libs/newlib-cygwin
libs/newlib-cygwin
4
0
Fork 0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-01-19 04:49:25 +08:00
Code Issues Projects Releases Wiki Activity

* flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use

Browse Source 
instead of ACL_DEFAULT_SIZE.
	* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
	* security.h (ACL_DEFAULT_SIZE): Drop definition.
	(ACL_MAXIMUM_SIZE): Define.
	(SD_MAXIMUM_SIZE): Define.
	* security.cc (get_file_sd): Allocate security_decscriptor with size
	SD_MAXIMUM_SIZE.
	(alloc_sd): Use TLS buffer to allow maximum ACL size.
This commit is contained in:
Corinna Vinschen 2010-09-10 14:53:44 +00:00
parent f65c5a0a2b
commit 4e8f539f15
5 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,15 @@
2010-09-10 Corinna Vinschen <corinna@vinschen.de>
* flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use
instead of ACL_DEFAULT_SIZE.
* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
* security.h (ACL_DEFAULT_SIZE): Drop definition.
(ACL_MAXIMUM_SIZE): Define.
(SD_MAXIMUM_SIZE): Define.
* security.cc (get_file_sd): Allocate security_decscriptor with size
SD_MAXIMUM_SIZE.
(alloc_sd): Use TLS buffer to allow maximum ACL size.
2010-09-10 Corinna Vinschen <corinna@vinschen.de> 2010-09-10 Corinna Vinschen <corinna@vinschen.de>
* mount.cc (class fs_info_cache): New class to cache filesystem * mount.cc (class fs_info_cache): New class to cache filesystem

5
winsup/cygwin/flock.cc
View File

@ -155,10 +155,11 @@ allow_others_to_sync ()
should be more than sufficient for process ACLs. Can't use tls functions should be more than sufficient for process ACLs. Can't use tls functions
at this point because this gets called during initialization when the tls at this point because this gets called during initialization when the tls
is not really available. */ is not really available. */
PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (ACL_DEFAULT_SIZE); #define MAX_PROCESS_SD_SIZE 3072
PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (MAX_PROCESS_SD_SIZE);
status = NtQuerySecurityObject (NtCurrentProcess (), status = NtQuerySecurityObject (NtCurrentProcess (),
DACL_SECURITY_INFORMATION, sd, DACL_SECURITY_INFORMATION, sd,
ACL_DEFAULT_SIZE, &len); MAX_PROCESS_SD_SIZE, &len);
if (!NT_SUCCESS (status)) if (!NT_SUCCESS (status))
{ {
debug_printf ("NtQuerySecurityObject: %p", status); debug_printf ("NtQuerySecurityObject: %p", status);

6
winsup/cygwin/sec_acl.cc
View File

@ -22,6 +22,7 @@ details. */
#include "dtable.h" #include "dtable.h"
#include "cygheap.h" #include "cygheap.h"
#include "pwdgrp.h" #include "pwdgrp.h"
#include "tls_pbuf.h"
static int static int
searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UID) searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UID)
@ -40,6 +41,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
bool &writable) bool &writable)
{ {
security_descriptor sd_ret; security_descriptor sd_ret;
tmp_pathbuf tp;
if (get_file_sd (handle, pc, sd_ret, false)) if (get_file_sd (handle, pc, sd_ret, false))
return -1; return -1;
@ -83,7 +85,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
} }
/* Fill access control list. */ /* Fill access control list. */
PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE); PACL acl = (PACL) tp.w_get ();
size_t acl_len = sizeof (ACL); size_t acl_len = sizeof (ACL);
int ace_off = 0; int ace_off = 0;
@ -92,7 +94,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
struct __group32 *gr; struct __group32 *gr;
int pos; int pos;
if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION)) if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
{ {
__seterrno (); __seterrno ();
return -1; return -1;

8
winsup/cygwin/security.cc
View File

@ -24,6 +24,7 @@ details. */
#include "cygheap.h" #include "cygheap.h"
#include "ntdll.h" #include "ntdll.h"
#include "pwdgrp.h" #include "pwdgrp.h"
#include "tls_pbuf.h"
#include <aclapi.h> #include <aclapi.h>
#define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \ #define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \
@ -68,7 +69,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
else else
{ {
NTSTATUS status; NTSTATUS status;
ULONG len = 32768; ULONG len = SD_MAXIMUM_SIZE;
if (!sd.malloc (len)) if (!sd.malloc (len))
{ {
@ -413,6 +414,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
security_descriptor &sd_ret) security_descriptor &sd_ret)
{ {
BOOL dummy; BOOL dummy;
tmp_pathbuf tp;
/* NOTE: If the high bit of attribute is set, we have just created /* NOTE: If the high bit of attribute is set, we have just created
a file or directory. See below for an explanation. */ a file or directory. See below for an explanation. */
@ -483,8 +485,8 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
} }
/* Initialize local access control list. */ /* Initialize local access control list. */
PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE); PACL acl = (PACL) tp.w_get ();
if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION)) if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
{ {
__seterrno (); __seterrno ();
return NULL; return NULL;

3
winsup/cygwin/security.h
View File

@ -26,7 +26,8 @@ details. */
#define MAX_DACL_LEN(n) (sizeof (ACL) \ #define MAX_DACL_LEN(n) (sizeof (ACL) \
+ (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN)) + (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN))
#define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1)) #define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1))
#define ACL_DEFAULT_SIZE 3072 #define ACL_MAXIMUM_SIZE 65532 /* Yeah, right. 64K - sizeof (DWORD). */
#define SD_MAXIMUM_SIZE 65536
#define NO_SID ((PSID)NULL) #define NO_SID ((PSID)NULL)
#ifndef SE_CREATE_TOKEN_PRIVILEGE #ifndef SE_CREATE_TOKEN_PRIVILEGE