aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCorinna Vinschen <corinna@vinschen.de>2011-04-28 09:30:36 +0000
committerCorinna Vinschen <corinna@vinschen.de>2011-04-28 09:30:36 +0000
commit1754539e56dcde666394354ec603d5524b0d3e90 (patch)
tree23995f49c74ee39bf46a29d39bd1aa8ccc8e0e86
parent158e516b9dcb2993e5f062f2feeee5dbd4ee787a (diff)
downloadnewlib-1754539e56dcde666394354ec603d5524b0d3e90.zip
newlib-1754539e56dcde666394354ec603d5524b0d3e90.tar.gz
newlib-1754539e56dcde666394354ec603d5524b0d3e90.tar.bz2
* advapi32.cc (InitializeAcl): Remove.
(AddAce): Remove. (FindFirstFreeAce): Remove. (GetAce): Remove. (InitializeSecurityDescriptor): Remove. (OpenProcessToken): Remove. * dcrt0.cc: Replace above functions throughout with their ntdll.dll equivalent. * fhandler_tty.cc: Ditto. * flock.cc: Ditto. * pinfo.cc: Ditto. Drop unnecessary error handling. * sec_acl.cc: Ditto. * sec_auth.cc: Ditto. * sec_helper.cc: Ditto. * security.cc: Ditto.
-rw-r--r--winsup/cygwin/ChangeLog20
-rw-r--r--winsup/cygwin/advapi32.cc42
-rw-r--r--winsup/cygwin/dcrt0.cc2
-rw-r--r--winsup/cygwin/fhandler_tty.cc8
-rw-r--r--winsup/cygwin/flock.cc5
-rw-r--r--winsup/cygwin/pinfo.cc5
-rw-r--r--winsup/cygwin/sec_acl.cc15
-rw-r--r--winsup/cygwin/sec_auth.cc2
-rw-r--r--winsup/cygwin/sec_helper.cc27
-rw-r--r--winsup/cygwin/security.cc37
10 files changed, 65 insertions, 98 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 8315796..1f0c1b5 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,12 +1,30 @@
2011-04-28 Corinna Vinschen <corinna@vinschen.de>
+ * advapi32.cc (InitializeAcl): Remove.
+ (AddAce): Remove.
+ (FindFirstFreeAce): Remove.
+ (GetAce): Remove.
+ (InitializeSecurityDescriptor): Remove.
+ (OpenProcessToken): Remove.
+ * dcrt0.cc: Replace above functions throughout with their ntdll.dll
+ equivalent.
+ * fhandler_tty.cc: Ditto.
+ * flock.cc: Ditto.
+ * pinfo.cc: Ditto. Drop unnecessary error handling.
+ * sec_acl.cc: Ditto.
+ * sec_auth.cc: Ditto.
+ * sec_helper.cc: Ditto.
+ * security.cc: Ditto.
+
+2011-04-28 Corinna Vinschen <corinna@vinschen.de>
+
* advapi32.cc (InitializeSid): Remove.
(EqualPrefixSid): Remove.
(GetLengthSid): Remove.
(GetSidSubAuthority): Remove.
(GetSidSubAuthorityCount): Remove.
(GetSidIdentifierAuthority): Remove.
