From 1754539e56dcde666394354ec603d5524b0d3e90 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 28 Apr 2011 09:30:36 +0000
Subject: 	* advapi32.cc (InitializeAcl): Remove. 	(AddAce): Remove. 
 (FindFirstFreeAce): Remove. 	(GetAce): Remove. 
 (InitializeSecurityDescriptor): Remove. 	(OpenProcessToken): Remove. 
 * dcrt0.cc: Replace above functions throughout with their ntdll.dll 
 equivalent. 	* fhandler_tty.cc: Ditto. 	* flock.cc: Ditto. 	*
 pinfo.cc: Ditto.  Drop unnecessary error handling. 	* sec_acl.cc: Ditto. 
 * sec_auth.cc: Ditto. 	* sec_helper.cc: Ditto. 	* security.cc: Ditto.

---
 winsup/cygwin/security.cc | 37 ++++++++++++++++---------------------
 1 file changed, 16 insertions(+), 21 deletions(-)

(limited to 'winsup/cygwin/security.cc')

diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 428c874a2..a72fb525a 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -139,7 +139,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
       if (NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd, &exists, &dacl, &def))
 	  && exists && dacl)
 	for (ULONG idx = 0; idx < dacl->AceCount; ++idx)
-	  if (RtlGetAce (dacl, idx, (PVOID *) &ace)
+	  if (NT_SUCCESS (RtlGetAce (dacl, idx, (PVOID *) &ace))
 	      && (ace->Header.AceFlags & INHERITED_ACE))
 	    return 0;
       /* Otherwise, open the parent directory with READ_CONTROL... */
@@ -245,7 +245,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
 
   for (DWORD i = 0; i < acl->AceCount; ++i)
     {
-      if (!GetAce (acl, i, (PVOID *) &ace))
+      if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace)))
 	continue;
       if (ace->Header.AceFlags & INHERIT_ONLY_ACE)
 	continue;
@@ -472,7 +472,7 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
       return false;
     }
   ACCESS_ALLOWED_ACE *ace;
-  if (inherit && GetAce (acl, offset, (PVOID *) &ace))
+  if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace)))
     ace->Header.AceFlags |= inherit;
   len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
   return true;
@@ -488,7 +488,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes,
       return false;
     }
   ACCESS_DENIED_ACE *ace;
-  if (inherit && GetAce (acl, offset, (PVOID *) &ace))
+  if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace)))
     ace->Header.AceFlags |= inherit;
   len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
   return true;
@@ -544,11 +544,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
 
   /* Initialize local security descriptor. */
   SECURITY_DESCRIPTOR sd;
-  if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION))
-    {
-      __seterrno ();
-      return NULL;
-    }
+  RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
 
   /* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
      modified by inheritable ACEs. */
@@ -570,11 +566,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
 
   /* Initialize local access control list. */
   PACL acl = (PACL) tp.w_get ();
-  if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
-    {
-      __seterrno ();
-      return NULL;
-    }
+  RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION);
 
   /* From here fill ACL. */
   size_t acl_len = sizeof (ACL);
@@ -713,10 +705,12 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
   PACL oacl;
   BOOL acl_exists = FALSE;
   ACCESS_ALLOWED_ACE *ace;
+  NTSTATUS status;
+
   if (GetSecurityDescriptorDacl (sd_ret, &acl_exists, &oacl, &dummy)
       && acl_exists && oacl)
     for (DWORD i = 0; i < oacl->AceCount; ++i)
-      if (GetAce (oacl, i, (PVOID *) &ace))
+      if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace)))
 	{
 	  cygpsid ace_sid ((PSID) &ace->SidStart);
 
@@ -767,12 +761,13 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
 	   * behind the owner_deny, ACCESS_ALLOWED_ACE to the end.
 	   * FIXME: this would break the order of the inherit-only ACEs
 	   */
-	  if (!AddAce (acl, ACL_REVISION,
-		       ace->Header.AceType == ACCESS_DENIED_ACE_TYPE
-		       ?  (owner_deny ? 1 : 0) : MAXDWORD,
-		       (LPVOID) ace, ace->Header.AceSize))
+	  status = RtlAddAce (acl, ACL_REVISION,
+			      ace->Header.AceType == ACCESS_DENIED_ACE_TYPE
+			      ?  (owner_deny ? 1 : 0) : MAXDWORD,
+			      (LPVOID) ace, ace->Header.AceSize);
+	  if (!NT_SUCCESS (status))
 	    {
-	      __seterrno ();
+	      __seterrno_from_nt_status (status);
 	      return NULL;
 	    }
 	  ace_off++;
@@ -862,7 +857,7 @@ set_security_attribute (path_conv &pc, int attribute, PSECURITY_ATTRIBUTES psa,
 			security_descriptor &sd)
 {
   psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH);
-  InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)psa->lpSecurityDescriptor,
+  RtlCreateSecurityDescriptor ((PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor,
 				SECURITY_DESCRIPTOR_REVISION);
   psa->lpSecurityDescriptor = alloc_sd (pc, geteuid32 (), getegid32 (),
 					attribute, sd);
-- 
cgit v1.2.3