* security.cc (get_reg_security): New static function.

(get_nt_object_security): Call get_reg_security for registry keys to circumvent problems with predefined registry keys.
2025-01-18 04:19:21 +08:00 · 2005-08-08 16:30:15 +00:00 · 2005-08-08 16:30:15 +00:00 · 2ab8ea6738
commit 2ab8ea6738
parent af925fe4fa
2 changed files with 46 additions and 0 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,9 @@
+2005-08-08  Corinna Vinschen  <corinna@vinschen.de>
+
+	* security.cc (get_reg_security): New static function.
+	(get_nt_object_security): Call get_reg_security for registry keys
+	to circumvent problems with predefined registry keys.
+
 2005-08-08  Corinna Vinschen  <corinna@vinschen.de>

 	* fhandler_process.cc (fhandler_process::open): Allow opening of
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@ -1340,12 +1340,52 @@ get_nt_attribute (const char *file, mode_t *attribute,
  get_info_from_sd (sd, attribute, uidret, gidret);
 }

+static int
+get_reg_security (HANDLE handle, security_descriptor &sd_ret)
+{
+  LONG ret;
+  DWORD len = 0;
+
+  ret = RegGetKeySecurity ((HKEY) handle,
+			   DACL_SECURITY_INFORMATION
+			   | GROUP_SECURITY_INFORMATION
+			   | OWNER_SECURITY_INFORMATION,
+			   sd_ret, &len);
+  if (ret == ERROR_INSUFFICIENT_BUFFER)
+    {
+      if (!sd_ret.malloc (len))
+        set_errno (ENOMEM);
+      else
+	ret = RegGetKeySecurity ((HKEY) handle,
+				 DACL_SECURITY_INFORMATION
+				 | GROUP_SECURITY_INFORMATION
+				 | OWNER_SECURITY_INFORMATION,
+				 sd_ret, &len);
+    }
+  if (ret != STATUS_SUCCESS)
+    {
+      __seterrno ();
+      return -1;
+    }
+  return 0;
+}
+
 int
 get_nt_object_security (HANDLE handle, SE_OBJECT_TYPE object_type,
 			security_descriptor &sd_ret)
 {
  NTSTATUS ret;
  ULONG len = 0;
+  
+  /* Unfortunately, NtQuerySecurityObject doesn't work on predefined registry
+     keys like HKEY_LOCAL_MACHINE.  It fails with "Invalid Handle".  So we
+     have to retreat to the Win32 registry functions for registry keys. 
+     What bugs me is that RegGetKeySecurity is obviously just a wrapper
+     around NtQuerySecurityObject, but there seems to be no function to
+     convert pseudo HKEY values to real handles. */
+  if (object_type == SE_REGISTRY_KEY)
+    return get_reg_security (handle, sd_ret);
+
  ret = NtQuerySecurityObject (handle,
 			       DACL_SECURITY_INFORMATION
 			       | GROUP_SECURITY_INFORMATION