From f4ae6dc62cfb0cfac135d4e810fef592a401e26b Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Wed, 14 Apr 2004 10:20:26 +0000
Subject: 	* autoload.cc (NtSetSecurityObject): Add. 	*
 fhandler_disk_file.cc (fhandler_disk_file::fchmod): Only request 
 READ_CONTROL rights when opening the file. 	* ntdll.h
 (NtSetSecurityObject): Add declaration. 	* security.cc (write_sd): Call
 NtSetSecurityObject instead of 	BackupWrite. 
 (get_nt_object_security): Don't free security descriptor here.

	* syscalls.cc (ttyname): Use buffer of length TTY_NAME_MAX + 1.
	* sysconf.cc (sysconf): Handle _SC_TTY_NAME_MAX request.
	* include/limits.h: Define TTY_NAME_MAX and _POSIX_TTY_NAME_MAX.
---
 winsup/cygwin/security.cc | 68 +++++++++++++----------------------------------
 1 file changed, 18 insertions(+), 50 deletions(-)

(limited to 'winsup/cygwin/security.cc')

diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index bbe409be4..c932c2441 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1141,64 +1141,33 @@ write_sd (const char *file, security_descriptor &sd)
   else
     res = saved_res;
   if (res == 1 && owner != cygheap->user.sid ())
-    return -1;
-
-  HANDLE fh;
-  fh = CreateFile (file,
-		   WRITE_OWNER | WRITE_DAC,
-		   FILE_SHARE_READ | FILE_SHARE_WRITE,
-		   &sec_none_nih,
-		   OPEN_EXISTING,
-		   FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS,
-		   NULL);
-
-  if (fh == INVALID_HANDLE_VALUE)
     {
-      __seterrno ();
+      set_errno (EPERM);
       return -1;
     }
-
-  LPVOID context = NULL;
-  DWORD bytes_written = 0;
-  WIN32_STREAM_ID header;
-
-  memset (&header, 0, sizeof (header));
-  /* write new security info header */
-  header.dwStreamId = BACKUP_SECURITY_DATA;
-  header.dwStreamAttributes = STREAM_CONTAINS_SECURITY;
-  header.Size.HighPart = 0;
-  header.Size.LowPart = sd.size ();
-  header.dwStreamNameSize = 0;
-  if (!BackupWrite (fh, (LPBYTE) &header,
-		    3 * sizeof (DWORD) + sizeof (LARGE_INTEGER),
-		    &bytes_written, FALSE, TRUE, &context))
+  HANDLE fh;
+  if ((fh = CreateFile (file,
+		        WRITE_OWNER | WRITE_DAC,
+		        FILE_SHARE_READ | FILE_SHARE_WRITE,
+		        &sec_none_nih,
+		        OPEN_EXISTING,
+		        FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS,
+		        NULL)) == INVALID_HANDLE_VALUE)
     {
       __seterrno ();
-      CloseHandle (fh);
       return -1;
     }
-
-  /* write new security descriptor */
-  if (!BackupWrite (fh, (LPBYTE) (PSECURITY_DESCRIPTOR) sd,
-		    header.Size.LowPart + header.dwStreamNameSize,
-		    &bytes_written, FALSE, TRUE, &context))
+  NTSTATUS ret = NtSetSecurityObject (fh,
+				      DACL_SECURITY_INFORMATION 
+				      | GROUP_SECURITY_INFORMATION
+				      | OWNER_SECURITY_INFORMATION,
+				      sd);
+  CloseHandle (fh);
+  if (ret != STATUS_SUCCESS)
     {
-      /* Samba returns ERROR_NOT_SUPPORTED.
-	 FAT returns ERROR_INVALID_SECURITY_DESCR.
-	 This shouldn't return as error, but better be ignored. */
-      DWORD ret = GetLastError ();
-      if (ret != ERROR_NOT_SUPPORTED && ret != ERROR_INVALID_SECURITY_DESCR)
-	{
-	  __seterrno ();
-	  BackupWrite (fh, NULL, 0, &bytes_written, TRUE, TRUE, &context);
-	  CloseHandle (fh);
-	  return -1;
-	}
+      __seterrno_from_win_error (RtlNtStatusToDosError (ret));
+      return -1;
     }
-
-  /* terminate the restore process */
-  BackupWrite (fh, NULL, 0, &bytes_written, TRUE, TRUE, &context);
-  CloseHandle (fh);
   return 0;
 }
 
@@ -1391,7 +1360,6 @@ get_nt_object_security (HANDLE handle, SE_OBJECT_TYPE object_type,
     }
   if (ret != STATUS_SUCCESS)
     {
-      sd_ret.free ();
       __seterrno_from_win_error (RtlNtStatusToDosError (ret));
       return -1;
     }
-- 
cgit v1.2.3