* fhandler.cc (fhandler_base::fhaccess): Accommodate interface changes

of access control functions throughout. * fhandler_disk_file.cc: Ditto. * fhandler_registry.cc: Ditto. * sec_acl.cc: Drop unnecessary includes. (setacl): Take path_conv instead of file name as parameter. Accommodate interface changes of access control functions. (getacl): Ditto. * sec_auth.cc: New file, taking over all authentication related functions from security.cc. * sec_helper.cc: Drop unnecessary includes. * security.cc: Ditto. Move all authentication related functions to sec_auth.cc. (ALL_SECURITY_INFORMATION): New define. Use throughout. (set_file_sd): New function, replacing read_sd and the file related part of get_nt_object_security. (get_reg_sd): Rename from get_reg_security. Drop type parameter. (get_reg_attribute): New function, replacing the registry related part of get_nt_object_security. (get_file_attribute): Take path_conv instead of file name as parameter. Use new get_file_sd call. (set_file_attribute): Ditto plus new set_file_sd. Drop unnecessary implementation without uid/gid parameters. (check_file_access): Take path_conv instead of file name as parameter. Use new get_file_sd call. (check_registry_access): Use new get_reg_sd call. * security.h: Accommodate above interface changes.
2007-07-20 14:29:43 +00:00 · 2007-07-20 14:29:43 +00:00 · eea4e48208
parent f36b37ed6e
commit eea4e48208
10 changed files with 1300 additions and 1394 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,36 @@
+2007-07-20  Corinna Vinschen  <corinna@vinschen.de>
+
+	* Makefile.in (DLL_OFILES): Add sec_auth.o.
+
+
+	* fhandler.cc (fhandler_base::fhaccess): Accommodate interface changes
+	of access control functions throughout.
+	* fhandler_disk_file.cc: Ditto.
+	* fhandler_registry.cc: Ditto.
+	* sec_acl.cc: Drop unnecessary includes.
+	(setacl): Take path_conv instead of file name as parameter.
+	Accommodate interface changes of access control functions.
+	(getacl): Ditto.
+	* sec_auth.cc: New file, taking over all authentication related
+	functions from security.cc.
+	* sec_helper.cc: Drop unnecessary includes.
+	* security.cc: Ditto.  Move all authentication related functions to
+	sec_auth.cc.
+	(ALL_SECURITY_INFORMATION): New define.  Use throughout.
+	(set_file_sd): New function, replacing read_sd and the file related
+	part of get_nt_object_security.
+	(get_reg_sd): Rename from get_reg_security.  Drop type parameter.
+	(get_reg_attribute): New function, replacing the registry related part
+	of get_nt_object_security.
+	(get_file_attribute): Take path_conv instead of file name as parameter.
+	Use new get_file_sd call.
+	(set_file_attribute): Ditto plus new set_file_sd.  Drop unnecessary
+	implementation without uid/gid parameters.
+	(check_file_access): Take path_conv instead of file name as parameter.
+	Use new get_file_sd call.
+	(check_registry_access): Use new get_reg_sd call.
+	* security.h: Accommodate above interface changes.
+
 2007-07-19  Corinna Vinschen  <corinna@vinschen.de>

