2007-07-20 14:29:43 +00:00
|
|
|
/* security.cc: NT file access control functions
|
2000-02-17 19:38:33 +00:00
|
|
|
|
2013-01-21 04:38:31 +00:00
|
|
|
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
|
2015-02-25 11:38:48 +00:00
|
|
|
2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 Red Hat, Inc.
|
2000-02-17 19:38:33 +00:00
|
|
|
|
|
|
|
|
Originaly written by Gunther Ebert, gunther.ebert@ixos-leipzig.de
|
2001-02-21 22:59:11 +00:00
|
|
|
Completely rewritten by Corinna Vinschen <corinna@vinschen.de>
|
2000-02-17 19:38:33 +00:00
|
|
|
|
|
|
|
|
This file is part of Cygwin.
|
|
|
|
|
|
|
|
|
|
This software is a copyrighted work licensed under the terms of the
|
|
|
|
|
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
|
|
|
|
details. */
|
|
|
|
|
|
2000-08-02 16:28:18 +00:00
|
|
|
#include "winsup.h"
|
2000-02-17 19:38:33 +00:00
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <stdlib.h>
|
2015-04-10 11:25:40 +02:00
|
|
|
#include <sys/acl.h>
|
2000-08-22 05:10:20 +00:00
|
|
|
#include "cygerrno.h"
|
2001-07-26 19:22:24 +00:00
|
|
|
#include "security.h"
|
2000-08-22 05:10:20 +00:00
|
|
|
#include "path.h"
|
* devices.cc: New file.
* devices.gperf: New file.
* devices.shilka: New file.
* cygwin-gperf: New file.
* cygwin-shilka: New file.
* fhandler_fifo.cc: New file.
* fhandler_nodevice.cc : New file. Reorganize headers so that path.h precedes
fhandler.h throughout. Remove device argument and unit arguments from fhandler
constructors throughout. Remove pc arguments to fhandler functions and use
internal pc element instead, throughout. Use dev element in pc throughout.
Use major/minor elements rather than units and device numbers previously in
fhandler class. Use correct methods for fhandler file names rather than
directly accessing file name variables, throughout.
* Makefile.in (DLL_OFILES): Add devices.o, fhandler_fifo.o
* dcrt0.cc (dll_crt0_1): Call device::init.
* devices.h: Renumber devices based on more Linux-like major/minor numbers.
Add more devices. Declare standard device storage.
(device): Declare struct.
* dir.cc (opendir): Use new 'build_fh_name' to construct a fhandler_* type.
* dtable.cc (dtable::get_debugger_info): Ditto.
(cygwin_attach_handle_to_fd): Ditto.
(dtable::release): Remove special FH_SOCKET case in favor of generic
"need_fixup_before" test.
(dtable::init_std_file_from_handle): Use either build_fh_dev or build_fh_name
to build standard fhandler.
(dtable::build_fh_name): Renamed from dtable::build_fhandler_from_name. Move
out of dtable class. Don't accept a path_conv argument. Just build it here
and pass it to:
(build_fh_pc): Renamed from dtable::build_fhandler. Move out of dtable class.
Use intrinsic device type in path_conv to create new fhandler.
(build_fh_dev): Renamed from dtable::build_fhandler. Move out of dtable class.
Simplify arguments to just take new 'device' type and a name. Just return
pointer to fhandler rather than trying to insert into dtable.
(dtable::dup_worker): Accommodate above build_fh name changes.
(dtable::find_fifo): New (currently broken) function.
(handle_to_fn): Use strechr for efficiency.
* dtable.h: Reflect above build_fh name changes and argument differences.
(fhandler_base *&operator []): Return self rather than copy of self.
* fhandler.cc (fhandler_base::operator =): Use pc element to set normalized
path.
(fhandler_base::set_name): Ditto.
(fhandler_base::raw_read): Use method to access name.
(fhandler_base::write): Correctly use get_output_handle rather than get_handle.
(handler_base::device_access_denied): New function.
(fhandler_base::open): Eliminate pc argument and use pc element of
fhandler_base throughout.
(fhandler_base::fstat): Detect if device is based in filesystem and use
fstat_fs to calculate stat, if so.
(fhandler_base::fhandler_base): Eliminate handling of file names and, instead,
just free appropriate component from pc.
(fhandler_base::opendir): Remove path_conv parameter.
* fhandler.h: Remove all device flags.
(fhandler_base::pc): New element.
(fhandler_base::set_name): Change argument to path_conv.
(fhandler_base::error): New function.
(fhandler_base::exists): New function.
(fhandler_base::pc_binmode): New function.
(fhandler_base::dev): New function.
(fhandler_base::open_fs): New function.
(fhandler_base::fstat_fs): New function.
(fhandler_base::fstat_by_name): New function.
(fhandler_base::fstat_by_handle): New function.
(fhandler_base::isfifo): New function.
(fhandler_base::is_slow): New function.
(fhandler_base::is_auto_device): New function.
(fhandler_base::is_fs_special): New function.
(fhandler_base::device_access_denied): New function.
(fhandler_base::operator DWORD&): New operator.
(fhandler_base::get_name): Return normalized path from pc.
(fhandler_base::get_win32_name): Return windows path from pc.
(fhandler_base::isdevice): Renamed from is_device.
(fhandler_base::get_native_name): Return device format.
(fhandler_fifo): New class.
(fhandler_nodevice): New class.
(select_stuff::device_specific): Remove array.
(select_stuff::device_specific_pipe): New class element.
(select_stuff::device_specific_socket): New class element.
(select_stuff::device_specific_serial): New class element.
(select_stuff::select_stuff): Initialize new elements.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Move to base class
from fhandler_disk_file.
(fhandler_base::fstat_by_name): Ditto.
(fhandler_base::fstat_by_name): Ditto.
(fhandler_disk_file::open): Move most functionality into
fhandler_base::open_fs.
(fhandler_base::open_fs): New function.
(fhandler_disk_file::close): Move most functionality into
fhandler_base::close_fs.
(fhandler_base::close_fs): New function.
* fhandler_mem.cc (fhandler_dev_mem::open): Use device name in debugging
output.
* fhandler_socket.cc (fhandler_socket::set_connect_secret): Copy standard
urandom device into appropriate place.
(fhandler_socket::accept): Reflect change in fdsock return value.
* fhandler_tty.cc: See "throughouts" above.
* net.cc: Accommodate fdsock change throughout.
(fdsock): Return success or failure, accept fd argument and device argument.
* path.cc (symlink_info::major): New element.
(symlink_info::minor): New element.
(symlink_info::parse_device): Declare new function.
(fs_info::update): Accommodate changes in path_conv class.
(path_conv::fillin): Ditto.
(path_conv::return_and_clear_normalized_path): Eliminate.
(path_conv::set_normalized_path): New function.
(path_conv::path_conv): Set info in dev element. Use path_conv methods Check
for FH_FS rather than FH_BAD to indicate when to fill in filesystem stuff.
where appropriate rather than direct access. Use set_normalized_path to set
normalized path.
(windows_device_names): Eliminate.
(get_dev): Ditto.
(get_raw_device_number): Ditto.
(get_device_number): Ditto.
(win32_device_name): Call new device name parser to do most of the heavy
lifting.
(mount_info::conv_to_win32_path): Fill in dev field as appropriate.
