Welcome to mirror list, hosted at ThFree Co, Russian Federation.

cygwin.com/git/newlib-cygwin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--winsup/cygwin/ChangeLog18
-rw-r--r--winsup/cygwin/advapi32.cc38
-rw-r--r--winsup/cygwin/flock.cc7
-rw-r--r--winsup/cygwin/sec_acl.cc7
-rw-r--r--winsup/cygwin/sec_auth.cc25
-rw-r--r--winsup/cygwin/sec_helper.cc47
-rw-r--r--winsup/cygwin/security.cc19
-rw-r--r--winsup/cygwin/security.h16
8 files changed, 97 insertions, 80 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 08ca56dbc..be061759d 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,23 @@
2011-04-29 Corinna Vinschen <corinna@vinschen.de>
+ * advapi32.cc: Add comment.
+ (EqualSid): Remove.
+ (CopySid): Remove.
+ (AddAccessAllowedAce): Remove.
+ (AddAccessDeniedAce): Remove.
+ (MakeSelfRelativeSD): Remove.
+ * flock.cc: Replace above functions throughout with their ntdll.dll
+ equivalent.
+ * sec_acl.cc: Ditto.
+ * sec_auth.cc: Ditto.
+ * sec_helper.cc: Ditto.
+ * security.cc: Ditto.
+ * security.h: Ditto.
+ (RtlEqualSid): Declare. Explain why.
+ (RtlCopySid): Ditto.
+
+2011-04-29 Corinna Vinschen <corinna@vinschen.de>
+
* advapi32.cc (AccessCheck): Remove.
(PrivilegeCheck): Remove.
(OpenThreadToken): Remove.
diff --git a/winsup/cygwin/advapi32.cc b/winsup/cygwin/advapi32.cc
index fba18baa8..47913a031 100644
--- a/winsup/cygwin/advapi32.cc
+++ b/winsup/cygwin/advapi32.cc
@@ -19,40 +19,10 @@ details. */
SetLastError (RtlNtStatusToDosError (status)); \
return NT_SUCCESS (status);
-BOOL WINAPI
-EqualSid (PSID sid1, PSID sid2)
-{
- return !!RtlEqualSid (sid1, sid2);
-}
-
-BOOL WINAPI
-CopySid (DWORD len, PSID dest, PSID src)
-{
- NTSTATUS status = RtlCopySid (len, dest, src);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
-AddAccessAllowedAce (PACL acl, DWORD revision, DWORD mask, PSID sid)
-{
- NTSTATUS status = RtlAddAccessAllowedAce (acl, revision, mask, sid);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
-AddAccessDeniedAce (PACL acl, DWORD revision, DWORD mask, PSID sid)
-{
- NTSTATUS status = RtlAddAccessDeniedAce (acl, revision, mask, sid);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
-MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
- LPDWORD len)
-{
- NTSTATUS status = RtlAbsoluteToSelfRelativeSD (abs_sd, rel_sd, len);
- DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
+/* This file should only contain non-trivial implementations of advapi32
+ functions, or advapi32 functions for which the ntdll.dll equivalent
+ is not easy to understand. In all other case, use the ntdll.dll
+ equivalent. */
BOOL WINAPI
RevertToSelf ()
diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc
index 90128175f..970bde6c1 100644
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@@ -171,10 +171,11 @@ allow_others_to_sync ()
dacl = (PACL) ((char *) sd + (uintptr_t) sd->Dacl);
dacl->AclSize = NT_MAX_PATH * sizeof (WCHAR) - ((char *) dacl - (char *) sd);
/* Allow everyone to SYNCHRONIZE with this process. */
- if (!AddAccessAllowedAce (dacl, ACL_REVISION, SYNCHRONIZE,
- well_known_world_sid))
+ status = RtlAddAccessAllowedAce (dacl, ACL_REVISION, SYNCHRONIZE,
+ well_known_world_sid);
+ if (!NT_SUCCESS (status))
{
- debug_printf ("AddAccessAllowedAce: %lu", GetLastError ());
+ debug_printf ("RtlAddAccessAllowedAce: %p", status);
return;
}
/* Set the size of the DACL correctly. */
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index ef5822b73..3499476c3 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -211,7 +211,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
}
/* Make self relative security descriptor in sd_ret. */
DWORD sd_size = 0;
- MakeSelfRelativeSD (&sd, sd_ret, &sd_size);
+ RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
if (sd_size <= 0)
{
__seterrno ();
@@ -222,9 +222,10 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
set_errno (ENOMEM);
return -1;
}
- if (!MakeSelfRelativeSD (&sd, sd_ret, &sd_size))
+ status = RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
+ if (!NT_SUCCESS (status))
