diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2010-09-10 18:53:44 +0400 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2010-09-10 18:53:44 +0400 |
| commit | 4e8f539f158b9d3413d0b88ce2fb8f70733139d8 (patch) | |
| tree | cdd8b95ced54952c50a3335c901e94a5f288b46a | |
| parent | f65c5a0a2b1728ce2b317b31b601574f1ef7f5b2 (diff) | |
* flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use
instead of ACL_DEFAULT_SIZE.
* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
* security.h (ACL_DEFAULT_SIZE): Drop definition.
(ACL_MAXIMUM_SIZE): Define.
(SD_MAXIMUM_SIZE): Define.
* security.cc (get_file_sd): Allocate security_decscriptor with size
SD_MAXIMUM_SIZE.
(alloc_sd): Use TLS buffer to allow maximum ACL size.
| -rw-r--r-- | winsup/cygwin/ChangeLog | 12 | ||||
| -rw-r--r-- | winsup/cygwin/flock.cc | 5 | ||||
| -rw-r--r-- | winsup/cygwin/sec_acl.cc | 6 | ||||
| -rw-r--r-- | winsup/cygwin/security.cc | 8 | ||||
| -rw-r--r-- | winsup/cygwin/security.h | 3 |
5 files changed, 26 insertions, 8 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 521b4cd4c..a6b39b28c 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,5 +1,17 @@ 2010-09-10 Corinna Vinschen <corinna@vinschen.de> + * flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use + instead of ACL_DEFAULT_SIZE. + * sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size. + * security.h (ACL_DEFAULT_SIZE): Drop definition. + (ACL_MAXIMUM_SIZE): Define. + (SD_MAXIMUM_SIZE): Define. + * security.cc (get_file_sd): Allocate security_decscriptor with size + SD_MAXIMUM_SIZE. + (alloc_sd): Use TLS buffer to allow maximum ACL size. + +2010-09-10 Corinna Vinschen <corinna@vinschen.de> + * mount.cc (class fs_info_cache): New class to cache filesystem information. (fs_info::update): Check FileFsVolumeInformation against filesystem diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc index 7d0436b11..c899361ff 100644 --- a/winsup/cygwin/flock.cc +++ b/winsup/cygwin/flock.cc @@ -155,10 +155,11 @@ allow_others_to_sync () should be more than sufficient for process ACLs. Can't use tls functions at this point because this gets called during initialization when the tls is not really available. */ - PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (ACL_DEFAULT_SIZE); +#define MAX_PROCESS_SD_SIZE 3072 + PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (MAX_PROCESS_SD_SIZE); status = NtQuerySecurityObject (NtCurrentProcess (), DACL_SECURITY_INFORMATION, sd, - ACL_DEFAULT_SIZE, &len); + MAX_PROCESS_SD_SIZE, &len); if (!NT_SUCCESS (status)) { debug_printf ("NtQuerySecurityObject: %p", status); diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index fbf2bffa7..2650b45c8 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -22,6 +22,7 @@ details. */ #include "dtable.h" #include "cygheap.h" #include "pwdgrp.h" +#include "tls_pbuf.h" static int searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UID) @@ -40,6 +41,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, bool &writable) { security_descriptor sd_ret; + tmp_pathbuf tp; if (get_file_sd (handle, pc, sd_ret, false)) return -1; @@ -83,7 +85,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, } /* Fill access control list. */ - PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE); + PACL acl = (PACL) tp.w_get (); size_t acl_len = sizeof (ACL); int ace_off = 0; @@ -92,7 +94,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, struct __group32 *gr; int pos; - if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION)) + if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) { __seterrno (); return -1; diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index e88fcf2fc..1052f98c0 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -24,6 +24,7 @@ details. */ #include "cygheap.h" #include "ntdll.h" #include "pwdgrp.h" +#include "tls_pbuf.h" #include <aclapi.h> #define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \ @@ -68,7 +69,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, else { NTSTATUS status; - ULONG len = 32768; + ULONG len = SD_MAXIMUM_SIZE; if (!sd.malloc (len)) { @@ -413,6 +414,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, security_descriptor &sd_ret) { BOOL dummy; + tmp_pathbuf tp; /* NOTE: If the high bit of attribute is set, we have just created a file or directory. See below for an explanation. */ @@ -483,8 +485,8 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, } /* Initialize local access control list. */ - PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE); - if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION)) + PACL acl = (PACL) tp.w_get (); + if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) { __seterrno (); return NULL; diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index d38edc16d..198f0f075 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -26,7 +26,8 @@ details. */ #define MAX_DACL_LEN(n) (sizeof (ACL) \ + (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN)) #define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1)) -#define ACL_DEFAULT_SIZE 3072 +#define ACL_MAXIMUM_SIZE 65532 /* Yeah, right. 64K - sizeof (DWORD). */ +#define SD_MAXIMUM_SIZE 65536 #define NO_SID ((PSID)NULL) #ifndef SE_CREATE_TOKEN_PRIVILEGE |