- * fhandler_disk_file.cc: Remove above functions throughout with their
+ * fhandler_disk_file.cc: Replace above functions throughout with their
ntdll.dll equivalent.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
diff --git a/winsup/cygwin/advapi32.cc b/winsup/cygwin/advapi32.cc
index 70ab4c0..7ee92e6 100644
--- a/winsup/cygwin/advapi32.cc
+++ b/winsup/cygwin/advapi32.cc
@@ -54,13 +54,6 @@ CopySid (DWORD len, PSID dest, PSID src)
}
BOOL WINAPI
-InitializeAcl (PACL acl, DWORD len, DWORD revision)
-{
- NTSTATUS status = RtlCreateAcl (acl, len, revision);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
AddAccessAllowedAce (PACL acl, DWORD revision, DWORD mask, PSID sid)
{
NTSTATUS status = RtlAddAccessAllowedAce (acl, revision, mask, sid);
@@ -75,34 +68,6 @@ AddAccessDeniedAce (PACL acl, DWORD revision, DWORD mask, PSID sid)
}
BOOL WINAPI
-AddAce (PACL acl, DWORD revision, DWORD index, LPVOID ace_list, DWORD len)
-{
- NTSTATUS status = RtlAddAce (acl, revision, index, ace_list, len);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
-FindFirstFreeAce (PACL acl, LPVOID *ace)
-{
- NTSTATUS status = RtlFirstFreeAce (acl, ace);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
-GetAce (PACL acl, DWORD index, LPVOID *ace)
-{
- NTSTATUS status = RtlGetAce (acl, index, ace);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
-InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR sd, DWORD revision)
-{
- NTSTATUS status = RtlCreateSecurityDescriptor (sd, revision);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
LPDWORD len)
{
@@ -157,13 +122,6 @@ SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
}
BOOL WINAPI
-OpenProcessToken (HANDLE process, DWORD access, PHANDLE tok)
-{
- NTSTATUS status = NtOpenProcessToken (process, access, tok);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok)
{
NTSTATUS status = NtOpenThreadToken (thread, access, as_self, tok);
diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc
index 827441c..3c33f80 100644
--- a/winsup/cygwin/dcrt0.cc
+++ b/winsup/cygwin/dcrt0.cc
@@ -685,7 +685,7 @@ dll_crt0_0 ()
GetCurrentProcess (), &hMainThread,
0, false, DUPLICATE_SAME_ACCESS);
- OpenProcessToken (GetCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken);
+ NtOpenProcessToken (NtCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken);
set_cygwin_privileges (hProcToken);
device::init ();
diff --git a/winsup/cygwin/fhandler_tty.cc b/winsup/cygwin/fhandler_tty.cc
index 478397a..20ab959 100644
--- a/winsup/cygwin/fhandler_tty.cc
+++ b/winsup/cygwin/fhandler_tty.cc
@@ -529,7 +529,7 @@ fhandler_tty_slave::open (int flags, mode_t)
/* Create security attribute. Default permissions are 0620. */
security_descriptor sd;
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
- InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
+ RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE };
if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid,
S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP,
@@ -1305,7 +1305,7 @@ fhandler_tty_slave::fchmod (mode_t mode)
goto errout;
}
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
- InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
+ RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
if (!get_object_attribute (input_available_event, &uid, &gid, NULL)
&& !create_object_sd_from_attribute (NULL, uid, gid, S_IFCHR | mode, sd))
ret = fch_set_sd (sd, false);
@@ -1334,7 +1334,7 @@ fhandler_tty_slave::fchown (__uid32_t uid, __gid32_t gid)
goto errout;
}
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
- InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
+ RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
if (!get_object_attribute (input_available_event, &o_uid, &o_gid, &mode))
{
if ((uid == ILLEGAL_UID || uid == o_uid)
@@ -1796,7 +1796,7 @@ fhandler_pty_master::setup (bool ispty)
/* Create security attribute. Default permissions are 0620. */
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
- InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
+ RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid,
S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP,
sd))
diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc
index c899361..16e2911 100644
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@@ -178,9 +178,10 @@ allow_others_to_sync ()
return;
}
/* Set the size of the DACL correctly. */
- if (!FindFirstFreeAce (dacl, &ace))
+ status = RtlFirstFreeAce (dacl, &ace);
+ if (!NT_SUCCESS (status))
{
