libs/newlib-cygwin
libs
/
newlib-cygwin
mirror of git://sourceware.org/git/newlib-cygwin.git
4
0
Fork 0
Code Issues Projects Releases Wiki Activity

* shared.cc (sec_none): Move to sec_helper.cc. 

(sec_none_nih): Ditto.
	(sec_all): Ditto.
	(sec_all_nih): Ditto.
	(get_null_sd): Ditto.
	(sec_acl): Ditto.
	(__sec_user): Ditto.
	* sec_helper.cc (sec_none): Move from shared.cc to here.
	(sec_none_nih): Ditto.
	(sec_all): Ditto.
	(sec_all_nih): Ditto.
	(get_null_sd): Ditto.
	(sec_acl): Ditto.
	(__sec_user): Ditto.
This commit is contained in:
Corinna Vinschen 2002-07-01 14:31:28 +00:00
parent dad0a75b0e
commit 73d97618a7
3 changed files with 113 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,20 @@
2002-07-01 Corinna Vinschen <corinna@vinschen.de>
* shared.cc (sec_none): Move to sec_helper.cc.
(sec_none_nih): Ditto.
(sec_all): Ditto.
(sec_all_nih): Ditto.
(get_null_sd): Ditto.
(sec_acl): Ditto.
(__sec_user): Ditto.
* sec_helper.cc (sec_none): Move from shared.cc to here.
(sec_none_nih): Ditto.
(sec_all): Ditto.
(sec_all_nih): Ditto.
(get_null_sd): Ditto.
(sec_acl): Ditto.
(__sec_user): Ditto.
2002-06-30 Christopher Faylor <cgf@redhat.com> 2002-06-30 Christopher Faylor <cgf@redhat.com>
* uinfo.cc (cygheap_user::ontherange): Potentially set HOME from * uinfo.cc (cygheap_user::ontherange): Potentially set HOME from

96
winsup/cygwin/sec_helper.cc
View File

@ -32,6 +32,12 @@ details. */
#include "pinfo.h" #include "pinfo.h"
#include "cygheap.h" #include "cygheap.h"
/* General purpose security attribute objects for global use. */
SECURITY_ATTRIBUTES NO_COPY sec_none;
SECURITY_ATTRIBUTES NO_COPY sec_none_nih;
SECURITY_ATTRIBUTES NO_COPY sec_all;
SECURITY_ATTRIBUTES NO_COPY sec_all_nih;
SID_IDENTIFIER_AUTHORITY sid_auth[] = { SID_IDENTIFIER_AUTHORITY sid_auth[] = {
{SECURITY_NULL_SID_AUTHORITY}, {SECURITY_NULL_SID_AUTHORITY},
{SECURITY_WORLD_SID_AUTHORITY}, {SECURITY_WORLD_SID_AUTHORITY},
@ -387,3 +393,93 @@ out:
syscall_printf ("%d = set_process_privilege (%s, %d)",ret, privilege, enable); syscall_printf ("%d = set_process_privilege (%s, %d)",ret, privilege, enable);
return ret; return ret;
} }
/*
* Function to return a common SECURITY_DESCRIPTOR * that
* allows all access.
*/
static NO_COPY SECURITY_DESCRIPTOR *null_sdp = 0;
SECURITY_DESCRIPTOR *__stdcall
get_null_sd ()
{
static NO_COPY SECURITY_DESCRIPTOR sd;
if (null_sdp == 0)
{
InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl (&sd, TRUE, 0, FALSE);
null_sdp = &sd;
}
return null_sdp;
}
BOOL
sec_acl (PACL acl, BOOL admins, PSID sid1, PSID sid2)
{
size_t acl_len = MAX_DACL_LEN(5);
if (!InitializeAcl (acl, acl_len, ACL_REVISION))
{
debug_printf ("InitializeAcl %E");
return FALSE;
}
if (sid2)
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, sid2))
debug_printf ("AddAccessAllowedAce(sid2) %E");
if (sid1)
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, sid1))
debug_printf ("AddAccessAllowedAce(sid1) %E", sid1);
if (admins)
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, well_known_admins_sid))
debug_printf ("AddAccessAllowedAce(admin) %E");
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, well_known_system_sid))
debug_printf ("AddAccessAllowedAce(system) %E");
#if 0 /* Does not seem to help */
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, well_known_creator_owner_sid))
debug_printf ("AddAccessAllowedAce(creator_owner) %E");
#endif
return TRUE;
}
PSECURITY_ATTRIBUTES __stdcall
__sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
{
PSECURITY_ATTRIBUTES psa = (PSECURITY_ATTRIBUTES) sa_buf;
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)
((char *) sa_buf + sizeof (*psa));
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
cygsid sid;
if (!(sid = cygheap->user.orig_sid ()) ||
(!sec_acl (acl, TRUE, sid, sid2)))
return inherit ? &sec_none : &sec_none_nih;
if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
debug_printf ("InitializeSecurityDescriptor %E");
/*
* Setting the owner lets the created security attribute not work
* on NT4 SP3 Server. Don't know why, but the function still does
* what it should do also if the owner isn't set.
*/
#if 0
if (!SetSecurityDescriptorOwner (psd, sid, FALSE))
debug_printf ("SetSecurityDescriptorOwner %E");
#endif
if (!SetSecurityDescriptorDacl (psd, TRUE, acl, FALSE))
debug_printf ("SetSecurityDescriptorDacl %E");
psa->nLength = sizeof (SECURITY_ATTRIBUTES);
psa->lpSecurityDescriptor = psd;
psa->bInheritHandle = inherit;
return psa;
}