(symlink_worker): Handle new device files.
(symlink_info::check): Ditto.
(symlink_info::parse_device): Define new function.
* path.h (executable_states): Move here from fhandler.h.
(fs_info): Rename variables to *_storage and create methods for accessing same.
(path_conv): Add dev element, remove devn and unit and adjust inline methods to
accommodate.
(set_normalized_path): Declare new function.
* pinfo.cc (_pinfo::commune_recv): Add broken support for handling fifos.
(_pinfo::commune_send): Ditto.
* pipe.cc (fhandler_pipe::close): check for existence of handle before closing
it.
(handler_pipe::create): Rename from make_pipe. Change arguments to accept
fhandler_pipe array. Accommodate fifos.
(pipe): Rework to deal with fhandler_pipe::create changes.
(_pipe): Ditto.
* select.cc: Use individual device_specific types throughout rather than
indexing with obsolete device number.
(set_bits): Use is_socket call rather than checking device number.
* shared_info.h (CURR_MOUNT_MAGIC): Update.
(conv_to_win32_path): Reflect addition of device argument.
* syscalls.cc (mknod_worker): New function.
(open): Use build_fh_name to build fhandler.
(chown_worker): Detect if this is an 'auto' device rather than an on-filesystem
device and handle appropriately.
(chmod_device): New function.
(chmod): Detect if this is an 'auto' device rather than an on-filesystem device
and handle appropriately. Use chmod_device to set mode of in-filesystem
devices.
(stat_worker): Eliminate path_conv argument. Call build_fh_name to construct
fhandler. Use fh->error() rather than pc->error to detect errors in fhandler
construction.
(access_worker): New function pulled from access. Accommodate in-filesystem
devices.
(access): Use access_worker.
(fpathconf): Detect if this is an 'auto' device rather than an on-filesystem
device and handle appropriately.
(mknod_worker): New function.
(mknod32): New function.
(chroot): Free normalized path -- assuming it was actually cmalloced.
* tty.cc (create_tty_master): Tweak for new device class.
(tty::common_init): Ditto.
* winsup.h (stat_worker): Remove.
(symlink_worker): Declare.
* exceptions.cc (set_process_mask): Just call sig_dispatch_pending and don't
worry about pending_signals since sig_dispatch_pending should always do the
right thing now.
(sig_handle): Reorganize SIGCONT handling to more closely conform to SUSv3.
* pinfo.h: Move __SIG enum to sigproc.h.
(PICOM_FIFO): New enum element.
(_pinfo): Remove 'thread2signal' stuff throughout class.
(_pinfo::commune_send): Make varargs.
(_pinfo::sigtodo): Eliminate.
(_pinfo::thread2signal): Ditto.
* signal.cc (kill_worker): Eliminate call to setthread2signal.
* sigproc.cc (local_sigtodo): Eliminate.
(getlocal_sigtodo): Ditto.
(sigelem): New class.
(pending_signals): New class.
(sigqueue): New variable, start of sigqueue linked list.
(sigcatch_nonmain): Eliminate.
(sigcatch_main): Eliminate.
(sigcatch_nosync): Eliminate.
(sigcomplete_nonmain): Eliminate.
(pending_signals): Eliminate.
(sig_clear): Call signal thread to clear pending signals, unless already in
signal thread.
(sigpending): Call signal thread to get pending signals.
(sig_dispatch_pending): Eliminate use of pending_signals and just check
sigqueue.
(sigproc_terminate): Eliminate all of the obsolete semaphore stuff. Close
signal pipe handle.
(sig_send): Eliminate all of the obsolete semaphore stuff and use pipe to send
signals.
(getevent): Eliminate.
(pending_signals::add): New function.
(pending_signals::del): New function.
(pending_signals::next): New function.
(wait_sig): Eliminate all of the obsolete semaphore stuff. Use pipe to
communicate and maintain a linked list of signals.
* sigproc.h: Move __SIG defines here. Add __SIGPENDING.
(sig_dispatch_pending): Remove "C" specifier.
(sig_handle): Accept a mask argument.
* thread.cc: Remove signal handling considerations throughout.
2003-09-25 00:37:18 +00:00
|
|
|
#include "fhandler.h"
|
2000-08-12 05:35:42 +00:00
|
|
|
#include "dtable.h"
|
|
|
|
|
#include "pinfo.h"
|
2000-11-15 00:13:09 +00:00
|
|
|
#include "cygheap.h"
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 08:10:47 +00:00
|
|
|
#include "ntdll.h"
|
2010-09-10 14:53:44 +00:00
|
|
|
#include "tls_pbuf.h"
|
2009-10-30 19:58:53 +00:00
|
|
|
#include <aclapi.h>
|
2007-07-20 14:29:43 +00:00
|
|
|
|
|
|
|
|
#define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \
|
|
|
|
|
| GROUP_SECURITY_INFORMATION \
|
|
|
|
|
| OWNER_SECURITY_INFORMATION)
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 08:10:47 +00:00
|
|
|
|
2013-04-23 09:44:36 +00:00
|
|
|
static GENERIC_MAPPING NO_COPY_RO file_mapping = { FILE_GENERIC_READ,
|
|
|
|
|
FILE_GENERIC_WRITE,
|
|
|
|
|
FILE_GENERIC_EXECUTE,
|
|
|
|
|
FILE_ALL_ACCESS };
|
2007-07-20 14:29:43 +00:00
|
|
|
LONG
|
2010-09-10 09:32:13 +00:00
|
|
|
get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
|
|
|
|
|
bool justcreated)
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 08:10:47 +00:00
|
|
|
{
|
2014-08-27 09:39:44 +00:00
|
|
|
NTSTATUS status = STATUS_SUCCESS;
|
2011-04-28 07:27:51 +00:00
|
|
|
OBJECT_ATTRIBUTES attr;
|
|
|
|
|
IO_STATUS_BLOCK io;
|
|
|
|
|
ULONG len = SD_MAXIMUM_SIZE, rlen;
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 08:10:47 +00:00
|
|
|
|
2011-04-28 07:27:51 +00:00
|
|
|
/* Allocate space for the security descriptor. */
|
|
|
|
|
if (!sd.malloc (len))
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 08:10:47 +00:00
|
|
|
{
|
2011-04-28 07:27:51 +00:00
|
|
|
set_errno (ENOMEM);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
/* Try to fetch the security descriptor if the handle is valid. */
|
|
|
|
|
if (fh)
|
|
|
|
|
{
|
|
|
|
|
status = NtQuerySecurityObject (fh, ALL_SECURITY_INFORMATION,
|
|
|
|
|
sd, len, &rlen);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
2014-08-27 09:39:44 +00:00
|
|
|
debug_printf ("NtQuerySecurityObject (%S), status %y",
|
|
|
|
|
pc.get_nt_native_path (), status);
|
2011-04-28 07:27:51 +00:00
|
|
|
}
|
|
|
|
|
/* If the handle was NULL, or fetching with the original handle didn't work,
|
|
|
|
|
try to reopen the file with READ_CONTROL and fetch the security descriptor
|
|
|
|
|
using that handle. */
|
2014-08-27 09:39:44 +00:00
|
|
|
if (!fh || !NT_SUCCESS (status))
|
2011-04-28 07:27:51 +00:00
|
|
|
{
|
|
|
|
|
status = NtOpenFile (&fh, READ_CONTROL,
|
2014-08-27 09:39:44 +00:00
|
|
|
fh ? pc.init_reopen_attr (attr, fh)
|
|
|
|
|
: pc.get_object_attr (attr, sec_none_nih),
|
|
|
|
|
&io, FILE_SHARE_VALID_FLAGS,
|
|
|
|
|
FILE_OPEN_FOR_BACKUP_INTENT);
|
2011-04-28 07:27:51 +00:00
|
|
|
if (!NT_SUCCESS (status))
|
2011-06-06 05:02:13 +00:00
|
|
|
{
|
2011-04-28 07:27:51 +00:00
|
|
|
sd.free ();
|
|
|
|
|
__seterrno_from_nt_status (status);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
status = NtQuerySecurityObject (fh, ALL_SECURITY_INFORMATION,
|
|
|
|
|
sd, len, &rlen);
|
|
|
|
|
NtClose (fh);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
2008-02-15 17:53:11 +00:00
|
|
|
{
|
2011-04-28 07:27:51 +00:00
|
|
|
sd.free ();
|
|
|
|
|
__seterrno_from_nt_status (status);
|
|
|
|
|
return -1;
|
2006-11-27 12:59:59 +00:00
|
|
|
}
|
|
|
|
|
}
|
2015-04-10 11:25:40 +02:00
|
|
|
/* We have a security descriptor now. Unfortunately, if you want to know
|
|
|
|
|
if an ACE is inherited from the parent object, this isn't sufficient.
