You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by mt...@apache.org on 2009/08/18 10:50:05 UTC
svn commit: r805323 - in /commons/sandbox/runtime/trunk/src/main/native:
include/arch/windows/acr_arch_private.h os/win32/main.c os/win32/wusec.c
Author: mturk
Date: Tue Aug 18 08:50:05 2009
New Revision: 805323
URL: http://svn.apache.org/viewvc?rev=805323&view=rev
Log:
Init common security descriptors
Modified:
commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c
Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h?rev=805323&r1=805322&r2=805323&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h Tue Aug 18 08:50:05 2009
@@ -98,6 +98,7 @@
DWORD ACR_SetTokenPrivilege(LPCWSTR szPrivilege, BOOL bEnablePrivilege);
DWORD ACR_EnablePrivilege(LPCWSTR szPrivilege);
PSID ACR_DuplicateSid(JNIEnv *_E, PSID sSID);
+LPVOID ACR_GetSecurityDescriptor(JNIEnv *, DWORD, DWORD, DWORD);
/**
* Heap allocation from main.c
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c?rev=805323&r1=805322&r2=805323&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c Tue Aug 18 08:50:05 2009
@@ -47,6 +47,11 @@
PSID acr_everyone_sid = NULL;
PSID acr_adminsgr_sid = NULL;
+LPSECURITY_DESCRIPTOR acr_sd_generic_admin = NULL;
+LPSECURITY_DESCRIPTOR acr_sd_filesys_admin = NULL;
+LPSECURITY_DESCRIPTOR acr_sd_generic_users = NULL;
+LPSECURITY_DESCRIPTOR acr_sd_filesys_users = NULL;
+
typedef struct acr_thread_local_t {
JNIEnv *env;
int attached;
@@ -277,6 +282,27 @@
dll_psig_handle = CreateEvent(NULL, TRUE, FALSE, NULL);
if (IS_INVALID_HANDLE(dll_psig_handle))
return ACR_GET_OS_ERROR();
+
+ /*
+ * Create standard security descriptors
+ */
+ acr_sd_generic_admin = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+ GENERIC_ALL,
+ 0,
+ 0);
+ acr_sd_filesys_admin = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+ GENERIC_ALL | FILE_ALL_ACCESS,
+ 0,
+ 0);
+ acr_sd_generic_users = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+ GENERIC_ALL,
+ GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
+ 0);
+ acr_sd_filesys_users = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+ GENERIC_ALL | FILE_ALL_ACCESS,
+ GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE |
+ FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
+ 0);
/* Do not display file not found messge boxes.
* Return the error to the application instead
*/
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c?rev=805323&r1=805322&r2=805323&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Tue Aug 18 08:50:05 2009
@@ -293,23 +293,103 @@
return dwError;
}
-PSID ACR_DuplicateSid(JNIEnv *_E, PSID sSID)
+LPVOID ACR_GetSecurityDescriptor(JNIEnv *_E,
+ DWORD dwAdminAccessMask,
+ DWORD dwUsersAccessMask,
+ DWORD dwGroupAccessMask)
{
- PSID pSID = NULL;
+ wchar_t sdd[ACR_MBUFF_SIZ];
+ wchar_t saa[32] = L"";
+ LPSECURITY_DESCRIPTOR pSD = NULL;
