* fhandler_random.cc (fhandler_dev_random::crypt_gen_random):

Use CryptAcquireContextW. * ntdll.h (STATUS_PROCEDURE_NOT_FOUND): Define. * sec_auth.cc (open_local_policy): Rename NTSTATUS variable ret to status. Drop usage of LsaNtStatusToWinError. (verify_token): Call NtQuerySecurityObject instead of GetKernelObjectSecurity. (create_token): Rename NTSTATUS variable ret to status. Rename ret2 to sub_status. Drop usage of LsaNtStatusToWinError. In case LsaLogonUser fails, report the sub_status as well.
2011-04-01 08:41:26 +00:00 · 2011-04-01 08:41:26 +00:00 · 40afcae356
parent 37f4458299
commit 40afcae356
4 changed files with 51 additions and 35 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,16 @@
 2011-04-01  Corinna Vinschen  <corinna@vinschen.de>
 	* fhandler_random.cc (fhandler_dev_random::crypt_gen_random):
 	Use CryptAcquireContextW.
 	* ntdll.h (STATUS_PROCEDURE_NOT_FOUND): Define.
 	* sec_auth.cc (open_local_policy): Rename NTSTATUS variable ret to
 	status.  Drop usage of LsaNtStatusToWinError.
 	(verify_token): Call NtQuerySecurityObject instead of
 	GetKernelObjectSecurity.
 	(create_token): Rename NTSTATUS variable ret to status.  Rename ret2 to
 	sub_status.  Drop usage of LsaNtStatusToWinError.  In case LsaLogonUser
 	fails, report the sub_status as well.
 2011-04-01  Corinna Vinschen  <corinna@vinschen.de>
 	* libc/strptime.c: Remove misleading comment.
--- a/winsup/cygwin/fhandler_random.cc
+++ b/winsup/cygwin/fhandler_random.cc
@ -1,7 +1,6 @@
 /* fhandler_random.cc: code to access /dev/random and /dev/urandom
-   Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2009
+   Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2009, 2011 Red Hat, Inc.
   Red Hat, Inc.
   Written by Corinna Vinschen (vinschen@cygnus.com)
@ -42,11 +41,11 @@ bool
 fhandler_dev_random::crypt_gen_random (void *ptr, size_t len)
 {
  if (!crypt_prov
-      && !CryptAcquireContext (&crypt_prov, NULL, MS_DEF_PROV, PROV_RSA_FULL,
+      && !CryptAcquireContextW (&crypt_prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL,
-			       CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)
+				CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)
-      && !CryptAcquireContext (&crypt_prov, NULL, MS_DEF_PROV, PROV_RSA_FULL,
+      && !CryptAcquireContextW (&crypt_prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL,
-			       CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET
+				CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET
-			       | CRYPT_NEWKEYSET))
+				| CRYPT_NEWKEYSET))
    {
      debug_printf ("%E = CryptAquireContext()");
      return false;
--- a/winsup/cygwin/ntdll.h
+++ b/winsup/cygwin/ntdll.h
@ -40,6 +40,7 @@
 #define STATUS_NO_EAS_ON_FILE         ((NTSTATUS) 0xc0000052)
 #define STATUS_LOCK_NOT_GRANTED       ((NTSTATUS) 0xc0000055)
 #define STATUS_DELETE_PENDING         ((NTSTATUS) 0xc0000056)
 #define STATUS_PROCEDURE_NOT_FOUND    ((NTSTATUS) 0xc000007a)
 #define STATUS_DISK_FULL              ((NTSTATUS) 0xc000007f)
 #define STATUS_WORKING_SET_QUOTA      ((NTSTATUS) 0xc00000a1)
 #define STATUS_INSTANCE_NOT_AVAILABLE ((NTSTATUS) 0xc00000ab)
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@ -194,10 +194,10 @@ open_local_policy (ACCESS_MASK access)
  LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 };
  HANDLE lsa = INVALID_HANDLE_VALUE;
-  NTSTATUS ret = LsaOpenPolicy (NULL, &oa, access, &lsa);
+  NTSTATUS status = LsaOpenPolicy (NULL, &oa, access, &lsa);
-  if (ret != STATUS_SUCCESS)
+  if (!NT_SUCCESS (status))
    {
-      __seterrno_from_win_error (LsaNtStatusToWinError (ret));
+      __seterrno_from_nt_status (status);
      /* Some versions of Windows set the lsa handle to NULL when
         LsaOpenPolicy fails. */
      lsa = INVALID_HANDLE_VALUE;
@ -699,9 +699,11 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
      const DWORD sd_buf_siz = MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR);
