From 40afcae3565fc6dee9452bf0d7c0ae64c27208d8 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Fri, 1 Apr 2011 08:41:26 +0000 Subject: [PATCH] * fhandler_random.cc (fhandler_dev_random::crypt_gen_random): Use CryptAcquireContextW. * ntdll.h (STATUS_PROCEDURE_NOT_FOUND): Define. * sec_auth.cc (open_local_policy): Rename NTSTATUS variable ret to status. Drop usage of LsaNtStatusToWinError. (verify_token): Call NtQuerySecurityObject instead of GetKernelObjectSecurity. (create_token): Rename NTSTATUS variable ret to status. Rename ret2 to sub_status. Drop usage of LsaNtStatusToWinError. In case LsaLogonUser fails, report the sub_status as well. --- winsup/cygwin/ChangeLog | 13 +++++++ winsup/cygwin/fhandler_random.cc | 13 ++++--- winsup/cygwin/ntdll.h | 1 + winsup/cygwin/sec_auth.cc | 59 +++++++++++++++++--------------- 4 files changed, 51 insertions(+), 35 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index d66727ebb..37b560ea3 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,16 @@ +2011-04-01 Corinna Vinschen + + * fhandler_random.cc (fhandler_dev_random::crypt_gen_random): + Use CryptAcquireContextW. + * ntdll.h (STATUS_PROCEDURE_NOT_FOUND): Define. + * sec_auth.cc (open_local_policy): Rename NTSTATUS variable ret to + status. Drop usage of LsaNtStatusToWinError. + (verify_token): Call NtQuerySecurityObject instead of + GetKernelObjectSecurity. + (create_token): Rename NTSTATUS variable ret to status. Rename ret2 to + sub_status. Drop usage of LsaNtStatusToWinError. In case LsaLogonUser + fails, report the sub_status as well. + 2011-04-01 Corinna Vinschen * libc/strptime.c: Remove misleading comment. diff --git a/winsup/cygwin/fhandler_random.cc b/winsup/cygwin/fhandler_random.cc index e5d8a4866..587a6375d 100644 --- a/winsup/cygwin/fhandler_random.cc +++ b/winsup/cygwin/fhandler_random.cc @@ -1,7 +1,6 @@ /* fhandler_random.cc: code to access /dev/random and /dev/urandom - Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2009 - Red Hat, Inc. + Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2009, 2011 Red Hat, Inc. Written by Corinna Vinschen (vinschen@cygnus.com) @@ -42,11 +41,11 @@ bool fhandler_dev_random::crypt_gen_random (void *ptr, size_t len) { if (!crypt_prov - && !CryptAcquireContext (&crypt_prov, NULL, MS_DEF_PROV, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET) - && !CryptAcquireContext (&crypt_prov, NULL, MS_DEF_PROV, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET - | CRYPT_NEWKEYSET)) + && !CryptAcquireContextW (&crypt_prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET) + && !CryptAcquireContextW (&crypt_prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET + | CRYPT_NEWKEYSET)) { debug_printf ("%E = CryptAquireContext()"); return false; diff --git a/winsup/cygwin/ntdll.h b/winsup/cygwin/ntdll.h index 757291439..d0f15b90d 100644 --- a/winsup/cygwin/ntdll.h +++ b/winsup/cygwin/ntdll.h @@ -40,6 +40,7 @@ #define STATUS_NO_EAS_ON_FILE ((NTSTATUS) 0xc0000052) #define STATUS_LOCK_NOT_GRANTED ((NTSTATUS) 0xc0000055) #define STATUS_DELETE_PENDING ((NTSTATUS) 0xc0000056) +#define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS) 0xc000007a) #define STATUS_DISK_FULL ((NTSTATUS) 0xc000007f) #define STATUS_WORKING_SET_QUOTA ((NTSTATUS) 0xc00000a1) #define STATUS_INSTANCE_NOT_AVAILABLE ((NTSTATUS) 0xc00000ab) diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index 9f27f9d6d..0c86546d6 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -194,10 +194,10 @@ open_local_policy (ACCESS_MASK access) LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; HANDLE lsa = INVALID_HANDLE_VALUE; - NTSTATUS ret = LsaOpenPolicy (NULL, &oa, access, &lsa); - if (ret != STATUS_SUCCESS) + NTSTATUS status = LsaOpenPolicy (NULL, &oa, access, &lsa); + if (!NT_SUCCESS (status)) { - __seterrno_from_win_error (LsaNtStatusToWinError (ret)); + __seterrno_from_nt_status (status); /* Some versions of Windows set the lsa