{
- __seterrno ();
+ __seterrno_from_nt_status (status);
return -1;
}
debug_printf ("Created SD-Size: %d", sd_ret.size ());
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index 575a1d3c1..78fa52767 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -1047,13 +1047,14 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
dacl = (PACL) alloca (dsize);
if (!NT_SUCCESS (RtlCreateAcl (dacl, dsize, ACL_REVISION)))
goto out;
- if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL, usersid))
+ if (!NT_SUCCESS (RtlAddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL,
+ usersid)))
goto out;
- if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL,
- well_known_admins_sid))
+ if (!NT_SUCCESS (RtlAddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL,
+ well_known_admins_sid)))
goto out;
- if (!AddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL,
- well_known_system_sid))
+ if (!NT_SUCCESS (RtlAddAccessAllowedAce (dacl, ACL_REVISION, GENERIC_ALL,
+ well_known_system_sid)))
goto out;
/* Evaluate authinf size and allocate authinf. */
@@ -1096,8 +1097,8 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
/* User SID */
authinf->inf.User.User.Sid = offset;
authinf->inf.User.User.Attributes = 0;
- CopySid (RtlLengthSid (usersid), (PSID) ((PBYTE) &authinf->inf + offset),
- usersid);
+ RtlCopySid (RtlLengthSid (usersid), (PSID) ((PBYTE) &authinf->inf + offset),
+ usersid);
offset += RtlLengthSid (usersid);
/* Groups */
authinf->inf.Groups = offset;
@@ -1119,16 +1120,16 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
if (wincap.needs_logon_sid_in_sid_list ()
&& tmp_gsids.sids[tmpidx] == fake_logon_sid)
gsids->Groups[i].Attributes += SE_GROUP_LOGON_ID;
- CopySid (RtlLengthSid (tmp_gsids.sids[tmpidx]),
- (PSID) ((PBYTE) &authinf->inf + sids_offset),
- tmp_gsids.sids[tmpidx]);
+ RtlCopySid (RtlLengthSid (tmp_gsids.sids[tmpidx]),
+ (PSID) ((PBYTE) &authinf->inf + sids_offset),
+ tmp_gsids.sids[tmpidx]);
sids_offset += RtlLengthSid (tmp_gsids.sids[tmpidx]);
}
offset += gsize;
/* Primary Group SID */
authinf->inf.PrimaryGroup.PrimaryGroup = offset;
- CopySid (RtlLengthSid (pgrpsid), (PSID) ((PBYTE) &authinf->inf + offset),
- pgrpsid);
+ RtlCopySid (RtlLengthSid (pgrpsid), (PSID) ((PBYTE) &authinf->inf + offset),
+ pgrpsid);
offset += RtlLengthSid (pgrpsid);
/* Privileges */
authinf->inf.Privileges = offset;
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 413983889..c3531d321 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -504,25 +504,35 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces
return false;
}
if (sid1)
- if (!AddAccessAllowedAce (acl, ACL_REVISION,
- GENERIC_ALL, sid1))
- debug_printf ("AddAccessAllowedAce(sid1) %E");
+ {
+ status = RtlAddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL, sid1);
+ if (!NT_SUCCESS (status))
+ debug_printf ("RtlAddAccessAllowedAce(sid1) %p", status);
+ }
if (original && (psid = cygheap->user.saved_sid ())
&& psid != sid1 && psid != well_known_system_sid)
- if (!AddAccessAllowedAce (acl, ACL_REVISION,
- GENERIC_ALL, psid))
- debug_printf ("AddAccessAllowedAce(original) %E");
+ {
+ status = RtlAddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL, psid);
+ if (!NT_SUCCESS (status))
+ debug_printf ("RtlAddAccessAllowedAce(original) %p", status);
+ }
if (sid2)
- if (!AddAccessAllowedAce (acl, ACL_REVISION,
- access2, sid2))
- debug_printf ("AddAccessAllowedAce(sid2) %E");
+ {
+ status = RtlAddAccessAllowedAce (acl, ACL_REVISION, access2, sid2);
+ if (!NT_SUCCESS (status))
+ debug_printf ("RtlAddAccessAllowedAce(sid2) %p", status);
+ }
if (admins)
- if (!AddAccessAllowedAce (acl, ACL_REVISION,
- GENERIC_ALL, well_known_admins_sid))
- debug_printf ("AddAccessAllowedAce(admin) %E");
- if (!AddAccessAllowedAce (acl, ACL_REVISION,
- GENERIC_ALL, well_known_system_sid))
- debug_printf ("AddAccessAllowedAce(system) %E");
+ {
+ status = RtlAddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL,
+ well_known_admins_sid);
+ if (!NT_SUCCESS (status))