|
2011-04-28 07:27:51 +00:00
|
|
|
|
|
|
|
|
In the simple case, the SDs control word contains one of the
|
|
|
|
|
SE_DACL_AUTO_INHERITED or SE_DACL_PROTECTED flags, or at least one of
|
2015-04-10 11:25:40 +02:00
|
|
|
the ACEs has the INHERITED_ACE flag set. In all of these cases we
|
|
|
|
|
know the DACL has been inherited.
|
|
|
|
|
|
|
|
|
|
If none of these flags is set in the SD, the information whether
|
|
|
|
|
or not an ACE has been inherited is not available in the DACL of the
|
|
|
|
|
object. In this case GetSecurityInfo fetches the SD from the parent
|
|
|
|
|
directory and tests if the object's SD contains inherited ACEs from the
|
|
|
|
|
parent.
|
|
|
|
|
|
|
|
|
|
Note that we're not testing the SE_DACL_AUTO_INHERITED and
|
|
|
|
|
SE_DACL_PROTECTED flags here because we know the state the file's SD
|
|
|
|
|
is in. Since we're creating all files with a NULL descriptor, the DACL
|
|
|
|
|
is either inherited from the parent, or it's the default DACL. In
|
|
|
|
|
neither case, one of these flags is set.
|
|
|
|
|
|
|
|
|
|
For speed, we're not calling RtlConvertToAutoInheritSecurityObject
|
|
|
|
|
anymore (but keep the code here for reference). Rather we just test
|
|
|
|
|
if one of the parent's ACEs is inheritable. If so, we know we inherited
|
|
|
|
|
it and set the SE_DACL_AUTO_INHERITED flag. If not, we may assume our
|
|
|
|
|
object's DACL is the default DACL.
|
|
|
|
|
|
|
|
|
|
This functionality is slow and the extra information is only required
|
|
|
|
|
when the file has been created and the permissions are about to be set
|
|
|
|
|
to POSIX permissions. Therefore we only use it in case the file just
|
|
|
|
|
got created. */
|
2011-04-28 07:27:51 +00:00
|
|
|
if (justcreated)
|
|
|
|
|
{
|
|
|
|
|
PACL dacl;
|
|
|
|
|
BOOLEAN exists, def;
|
|
|
|
|
ACCESS_ALLOWED_ACE *ace;
|
|
|
|
|
UNICODE_STRING dirname;
|
2015-04-10 11:25:40 +02:00
|
|
|
PSECURITY_DESCRIPTOR psd;
|
2011-04-28 07:27:51 +00:00
|
|
|
tmp_pathbuf tp;
|
|
|
|
|
|
2015-04-10 11:25:40 +02:00
|
|
|
/* Open the parent directory with READ_CONTROL... */
|
2011-04-28 07:27:51 +00:00
|
|
|
RtlSplitUnicodePath (pc.get_nt_native_path (), &dirname, NULL);
|
|
|
|
|
InitializeObjectAttributes (&attr, &dirname, pc.objcaseinsensitive (),
|
|
|
|
|
NULL, NULL);
|
|
|
|
|
status = NtOpenFile (&fh, READ_CONTROL, &attr, &io,
|
|
|
|
|
FILE_SHARE_VALID_FLAGS,
|
|
|
|
|
FILE_OPEN_FOR_BACKUP_INTENT
|
|
|
|
|
| FILE_OPEN_REPARSE_POINT);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
|
{
|
2013-04-23 09:44:36 +00:00
|
|
|
debug_printf ("NtOpenFile (%S), status %y", &dirname, status);
|
2011-04-28 07:27:51 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
/* ... fetch the parent's security descriptor ... */
|
|
|
|
|
psd = (PSECURITY_DESCRIPTOR) tp.w_get ();
|
|
|
|
|
status = NtQuerySecurityObject (fh, ALL_SECURITY_INFORMATION,
|
|
|
|
|
psd, len, &rlen);
|
|
|
|
|
NtClose (fh);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
|
{
|
2013-04-23 09:44:36 +00:00
|
|
|
debug_printf ("NtQuerySecurityObject (%S), status %y",
|
2011-04-28 07:27:51 +00:00
|
|
|
&dirname, status);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2015-04-10 11:25:40 +02:00
|
|
|
#if 0
|
2011-04-28 07:27:51 +00:00
|
|
|
/* ... and create a new security descriptor in which all inherited ACEs
|
2011-06-06 05:02:13 +00:00
|
|
|
are marked with the INHERITED_ACE flag. For a description of the
|
2011-04-28 07:27:51 +00:00
|
|
|
undocumented RtlConvertToAutoInheritSecurityObject function from
|
|
|
|
|
ntdll.dll see the MSDN man page for the advapi32 function
|
|
|
|
|
ConvertToAutoInheritPrivateObjectSecurity. Fortunately the latter
|
|
|
|
|
is just a shim. */
|
2015-04-10 11:25:40 +02:00
|
|
|
PSECURITY_DESCRIPTOR nsd;
|
2011-04-28 07:27:51 +00:00
|
|
|
status = RtlConvertToAutoInheritSecurityObject (psd, sd, &nsd, NULL,
|
|
|
|
|
pc.isdir (),
|
|
|
|
|
&file_mapping);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
|
{
|
2013-04-23 09:44:36 +00:00
|
|
|
debug_printf ("RtlConvertToAutoInheritSecurityObject (%S), status %y",
|
2011-04-28 07:27:51 +00:00
|
|
|
&dirname, status);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
/* Eventually copy the new security descriptor into sd and delete the
|
2011-06-06 05:02:13 +00:00
|
|
|
original one created by RtlConvertToAutoInheritSecurityObject from
|
2011-04-28 07:27:51 +00:00
|
|
|
the heap. */
|
|
|
|
|
len = RtlLengthSecurityDescriptor (nsd);
|
|
|
|
|
memcpy ((PSECURITY_DESCRIPTOR) sd, nsd, len);