handle to NULL when LsaOpenPolicy fails. */ lsa = INVALID_HANDLE_VALUE; @@ -699,9 +699,11 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) const DWORD sd_buf_siz = MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR); PSECURITY_DESCRIPTOR sd_buf = (PSECURITY_DESCRIPTOR) alloca (sd_buf_siz); cygpsid gsid (NO_SID); - if (!GetKernelObjectSecurity (token, GROUP_SECURITY_INFORMATION, - sd_buf, sd_buf_siz, &size)) - debug_printf ("GetKernelObjectSecurity(), %E"); + NTSTATUS status; + status = NtQuerySecurityObject (token, GROUP_SECURITY_INFORMATION, + sd_buf, sd_buf_siz, &size); + if (!NT_SUCCESS (status)) + debug_printf ("NtQuerySecurityObject(), %p", status); else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid, (BOOL *) &size)) debug_printf ("GetSecurityDescriptorGroup(), %E"); @@ -774,7 +776,7 @@ done: HANDLE create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) { - NTSTATUS ret; + NTSTATUS status; LSA_HANDLE lsa = INVALID_HANDLE_VALUE; cygsidlist tmp_gsids (cygsidlist_auto, 12); @@ -894,11 +896,11 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) goto out; /* Let's be heroic... */ - ret = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation, - &auth_luid, &exp, &user, new_tok_gsids, privs, &owner, - &pgrp, &dacl, &source); - if (ret) - __seterrno_from_nt_status (ret); + status = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation, + &auth_luid, &exp, &user, new_tok_gsids, privs, &owner, + &pgrp, &dacl, &source); + if (status) + __seterrno_from_nt_status (status); else { /* Convert to primary token. */ @@ -933,7 +935,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) LSA_STRING name; HANDLE lsa_hdl = NULL, lsa = INVALID_HANDLE_VALUE; LSA_OPERATIONAL_MODE sec_mode; - NTSTATUS ret, ret2; + NTSTATUS status, sub_status; ULONG package_id, size; LUID auth_luid = SYSTEM_LUID; struct { @@ -963,12 +965,12 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) /* Register as logon process. */ str2lsa (name, "Cygwin"); SetLastError (0); - ret = LsaRegisterLogonProcess (&name, &lsa_hdl, &sec_mode); - if (ret != STATUS_SUCCESS) + status = LsaRegisterLogonProcess (&name, &lsa_hdl, &sec_mode); + if (status != STATUS_SUCCESS) { - debug_printf ("LsaRegisterLogonProcess: %p", ret); - __seterrno_from_win_error (ret == ERROR_PROC_NOT_FOUND - ? ret : LsaNtStatusToWinError (ret)); + debug_printf ("LsaRegisterLogonProcess: %p", status); + __seterrno_from_nt_status (status == ERROR_PROC_NOT_FOUND + ? STATUS_PROCEDURE_NOT_FOUND : status); goto out; } else if (GetLastError () == ERROR_PROC_NOT_FOUND) @@ -978,11 +980,11 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) } /* Get handle to our own LSA package. */ str2lsa (name, CYG_LSA_PKGNAME); - ret = LsaLookupAuthenticationPackage (lsa_hdl, &name, &package_id); - if (ret != STATUS_SUCCESS) + status = LsaLookupAuthenticationPackage (lsa_hdl, &name, &package_id); + if (status != STATUS_SUCCESS) { - debug_printf ("LsaLookupAuthenticationPackage: %p", ret); - __seterrno_from_win_error (LsaNtStatusToWinError (ret)); + debug_printf ("LsaLookupAuthenticationPackage: %p", status); + __seterrno_from_nt_status (status); goto out; } @@ -1135,13 +1137,14 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) authinf->checksum += *csp++; /* Try to logon... */ - ret = LsaLogonUser (lsa_hdl, (PLSA_STRING) &origin, Interactive, package_id, - authinf, authinf_size, NULL, &ts, &profile, &size, &luid, - &user_token, "a, &ret2); - if (ret != STATUS_SUCCESS) + status = LsaLogonUser (lsa_hdl, (PLSA_STRING) &origin, Interactive, + package_id, authinf, authinf_size, NULL, &ts, + &profile, &size, &luid, &user_token, "a, + &sub_status); + if (status != STATUS_SUCCESS) { - debug_printf ("LsaLogonUser: %p", ret); - __seterrno_from_win_error (LsaNtStatusToWinError (ret)); + debug_printf ("LsaLogonUser: %p (sub-status %p)", status, sub_status); + __seterrno_from_nt_status (status); goto out; } if (profile)