- debug_printf ("FindFirstFreeAce: %lu", GetLastError ());
+ debug_printf ("RtlFirstFreeAce: %p", status);
return;
}
dacl->AclSize = (char *) ace - (char *) dacl;
diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc
index 91542b4..badee70 100644
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@@ -350,9 +350,8 @@ pinfo::set_acl()
sec_acl (acl_buf, true, true, cygheap->user.sid (),
well_known_world_sid, FILE_MAP_READ);
- if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION))
- debug_printf ("InitializeSecurityDescriptor %E");
- else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
+ RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
+ if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
debug_printf ("SetSecurityDescriptorDacl %E");
else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd)))
debug_printf ("NtSetSecurityObject %lx", status);
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 2a18024..48012e2 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -21,6 +21,7 @@ details. */
#include "fhandler.h"
#include "dtable.h"
#include "cygheap.h"
+#include "ntdll.h"
#include "pwdgrp.h"
#include "tls_pbuf.h"
@@ -68,11 +69,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
/* Initialize local security descriptor. */
SECURITY_DESCRIPTOR sd;
- if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION))
- {
- __seterrno ();
- return -1;
- }
+ RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
if (!SetSecurityDescriptorOwner (&sd, owner, FALSE))
{
__seterrno ();
@@ -94,11 +91,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
struct __group32 *gr;
int pos;
- if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
- {
- __seterrno ();
- return -1;
- }
+ RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION);
writable = false;
@@ -332,7 +325,7 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp)
{
ACCESS_ALLOWED_ACE *ace;
- if (!GetAce (acl, i, (PVOID *) &ace))
+ if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace)))
continue;
cygpsid ace_sid ((PSID) &ace->SidStart);
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index f2dd26d..c0c605e 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -1019,7 +1019,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
+ RtlLengthSid (well_known_admins_sid)
+ RtlLengthSid (well_known_system_sid);
dacl = (PACL) alloca (dsize);
- if (!InitializeAcl (dacl, dsize, ACL_REVISION))
+ if (!NT_SUCCESS (RtlCreateAcl (dacl, dsize, ACL_REVISION)))
goto out;
if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, usersid))
goto out;
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 71fbd74..6ce9ccc 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -463,7 +463,7 @@ get_null_sd ()
if (!null_sdp)
{
- InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
+ RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl (&sd, TRUE, NULL, FALSE);
null_sdp = &sd;
}
@@ -488,6 +488,7 @@ init_global_security ()
bool
sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD access2)
{
+ NTSTATUS status;
size_t acl_len = MAX_DACL_LEN (5);
LPVOID pAce;
cygpsid psid;
@@ -496,9 +497,10 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces
if ((unsigned long) acl % 4)
api_fatal ("Incorrectly aligned incoming ACL buffer!");
#endif
- if (!InitializeAcl (acl, acl_len, ACL_REVISION))
+ status = RtlCreateAcl (acl, acl_len, ACL_REVISION);
+ if (!NT_SUCCESS (status))
{
- debug_printf ("InitializeAcl %E");
+ debug_printf ("RtlCreateAcl: %p", status);
return false;
}
if (sid1)
@@ -521,11 +523,11 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, well_known_system_sid))
debug_printf ("AddAccessAllowedAce(system) %E");
- FindFirstFreeAce (acl, &pAce);
- if (pAce)
+ status = RtlFirstFreeAce (acl, &pAce);
+ if (NT_SUCCESS (status) && pAce)
acl->AclSize = (char *) pAce - (char *) acl;
else
- debug_printf ("FindFirstFreeAce %E");
+ debug_printf ("RtlFirstFreeAce: %p", status);
return true;
}
@@ -545,8 +547,7 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
if (!sec_acl (acl, true, true, sid1, sid2, access2))
return inherit ? &sec_none : &sec_none_nih;
- if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
- debug_printf ("InitializeSecurityDescriptor %E");
+ RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
/*
* Setting the owner lets the created security attribute not work
@@ -574,13 +575,14 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
PSECURITY_DESCRIPTOR
_everyone_sd (void *buf, ACCESS_MASK access)
{
+ NTSTATUS status;
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) buf;