|
|
|
|
|
RtlDeleteSecurityObject (&nsd);
|
2015-04-10 11:25:40 +02:00
|
|
|
#else
|
|
|
|
|
/* ... and check the parent descriptor for inheritable ACEs matching
|
|
|
|
|
our current object type (file/dir). The simple truth in our case
|
|
|
|
|
is, either the parent dir had inheritable ACEs and all our ACEs are
|
|
|
|
|
inherited, or the parent dir didn't have inheritable ACEs and all
|
|
|
|
|
our ACEs are taken from the default DACL. */
|
|
|
|
|
bool inherited = false;
|
|
|
|
|
BYTE search_flags = pc.isdir () ? SUB_CONTAINERS_AND_OBJECTS_INHERIT
|
|
|
|
|
: SUB_OBJECTS_ONLY_INHERIT;
|
|
|
|
|
if (NT_SUCCESS (RtlGetDaclSecurityDescriptor (psd, &exists, &dacl, &def))
|
|
|
|
|
&& exists && dacl)
|
|
|
|
|
for (ULONG idx = 0; idx < dacl->AceCount; ++idx)
|
|
|
|
|
if (NT_SUCCESS (RtlGetAce (dacl, idx, (PVOID *) &ace))
|
|
|
|
|
&& (ace->Header.AceFlags & search_flags))
|
|
|
|
|
{
|
|
|
|
|
inherited = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
/* Then, if the parent descriptor contained inheritable ACEs, we mark
|
|
|
|
|
the SD as SE_DACL_AUTO_INHERITED. Note that this requires the
|
|
|
|
|
matching check in get_posix_access. If we ever revert to
|
|
|
|
|
RtlConvertToAutoInheritSecurityObject, the check in get_posix_access
|
|
|
|
|
has to test every single ACE for the INHERITED_ACE flag again. */
|
|
|
|
|
if (inherited
|
|
|
|
|
&& NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd, &exists, &dacl,
|
|
|
|
|
&def))
|
|
|
|
|
&& exists && dacl)
|
|
|
|
|
RtlSetControlSecurityDescriptor (sd, SE_DACL_AUTO_INHERITED,
|
|
|
|
|
SE_DACL_AUTO_INHERITED);
|
|
|
|
|
#endif
|
2011-04-28 07:27:51 +00:00
|
|
|
}
|
|
|
|
|
return 0;
|
2003-11-26 13:23:27 +00:00
|
|
|
}
|
2000-02-17 19:38:33 +00:00
|
|
|
|
2003-11-26 13:23:27 +00:00
|
|
|
LONG
|
2009-04-09 09:19:03 +00:00
|
|
|
set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, bool is_chown)
|
2003-11-26 13:23:27 +00:00
|
|
|
{
|
2007-07-20 14:29:43 +00:00
|
|
|
NTSTATUS status = STATUS_SUCCESS;
|
2004-04-14 13:40:07 +00:00
|
|
|
int retry = 0;
|
2004-04-16 21:22:13 +00:00
|
|
|
int res = -1;
|
2007-07-20 14:29:43 +00:00
|
|
|
|
2004-04-14 13:40:07 +00:00
|
|
|
for (; retry < 2; ++retry)
|
|
|
|
|
{
|
2007-07-20 14:29:43 +00:00
|
|
|
if (fh)
|
2008-02-15 17:53:11 +00:00
|
|
|
{
|
2009-04-09 09:19:03 +00:00
|
|
|
status = NtSetSecurityObject (fh,
|
|
|
|
|
is_chown ? ALL_SECURITY_INFORMATION
|
|
|
|
|
: DACL_SECURITY_INFORMATION,
|
|
|
|
|
sd);
|
2007-07-20 14:29:43 +00:00
|
|
|
if (NT_SUCCESS (status))
|
|
|
|
|
{
|
|
|
|
|
res = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!retry)
|
2008-02-15 17:53:11 +00:00
|
|
|
{
|
2007-07-20 14:29:43 +00:00
|
|
|
OBJECT_ATTRIBUTES attr;
|
|
|
|
|
IO_STATUS_BLOCK io;
|
2009-04-09 09:19:03 +00:00
|
|
|
status = NtOpenFile (&fh, (is_chown ? WRITE_OWNER : 0) | WRITE_DAC,
|
2014-08-27 09:39:44 +00:00
|
|
|
fh ? pc.init_reopen_attr (attr, fh)
|
|
|
|
|
: pc.get_object_attr (attr, sec_none_nih),
|
|
|
|
|
&io,
|
2014-08-26 20:47:46 +00:00
|
|
|
FILE_SHARE_VALID_FLAGS,
|
2009-05-04 09:16:42 +00:00
|
|
|
FILE_OPEN_FOR_BACKUP_INTENT);
|
2007-07-20 14:29:43 +00:00
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
|
{
|
|
|
|
|
fh = NULL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2004-04-14 13:40:07 +00:00
|
|
|
}
|
2007-07-20 14:29:43 +00:00
|
|
|
if (retry && fh)
|
|
|
|
|
NtClose (fh);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
|
__seterrno_from_nt_status (status);
|
2004-04-14 20:16:29 +00:00
|
|
|
return res;
|
2000-02-17 19:38:33 +00:00
|
|
|
}
|
|
|
|
|
|
2006-12-20 17:14:23 +00:00
|
|
|
static int
|
2007-07-20 14:29:43 +00:00
|
|
|
get_reg_sd (HANDLE handle, security_descriptor &sd_ret)
|
2006-12-20 17:14:23 +00:00
|
|
|
{
|
|
|
|
|
LONG ret;
|
|
|
|
|
DWORD len = 0;
|
|
|
|
|
|
2007-07-20 14:29:43 +00:00
|
|
|
ret = RegGetKeySecurity ((HKEY) handle, ALL_SECURITY_INFORMATION,
|
2007-02-20 00:16:18 +00:00
|
|
|
sd_ret, &len);
|
2006-12-20 17:14:23 +00:00
|
|
|
if (ret == ERROR_INSUFFICIENT_BUFFER)
|
2007-02-20 00:16:18 +00:00
|
|
|
{
|
2006-12-20 17:14:23 +00:00
|
|
|
if (!sd_ret.malloc (len))
|
2007-02-20 00:16:18 +00:00
|
|
|
set_errno (ENOMEM);
|
2006-12-20 17:14:23 +00:00
|
|
|
else
|
2007-07-20 14:29:43 +00:00
|
|
|
ret = RegGetKeySecurity ((HKEY) handle, ALL_SECURITY_INFORMATION,
|
2007-02-20 00:16:18 +00:00
|
|
|
sd_ret, &len);
|
2006-12-20 17:14:23 +00:00
|
|
|
}
|
|
|
|
|
if (ret != ERROR_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
__seterrno ();
|
|
|
|
|