+ debug_printf ("RtlAddAccessAllowedAce(admin) %p", status);
+ }
+ status = RtlAddAccessAllowedAce (acl, ACL_REVISION, GENERIC_ALL,
+ well_known_system_sid);
+ if (!NT_SUCCESS (status))
+ debug_printf ("RtlAddAccessAllowedAce(system) %p", status);
status = RtlFirstFreeAce (acl, &pAce);
if (NT_SUCCESS (status) && pAce)
acl->AclSize = (char *) pAce - (char *) acl;
@@ -574,10 +584,11 @@ _everyone_sd (void *buf, ACCESS_MASK access)
RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
PACL dacl = (PACL) (psd + 1);
RtlCreateAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION);
- if (!AddAccessAllowedAce (dacl, ACL_REVISION, access,
- well_known_world_sid))
+ status = RtlAddAccessAllowedAce (dacl, ACL_REVISION, access,
+ well_known_world_sid);
+ if (!NT_SUCCESS (status))
{
- debug_printf ("AddAccessAllowedAce: %lu", GetLastError ());
+ debug_printf ("RtlAddAccessAllowedAce: %p", status);
return NULL;
}
LPVOID ace;
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 7530b703a..a52fc26ac 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -316,7 +316,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
}
}
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
- if (owner_sid && group_sid && EqualSid (owner_sid, group_sid)
+ if (owner_sid && group_sid && RtlEqualSid (owner_sid, group_sid)
/* FIXME: temporary exception for /var/empty */
&& well_known_system_sid != group_sid)
{
@@ -469,9 +469,10 @@ bool
add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
PSID sid, size_t &len_add, DWORD inherit)
{
- if (!AddAccessAllowedAce (acl, ACL_REVISION, attributes, sid))
+ NTSTATUS status = RtlAddAccessAllowedAce (acl, ACL_REVISION, attributes, sid);
+ if (!NT_SUCCESS (status))
{
- __seterrno ();
+ __seterrno_from_nt_status (status);
return false;
}
ACCESS_ALLOWED_ACE *ace;
@@ -485,9 +486,10 @@ bool
add_access_denied_ace (PACL acl, int offset, DWORD attributes,
PSID sid, size_t &len_add, DWORD inherit)
{
- if (!AddAccessDeniedAce (acl, ACL_REVISION, attributes, sid))
+ NTSTATUS status = RtlAddAccessDeniedAce (acl, ACL_REVISION, attributes, sid);
+ if (!NT_SUCCESS (status))
{
- __seterrno ();
+ __seterrno_from_nt_status (status);
return false;
}
ACCESS_DENIED_ACE *ace;
@@ -839,7 +841,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
/* Make self relative security descriptor. */
DWORD sd_size = 0;
- MakeSelfRelativeSD (&sd, sd_ret, &sd_size);
+ RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
if (sd_size <= 0)
{
__seterrno ();
@@ -850,9 +852,10 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
set_errno (ENOMEM);
return NULL;
}
- if (!MakeSelfRelativeSD (&sd, sd_ret, &sd_size))
+ status = RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
+ if (!NT_SUCCESS (status))
{
- __seterrno ();
+ __seterrno_from_nt_status (status);
return NULL;
}
debug_printf ("Created SD-Size: %u", sd_ret.size ());
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 6bc2a47dd..0a71221e2 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -95,6 +95,18 @@ cygpsid NO_COPY name = (PSID) &name##_struct;
#define FILE_WRITE_BITS (FILE_WRITE_DATA | GENERIC_WRITE | GENERIC_ALL)
#define FILE_EXEC_BITS (FILE_EXECUTE | GENERIC_EXECUTE | GENERIC_ALL)
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+ /* We need these declarations, otherwise g++ complains that the below
+ inline methods use an undefined function, if ntdll.h isn't included. */
+ BOOLEAN NTAPI RtlEqualSid (PSID, PSID);
+ NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID);
+#ifdef __cplusplus
+}
+#endif
+
class cygpsid {
protected:
PSID psid;
@@ -114,7 +126,7 @@ public:
{
if (!psid || !nsid)
return nsid == psid;
- return EqualSid (psid, nsid);
+ return RtlEqualSid (psid, nsid);
}
bool operator!= (const PSID nsid) const
{ return !(*this == nsid); }
@@ -143,7 +155,7 @@ class cygsid : public cygpsid {
else
{
psid = (PSID) sbuf;
- CopySid (MAX_SID_LEN, psid, nsid);
+ RtlCopySid (MAX_SID_LEN, psid, nsid);
well_known_sid = well_known;
}
return psid;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 14:26:42 +0300