From 3e8e0c33c00e384867d394c9a84a3d31f5208a61 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Fri, 29 Apr 2011 09:48:25 +0000 Subject: [PATCH] * advapi32.cc (AccessCheck): Remove. (PrivilegeCheck): Remove. (OpenThreadToken): Remove. * fhandler_tty.cc: Replace above functions throughout with their ntdll.dll equivalent. * security.cc: Ditto. --- winsup/cygwin/ChangeLog | 9 +++++++++ winsup/cygwin/advapi32.cc | 28 ---------------------------- winsup/cygwin/fhandler_tty.cc | 26 ++++++++++++++++---------- winsup/cygwin/security.cc | 26 ++++++++++++++++---------- 4 files changed, 41 insertions(+), 48 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index b12c76f0a..08ca56dbc 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,12 @@ +2011-04-29 Corinna Vinschen + + * advapi32.cc (AccessCheck): Remove. + (PrivilegeCheck): Remove. + (OpenThreadToken): Remove. + * fhandler_tty.cc: Replace above functions throughout with their + ntdll.dll equivalent. + * security.cc: Ditto. + 2011-04-29 Corinna Vinschen * ntdll.h (IsEventSignalled): New inline function. diff --git a/winsup/cygwin/advapi32.cc b/winsup/cygwin/advapi32.cc index 41eb71e60..fba18baa8 100644 --- a/winsup/cygwin/advapi32.cc +++ b/winsup/cygwin/advapi32.cc @@ -19,27 +19,6 @@ details. */ SetLastError (RtlNtStatusToDosError (status)); \ return NT_SUCCESS (status); -BOOL WINAPI -AccessCheck (PSECURITY_DESCRIPTOR sd, HANDLE tok, DWORD access, - PGENERIC_MAPPING mapping, PPRIVILEGE_SET pset, LPDWORD psetlen, - LPDWORD granted, LPBOOL allowed) -{ - NTSTATUS status, astatus; - - status = NtAccessCheck (sd, tok, access, mapping, pset, psetlen, granted, - &astatus); - if (NT_SUCCESS (status)) - *allowed = NT_SUCCESS (astatus); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - -BOOL WINAPI -PrivilegeCheck (HANDLE tok, PPRIVILEGE_SET pset, LPBOOL res) -{ - NTSTATUS status = NtPrivilegeCheck (tok, pset, (PBOOLEAN) res); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - BOOL WINAPI EqualSid (PSID sid1, PSID sid2) { @@ -75,13 +54,6 @@ MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd, DEFAULT_NTSTATUS_TO_BOOL_RETURN } -BOOL WINAPI -OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok) -{ - NTSTATUS status = NtOpenThreadToken (thread, access, as_self, tok); - DEFAULT_NTSTATUS_TO_BOOL_RETURN -} - BOOL WINAPI RevertToSelf () { diff --git a/winsup/cygwin/fhandler_tty.cc b/winsup/cygwin/fhandler_tty.cc index 20ab9598e..e6c4f3fb7 100644 --- a/winsup/cygwin/fhandler_tty.cc +++ b/winsup/cygwin/fhandler_tty.cc @@ -1644,15 +1644,16 @@ fhandler_pty_master::pty_master_thread () security_descriptor sd; HANDLE token; PRIVILEGE_SET ps; - BOOL ret; DWORD pid; + NTSTATUS status; termios_printf ("Entered"); - while (!exit && (ConnectNamedPipe (master_ctl, NULL) || GetLastError () == ERROR_PIPE_CONNECTED)) + while (!exit && (ConnectNamedPipe (master_ctl, NULL) + || GetLastError () == ERROR_PIPE_CONNECTED)) { pipe_reply repl = { NULL, NULL, 0 }; bool deimp = false; - BOOL allow = FALSE; + NTSTATUS allow = STATUS_ACCESS_DENIED; ACCESS_MASK access = EVENT_MODIFY_STATE; HANDLE client = NULL; @@ -1678,17 +1679,22 @@ fhandler_pty_master::pty_master_thread () termios_printf ("ImpersonateNamedPipeClient, %E"); goto reply; } - if (!OpenThreadToken (GetCurrentThread (), TOKEN_QUERY, TRUE, &token)) + status = NtOpenThreadToken (GetCurrentThread (), TOKEN_QUERY, TRUE, + &token); + if (!NT_SUCCESS (status)) { - termios_printf ("OpenThreadToken, %E"); + termios_printf ("NtOpenThreadToken, %p", status); + SetLastError (RtlNtStatusToDosError (status)); goto reply; } len = sizeof ps; - ret = AccessCheck (sd, token, access, &map, &ps, &len, &access, &allow); - CloseHandle (token); - if (!ret) + status = NtAccessCheck (sd, token, access, &map, &ps, &len, &access, + &allow); + NtClose (token); + if (!NT_SUCCESS (status)) { - termios_printf ("AccessCheck, %E"); + termios_printf ("NtAccessCheck, %p", status); + SetLastError (RtlNtStatusToDosError (status)); goto reply; } if (!RevertToSelf ()) @@ -1705,7 +1711,7 @@ fhandler_pty_master::pty_master_thread () exit = true; goto reply; } - if (allow) + if (NT_SUCCESS (allow)) { client = OpenProcess (PROCESS_DUP_HANDLE, FALSE, pid); if (!client) diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 0443138d2..7530b703a 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -972,11 +972,11 @@ set_file_attribute (HANDLE handle, path_conv &pc, static int check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, - DWORD desired, int flags, bool effective) + ACCESS_MASK desired, int flags, bool effective) { int ret = -1; - BOOL status; - DWORD granted; + NTSTATUS status, allow; + ACCESS_MASK granted; DWORD plen = sizeof (PRIVILEGE_SET) + 3 * sizeof (LUID_AND_ATTRIBUTES); PPRIVILEGE_SET pset = (PPRIVILEGE_SET) alloca (plen); HANDLE tok = ((effective && cygheap->user.issetuid ()) @@ -995,9 +995,11 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, tok = hProcImpToken; } - if (!AccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted, &status)) + status = NtAccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted, + &allow); + if (!NT_SUCCESS (status)) __seterrno (); - else if (!status) + else if (!NT_SUCCESS (allow)) { /* CV, 2006-10-16: Now, that's really weird. Imagine a user who has no standard access to a file, but who has backup and restore privileges @@ -1006,12 +1008,14 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, when returning the access status. Otherwise, why bother with the pset parameter, right? But not so. AccessCheck actually returns a status of "false" here, - even though opening a file with backup resp. restore intent + even though opening a file with backup resp. restore intent naturally succeeds for this user. This definitely spoils the results of access(2) for administrative users or the SYSTEM account. So, in case the access check fails, another check against the user's backup/restore privileges has to be made. Sigh. */ int granted_flags = 0; + BOOLEAN has_priv; + if (flags & R_OK) { pset->PrivilegeCount = 1; @@ -1019,7 +1023,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, pset->Privilege[0].Luid.HighPart = 0L; pset->Privilege[0].Luid.LowPart = SE_BACKUP_PRIVILEGE; pset->Privilege[0].Attributes = 0; - if (PrivilegeCheck (tok, pset, &status) && status) + status = NtPrivilegeCheck (tok, pset, &has_priv); + if (NT_SUCCESS (status) && has_priv) granted_flags |= R_OK; } if (flags & W_OK) @@ -1029,7 +1034,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, pset->Privilege[0].Luid.HighPart = 0L; pset->Privilege[0].Luid.LowPart = SE_RESTORE_PRIVILEGE; pset->Privilege[0].Attributes = 0; - if (PrivilegeCheck (tok, pset, &status) && status) + status = NtPrivilegeCheck (tok, pset, &has_priv); + if (NT_SUCCESS (status) && has_priv) granted_flags |= W_OK; } if (granted_flags == flags) @@ -1047,7 +1053,7 @@ check_file_access (path_conv &pc, int flags, bool effective) { security_descriptor sd; int ret = -1; - DWORD desired = 0; + ACCESS_MASK desired = 0; if (flags & R_OK) desired |= FILE_READ_DATA; if (flags & W_OK) @@ -1069,7 +1075,7 @@ check_registry_access (HANDLE hdl, int flags, bool effective) KEY_WRITE, KEY_EXECUTE, KEY_ALL_ACCESS }; - DWORD desired = 0; + ACCESS_MASK desired = 0; if (flags & R_OK) desired |= KEY_ENUMERATE_SUB_KEYS; if (flags & W_OK)