return -1;
|
2007-02-20 00:16:18 +00:00
|
|
|
}
|
2006-12-20 17:14:23 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2004-04-14 16:36:26 +00:00
|
|
|
int
|
2013-04-23 09:44:36 +00:00
|
|
|
get_reg_attribute (HKEY hkey, mode_t *attribute, uid_t *uidret,
|
|
|
|
|
gid_t *gidret)
|
2002-07-02 01:36:15 +00:00
|
|
|
{
|
2008-07-14 20:22:03 +00:00
|
|
|
security_descriptor sd;
|
2006-10-22 14:57:43 +00:00
|
|
|
|
2008-07-14 20:22:03 +00:00
|
|
|
if (!get_reg_sd (hkey, sd))
|
|
|
|
|
{
|
2015-03-18 17:49:12 +01:00
|
|
|
get_posix_access (sd, attribute, uidret, gidret, NULL, 0);
|
2008-07-14 20:22:03 +00:00
|
|
|
return 0;
|
2002-07-02 01:36:15 +00:00
|
|
|
}
|
2003-04-11 09:38:07 +00:00
|
|
|
/* The entries are already set to default values */
|
|
|
|
|
return -1;
|
2002-07-02 01:36:15 +00:00
|
|
|
}
|
|
|
|
|
|
2004-04-08 07:57:28 +00:00
|
|
|
int
|
2007-07-20 14:29:43 +00:00
|
|
|
get_file_attribute (HANDLE handle, path_conv &pc,
|
2013-04-23 09:44:36 +00:00
|
|
|
mode_t *attribute, uid_t *uidret, gid_t *gidret)
|
2004-04-08 07:57:28 +00:00
|
|
|
{
|
2008-07-14 20:22:03 +00:00
|
|
|
if (pc.has_acls ())
|
2004-04-08 07:57:28 +00:00
|
|
|
{
|
2006-10-22 14:57:43 +00:00
|
|
|
security_descriptor sd;
|
|
|
|
|
|
2010-09-10 09:32:13 +00:00
|
|
|
if (!get_file_sd (handle, pc, sd, false))
|
2007-07-20 14:29:43 +00:00
|
|
|
{
|
2015-03-18 17:49:12 +01:00
|
|
|
get_posix_access (sd, attribute, uidret, gidret, NULL, 0);
|
2007-07-20 14:29:43 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
2010-09-24 12:41:33 +00:00
|
|
|
/* ENOSYS is returned by get_file_sd if fetching the DACL from a remote
|
|
|
|
|
share returns STATUS_INVALID_NETWORK_RESPONSE, which in turn is
|
|
|
|
|
converted to ERROR_BAD_NET_RESP. This potentially occurs when trying
|
|
|
|
|
to fetch DACLs from a NT4 machine which is not part of the domain of
|
|
|
|
|
the requesting machine. */
|
|
|
|
|
else if (get_errno () != ENOSYS)
|
2008-02-15 17:53:11 +00:00
|
|
|
{
|
2007-07-30 10:58:16 +00:00
|
|
|
if (uidret)
|
|
|
|
|
*uidret = ILLEGAL_UID;
|
|
|
|
|
if (gidret)
|
|
|
|
|
*gidret = ILLEGAL_GID;
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2004-04-08 07:57:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (uidret)
|
|
|
|
|
*uidret = myself->uid;
|
|
|
|
|
if (gidret)
|
|
|
|
|
*gidret = myself->gid;
|
|
|
|
|
|
2007-03-01 15:13:47 +00:00
|
|
|
return -1;
|
2004-04-08 07:57:28 +00:00
|
|
|
}
|
|
|
|
|
|
2003-12-07 22:37:12 +00:00
|
|
|
bool
|
2015-04-02 13:46:04 +02:00
|
|
|
add_access_allowed_ace (PACL acl, DWORD attributes, PSID sid, size_t &len_add,
|
|
|
|
|
DWORD inherit)
|
2000-02-17 19:38:33 +00:00
|
|
|
{
|
2012-06-03 16:46:53 +00:00
|
|
|
NTSTATUS status = RtlAddAccessAllowedAceEx (acl, ACL_REVISION, inherit,
|
|
|
|
|
attributes, sid);
|
2011-04-29 10:38:12 +00:00
|
|
|
if (!NT_SUCCESS (status))
|
2000-02-17 19:38:33 +00:00
|
|
|
{
|
2011-04-29 10:38:12 +00:00
|
|
|
__seterrno_from_nt_status (status);
|
2003-12-07 22:37:12 +00:00
|
|
|
return false;
|
2000-02-17 19:38:33 +00:00
|
|
|
}
|
2011-04-28 08:34:49 +00:00
|
|
|
len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
|
2003-12-07 22:37:12 +00:00
|
|
|
return true;
|
2000-02-17 19:38:33 +00:00
|
|
|
}
|
|
|
|
|
|
2003-12-07 22:37:12 +00:00
|
|
|
bool
|
2015-04-02 13:46:04 +02:00
|
|
|
add_access_denied_ace (PACL acl, DWORD attributes, PSID sid, size_t &len_add,
|
|
|
|
|
DWORD inherit)
|
2000-02-17 19:38:33 +00:00
|
|
|
{
|
2012-06-03 16:46:53 +00:00
|
|
|
NTSTATUS status = RtlAddAccessDeniedAceEx (acl, ACL_REVISION, inherit,
|
|
|
|
|
attributes, sid);
|
2011-04-29 10:38:12 +00:00
|
|
|
if (!NT_SUCCESS (status))
|
2000-02-17 19:38:33 +00:00
|
|
|
{
|
2011-04-29 10:38:12 +00:00
|
|
|
__seterrno_from_nt_status (status);
|
2003-12-07 22:37:12 +00:00
|
|
|
return false;
|
2000-02-17 19:38:33 +00:00
|
|
|
}
|
2011-04-28 08:34:49 +00:00
|
|
|
len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
|
2003-12-07 22:37:12 +00:00
|
|
|
return true;
|
2000-02-17 19:38:33 +00:00
|
|
|
}
|
|
|
|
|
|
2001-08-07 15:09:54 +00:00
|
|
|
void
|
2008-08-14 14:05:04 +00:00
|
|
|
set_security_attribute (path_conv &pc, int attribute, PSECURITY_ATTRIBUTES psa,
|
2003-11-26 13:23:27 +00:00
|
|
|
security_descriptor &sd)
|
2001-08-07 15:09:54 +00:00
|
|
|
{
|
2003-11-26 13:23:27 +00:00
|
|
|
psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH);
|
2011-04-28 09:30:36 +00:00
|
|
|
RtlCreateSecurityDescriptor ((PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor,
|
2001-09-07 21:32:07 +00:00