96
winsup/cygwin/shared.cc
View File

@ -31,12 +31,6 @@ shared_info NO_COPY *cygwin_shared = NULL;
mount_info NO_COPY *mount_table = NULL; mount_info NO_COPY *mount_table = NULL;
HANDLE cygwin_mount_h; HANDLE cygwin_mount_h;
/* General purpose security attribute objects for global use. */
SECURITY_ATTRIBUTES NO_COPY sec_none;
SECURITY_ATTRIBUTES NO_COPY sec_none_nih;
SECURITY_ATTRIBUTES NO_COPY sec_all;
SECURITY_ATTRIBUTES NO_COPY sec_all_nih;
char * __stdcall char * __stdcall
shared_name (const char *str, int num) shared_name (const char *str, int num)
{ {
@ -212,93 +206,3 @@ shared_info::heap_chunk_size ()
return heap_chunk_in_mb << 20; return heap_chunk_in_mb << 20;
} }
/*
* Function to return a common SECURITY_DESCRIPTOR * that
* allows all access.
*/
static NO_COPY SECURITY_DESCRIPTOR *null_sdp = 0;
SECURITY_DESCRIPTOR *__stdcall
get_null_sd ()
{
static NO_COPY SECURITY_DESCRIPTOR sd;
if (null_sdp == 0)
{
InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl (&sd, TRUE, 0, FALSE);
null_sdp = &sd;
}
return null_sdp;
}
BOOL
sec_acl (PACL acl, BOOL admins, PSID sid1, PSID sid2)
{
size_t acl_len = MAX_DACL_LEN(5);
if (!InitializeAcl (acl, acl_len, ACL_REVISION))
{
debug_printf ("InitializeAcl %E");
return FALSE;
}
if (sid2)
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, sid2))
debug_printf ("AddAccessAllowedAce(sid2) %E");
if (sid1)
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, sid1))
debug_printf ("AddAccessAllowedAce(sid1) %E", sid1);
if (admins)
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, well_known_admins_sid))
debug_printf ("AddAccessAllowedAce(admin) %E");
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, well_known_system_sid))
debug_printf ("AddAccessAllowedAce(system) %E");
#if 0 /* Does not seem to help */
if (!AddAccessAllowedAce (acl, ACL_REVISION,
GENERIC_ALL, well_known_creator_owner_sid))
debug_printf ("AddAccessAllowedAce(creator_owner) %E");
#endif
return TRUE;
}
PSECURITY_ATTRIBUTES __stdcall
__sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
{
PSECURITY_ATTRIBUTES psa = (PSECURITY_ATTRIBUTES) sa_buf;
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)
((char *) sa_buf + sizeof (*psa));
PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
cygsid sid;
if (!(sid = cygheap->user.orig_sid ()) ||
(!sec_acl (acl, TRUE, sid, sid2)))
return inherit ? &sec_none : &sec_none_nih;
if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
debug_printf ("InitializeSecurityDescriptor %E");
/*
* Setting the owner lets the created security attribute not work
* on NT4 SP3 Server. Don't know why, but the function still does
* what it should do also if the owner isn't set.
*/
#if 0
if (!SetSecurityDescriptorOwner (psd, sid, FALSE))
debug_printf ("SetSecurityDescriptorOwner %E");
#endif
if (!SetSecurityDescriptorDacl (psd, TRUE, acl, FALSE))
debug_printf ("SetSecurityDescriptorDacl %E");
psa->nLength = sizeof (SECURITY_ATTRIBUTES);
psa->lpSecurityDescriptor = psd;
psa->bInheritHandle = inherit;
return psa;
}