- if (IsValidSid(sSID)) {
- DWORD dwLen = GetLengthSid(sSID);
- pSID = (PSID) ACR_Calloc(_E, THROW_NMARK, dwLen);
- if (!pSID)
- return NULL;
- if (!CopySid(dwLen, pSID, sSID)) {
- int ec = ACR_GET_OS_ERROR();
- free(pSID);
- pSID = NULL;
- if (_E) {
- ACR_ThrowException(_E, THROW_NMARK, ACR_EX_OSERR, ec);
- }
+ wcscpy(sdd, "D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)");
+ wcscpy(saa, L"(A;OICI;GA");
+ if ((dwAdminAccessMask & FILE_ALL_ACCESS) == FILE_ALL_ACCESS)
+ wcscat(saa, L"FA");
+
+ /* Builtin Adminstrators */
+ wcscat(sdd, saa);
+ wcscat(sdd, L";;;BA)");
+
+ /* Local Service */
+ wcscat(sdd, saa);
+ wcscat(sdd, L";;;LS)");
+
+ /* Local System */
+ wcscat(sdd, saa);
+ wcscat(sdd, L";;;SY)");
+
+ /* Logon Service */
+ wcscat(sdd, saa);
+ wcscat(sdd, L";;;SU)");
+
+ if (dwUsersAccessMask) {
+ /* Authenticated users */
+ wcscat(sdd, L"(A;OICI;");
+ if ((dwUsersAccessMask & GENERIC_ALL))
+ wcscat(sdd, L"GA");
+ else {
+ if ((dwUsersAccessMask & GENERIC_READ))
+ wcscat(sdd, L"GR");
+ if ((dwUsersAccessMask & GENERIC_WRITE))
+ wcscat(sdd, L"GW");
+ if ((dwUsersAccessMask & GENERIC_EXECUTE))
+ wcscat(sdd, L"GX");
}
+ if ((dwUsersAccessMask & FILE_ALL_ACCESS) == FILE_ALL_ACCESS)
+ wcscat(sdd, L"FA");
+ else {
+ if ((dwUsersAccessMask & FILE_GENERIC_READ) == FILE_GENERIC_READ)
+ wcscat(sdd, L"FR");
+ if ((dwUsersAccessMask & FILE_GENERIC_WRITE) == FILE_GENERIC_WRITE)
+ wcscat(sdd, L"FW");
+ if ((dwUsersAccessMask & FILE_GENERIC_EXECUTE) == FILE_GENERIC_EXECUTE)
+ wcscat(sdd, L"FX");
+ }
+ wcscat(sdd, L";;;AU)");
}
- return pSID;
+ if (dwGroupAccessMask) {
+ /* Creator Owner */
+ wcscat(sdd, L"(A;OICI;GA");
+ if ((dwGroupAccessMask & (FILE_ALL_ACCESS | FILE_GENERIC_READ)))
+ wcscat(sdd, L"FA");
+ wcscat(sdd, L";;;CO)");
+
+ /* Creator Group */
+ wcscat(sdd, L"(A;OICI;");
+ if ((dwGroupAccessMask & GENERIC_ALL))
+ wcscat(sdd, L"GA");
+ else {
+ if ((dwGroupAccessMask & GENERIC_READ))
+ wcscat(sdd, L"GR");
+ if ((dwGroupAccessMask & GENERIC_WRITE))
+ wcscat(sdd, L"GW");
+ if ((dwGroupAccessMask & GENERIC_EXECUTE))
+ wcscat(sdd, L"GX");
+ }
+ if ((dwGroupAccessMask & FILE_ALL_ACCESS) == FILE_ALL_ACCESS)
+ wcscat(sdd, L"FA");
+ else {
+ if ((dwGroupAccessMask & FILE_GENERIC_READ) == FILE_GENERIC_READ)
+ wcscat(sdd, L"FR");
+ if ((dwGroupAccessMask & FILE_GENERIC_WRITE) == FILE_GENERIC_WRITE)
+ wcscat(sdd, L"FW");
+ if ((dwGroupAccessMask & FILE_GENERIC_EXECUTE) == FILE_GENERIC_EXECUTE)
+ wcscat(sdd, L"FX");
+ }
+ wcscat(sdd, L";;;CG)");
+ }
+ fprintf(stdout, "SD %S\n", sdd);
+ if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(sdd,
+ SDDL_REVISION_1, &pSD, NULL)) {
+ pSD = NULL;
+ if (!IS_INVALID_HANDLE(_E)) {
+ ACR_ThrowException(_E, THROW_FMARK, ACR_EX_ENOMEM,
+ ACR_GET_OS_ERROR());
+ }
+ fprintf(stdout, "SSD failed !\n");
+ }
+ fflush(stdout);
+ return pSD;
}
+