|
|
|
SECURITY_DESCRIPTOR_REVISION);
|
2015-04-10 11:25:40 +02:00
|
|
|
psa->lpSecurityDescriptor = set_posix_access (attribute, geteuid32 (),
|
|
|
|
|
getegid32 (), NULL, 0,
|
|
|
|
|
sd, false);
|
2001-08-07 15:09:54 +00:00
|
|
|
}
|
|
|
|
|
|
2010-04-19 19:52:43 +00:00
|
|
|
int
|
|
|
|
|
get_object_sd (HANDLE handle, security_descriptor &sd)
|
|
|
|
|
{
|
|
|
|
|
ULONG len = 0;
|
|
|
|
|
NTSTATUS status;
|
|
|
|
|
|
|
|
|
|
status = NtQuerySecurityObject (handle, ALL_SECURITY_INFORMATION,
|
|
|
|
|
sd, len, &len);
|
|
|
|
|
if (status != STATUS_BUFFER_TOO_SMALL)
|
|
|
|
|
{
|
|
|
|
|
__seterrno_from_nt_status (status);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (!sd.malloc (len))
|
|
|
|
|
{
|
|
|
|
|
set_errno (ENOMEM);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
status = NtQuerySecurityObject (handle, ALL_SECURITY_INFORMATION,
|
|
|
|
|
sd, len, &len);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
|
{
|
|
|
|
|
__seterrno_from_nt_status (status);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2013-04-23 09:44:36 +00:00
|
|
|
get_object_attribute (HANDLE handle, uid_t *uidret, gid_t *gidret,
|
2010-04-19 19:52:43 +00:00
|
|
|
mode_t *attribute)
|
|
|
|
|
{
|
|
|
|
|
security_descriptor sd;
|
|
|
|
|
|
|
|
|
|
if (get_object_sd (handle, sd))
|
|
|
|
|
return -1;
|
2015-04-10 11:25:40 +02:00
|
|
|
return get_posix_access (sd, attribute, uidret, gidret, NULL, 0) >= 0
|
|
|
|
|
? 0 : -1;
|
2010-04-19 19:52:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2013-04-23 09:44:36 +00:00
|
|
|
create_object_sd_from_attribute (HANDLE handle, uid_t uid, gid_t gid,
|
2010-04-19 19:52:43 +00:00
|
|
|
mode_t attribute, security_descriptor &sd)
|
|
|
|
|
{
|
|
|
|
|
path_conv pc;
|
|
|
|
|
if ((handle && get_object_sd (handle, sd))
|
2015-04-10 11:25:40 +02:00
|
|
|
|| !set_posix_access (attribute, uid, gid, NULL, 0, sd, false))
|
2010-04-19 19:52:43 +00:00
|
|
|
return -1;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
set_object_sd (HANDLE handle, security_descriptor &sd, bool chown)
|
|
|
|
|
{
|
|
|
|
|
NTSTATUS status;
|
|
|
|
|
status = NtSetSecurityObject (handle, chown ? ALL_SECURITY_INFORMATION
|
|
|
|
|
: DACL_SECURITY_INFORMATION, sd);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
|
{
|
|
|
|
|
__seterrno_from_nt_status (status);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2013-04-23 09:44:36 +00:00
|
|
|
set_object_attribute (HANDLE handle, uid_t uid, gid_t gid,
|
2010-04-19 19:52:43 +00:00
|
|
|
mode_t attribute)
|
|
|
|
|
{
|
|
|
|
|
security_descriptor sd;
|
|
|
|
|
|
|
|
|
|
if (create_object_sd_from_attribute (handle, uid, gid, attribute, sd)
|
|
|
|
|
|| set_object_sd (handle, sd, uid != ILLEGAL_UID || gid != ILLEGAL_GID))
|
|
|
|
|
return -1;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2000-02-17 19:38:33 +00:00
|
|
|
int
|
2015-04-10 11:25:40 +02:00
|
|
|
set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
|
2000-02-17 19:38:33 +00:00
|
|
|
{
|
2007-07-19 17:42:11 +00:00
|
|
|
int ret = -1;
|
2015-04-10 11:25:40 +02:00
|
|
|
security_descriptor sd, sd_ret;
|
|
|
|
|
mode_t attr_rd;
|
|
|
|
|
uid_t uid;
|
|
|
|
|
gid_t gid;
|
|
|
|
|
tmp_pathbuf tp;
|
|
|
|
|
aclent_t *aclp;
|
|
|
|
|
int nentries, idx;
|
2007-07-19 17:42:11 +00:00
|
|
|
|
2015-04-10 11:25:40 +02:00
|
|
|
if (!get_file_sd (handle, pc, sd, true))
|
2007-07-19 17:42:11 +00:00
|
|
|
{
|
2015-04-10 11:25:40 +02:00
|
|
|
attr |= S_JUSTCREATED;
|
|
|
|
|
if (pc.isdir ())
|
|
|
|
|
attr |= S_IFDIR;
|
|
|
|
|
attr_rd = attr;
|
|
|
|
|
aclp = (aclent_t *) tp.c_get ();
|
|
|
|
|
if ((nentries = get_posix_access (sd, &attr_rd, &uid, &gid,
|
|
|
|
|
aclp, MAX_ACL_ENTRIES)) >= 0)
|
|
|
|
|
{
|
|
|
|
|
/* Symlinks always get the request POSIX perms. */
|
|
|
|
|
if (S_ISLNK (attr))
|
|
|
|
|
attr_rd = 0777;
|
|
|
|
|
/* Overwrite ACL permissions as required by POSIX 1003.1e
|
|
|
|
|
draft 17. */
|
|
|
|
|
aclp[0].a_perm = ((attr & attr_rd) >> 6) & S_IRWXO;
|
|
|
|
|
if (nentries > MIN_ACL_ENTRIES
|
|
|
|
|
&& (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
|
|
|
|
|
aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO;
|
|
|
|
|
else
|
|
|
|
|
aclp[1].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO;
|
|
|
|
|
if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
|
|
|
|
|
aclp[idx].a_perm = (attr & attr_rd) & S_IRWXO;
|
|
|
|
|
/* Construct appropriate inherit attribute for new directories.
|
|
|
|
|
Basically we do this only for the sake of non-Cygwin applications.
