diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2008-04-18 20:13:37 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2008-04-18 20:13:37 +0000 |
| commit | db5ae61884de2a1ecf6fd05ad4e8f3d0b4f530d6 (patch) | |
| tree | 49ac739958f7f76f65317156d63288965c763c7a /winsup/cygwin/sec_helper.cc | |
| parent | 1d8db11e8ecc00dc865202663cd46cbd44c180f0 (diff) | |
| download | cygnal-db5ae61884de2a1ecf6fd05ad4e8f3d0b4f530d6.tar.gz cygnal-db5ae61884de2a1ecf6fd05ad4e8f3d0b4f530d6.tar.bz2 cygnal-db5ae61884de2a1ecf6fd05ad4e8f3d0b4f530d6.zip | |
* fhandler.h (-struct wsa_event): Move to wsa_event.h. Include
wsa_event.h instead.
* fhandler_socket.cc (NUM_SOCKS): Move to wsa_event.h.
(wsa_events): Move from DLL shared area to cygwin_shared shared
memory. Accommodate throughout.
(socket_serial_number): Ditto.
* fhandler_tape.cc (mt): Ditto.
(mtinfo_init): Remove.
(mt): Define as cygwin_shared->mt.
* flock.cc (FLOCK_PARENT_DIR_ACCESS): Remove.
(FLOCK_INODE_DIR_ACCESS): Move up in file.
(FLOCK_MUTANT_ACCESS): Ditto.
(FLOCK_EVENT_ACCESS): Ditto.
(get_lock_parent_dir): Remove.
(inode_t::inode_t): Call get_shared_parent_dir to get parent dir handle.
Add a "flock-" prefix to file's lock directory name for clarity.
* mtinfo.h (mtinfo_init): Drop declaration.
* net.cc (last_used_bindresvport): Move from DLL shared area to
cygwin_shared shared memory.
(cygwin_bindresvport_sa): Accommodate above change.
* sec_helper.cc (_everyone_sd): Move here from flock.cc.
* security.h (SD_MIN_SIZE): Ditto.
(everyone_sd): Ditto.
* shared.cc (cygwin_shared_area): Remove.
(cygwin_shared_h): New handle.
(get_shared_parent_dir): New static function.
(shared_name): Drop session_local argument. Call get_shared_parent_dir
here. Add cygwin-shared subdir to object name.
(offsets): Reinstantiate SH_CYGWIN_SHARED member.
(open_shared): Revert change from 2007-03-29 for systems supporting
SeCreateGlobalPrivilege.
(shared_info::initialize): Call mtinfo's initialize here.
(memory_init): Drop call to mtinfo_init.
* shared_info.h (SHARED_INFO_CB): Accommodate change to shared_info.
(CURR_SHARED_MAGIC): Ditto.
(class shared_info): Add members for global socket and tape info
sharing.
(enum shared_locations): Reinstantiate SH_CYGWIN_SHARED.
(get_shared_parent_dir): Declare.
(shared_name): Drop session_local argument from declaration.
* wsa_event.h: New file. Move definitions of NUM_SOCKS and
struct wsa_event here.
Diffstat (limited to 'winsup/cygwin/sec_helper.cc')
| -rw-r--r-- | winsup/cygwin/sec_helper.cc | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index 089bb99c8..13fc56ddd 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -518,3 +518,36 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit) psa->bInheritHandle = inherit; return psa; } + +/* Helper function to create an event security descriptor which only allows + specific access to everyone. Only the creating process has all access + rights. */ + +PSECURITY_DESCRIPTOR +_everyone_sd (void *buf, ACCESS_MASK access) +{ + PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) buf; + + if (psd) + { + InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION); + PACL dacl = (PACL) (psd + 1); + InitializeAcl (dacl, MAX_DACL_LEN (1), ACL_REVISION); + if (!AddAccessAllowedAce (dacl, ACL_REVISION, access, + well_known_world_sid)) + { + debug_printf ("AddAccessAllowedAce: %lu", GetLastError ()); + return NULL; + } + LPVOID ace; + if (!FindFirstFreeAce (dacl, &ace)) + { + debug_printf ("FindFirstFreeAce: %lu", GetLastError ()); + return NULL; + } + dacl->AclSize = (char *) ace - (char *) dacl; + SetSecurityDescriptorDacl (psd, TRUE, dacl, FALSE); + } + return psd; +} + |