 	* security.cc (set_nt_attribute): Remove.
--- a/winsup/cygwin/Makefile.in
+++ b/winsup/cygwin/Makefile.in
@ -139,12 +139,12 @@ DLL_OFILES:=assert.o autoload.o bsdlib.o ctype.o cxx.o cygheap.o cygthread.o \
 	minires.o miscfuncs.o mktemp.o mmap.o msg.o net.o netdb.o nftw.o \
 	passwd.o path.o pinfo.o pipe.o poll.o posix_ipc.o pthread.o random.o \
 	regcomp.o regerror.o regexec.o regfree.o registry.o resource.o rexec.o \
-	rcmd.o scandir.o sched.o sec_acl.o sec_helper.o security.o select.o \
-	sem.o shared.o shm.o sigfe.o signal.o sigproc.o smallprint.o spawn.o \
-	strace.o strptime.o strsep.o strsig.o sync.o syscalls.o sysconf.o \
-	syslog.o termios.o thread.o timelocal.o timer.o times.o tty.o uinfo.o \
-	uname.o v8_regexp.o v8_regerror.o v8_regsub.o wait.o wincap.o window.o \
-	winf.o xsique.o \
+	rcmd.o scandir.o sched.o sec_acl.o sec_auth.o sec_helper.o security.o \
+	select.o sem.o shared.o shm.o sigfe.o signal.o sigproc.o smallprint.o \
+	spawn.o strace.o strptime.o strsep.o strsig.o sync.o syscalls.o \
+	sysconf.o syslog.o termios.o thread.o timelocal.o timer.o times.o \
+	tty.o uinfo.o uname.o v8_regexp.o v8_regerror.o v8_regsub.o wait.o \
+	wincap.o window.o winf.o xsique.o \
 	$(EXTRA_DLL_OFILES) $(EXTRA_OFILES) $(MALLOC_OFILES) $(MT_SAFE_OBJECTS)

 GMON_OFILES:=gmon.o mcount.o profil.o
--- a/winsup/cygwin/fhandler.cc
+++ b/winsup/cygwin/fhandler.cc
@ -374,7 +374,7 @@ fhandler_base::fhaccess (int flags)
    goto eaccess_done;
  else if (has_acls () && allow_ntsec)
    {
-      res = check_file_access (get_win32_name (), flags);
+      res = check_file_access (pc, flags);
      goto done;
    }
  else if (get_device () == FH_REGISTRY && allow_ntsec && open (O_RDONLY, 0)
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@ -433,17 +433,15 @@ fhandler_base::fstat_helper (struct __stat64 *buf,
      buf->st_size = pc.get_symlink_length ();
      /* symlinks are everything for everyone! */
      buf->st_mode = S_IFLNK | S_IRWXU | S_IRWXG | S_IRWXO;
-      get_file_attribute (pc.has_acls (), get_io_handle (), get_win32_name (),
-			  NULL, &buf->st_uid, &buf->st_gid);
+      get_file_attribute (get_io_handle (), pc, NULL,
+			  &buf->st_uid, &buf->st_gid);
      goto done;
    }
  else if (pc.issocket ())
    buf->st_mode = S_IFSOCK;

