From 63a87c815a3b539fff5a16c7e86f9adffacadc1e Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 19 Jul 2007 09:06:54 +0000
Subject: [PATCH] * autoload.cc (SetSecurityDescriptorControl): Drop.
* security.cc (alloc_sd): Set security descriptor control flag without
calling SetSecurityDescriptorControl function. * wincap.h
(wincapc::has_dacl_protect): Rename from
has_security_descriptor_control. * wincap.cc: Ditto throughout.
---
winsup/cygwin/ChangeLog | 9 +++++++++
winsup/cygwin/autoload.cc | 2 --
winsup/cygwin/security.cc | 12 ++++--------
winsup/cygwin/wincap.cc | 20 ++++++++++----------
winsup/cygwin/wincap.h | 4 ++--
5 files changed, 25 insertions(+), 22 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 7f824b4b2..8b0b4ea05 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,12 @@
+2007-07-19 Corinna Vinschen <corinna@vinschen.de>
+
+ * autoload.cc (SetSecurityDescriptorControl): Drop.
+ * security.cc (alloc_sd): Set security descriptor control flag without
+ calling SetSecurityDescriptorControl function.
+ * wincap.h (wincapc::has_dacl_protect): Rename from
+ has_security_descriptor_control.
+ * wincap.cc: Ditto throughout.
+
2007-07-19 Corinna Vinschen <corinna@vinschen.de>
* autoload.cc (SetUserObjectSecurity): Drop.
diff --git a/winsup/cygwin/autoload.cc b/winsup/cygwin/autoload.cc
index 0f076f66f..6c5c06162 100644
--- a/winsup/cygwin/autoload.cc
+++ b/winsup/cygwin/autoload.cc
@@ -298,8 +298,6 @@ wsock_init ()
LoadDLLprime (ws2_32, _wsock_init)
-LoadDLLfunc (SetSecurityDescriptorControl, 12, advapi32)
-
/* 127 == ERROR_PROC_NOT_FOUND */
LoadDLLfuncEx2 (DsGetDcNameA, 24, netapi32, 1, 127)
LoadDLLfunc (NetApiBufferFree, 4, netapi32)
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index d76bbb1d8..df4953a44 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1631,14 +1631,10 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
return NULL;
}
- /*
- * We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
- * modified by inheritable ACEs.
- * This flag as well as the SetSecurityDescriptorControl call are available
- * only since Win2K.
- */
- if (wincap.has_security_descriptor_control ())
- SetSecurityDescriptorControl (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
+ /* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
+ * modified by inheritable ACEs. This flag is available since Win2K. */
+ if (wincap.has_dacl_protect ())
+ sd.Control |= SE_DACL_PROTECTED;
/* Create owner for local security descriptor. */
if (!SetSecurityDescriptorOwner (&sd, owner_sid, FALSE))
diff --git a/winsup/cygwin/wincap.cc b/winsup/cygwin/wincap.cc
index ef4376801..b970aa8c3 100644
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@@ -18,7 +18,7 @@ static NO_COPY wincaps wincap_unknown = {
heapslop:0x0,
max_sys_priv:SE_CHANGE_NOTIFY_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:false,
+ has_dacl_protect:false,
has_ip_helper_lib:false,
has_broken_if_oper_status:false,
has_physical_mem_access:true,
@@ -47,7 +47,7 @@ static NO_COPY wincaps wincap_nt4 = {
heapslop:0x0,
max_sys_priv:SE_CHANGE_NOTIFY_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:false,
+ has_dacl_protect:false,
has_ip_helper_lib:false,
has_broken_if_oper_status:false,
has_physical_mem_access:true,
@@ -76,7 +76,7 @@ static NO_COPY wincaps wincap_nt4sp4 = {
heapslop:0x0,
max_sys_priv:SE_CHANGE_NOTIFY_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:false,
+ has_dacl_protect:false,
has_ip_helper_lib:true,
has_broken_if_oper_status:true,
has_physical_mem_access:true,
@@ -105,7 +105,7 @@ static NO_COPY wincaps wincap_2000 = {
heapslop:0x0,
max_sys_priv:SE_MANAGE_VOLUME_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:true,
+ has_dacl_protect:true,
has_ip_helper_lib:true,
has_broken_if_oper_status:false,
has_physical_mem_access:true,
@@ -134,7 +134,7 @@ static NO_COPY wincaps wincap_2000sp4 = {
heapslop:0x0,
max_sys_priv:SE_CREATE_GLOBAL_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:true,
+ has_dacl_protect:true,
has_ip_helper_lib:true,
has_broken_if_oper_status:false,
has_physical_mem_access:true,
@@ -163,7 +163,7 @@ static NO_COPY wincaps wincap_xp = {
heapslop:0x0,
max_sys_priv:SE_MANAGE_VOLUME_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:true,
+ has_dacl_protect:true,
has_ip_helper_lib:true,
has_broken_if_oper_status:false,
has_physical_mem_access:true,
@@ -192,7 +192,7 @@ static NO_COPY wincaps wincap_xpsp1 = {
heapslop:0x0,
max_sys_priv:SE_MANAGE_VOLUME_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:true,
+ has_dacl_protect:true,
has_ip_helper_lib:true,
has_broken_if_oper_status:false,
has_physical_mem_access:true,
@@ -221,7 +221,7 @@ static NO_COPY wincaps wincap_xpsp2 = {
heapslop:0x0,
max_sys_priv:SE_CREATE_GLOBAL_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:true,
+ has_dacl_protect:true,
has_ip_helper_lib:true,
has_broken_if_oper_status:false,
has_physical_mem_access:true,
@@ -250,7 +250,7 @@ static NO_COPY wincaps wincap_2003 = {
heapslop:0x4,
max_sys_priv:SE_CREATE_GLOBAL_PRIVILEGE,
is_server:true,
- has_security_descriptor_control:true,
+ has_dacl_protect:true,
has_ip_helper_lib:true,
has_broken_if_oper_status:false,
has_physical_mem_access:false,
@@ -279,7 +279,7 @@ static NO_COPY wincaps wincap_vista = {
heapslop:0x4,
max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE,
is_server:false,
- has_security_descriptor_control:true,
+ has_dacl_protect:true,
has_ip_helper_lib:true,
has_broken_if_oper_status:false,
has_physical_mem_access:false,
diff --git a/winsup/cygwin/wincap.h b/winsup/cygwin/wincap.h
index 903e531ca..55dc19cdb 100644
--- a/winsup/cygwin/wincap.h
+++ b/winsup/cygwin/wincap.h
@@ -17,7 +17,7 @@ struct wincaps
DWORD heapslop;
DWORD max_sys_priv;
unsigned is_server : 1;
- unsigned has_security_descriptor_control : 1;
+ unsigned has_dacl_protect : 1;
unsigned has_ip_helper_lib : 1;
unsigned has_broken_if_oper_status : 1;
unsigned has_physical_mem_access : 1;
@@ -62,7 +62,7 @@ public:
DWORD IMPLEMENT (heapslop)
DWORD IMPLEMENT (max_sys_priv)
bool IMPLEMENT (is_server)
- bool IMPLEMENT (has_security_descriptor_control)
+ bool IMPLEMENT (has_dacl_protect)
bool IMPLEMENT (has_ip_helper_lib)
bool IMPLEMENT (has_broken_if_oper_status)
bool IMPLEMENT (has_physical_mem_access)