      PSECURITY_DESCRIPTOR sd_buf = (PSECURITY_DESCRIPTOR) alloca (sd_buf_siz);
      cygpsid gsid (NO_SID);
-      if (!GetKernelObjectSecurity (token, GROUP_SECURITY_INFORMATION,
+      NTSTATUS status;
-				    sd_buf, sd_buf_siz, &size))
+      status = NtQuerySecurityObject (token, GROUP_SECURITY_INFORMATION,
-	debug_printf ("GetKernelObjectSecurity(), %E");
+				      sd_buf, sd_buf_siz, &size);
      if (!NT_SUCCESS (status))
 	debug_printf ("NtQuerySecurityObject(), %p", status);
      else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid,
 					    (BOOL *) &size))
 	debug_printf ("GetSecurityDescriptorGroup(), %E");
@ -774,7 +776,7 @@ done:
 HANDLE
 create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
 {
-  NTSTATUS ret;
+  NTSTATUS status;
  LSA_HANDLE lsa = INVALID_HANDLE_VALUE;
  cygsidlist tmp_gsids (cygsidlist_auto, 12);
@ -894,11 +896,11 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
    goto out;
  /* Let's be heroic... */
-  ret = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation,
+  status = NtCreateToken (&token, TOKEN_ALL_ACCESS, &oa, TokenImpersonation,
-		       &auth_luid, &exp, &user, new_tok_gsids, privs, &owner,
+			  &auth_luid, &exp, &user, new_tok_gsids, privs, &owner,
-		       &pgrp, &dacl, &source);
+			  &pgrp, &dacl, &source);
-  if (ret)
+  if (status)
-    __seterrno_from_nt_status (ret);
+    __seterrno_from_nt_status (status);
  else
    {
      /* Convert to primary token. */
@ -933,7 +935,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
  LSA_STRING name;
  HANDLE lsa_hdl = NULL, lsa = INVALID_HANDLE_VALUE;
  LSA_OPERATIONAL_MODE sec_mode;
-  NTSTATUS ret, ret2;
+  NTSTATUS status, sub_status;
  ULONG package_id, size;
  LUID auth_luid = SYSTEM_LUID;
  struct {
@ -963,12 +965,12 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
  /* Register as logon process. */
  str2lsa (name, "Cygwin");
  SetLastError (0);
-  ret = LsaRegisterLogonProcess (&name, &lsa_hdl, &sec_mode);
+  status = LsaRegisterLogonProcess (&name, &lsa_hdl, &sec_mode);
-  if (ret != STATUS_SUCCESS)
+  if (status != STATUS_SUCCESS)
    {
-      debug_printf ("LsaRegisterLogonProcess: %p", ret);
+      debug_printf ("LsaRegisterLogonProcess: %p", status);
-      __seterrno_from_win_error (ret == ERROR_PROC_NOT_FOUND
+      __seterrno_from_nt_status (status == ERROR_PROC_NOT_FOUND
-				 ? ret : LsaNtStatusToWinError (ret));
+				 ? STATUS_PROCEDURE_NOT_FOUND : status);
      goto out;
    }
  else if (GetLastError () == ERROR_PROC_NOT_FOUND)
@ -978,11 +980,11 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
    }
  /* Get handle to our own LSA package. */
  str2lsa (name, CYG_LSA_PKGNAME);
-  ret = LsaLookupAuthenticationPackage (lsa_hdl, &name, &package_id);
+  status = LsaLookupAuthenticationPackage (lsa_hdl, &name, &package_id);
-  if (ret != STATUS_SUCCESS)
+  if (status != STATUS_SUCCESS)
    {
-      debug_printf ("LsaLookupAuthenticationPackage: %p", ret);
+      debug_printf ("LsaLookupAuthenticationPackage: %p", status);
-      __seterrno_from_win_error (LsaNtStatusToWinError (ret));
+      __seterrno_from_nt_status (status);
      goto out;
    }
@ -1135,13 +1137,14 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
    authinf->checksum += *csp++;
  /* Try to logon... */
-  ret = LsaLogonUser (lsa_hdl, (PLSA_STRING) &origin, Interactive, package_id,
+  status = LsaLogonUser (lsa_hdl, (PLSA_STRING) &origin, Interactive,
-		      authinf, authinf_size, NULL, &ts, &profile, &size, &luid,
+			 package_id, authinf, authinf_size, NULL, &ts,
-		      &user_token, &quota, &ret2);
+			 &profile, &size, &luid, &user_token, &quota,
-  if (ret != STATUS_SUCCESS)
+			 &sub_status);
  if (status != STATUS_SUCCESS)
    {
-      debug_printf ("LsaLogonUser: %p", ret);
+      debug_printf ("LsaLogonUser: %p (sub-status %p)", status, sub_status);
-      __seterrno_from_win_error (LsaNtStatusToWinError (ret));
+      __seterrno_from_nt_status (status);
      goto out;
    }
  if (profile)