl, &dummy))
|
||||
status = RtlGetDaclSecurityDescriptor (sd, &acl_exists, &acl, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
__seterrno ();
|
||||
debug_printf ("GetSecurityDescriptorDacl %E");
|
||||
__seterrno_from_nt_status (status);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -692,9 +692,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
|
|||
sd_buf, sd_buf_siz, &size);
|
||||
if (!NT_SUCCESS (status))
|
||||
debug_printf ("NtQuerySecurityObject(), %p", status);
|
||||
else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid,
|
||||
(BOOL *) &size))
|
||||
debug_printf ("GetSecurityDescriptorGroup(), %E");
|
||||
else
|
||||
{
|
||||
BOOLEAN dummy;
|
||||
status = RtlGetGroupSecurityDescriptor (sd_buf, (PSID *) &gsid,
|
||||
&dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
debug_printf ("RtlGetGroupSecurityDescriptor(), %p", status);
|
||||
}
|
||||
if (well_known_null_sid != gsid)
|
||||
return gsid == groups.pgsid;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -347,12 +347,15 @@ get_info_from_sd (PSECURITY_DESCRIPTOR psd, mode_t *attribute,
|
|||
|
||||
cygpsid owner_sid;
|
||||
cygpsid group_sid;
|
||||
BOOL dummy;
|
||||
NTSTATUS status;
|
||||
BOOLEAN dummy;
|
||||
|
||||
if (!GetSecurityDescriptorOwner (psd, (PSID *) &owner_sid, &dummy))
|
||||
debug_printf ("GetSecurityDescriptorOwner %E");
|
||||
if (!GetSecurityDescriptorGroup (psd, (PSID *) &group_sid, &dummy))
|
||||
debug_printf ("GetSecurityDescriptorGroup %E");
|
||||
status = RtlGetOwnerSecurityDescriptor (psd, (PSID *) &owner_sid, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
debug_printf ("RtlGetOwnerSecurityDescriptor: %p", status);
|
||||
status = RtlGetGroupSecurityDescriptor (psd, (PSID *) &group_sid, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
debug_printf ("RtlGetGroupSecurityDescriptor: %p", status);
|
||||
|
||||
__uid32_t uid;
|
||||
__gid32_t gid;
|
||||
|
|
@ -369,12 +372,12 @@ get_info_from_sd (PSECURITY_DESCRIPTOR psd, mode_t *attribute,
|
|||
}
|
||||
|
||||
PACL acl;
|
||||
BOOL acl_exists;
|
||||
BOOLEAN acl_exists;
|
||||
|
||||
if (!GetSecurityDescriptorDacl (psd, &acl_exists, &acl, &dummy))
|
||||
status = RtlGetDaclSecurityDescriptor (psd, &acl_exists, &acl, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
__seterrno ();
|
||||
debug_printf ("GetSecurityDescriptorDacl %E");
|
||||
__seterrno_from_nt_status (status);
|
||||
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO);
|
||||
}
|
||||
else if (!acl_exists || !acl)
|
||||
|
|
@ -498,7 +501,8 @@ static PSECURITY_DESCRIPTOR
|
|||
alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
|
||||
security_descriptor &sd_ret)
|
||||
{
|
||||
BOOL dummy;
|
||||
NTSTATUS status;
|
||||
BOOLEAN dummy;
|
||||
tmp_pathbuf tp;
|
||||
|
||||
/* NOTE: If the high bit of attribute is set, we have just created
|
||||
|
|
@ -509,10 +513,12 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
|
|||
/* Get owner and group from current security descriptor. */
|
||||
PSID cur_owner_sid = NULL;
|
||||
PSID cur_group_sid = NULL;
|
||||
if (!GetSecurityDescriptorOwner (sd_ret, &cur_owner_sid, &dummy))
|
||||
debug_printf ("GetSecurityDescriptorOwner %E");
|
||||
if (!GetSecurityDescriptorGroup (sd_ret, &cur_group_sid, &dummy))
|
||||
debug_printf ("GetSecurityDescriptorGroup %E");
|
||||
status = RtlGetOwnerSecurityDescriptor (sd_ret, &cur_owner_sid, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
debug_printf ("RtlGetOwnerSecurityDescriptor: %p", status);
|
||||
status = RtlGetGroupSecurityDescriptor (sd_ret, &cur_group_sid, &dummy);
|
||||
if (!NT_SUCCESS (status))
|
||||
debug_printf ("RtlGetGroupSecurityDescriptor: %p", status);
|
||||
|
||||
/* Get SID of owner. */
|
||||
cygsid owner_sid;
|
||||
|
|
@ -703,12 +709,11 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
|
|||
|
||||
/* Fill ACL with unrelated ACEs from current security descriptor. */
|
||||
PACL oacl;
|
||||
BOOL acl_exists = FALSE;
|
||||
BOOLEAN acl_exists = FALSE;
|
||||
ACCESS_ALLOWED_ACE *ace;
|
||||
NTSTATUS status;
|
||||
|
||||
if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy)
|
||||
&& acl_exists && oacl)
|
||||
status = RtlGetDaclSecurityDescriptor (sd_ret, &acl_exists, &oacl, &dummy);
|
||||
if (NT_SUCCESS (status) && acl_exists && oacl)
|
||||
for (DWORD i = 0; i < oacl->AceCount; ++i)
|
||||
if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace)))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -84,12 +84,14 @@ cygheap_user::init ()
|
|||
psd = (PSECURITY_DESCRIPTOR)
|
||||
(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
|
||||
|
||||
BOOL acl_exists, dummy;
|
||||
NTSTATUS status;
|
||||
BOOLEAN acl_exists, dummy;
|
||||
TOKEN_DEFAULT_DACL dacl;
|
||||
if (GetSecurityDescriptorDacl (psd, &acl_exists, &dacl.DefaultDacl, &dummy)
|
||||
&& acl_exists && dacl.DefaultDacl)
|
||||
|
||||
status = RtlGetDaclSecurityDescriptor (psd, &acl_exists, &dacl.DefaultDacl,
|
||||
&dummy);
|
||||
if (NT_SUCCESS (status) && acl_exists && dacl.DefaultDacl)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
/* Set the default DACL and the process DACL */
|
||||
if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl,
|
||||
|
|
|
|||
Loading…
Reference in New Issue