|
|
|
|
|
Cygwin applications don't need these. Additionally, if the
|
|
|
|
|
S_ISGID bit is set, propagate it. */
|
|
|
|
|
if (S_ISDIR (attr))
|
|
|
|
|
{
|
|
|
|
|
if (searchace (aclp, nentries, DEF_USER_OBJ) < 0)
|
|
|
|
|
{
|
|
|
|
|
aclp[nentries].a_type = DEF_USER_OBJ;
|
|
|
|
|
aclp[nentries].a_id = ILLEGAL_UID;
|
|
|
|
|
aclp[nentries++].a_perm = (attr >> 6) & S_IRWXO;
|
|
|
|
|
}
|
|
|
|
|
if (searchace (aclp, nentries, DEF_GROUP_OBJ) < 0)
|
|
|
|
|
{
|
|
|
|
|
aclp[nentries].a_type = DEF_GROUP_OBJ;
|
|
|
|
|
aclp[nentries].a_id = ILLEGAL_GID;
|
|
|
|
|
aclp[nentries++].a_perm = (attr >> 3) & S_IRWXO;
|
|
|
|
|
}
|
|
|
|
|
if (searchace (aclp, nentries, DEF_OTHER_OBJ) < 0)
|
|
|
|
|
{
|
|
|
|
|
aclp[nentries].a_type = DEF_OTHER_OBJ;
|
|
|
|
|
aclp[nentries].a_id = ILLEGAL_UID;
|
|
|
|
|
aclp[nentries++].a_perm = attr & S_IRWXO;
|
|
|
|
|
}
|
|
|
|
|
if (attr_rd & S_ISGID)
|
|
|
|
|
attr |= S_ISGID;
|
|
|
|
|
}
|
|
|
|
|
if (set_posix_access (attr, uid, gid, aclp, nentries, sd_ret,
|
|
|
|
|
pc.fs_is_samba ()))
|
|
|
|
|
ret = set_file_sd (handle, pc, sd_ret, attr_rd & S_ISGID);
|
|
|
|
|
}
|
2007-07-19 17:42:11 +00:00
|
|
|
}
|
2000-03-16 19:35:18 +00:00
|
|
|
return ret;
|
2000-02-17 19:38:33 +00:00
|
|
|
}
|
|
|
|
|
|
2006-10-21 11:05:32 +00:00
|
|
|
static int
|
|
|
|
|
check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
|
2011-04-29 09:48:25 +00:00
|
|
|
ACCESS_MASK desired, int flags, bool effective)
|
2003-02-21 14:29:18 +00:00
|
|
|
{
|
|
|
|
|
int ret = -1;
|
2011-04-29 09:48:25 +00:00
|
|
|
NTSTATUS status, allow;
|
|
|
|
|
ACCESS_MASK granted;
|
2006-10-21 11:05:32 +00:00
|
|
|
DWORD plen = sizeof (PRIVILEGE_SET) + 3 * sizeof (LUID_AND_ATTRIBUTES);
|
|
|
|
|
PPRIVILEGE_SET pset = (PPRIVILEGE_SET) alloca (plen);
|
2009-09-25 13:44:45 +00:00
|
|
|
HANDLE tok = ((effective && cygheap->user.issetuid ())
|
|
|
|
|
? cygheap->user.imp_token ()
|
|
|
|
|
: hProcImpToken);
|
2003-02-21 14:29:18 +00:00
|
|
|
|
2010-02-26 14:51:59 +00:00
|
|
|
if (!tok)
|
|
|
|
|
{
|
|
|
|
|
if (!DuplicateTokenEx (hProcToken, MAXIMUM_ALLOWED, NULL,
|
2011-06-06 05:02:13 +00:00
|
|
|
SecurityImpersonation, TokenImpersonation,
|
2010-02-26 14:51:59 +00:00
|
|
|
&hProcImpToken))
|
2011-06-06 05:02:13 +00:00
|
|
|
{
|
|
|
|
|
__seterrno ();
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
2010-02-26 14:51:59 +00:00
|
|
|
tok = hProcImpToken;
|
2011-06-06 05:02:13 +00:00
|
|
|
}
|
2006-12-12 16:27:32 +00:00
|
|
|
|
2011-04-29 09:48:25 +00:00
|
|
|
status = NtAccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted,
|
|
|
|
|
&allow);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
2003-02-21 14:29:18 +00:00
|
|
|
__seterrno ();
|
2011-04-29 09:48:25 +00:00
|
|
|
else if (!NT_SUCCESS (allow))
|
2006-10-16 12:26:59 +00:00
|
|
|
{
|
|
|
|
|
/* CV, 2006-10-16: Now, that's really weird. Imagine a user who has no
|
|
|
|
|
standard access to a file, but who has backup and restore privileges
|
|
|
|
|
and these privileges are enabled in the access token. One would
|
|
|
|
|
expect that the AccessCheck function takes this into consideration
|
|
|
|
|
when returning the access status. Otherwise, why bother with the
|
|
|
|
|
pset parameter, right?
|
|
|
|
|
But not so. AccessCheck actually returns a status of "false" here,
|
2011-04-29 09:48:25 +00:00
|
|
|
even though opening a file with backup resp. restore intent
|
2006-10-16 12:26:59 +00:00
|
|
|
naturally succeeds for this user. This definitely spoils the results
|
|
|
|
|
of access(2) for administrative users or the SYSTEM account. So, in
|
|
|
|
|
case the access check fails, another check against the user's
|
|
|
|
|
backup/restore privileges has to be made. Sigh. */
|
|
|
|
|
int granted_flags = 0;
|
2011-04-29 09:48:25 +00:00
|
|
|
BOOLEAN has_priv;
|
|
|
|
|
|
2006-10-16 12:26:59 +00:00
|
|
|
if (flags & R_OK)
|
2006-10-21 11:05:32 +00:00
|
|
|
{
|
2006-10-16 12:26:59 +00:00
|
|
|
pset->PrivilegeCount = 1;
|
|
|
|
|
pset->Control = 0;
|
2007-07-19 08:33:22 +00:00
|
|
|
pset->Privilege[0].Luid.HighPart = 0L;
|
|
|
|
|
pset->Privilege[0].Luid.LowPart = SE_BACKUP_PRIVILEGE;
|
2006-10-16 12:26:59 +00:00
|
|
|
pset->Privilege[0].Attributes = 0;
|
2011-04-29 09:48:25 +00:00
|
|
|
status = NtPrivilegeCheck (tok, pset, &has_priv);
|
|
|
|
|
if (NT_SUCCESS (status) && has_priv)
|
2006-10-16 12:26:59 +00:00
|
|
|
granted_flags |= R_OK;
|
|
|
|
|
}
|
|
|
|
|
if (flags & W_OK)
|
2006-10-21 11:05:32 +00:00
|
|
|
{
|
2006-10-16 12:26:59 +00:00
|
|
|
pset->PrivilegeCount = 1;
|
|
|
|
|
pset->Control = 0;
|
2007-07-19 08:33:22 +00:00
|
|
|
pset->Privilege[0].Luid.HighPart = 0L;
|
|
|
|
|
pset->Privilege[0].Luid.LowPart = SE_RESTORE_PRIVILEGE;
|
2006-10-16 12:26:59 +00:00
|
|
|
pset->Privilege[0].Attributes = 0;
|
2011-04-29 09:48:25 +00:00
|
|
|
status = NtPrivilegeCheck (tok, pset, &has_priv);
|
|
|
|
|
if (NT_SUCCESS (status) && has_priv)
|
2006-10-16 12:26:59 +00:00
|
|
|
granted_flags |= W_OK;
|
|
|
|
|
}
|
|
|
|
|
if (granted_flags == flags)
|
2006-10-21 11:05:32 +00:00
|
|
|
ret = 0;
|
2006-10-16 12:26:59 +00:00
|
|
|
else
|
|
|
|
|
set_errno (EACCES);
|
|
|
|
|
}
|
2003-02-21 14:29:18 +00:00
|
|
|
else
|
|
|
|
|
ret = 0;
|
2006-10-21 11:05:32 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-03-03 12:03:47 +00:00
|
|
|
/* Samba override. Check security descriptor for Samba UNIX user and group
|
|
|
|
|
accounts and check if we have an RFC 2307 mapping to a Windows account.
