From 12069cf31bcd401720e1a86b353ac6237b5e29a3 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Wed, 26 Nov 2003 13:23:27 +0000
Subject: 	* dir.cc (mkdir): Use local security_descriptor. Call 
 set_security_attribute appropriately. 	* external.cc (cygwin_internal):
 Ditto. 	* fhandler.cc (fhandler_base::open): Ditto. 	*
 fhandler_socket.cc (fhandler_socket::bind): Ditto. 	* path.cc
 (symlink_worker): Ditto. 	* sec_acl.cc (setacl): Ditto. Call read_sd
 appropriately. 	(getace): Ditto. 	* sec_helper.cc
 (security_descriptor::malloc): New method. 
 (security_descriptor::realloc): New method. 	(security_descriptor::free):
 New method. 	* security.cc (read_sd): Get security_descriptor as parameter
 instead 	of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter
 check. 	Allocate the security_descriptor buffer according to size
 returned by 	a call to GetFileSecurity. Return buffer size on success. 
 (write_sd): Get security_descriptor as parameter instead of 
 PSECURITY_DESCRIPTOR and a size. 	(get_nt_attribute): Use local
 security_descriptor. 	(get_nt_object_attribute): Ditto in case of type ==
 SE_REGISTRY_KEY. 	Allocate security_descriptor buffer according to size
 returned by 	a call to RegGetKeySecurity. 	(alloc_sd): Make static. Get
 security_descriptor as parameter instead 	of PSECURITY_DESCRIPTOR and a
 size. Drop unnecessary parameter check. 	(set_security_attribute): Get
 security_descriptor as parameter instead 	of PSECURITY_DESCRIPTOR and a
 size. 	(set_nt_attribute): Use local security_descriptor. 
 (check_file_access): Ditto. 	* security.h: Add class security_descriptor. 
 (read_sd): Change declaration to get security_descriptor as parameter 
 instead of PSECURITY_DESCRIPTOR and a size. 	(write_sd): Ditto. 
 (set_security_attribute): Ditto. 	(alloc_sd): Remove declaration. 
 * thread.cc (semaphore::semaphore): Use local security_descriptor. Call 
 set_security_attribute appropriately.

---
 winsup/cygwin/sec_acl.cc | 34 +++++++++++++++-------------------
 1 file changed, 15 insertions(+), 19 deletions(-)

(limited to 'winsup/cygwin/sec_acl.cc')

diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 0988e01e8..a93a6a63a 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -49,11 +49,9 @@ searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UI
 static int
 setacl (const char *file, int nentries, __aclent32_t *aclbufp)
 {
-  DWORD sd_size = 4096;
-  char sd_buf[4096];
-  PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
+  security_descriptor sd_ret;
 
-  if (read_sd (file, psd, &sd_size) <= 0)
+  if (read_sd (file, sd_ret) <= 0)
     {
       debug_printf ("read_sd %E");
       return -1;
@@ -63,7 +61,7 @@ setacl (const char *file, int nentries, __aclent32_t *aclbufp)
 
   /* Get owner SID. */
   PSID owner_sid;
-  if (!GetSecurityDescriptorOwner (psd, &owner_sid, &dummy))
+  if (!GetSecurityDescriptorOwner (sd_ret, &owner_sid, &dummy))
     {
       __seterrno ();
       return -1;
@@ -72,7 +70,7 @@ setacl (const char *file, int nentries, __aclent32_t *aclbufp)
 
   /* Get group SID. */
   PSID group_sid;
-  if (!GetSecurityDescriptorGroup (psd, &group_sid, &dummy))
+  if (!GetSecurityDescriptorGroup (sd_ret, &group_sid, &dummy))
     {
       __seterrno ();
       return -1;
@@ -206,21 +204,21 @@ setacl (const char *file, int nentries, __aclent32_t *aclbufp)
       __seterrno ();
       return -1;
     }
-  /* Make self relative security descriptor in psd. */
-  sd_size = 0;
-  MakeSelfRelativeSD (&sd, psd, &sd_size);
+  /* Make self relative security descriptor in sd_ret. */
+  DWORD sd_size = 0;
+  MakeSelfRelativeSD (&sd, sd_ret, &sd_size);
   if (sd_size <= 0)
     {
       __seterrno ();
       return -1;
     }
-  if (!MakeSelfRelativeSD (&sd, psd, &sd_size))
+  if (!MakeSelfRelativeSD (&sd, sd_ret, &sd_size))
     {
       __seterrno ();
       return -1;
     }
-  debug_printf ("Created SD-Size: %d", sd_size);
-  return write_sd (file, psd, sd_size);
+  debug_printf ("Created SD-Size: %d", sd_ret.size ());
+  return write_sd (file, sd_ret);
 }
 
 /* Temporary access denied bits */
@@ -257,12 +255,10 @@ getace (__aclent32_t &acl, int type, int id, DWORD win_ace_mask,
 static int
 getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
 {
-  DWORD sd_size = 4096;
-  char sd_buf[4096];
-  PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
+  security_descriptor sd;
 
   int ret;
-  if ((ret = read_sd (file, psd, &sd_size)) <= 0)
+  if ((ret = read_sd (file, sd)) <= 0)
     {
       debug_printf ("read_sd %E");
       return ret;
@@ -274,7 +270,7 @@ getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
   __uid32_t uid;
   __gid32_t gid;
 
-  if (!GetSecurityDescriptorOwner (psd, (PSID *) &owner_sid, &dummy))
+  if (!GetSecurityDescriptorOwner (sd, (PSID *) &owner_sid, &dummy))
     {
       debug_printf ("GetSecurityDescriptorOwner %E");
       __seterrno ();
@@ -282,7 +278,7 @@ getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
     }
   uid = owner_sid.get_uid ();
 
-  if (!GetSecurityDescriptorGroup (psd, (PSID *) &group_sid, &dummy))
+  if (!GetSecurityDescriptorGroup (sd, (PSID *) &group_sid, &dummy))
     {
       debug_printf ("GetSecurityDescriptorGroup %E");
       __seterrno ();
@@ -305,7 +301,7 @@ getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
   PACL acl;
   BOOL acl_exists;
 
-  if (!GetSecurityDescriptorDacl (psd, &acl_exists, &acl, &dummy))
+  if (!GetSecurityDescriptorDacl (sd, &acl_exists, &acl, &dummy))
     {
       __seterrno ();
       debug_printf ("GetSecurityDescriptorDacl %E");
-- 
cgit v1.2.3