aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCorinna Vinschen <corinna@vinschen.de>2010-09-10 14:53:44 +0000
committerCorinna Vinschen <corinna@vinschen.de>2010-09-10 14:53:44 +0000
commit4e8f539f158b9d3413d0b88ce2fb8f70733139d8 (patch)
treecdd8b95ced54952c50a3335c901e94a5f288b46a
parentf65c5a0a2b1728ce2b317b31b601574f1ef7f5b2 (diff)
downloadnewlib-4e8f539f158b9d3413d0b88ce2fb8f70733139d8.zip
newlib-4e8f539f158b9d3413d0b88ce2fb8f70733139d8.tar.gz
newlib-4e8f539f158b9d3413d0b88ce2fb8f70733139d8.tar.bz2
* flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use
instead of ACL_DEFAULT_SIZE. * sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size. * security.h (ACL_DEFAULT_SIZE): Drop definition. (ACL_MAXIMUM_SIZE): Define. (SD_MAXIMUM_SIZE): Define. * security.cc (get_file_sd): Allocate security_decscriptor with size SD_MAXIMUM_SIZE. (alloc_sd): Use TLS buffer to allow maximum ACL size.
-rw-r--r--winsup/cygwin/ChangeLog12
-rw-r--r--winsup/cygwin/flock.cc5
-rw-r--r--winsup/cygwin/sec_acl.cc6
-rw-r--r--winsup/cygwin/security.cc8
-rw-r--r--winsup/cygwin/security.h3
5 files changed, 26 insertions, 8 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 521b4cd..a6b39b2 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,17 @@
2010-09-10 Corinna Vinschen <corinna@vinschen.de>
+ * flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use
+ instead of ACL_DEFAULT_SIZE.
+ * sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
+ * security.h (ACL_DEFAULT_SIZE): Drop definition.
+ (ACL_MAXIMUM_SIZE): Define.
+ (SD_MAXIMUM_SIZE): Define.
+ * security.cc (get_file_sd): Allocate security_decscriptor with size
+ SD_MAXIMUM_SIZE.
+ (alloc_sd): Use TLS buffer to allow maximum ACL size.
+
+2010-09-10 Corinna Vinschen <corinna@vinschen.de>
+
* mount.cc (class fs_info_cache): New class to cache filesystem
information.
(fs_info::update): Check FileFsVolumeInformation against filesystem
diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc
index 7d0436b..c899361 100644
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@@ -155,10 +155,11 @@ allow_others_to_sync ()
should be more than sufficient for process ACLs. Can't use tls functions
at this point because this gets called during initialization when the tls
is not really available. */
- PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (ACL_DEFAULT_SIZE);
+#define MAX_PROCESS_SD_SIZE 3072
+ PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (MAX_PROCESS_SD_SIZE);
status = NtQuerySecurityObject (NtCurrentProcess (),
DACL_SECURITY_INFORMATION, sd,
- ACL_DEFAULT_SIZE, &len);
+ MAX_PROCESS_SD_SIZE, &len);
if (!NT_SUCCESS (status))
{
debug_printf ("NtQuerySecurityObject: %p", status);
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index fbf2bff..2650b45 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -22,6 +22,7 @@ details. */
#include "dtable.h"
#include "cygheap.h"
#include "pwdgrp.h"
+#include "tls_pbuf.h"
static int
searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UID)
@@ -40,6 +41,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
bool &writable)
{
security_descriptor sd_ret;
+ tmp_pathbuf tp;
if (get_file_sd (handle, pc, sd_ret, false))
return -1;
@@ -83,7 +85,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
}
/* Fill access control list. */
- PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE);
+ PACL acl = (PACL) tp.w_get ();
size_t acl_len = sizeof (ACL);
int ace_off = 0;
@@ -92,7 +94,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
struct __group32 *gr;
int pos;
- if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION))
+ if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
{
__seterrno ();
return -1;
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index e88fcf2..1052f98 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -24,6 +24,7 @@ details. */
#include "cygheap.h"
#include "ntdll.h"
#include "pwdgrp.h"
+#include "tls_pbuf.h"
#include <aclapi.h>
#define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \
@@ -68,7 +69,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
else
{
NTSTATUS status;
- ULONG len = 32768;
+ ULONG len = SD_MAXIMUM_SIZE;
if (!sd.malloc (len))
{
@@ -413,6 +414,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
security_descriptor &sd_ret)
{
BOOL dummy;
+ tmp_pathbuf tp;
/* NOTE: If the high bit of attribute is set, we have just created
a file or directory. See below for an explanation. */
@@ -483,8 +485,8 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
}
/* Initialize local access control list. */
- PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE);
- if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION))
+ PACL acl = (PACL) tp.w_get ();
+ if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
{
__seterrno ();
return NULL;
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index d38edc1..198f0f0 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -26,7 +26,8 @@ details. */
#define MAX_DACL_LEN(n) (sizeof (ACL) \
+ (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN))
#define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1))
-#define ACL_DEFAULT_SIZE 3072
+#define ACL_MAXIMUM_SIZE 65532 /* Yeah, right. 64K - sizeof (DWORD). */
+#define SD_MAXIMUM_SIZE 65536
#define NO_SID ((PSID)NULL)
#ifndef SE_CREATE_TOKEN_PRIVILEGE