|
2014-08-28 12:38:52 +00:00
|
|
|
Create a new security descriptor with all of the UNIX accounts with
|
|
|
|
|
valid mapping replaced with their Windows counterpart. */
|
2014-03-03 12:03:47 +00:00
|
|
|
static void
|
|
|
|
|
convert_samba_sd (security_descriptor &sd_ret)
|
|
|
|
|
{
|
|
|
|
|
NTSTATUS status;
|
|
|
|
|
BOOLEAN dummy;
|
|
|
|
|
PSID sid;
|
|
|
|
|
cygsid owner;
|
|
|
|
|
cygsid group;
|
|
|
|
|
SECURITY_DESCRIPTOR sd;
|
|
|
|
|
cyg_ldap cldap;
|
|
|
|
|
tmp_pathbuf tp;
|
|
|
|
|
PACL acl, oacl;
|
|
|
|
|
size_t acl_len;
|
|
|
|
|
PACCESS_ALLOWED_ACE ace;
|
|
|
|
|
|
|
|
|
|
if (!NT_SUCCESS (RtlGetOwnerSecurityDescriptor (sd_ret, &sid, &dummy)))
|
|
|
|
|
return;
|
|
|
|
|
owner = sid;
|
|
|
|
|
if (!NT_SUCCESS (RtlGetGroupSecurityDescriptor (sd_ret, &sid, &dummy)))
|
|
|
|
|
return;
|
|
|
|
|
group = sid;
|
|
|
|
|
|
|
|
|
|
if (sid_id_auth (owner) == 22)
|
|
|
|
|
{
|
|
|
|
|
struct passwd *pwd;
|
|
|
|
|
uid_t uid = owner.get_uid (&cldap);
|
|
|
|
|
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
|
|
|
|
|
owner.getfrompw (pwd);
|
|
|
|
|
}
|
|
|
|
|
if (sid_id_auth (group) == 22)
|
|
|
|
|
{
|
|
|
|
|
struct group *grp;
|
|
|
|
|
gid_t gid = group.get_gid (&cldap);
|
|
|
|
|
if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid)))
|
|
|
|
|
group.getfromgr (grp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd_ret, &dummy,
|
|
|
|
|
&oacl, &dummy)))
|
|
|
|
|
return;
|
|
|
|
|
acl = (PACL) tp.w_get ();
|
|
|
|
|
RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION);
|
|
|
|
|
acl_len = sizeof (ACL);
|
|
|
|
|
|
|
|
|
|
for (DWORD i = 0; i < oacl->AceCount; ++i)
|
|
|
|
|
if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace)))
|
|
|
|
|
{
|
|
|
|
|
cygsid ace_sid ((PSID) &ace->SidStart);
|
|
|
|
|
if (sid_id_auth (ace_sid) == 22)
|
|
|
|
|
{
|
|
|
|
|
if (sid_sub_auth (ace_sid, 0) == 1) /* user */
|
|
|
|
|
{
|
|
|
|
|
struct passwd *pwd;
|
|
|
|
|
uid_t uid = ace_sid.get_uid (&cldap);
|
|
|
|
|
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
|
|
|
|
|
ace_sid.getfrompw (pwd);
|
|
|
|
|
}
|
|
|
|
|
else /* group */
|
|
|
|
|
{
|
|
|
|
|
struct group *grp;
|
|
|
|
|
gid_t gid = ace_sid.get_gid (&cldap);
|
|
|
|
|
if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid)))
|
|
|
|
|
ace_sid.getfromgr (grp);
|
|
|
|
|
}
|
2015-04-02 13:46:04 +02:00
|
|
|
if (!add_access_allowed_ace (acl, ace->Mask, ace_sid, acl_len,
|
2014-03-03 12:03:47 +00:00
|
|
|
ace->Header.AceFlags))
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
acl->AclSize = acl_len;
|
|
|
|
|
|
|
|
|
|
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
|
|
|
|
RtlSetControlSecurityDescriptor (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
|
|
|
|
|
RtlSetOwnerSecurityDescriptor (&sd, owner, FALSE);
|
|
|
|
|
RtlSetGroupSecurityDescriptor (&sd, group, FALSE);
|
|
|
|
|
|
|
|
|
|
status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl, FALSE);
|
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
|
return;
|
|
|
|
|
DWORD sd_size = 0;
|
|
|
|
|
status = RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
|
|
|
|
|
if (sd_size > 0 && sd_ret.malloc (sd_size))
|
|
|
|
|
RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
|
|
|
|
|
}
|
|
|
|
|
|
2006-10-21 11:05:32 +00:00
|
|
|
int
|
2009-09-25 13:44:45 +00:00
|
|
|
check_file_access (path_conv &pc, int flags, bool effective)
|
2006-10-21 11:05:32 +00:00
|
|
|
{
|
|
|
|
|
security_descriptor sd;
|
|
|
|
|
int ret = -1;
|
2011-04-29 09:48:25 +00:00
|
|
|
ACCESS_MASK desired = 0;
|
2006-10-21 11:05:32 +00:00
|
|
|
if (flags & R_OK)
|
|
|
|
|
desired |= FILE_READ_DATA;
|
|
|
|
|
if (flags & W_OK)
|
|
|
|
|
desired |= FILE_WRITE_DATA;
|
|
|
|
|
if (flags & X_OK)
|
|
|
|
|
desired |= FILE_EXECUTE;
|
2011-07-26 13:30:41 +00:00
|
|
|
if (!get_file_sd (pc.handle (), pc, sd, false))
|
2014-03-03 12:03:47 +00:00
|
|
|
{
|
|
|
|
|
/* Tweak Samba security descriptor as necessary. */
|
|
|
|
|
if (pc.fs_is_samba ())
|
|
|
|
|
convert_samba_sd (sd);
|
|
|
|
|
ret = check_access (sd, file_mapping, desired, flags, effective);
|
|
|
|
|
}
|
2013-04-23 09:44:36 +00:00
|
|
|
debug_printf ("flags %y, ret %d", flags, ret);
|
2006-10-21 11:05:32 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2009-09-25 13:44:45 +00:00
|
|
|
check_registry_access (HANDLE hdl, int flags, bool effective)
|
2006-10-21 11:05:32 +00:00
|
|
|
{
|
|
|
|
|
security_descriptor sd;
|
|
|
|
|
int ret = -1;
|
2013-04-23 09:44:36 +00:00
|
|
|
static GENERIC_MAPPING NO_COPY_RO reg_mapping = { KEY_READ,
|
|
|
|
|
KEY_WRITE,
|
|
|
|
|
KEY_EXECUTE,
|
|
|
|
|
KEY_ALL_ACCESS };
|
2011-04-29 09:48:25 +00:00
|
|
|
ACCESS_MASK desired = 0;
|
2006-10-21 11:05:32 +00:00
|
|
|
if (flags & R_OK)
|
|
|
|
|
desired |= KEY_ENUMERATE_SUB_KEYS;
|
|
|
|
|
if (flags & W_OK)
|
|
|
|
|
desired |= KEY_SET_VALUE;
|
|
|
|
|
if (flags & X_OK)
|
|
|
|
|
desired |= KEY_QUERY_VALUE;
|
2011-05-10 17:19:37 +00:00
|
|
|
|
|
|
|
|
if ((HKEY) hdl == HKEY_PERFORMANCE_DATA)
|
|
|
|
|
/* RegGetKeySecurity() always fails with ERROR_INVALID_HANDLE. */
|
|
|
|
|
ret = 0;
|
|
|
|
|
else if (!get_reg_sd (hdl, sd))
|
2011-04-28 07:27:51 +00:00
|
|
|
ret = check_access (sd, reg_mapping, desired, flags, effective);
|
2011-05-10 17:19:37 +00:00
|
|
|
|
2006-10-22 19:31:33 +00:00
|
|
|
/* As long as we can't write the registry... */
|
|
|
|
|
if (flags & W_OK)
|
2007-07-17 14:39:02 +00:00
|
|
|
{
|
|
|
|
|
set_errno (EROFS);
|
|
|
|
|
ret = -1;
|
|
|
|
|
}
|
2013-04-23 09:44:36 +00:00
|
|
|
debug_printf ("flags %y, ret %d", flags, ret);
|
2003-02-21 14:29:18 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