if (psd)
{
- InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
+ RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
PACL dacl = (PACL) (psd + 1);
- InitializeAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION);
+ RtlCreateAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION);
if (!AddAccessAllowedAce (dacl, ACL_REVISION, access,
well_known_world_sid))
{
@@ -588,9 +590,10 @@ _everyone_sd (void *buf, ACCESS_MASK access)
return NULL;
}
LPVOID ace;
- if (!FindFirstFreeAce (dacl, &ace))
+ status = RtlFirstFreeAce (dacl, &ace);
+ if (!NT_SUCCESS (status))
{
- debug_printf ("FindFirstFreeAce: %lu", GetLastError ());
+ debug_printf ("RtlFirstFreeAce: %p", status);
return NULL;
}
dacl->AclSize = (char *) ace - (char *) dacl;
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 428c874..a72fb52 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -139,7 +139,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
if (NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd, &exists, &dacl, &def))
&& exists && dacl)
for (ULONG idx = 0; idx < dacl->AceCount; ++idx)
- if (RtlGetAce (dacl, idx, (PVOID *) &ace)
+ if (NT_SUCCESS (RtlGetAce (dacl, idx, (PVOID *) &ace))
&& (ace->Header.AceFlags & INHERITED_ACE))
return 0;
/* Otherwise, open the parent directory with READ_CONTROL... */
@@ -245,7 +245,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
for (DWORD i = 0; i < acl->AceCount; ++i)
{
- if (!GetAce (acl, i, (PVOID *) &ace))
+ if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace)))
continue;
if (ace->Header.AceFlags & INHERIT_ONLY_ACE)
continue;
@@ -472,7 +472,7 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
return false;
}
ACCESS_ALLOWED_ACE *ace;
- if (inherit && GetAce (acl, offset, (PVOID *) &ace))
+ if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace)))
ace->Header.AceFlags |= inherit;
len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
return true;
@@ -488,7 +488,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes,
return false;
}
ACCESS_DENIED_ACE *ace;
- if (inherit && GetAce (acl, offset, (PVOID *) &ace))
+ if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace)))
ace->Header.AceFlags |= inherit;
len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
return true;
@@ -544,11 +544,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
/* Initialize local security descriptor. */
SECURITY_DESCRIPTOR sd;
- if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION))
- {
- __seterrno ();
- return NULL;
- }
+ RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
/* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
modified by inheritable ACEs. */
@@ -570,11 +566,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
/* Initialize local access control list. */
PACL acl = (PACL) tp.w_get ();
- if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
- {
- __seterrno ();
- return NULL;
- }
+ RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION);
/* From here fill ACL. */
size_t acl_len = sizeof (ACL);
@@ -713,10 +705,12 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
PACL oacl;
BOOL acl_exists = FALSE;
ACCESS_ALLOWED_ACE *ace;
+ NTSTATUS status;
+
if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy)
&& acl_exists && oacl)
for (DWORD i = 0; i < oacl->AceCount; ++i)
- if (GetAce (oacl, i, (PVOID *) &ace))
+ if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace)))
{
cygpsid ace_sid ((PSID) &ace->SidStart);
@@ -767,12 +761,13 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
* behind the owner_deny, ACCESS_ALLOWED_ACE to the end.
* FIXME: this would break the order of the inherit-only ACEs
*/
- if (!AddAce (acl, ACL_REVISION,
- ace->Header.AceType == ACCESS_DENIED_ACE_TYPE
- ? (owner_deny ? 1 : 0) : MAXDWORD,
- (LPVOID) ace, ace->Header.AceSize))
+ status = RtlAddAce (acl, ACL_REVISION,
+ ace->Header.AceType == ACCESS_DENIED_ACE_TYPE
+ ? (owner_deny ? 1 : 0) : MAXDWORD,
+ (LPVOID) ace, ace->Header.AceSize);
+ if (!NT_SUCCESS (status))
{
- __seterrno ();
+ __seterrno_from_nt_status (status);
return NULL;
}
ace_off++;
@@ -862,7 +857,7 @@ set_security_attribute (path_conv &pc, int attribute, PSECURITY_ATTRIBUTES psa,
security_descriptor &sd)
{
psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH);
- InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)psa->lpSecurityDescriptor,
+ RtlCreateSecurityDescriptor ((PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
psa->lpSecurityDescriptor = alloc_sd (pc, geteuid32 (), getegid32 (),
attribute, sd);