-  if (!get_file_attribute (pc.has_acls (),
-			   is_fs_special () ? NULL: get_io_handle (),
-			   get_win32_name (), &buf->st_mode,
-			   &buf->st_uid, &buf->st_gid))
+  if (!get_file_attribute (is_fs_special () ? NULL: get_io_handle (), pc,
+			   &buf->st_mode, &buf->st_uid, &buf->st_gid))
    {
      /* If read-only attribute is set, modify ntsec return value */
      if (::has_attribute (dwFileAttributes, FILE_ATTRIBUTE_READONLY)
@ -660,7 +658,7 @@ fhandler_disk_file::fchmod (mode_t mode)
    {
      if (pc.isdir ())
 	mode |= S_IFDIR;
-      if (!set_file_attribute (pc.has_acls (), get_io_handle (), pc,
+      if (!set_file_attribute (get_io_handle (), pc,
 			       ILLEGAL_UID, ILLEGAL_GID, mode)
 	  && allow_ntsec)
 	res = 0;
@ -706,7 +704,7 @@ fhandler_disk_file::fchown (__uid32_t uid, __gid32_t gid)
  mode_t attrib = 0;
  if (pc.isdir ())
    attrib |= S_IFDIR;
-  int res = get_file_attribute (pc.has_acls (), get_io_handle (), pc, &attrib);
+  int res = get_file_attribute (get_io_handle (), pc, &attrib, NULL, NULL);
  if (!res)
    {
      /* Typical Windows default ACLs can contain permissions for one
@ -718,8 +716,7 @@ fhandler_disk_file::fchown (__uid32_t uid, __gid32_t gid)
 	 world to read the symlink and only the new owner to change it. */
      if (pc.issymlink ())
 	attrib = S_IFLNK | STD_RBITS | STD_WBITS;
-      res = set_file_attribute (pc.has_acls (), get_io_handle (), pc,
-				uid, gid, attrib);
+      res = set_file_attribute (get_io_handle (), pc, uid, gid, attrib);
    }
  if (oret)
    close ();
@ -808,10 +805,10 @@ fhandler_disk_file::facl (int cmd, int nentries, __aclent32_t *aclbufp)
 	    if (!aclbufp)
 	      set_errno(EFAULT);
 	    else
-	      res = getacl (get_io_handle (), pc, pc, nentries, aclbufp);
+	      res = getacl (get_io_handle (), pc, nentries, aclbufp);
 	    break;
 	  case GETACLCNT:
-	    res = getacl (get_io_handle (), pc, pc, 0, NULL);
+	    res = getacl (get_io_handle (), pc, 0, NULL);
 	    break;
 	  default:
 	    set_errno (EINVAL);
--- a/winsup/cygwin/fhandler_registry.cc
+++ b/winsup/cygwin/fhandler_registry.cc
@ -269,9 +269,7 @@ fhandler_registry::fstat (struct __stat64 *buf)
 		}
 	      __uid32_t uid;
 	      __gid32_t gid;
-	      if (get_object_attribute
-		  ((HANDLE) hKey, SE_REGISTRY_KEY, &buf->st_mode, &uid,
-		   &gid) == 0)
+	      if (get_reg_attribute (hKey, &buf->st_mode, &uid, &gid) == 0)
 		{
 		  buf->st_uid = uid;
 		  buf->st_gid = gid;
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@ -11,17 +11,9 @@ Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
 details. */

 #include "winsup.h"
-#include <grp.h>
-#include <pwd.h>
-#include <unistd.h>
 #include <stdlib.h>
-#include <limits.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 #include <sys/acl.h>
 #include <ctype.h>
-#include <wingdi.h>
-#include <winuser.h>
 #include "cygerrno.h"
 #include "security.h"
 #include "path.h"
@ -44,17 +36,13 @@ searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UI
 }

 int
-setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp,
+setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
 	bool &writable)
 {
  security_descriptor sd_ret;

-  if ((!handle || get_nt_object_security (handle, SE_FILE_OBJECT, sd_ret))
-      && read_sd (file, sd_ret) <= 0)
-    {
-      debug_printf ("read_sd %E");
-      return -1;
-    }
+  if (get_file_sd (handle, pc, sd_ret))
+    return -1;

  BOOL dummy;

@ -227,7 +215,7 @@ setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp,
      return -1;
    }
  debug_printf ("Created SD-Size: %d", sd_ret.size ());
-  return write_sd (handle, file, sd_ret);
+  return set_file_sd (handle, pc, sd_ret);
 }

 /* Temporary access denied bits */
@ -262,17 +250,12 @@ getace (__aclent32_t &acl, int type, int id, DWORD win_ace_mask,
 }

 int
-getacl (HANDLE handle, const char *file, DWORD attr, int nentries,
-	__aclent32_t *aclbufp)
+getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp)
 {
  security_descriptor sd;

