diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2011-04-28 09:30:36 +0000 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2011-04-28 09:30:36 +0000 |
commit | 1754539e56dcde666394354ec603d5524b0d3e90 (patch) | |
tree | 23995f49c74ee39bf46a29d39bd1aa8ccc8e0e86 | |
parent | 158e516b9dcb2993e5f062f2feeee5dbd4ee787a (diff) | |
download | newlib-1754539e56dcde666394354ec603d5524b0d3e90.zip newlib-1754539e56dcde666394354ec603d5524b0d3e90.tar.gz newlib-1754539e56dcde666394354ec603d5524b0d3e90.tar.bz2 |
* advapi32.cc (InitializeAcl): Remove.
(AddAce): Remove.
(FindFirstFreeAce): Remove.
(GetAce): Remove.
(InitializeSecurityDescriptor): Remove.
(OpenProcessToken): Remove.
* dcrt0.cc: Replace above functions throughout with their ntdll.dll
equivalent.
* fhandler_tty.cc: Ditto.
* flock.cc: Ditto.
* pinfo.cc: Ditto. Drop unnecessary error handling.
* sec_acl.cc: Ditto.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
-rw-r--r-- | winsup/cygwin/ChangeLog | 20 | ||||
-rw-r--r-- | winsup/cygwin/advapi32.cc | 42 | ||||
-rw-r--r-- | winsup/cygwin/dcrt0.cc | 2 | ||||
-rw-r--r-- | winsup/cygwin/fhandler_tty.cc | 8 | ||||
-rw-r--r-- | winsup/cygwin/flock.cc | 5 | ||||
-rw-r--r-- | winsup/cygwin/pinfo.cc | 5 | ||||
-rw-r--r-- | winsup/cygwin/sec_acl.cc | 15 | ||||
-rw-r--r-- | winsup/cygwin/sec_auth.cc | 2 | ||||
-rw-r--r-- | winsup/cygwin/sec_helper.cc | 27 | ||||
-rw-r--r-- | winsup/cygwin/security.cc | 37 |
10 files changed, 65 insertions, 98 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 8315796..1f0c1b5 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,12 +1,30 @@ 2011-04-28 Corinna Vinschen <corinna@vinschen.de> + * advapi32.cc (InitializeAcl): Remove. + (AddAce): Remove. + (FindFirstFreeAce): Remove. + (GetAce): Remove. + (InitializeSecurityDescriptor): Remove. + (OpenProcessToken): Remove. + * dcrt0.cc: Replace above functions throughout with their ntdll.dll + equivalent. + * fhandler_tty.cc: Ditto. + * flock.cc: Ditto. + * pinfo.cc: Ditto. Drop unnecessary error handling. + * sec_acl.cc: Ditto. + * sec_auth.cc: Ditto. + * sec_helper.cc: Ditto. + * security.cc: Ditto. + +2011-04-28 Corinna Vinschen <corinna@vinschen.de> + * advapi32.cc (InitializeSid): Remove. (EqualPrefixSid): Remove. (GetLengthSid): Remove. (GetSidSubAuthority): Remove. (GetSidSubAuthorityCount): Remove. (GetSidIdentifierAuthority): Remove. - * fhandler_disk_file.cc: Remove above functions throughout with their + * fhandler_disk_file.cc: Replace above functions throughout with their ntdll.dll equivalent. * sec_auth.cc: Ditto. * sec_helper.cc: Ditto. diff --git a/winsup/cygwin/advapi32.cc b/winsup/cygwin/advapi32.cc index 70ab4c0..7ee92e6 100644 --- a/winsup/cygwin/advapi32.cc +++ b/winsup/cygwin/advapi32.cc @@ -54,13 +54,6 @@ CopySid (DWORD len, PSID dest, PSID src) } BOOL WINAPI -InitializeAcl (PACL acl, DWORD len, DWORD revision) -{ - NTSTATUS status = RtlCreateAcl (acl, len, revision); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - -BOOL WINAPI AddAccessAllowedAce (PACL acl, DWORD revision, DWORD mask, PSID sid) { NTSTATUS status = RtlAddAccessAllowedAce (acl, revision, mask, sid); @@ -75,34 +68,6 @@ AddAccessDeniedAce (PACL acl, DWORD revision, DWORD mask, PSID sid) } BOOL WINAPI -AddAce (PACL acl, DWORD revision, DWORD index, LPVOID ace_list, DWORD len) -{ - NTSTATUS status = RtlAddAce (acl, revision, index, ace_list, len); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - -BOOL WINAPI -FindFirstFreeAce (PACL acl, LPVOID *ace) -{ - NTSTATUS status = RtlFirstFreeAce (acl, ace); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - -BOOL WINAPI -GetAce (PACL acl, DWORD index, LPVOID *ace) -{ - NTSTATUS status = RtlGetAce (acl, index, ace); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - -BOOL WINAPI -InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR sd, DWORD revision) -{ - NTSTATUS status = RtlCreateSecurityDescriptor (sd, revision); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - -BOOL WINAPI MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd, LPDWORD len) { @@ -157,13 +122,6 @@ SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def) } BOOL WINAPI -OpenProcessToken (HANDLE process, DWORD access, PHANDLE tok) -{ - NTSTATUS status = NtOpenProcessToken (process, access, tok); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - -BOOL WINAPI OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok) { NTSTATUS status = NtOpenThreadToken (thread, access, as_self, tok); diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc index 827441c..3c33f80 100644 --- a/winsup/cygwin/dcrt0.cc +++ b/winsup/cygwin/dcrt0.cc @@ -685,7 +685,7 @@ dll_crt0_0 () GetCurrentProcess (), &hMainThread, 0, false, DUPLICATE_SAME_ACCESS); - OpenProcessToken (GetCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken); + NtOpenProcessToken (NtCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken); set_cygwin_privileges (hProcToken); device::init (); diff --git a/winsup/cygwin/fhandler_tty.cc b/winsup/cygwin/fhandler_tty.cc index 478397a..20ab959 100644 --- a/winsup/cygwin/fhandler_tty.cc +++ b/winsup/cygwin/fhandler_tty.cc @@ -529,7 +529,7 @@ fhandler_tty_slave::open (int flags, mode_t) /* Create security attribute. Default permissions are 0620. */ security_descriptor sd; sd.malloc (sizeof (SECURITY_DESCRIPTOR)); - InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); + RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE }; if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid, S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, @@ -1305,7 +1305,7 @@ fhandler_tty_slave::fchmod (mode_t mode) goto errout; } sd.malloc (sizeof (SECURITY_DESCRIPTOR)); - InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); + RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); if (!get_object_attribute (input_available_event, &uid, &gid, NULL) && !create_object_sd_from_attribute (NULL, uid, gid, S_IFCHR | mode, sd)) ret = fch_set_sd (sd, false); @@ -1334,7 +1334,7 @@ fhandler_tty_slave::fchown (__uid32_t uid, __gid32_t gid) goto errout; } sd.malloc (sizeof (SECURITY_DESCRIPTOR)); - InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); + RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); if (!get_object_attribute (input_available_event, &o_uid, &o_gid, &mode)) { if ((uid == ILLEGAL_UID || uid == o_uid) @@ -1796,7 +1796,7 @@ fhandler_pty_master::setup (bool ispty) /* Create security attribute. Default permissions are 0620. */ sd.malloc (sizeof (SECURITY_DESCRIPTOR)); - InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); + RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid, S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, sd)) diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc index c899361..16e2911 100644 --- a/winsup/cygwin/flock.cc +++ b/winsup/cygwin/flock.cc @@ -178,9 +178,10 @@ allow_others_to_sync () return; } /* Set the size of the DACL correctly. */ - if (!FindFirstFreeAce (dacl, &ace)) + status = RtlFirstFreeAce (dacl, &ace); + if (!NT_SUCCESS (status)) { - debug_printf ("FindFirstFreeAce: %lu", GetLastError ()); + debug_printf ("RtlFirstFreeAce: %p", status); return; } dacl->AclSize = (char *) ace - (char *) dacl; diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc index 91542b4..badee70 100644 --- a/winsup/cygwin/pinfo.cc +++ b/winsup/cygwin/pinfo.cc @@ -350,9 +350,8 @@ pinfo::set_acl() sec_acl (acl_buf, true, true, cygheap->user.sid (), well_known_world_sid, FILE_MAP_READ); - if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) - debug_printf ("InitializeSecurityDescriptor %E"); - else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE)) + RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); + if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE)) debug_printf ("SetSecurityDescriptorDacl %E"); else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd))) debug_printf ("NtSetSecurityObject %lx", status); diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index 2a18024..48012e2 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -21,6 +21,7 @@ details. */ #include "fhandler.h" #include "dtable.h" #include "cygheap.h" +#include "ntdll.h" #include "pwdgrp.h" #include "tls_pbuf.h" @@ -68,11 +69,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, /* Initialize local security descriptor. */ SECURITY_DESCRIPTOR sd; - if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) - { - __seterrno (); - return -1; - } + RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); if (!SetSecurityDescriptorOwner (&sd, owner, FALSE)) { __seterrno (); @@ -94,11 +91,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, struct __group32 *gr; int pos; - if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) - { - __seterrno (); - return -1; - } + RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION); writable = false; @@ -332,7 +325,7 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp) { ACCESS_ALLOWED_ACE *ace; - if (!GetAce (acl, i, (PVOID *) &ace)) + if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace))) continue; cygpsid ace_sid ((PSID) &ace->SidStart); diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index f2dd26d..c0c605e 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -1019,7 +1019,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) + RtlLengthSid (well_known_admins_sid) + RtlLengthSid (well_known_system_sid); dacl = (PACL) alloca (dsize); - if (!InitializeAcl (dacl, dsize, ACL_REVISION)) + if (!NT_SUCCESS (RtlCreateAcl (dacl, dsize, ACL_REVISION))) goto out; if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, usersid)) goto out; diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index 71fbd74..6ce9ccc 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -463,7 +463,7 @@ get_null_sd () if (!null_sdp) { - InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); + RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); SetSecurityDescriptorDacl (&sd, TRUE, NULL, FALSE); null_sdp = &sd; } @@ -488,6 +488,7 @@ init_global_security () bool sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD access2) { + NTSTATUS status; size_t acl_len = MAX_DACL_LEN (5); LPVOID pAce; cygpsid psid; @@ -496,9 +497,10 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces if ((unsigned long) acl % 4) api_fatal ("Incorrectly aligned incoming ACL buffer!"); #endif - if (!InitializeAcl (acl, acl_len, ACL_REVISION)) + status = RtlCreateAcl (acl, acl_len, ACL_REVISION); + if (!NT_SUCCESS (status)) { - debug_printf ("InitializeAcl %E"); + debug_printf ("RtlCreateAcl: %p", status); return false; } if (sid1) @@ -521,11 +523,11 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces if (!AddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL, well_known_system_sid)) debug_printf ("AddAccessAllowedAce(system) %E"); - FindFirstFreeAce (acl, &pAce); - if (pAce) + status = RtlFirstFreeAce (acl, &pAce); + if (NT_SUCCESS (status) && pAce) acl->AclSize = (char *) pAce - (char *) acl; else - debug_printf ("FindFirstFreeAce %E"); + debug_printf ("RtlFirstFreeAce: %p", status); return true; } @@ -545,8 +547,7 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit) if (!sec_acl (acl, true, true, sid1, sid2, access2)) return inherit ? &sec_none : &sec_none_nih; - if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION)) - debug_printf ("InitializeSecurityDescriptor %E"); + RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); /* * Setting the owner lets the created security attribute not work @@ -574,13 +575,14 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit) PSECURITY_DESCRIPTOR _everyone_sd (void *buf, ACCESS_MASK access) { + NTSTATUS status; PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) buf; if (psd) { - InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); + RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); PACL dacl = (PACL) (psd + 1); - InitializeAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION); + RtlCreateAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION); if (!AddAccessAllowedAce (dacl, ACL_REVISION, access, well_known_world_sid)) { @@ -588,9 +590,10 @@ _everyone_sd (void *buf, ACCESS_MASK access) return NULL; } LPVOID ace; - if (!FindFirstFreeAce (dacl, &ace)) + status = RtlFirstFreeAce (dacl, &ace); + if (!NT_SUCCESS (status)) { - debug_printf ("FindFirstFreeAce: %lu", GetLastError ()); + debug_printf ("RtlFirstFreeAce: %p", status); return NULL; } dacl->AclSize = (char *) ace - (char *) dacl; diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 428c874..a72fb52 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -139,7 +139,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, if (NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd, &exists, &dacl, &def)) && exists && dacl) for (ULONG idx = 0; idx < dacl->AceCount; ++idx) - if (RtlGetAce (dacl, idx, (PVOID *) &ace) + if (NT_SUCCESS (RtlGetAce (dacl, idx, (PVOID *) &ace)) && (ace->Header.AceFlags & INHERITED_ACE)) return 0; /* Otherwise, open the parent directory with READ_CONTROL... */ @@ -245,7 +245,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid, for (DWORD i = 0; i < acl->AceCount; ++i) { - if (!GetAce (acl, i, (PVOID *) &ace)) + if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace))) continue; if (ace->Header.AceFlags & INHERIT_ONLY_ACE) continue; @@ -472,7 +472,7 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes, return false; } ACCESS_ALLOWED_ACE *ace; - if (inherit && GetAce (acl, offset, (PVOID *) &ace)) + if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace))) ace->Header.AceFlags |= inherit; len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid); return true; @@ -488,7 +488,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes, return false; } ACCESS_DENIED_ACE *ace; - if (inherit && GetAce (acl, offset, (PVOID *) &ace)) + if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace))) ace->Header.AceFlags |= inherit; len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid); return true; @@ -544,11 +544,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, /* Initialize local security descriptor. */ SECURITY_DESCRIPTOR sd; - if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION)) - { - __seterrno (); - return NULL; - } + RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); /* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being modified by inheritable ACEs. */ @@ -570,11 +566,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, /* Initialize local access control list. */ PACL acl = (PACL) tp.w_get (); - if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) - { - __seterrno (); - return NULL; - } + RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION); /* From here fill ACL. */ size_t acl_len = sizeof (ACL); @@ -713,10 +705,12 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, PACL oacl; BOOL acl_exists = FALSE; ACCESS_ALLOWED_ACE *ace; + NTSTATUS status; + if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy) && acl_exists && oacl) for (DWORD i = 0; i < oacl->AceCount; ++i) - if (GetAce (oacl, i, (PVOID *) &ace)) + if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace))) { cygpsid ace_sid ((PSID) &ace->SidStart); @@ -767,12 +761,13 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, * behind the owner_deny, ACCESS_ALLOWED_ACE to the end. * FIXME: this would break the order of the inherit-only ACEs */ - if (!AddAce (acl, ACL_REVISION, - ace->Header.AceType == ACCESS_DENIED_ACE_TYPE - ? (owner_deny ? 1 : 0) : MAXDWORD, - (LPVOID) ace, ace->Header.AceSize)) + status = RtlAddAce (acl, ACL_REVISION, + ace->Header.AceType == ACCESS_DENIED_ACE_TYPE + ? (owner_deny ? 1 : 0) : MAXDWORD, + (LPVOID) ace, ace->Header.AceSize); + if (!NT_SUCCESS (status)) { - __seterrno (); + __seterrno_from_nt_status (status); return NULL; } ace_off++; @@ -862,7 +857,7 @@ set_security_attribute (path_conv &pc, int attribute, PSECURITY_ATTRIBUTES psa, security_descriptor &sd) { psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH); - InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)psa->lpSecurityDescriptor, + RtlCreateSecurityDescriptor ((PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION); psa->lpSecurityDescriptor = alloc_sd (pc, geteuid32 (), getegid32 (), attribute, sd); |