-  if ((!handle || get_nt_object_security (handle, SE_FILE_OBJECT, sd))
-      && read_sd (file, sd) <= 0)
-    {
-      debug_printf ("read_sd %E");
-      return -1;
-    }
+  if (get_file_sd (handle, pc, sd))
+    return -1;

  cygpsid owner_sid;
  cygpsid group_sid;
@ -372,7 +355,7 @@ getacl (HANDLE handle, const char *file, DWORD attr, int nentries,
 		getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType);
 	    }
 	  if ((ace->Header.AceFlags & SUB_CONTAINERS_AND_OBJECTS_INHERIT)
-	      && (attr & FILE_ATTRIBUTE_DIRECTORY))
+	      && pc.isdir ())
 	    {
 	      if (type == USER_OBJ)
 		type = USER;
@ -408,7 +391,7 @@ getacl (HANDLE handle, const char *file, DWORD attr, int nentries,
      aclbufp[i].a_perm &= ~(DENY_R | DENY_W | DENY_X);
    aclsort32 (pos, 0, aclbufp);
  }
-  syscall_printf ("%d = getacl (%s)", pos, file);
+  syscall_printf ("%d = getacl (%s)", pos, pc.get_win32 ());
  return pos;
 }

--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@ -11,17 +11,8 @@ Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
 details. */

 #include "winsup.h"
-#include <grp.h>
-#include <pwd.h>
-#include <unistd.h>
 #include <stdlib.h>
-#include <limits.h>
-#include <sys/stat.h>
 #include <sys/acl.h>
-#include <ctype.h>
-#include <wingdi.h>
-#include <winuser.h>
-#include <wininet.h>
 #include "cygerrno.h"
 #include "security.h"
 #include "path.h"
@ -29,7 +20,6 @@ details. */
 #include "dtable.h"
 #include "pinfo.h"
 #include "cygheap.h"
-#include "cygtls.h"
 #include "pwdgrp.h"
 #include "ntdll.h"

--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@ -335,19 +335,16 @@ extern bool allow_ntsec;
 extern bool allow_smbntsec;

 /* File manipulation */
-int __stdcall get_file_attribute (int, HANDLE, const char *, mode_t *,
-				  __uid32_t * = NULL, __gid32_t * = NULL);
-int __stdcall set_file_attribute (bool, HANDLE, const char *, int);
-int __stdcall set_file_attribute (bool, HANDLE, const char *, __uid32_t, __gid32_t, int);
-int __stdcall get_nt_object_security (HANDLE, SE_OBJECT_TYPE,
-				      security_descriptor &);
-int __stdcall get_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type, mode_t *,
-				  __uid32_t * = NULL, __gid32_t * = NULL);
-LONG __stdcall read_sd (const char *file, security_descriptor &sd);
-LONG __stdcall write_sd (HANDLE fh, const char *file, security_descriptor &sd);
+int __stdcall get_file_attribute (HANDLE, path_conv &, mode_t *,
+				  __uid32_t *, __gid32_t *);
+int __stdcall set_file_attribute (HANDLE, path_conv &,
+				  __uid32_t, __gid32_t, int);
+int __stdcall get_reg_attribute (HKEY hkey, mode_t *, __uid32_t *, __gid32_t *);
+LONG __stdcall get_file_sd (HANDLE fh, path_conv &, security_descriptor &sd);
+LONG __stdcall set_file_sd (HANDLE fh, path_conv &, security_descriptor &sd);
 bool __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);
 bool __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);
-int __stdcall check_file_access (const char *, int);
+int __stdcall check_file_access (path_conv &, int);
 int __stdcall check_registry_access (HANDLE, int);

 void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
@ -359,8 +356,8 @@ bool get_sids_info (cygpsid, cygpsid, __uid32_t * , __gid32_t *);
 struct __acl32;
 extern "C" int aclsort32 (int, int, __acl32 *);
 extern "C" int acl32 (const char *, int, int, __acl32 *);
-int getacl (HANDLE, const char *, DWORD, int, __acl32 *);
-int setacl (HANDLE, const char *, int, __acl32 *, bool &);
+int getacl (HANDLE, path_conv &, int, __acl32 *);
+int setacl (HANDLE, path_conv &, int, __acl32 *, bool &);

 struct _UNICODE_STRING;
 void __stdcall str2buf2uni (_UNICODE_STRING &, WCHAR *, const char *) __attribute__ ((regparm (3)));