You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by mt...@apache.org on 2009/09/09 14:30:25 UTC
svn commit: r812923 - in /commons/sandbox/runtime/trunk/src/main/native:
include/acr_file.h include/arch/windows/acr_arch_private.h os/win32/mutex.c
os/win32/sema.c os/win32/shm.c os/win32/temps.c os/win32/wusec.c
Author: mturk
Date: Wed Sep 9 12:30:24 2009
New Revision: 812923
URL: http://svn.apache.org/viewvc?rev=812923&view=rev
Log:
Add common object security setter
Modified:
commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h
commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h Wed Sep 9 12:30:24 2009
@@ -50,16 +50,22 @@
#define ACR_FPROT_UREAD 0x0400 /**< Read by user */
#define ACR_FPROT_UWRITE 0x0200 /**< Write by user */
#define ACR_FPROT_UEXECUTE 0x0100 /**< Execute by user */
+#define ACR_FPROT_URDWR 0x0600 /**< User Read/Write access */
+#define ACR_FPROT_URWX 0x0700 /**< User all access */
#define ACR_FPROT_GSETID 0x4000 /**< Set group id */
#define ACR_FPROT_GREAD 0x0040 /**< Read by group */
#define ACR_FPROT_GWRITE 0x0020 /**< Write by group */
#define ACR_FPROT_GEXECUTE 0x0010 /**< Execute by group */
+#define ACR_FPROT_GRDWR 0x0060 /**< Group Read/Write access */
+#define ACR_FPROT_GRWX 0x0070 /**< Group all access */
#define ACR_FPROT_WSTICKY 0x2000 /**< Sticky bit */
#define ACR_FPROT_WREAD 0x0004 /**< Read by others */
#define ACR_FPROT_WWRITE 0x0002 /**< Write by others */
#define ACR_FPROT_WEXECUTE 0x0001 /**< Execute by others */
+#define ACR_FPROT_WRDWR 0x0006 /**< Read/Write by others */
+#define ACR_FPROT_WRWX 0x0007 /**< All access by others */
#define ACR_FPROT_OS_DEFAULT 0x0FFF /**< use OS's default permissions */
Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h Wed Sep 9 12:30:24 2009
@@ -127,7 +127,8 @@
PSID ACR_DuplicateSid(JNIEnv *_E, PSID sSID);
int ACR_InitSecurityDescriptorTable(JNIEnv *);
LPVOID ACR_GetSecurityDescriptor(JNIEnv *, DWORD, DWORD, DWORD);
-DWORD ACR_SetSecurityInfoD(HANDLE, SE_OBJECT_TYPE, PSID, PSID, LPVOID);
+LPVOID ACR_StdSecurityDescriptor(JNIEnv *, int, int);
+DWORD ACR_SetSecurityInfo(HANDLE, int, PSID, PSID, int);
/**
* Heap allocation from main.c
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c Wed Sep 9 12:30:24 2009
@@ -38,32 +38,6 @@
"(L" ACR_CLASS_PATH "Descriptor;)V"
};
-/* Left bit shifts from World scope to given scope */
-typedef enum prot_scope_e {
- prot_scope_world = 0,
- prot_scope_group = 4,
- prot_scope_user = 8
-} prot_scope_e;
-
-static ACCESS_MASK convert_acc(int prot, prot_scope_e scope)
-{
- /* These choices are based on the single filesystem bit that controls
- * the given behavior. They are -not- recommended for any set protection
- * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
- */
- ACCESS_MASK acc = 0;
- prot = (prot >> scope) & 0x0F;
- if (prot & ACR_FPROT_WEXECUTE)
- acc = GENERIC_ALL | MUTEX_ALL_ACCESS;
- else {
- if (prot & ACR_FPROT_WWRITE)
- acc |= GENERIC_WRITE | MUTEX_MODIFY_STATE;
- if (prot & ACR_FPROT_WREAD)
- acc |= GENERIC_READ;
- }
- return acc;
-}
-
static int mutex_cleanup(void *mutex, int type, unsigned int flags)
{
if (type == ACR_DT_MUTEX) {
@@ -100,10 +74,11 @@
* with Modify access to Authenticated users
*/
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
- sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
- GENERIC_ALL | MUTEX_ALL_ACCESS,
- GENERIC_ALL | MUTEX_ALL_ACCESS,
- GENERIC_READ | GENERIC_WRITE | MUTEX_MODIFY_STATE);
+ sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE,
+ ACR_DT_MUTEX,
+ ACR_FPROT_URWX |
+ ACR_FPROT_GRWX |
+ ACR_FPROT_WRDWR);
sa.bInheritHandle = FALSE;
m = CreateMutexW(&sa, FALSE, reskey);
if (!m) {
@@ -229,7 +204,6 @@
acr_uid_t uid, acr_uid_t gid)
{
DWORD rc;
- LPVOID sd;
HANDLE m = (HANDLE)ACR_IOH_FDATA(mutex);
if (ACR_IOH_FTYPE(mutex) != ACR_DT_MUTEX) {
@@ -238,16 +212,7 @@
if (IS_INVALID_HANDLE(m)) {
return ACR_EBADF;
}
- sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
- convert_acc(perms, prot_scope_user),
- convert_acc(perms, prot_scope_group),
- convert_acc(perms, prot_scope_world));
- if (sd == NULL) {
- /* Return the error from GetSecurityDescriptor */
- return ACR_GET_OS_ERROR();
- }
- rc = ACR_SetSecurityInfoD(m, SE_KERNEL_OBJECT, uid, gid, sd);
-
+ rc = ACR_SetSecurityInfo(m, ACR_DT_MUTEX, uid, gid, perms);
return rc;
}
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c Wed Sep 9 12:30:24 2009
@@ -38,32 +38,6 @@
"(L" ACR_CLASS_PATH "Descriptor;)V"
};
-/* Left bit shifts from World scope to given scope */
-typedef enum prot_scope_e {
- prot_scope_world = 0,
- prot_scope_group = 4,
- prot_scope_user = 8
-} prot_scope_e;
-
-static ACCESS_MASK convert_acc(int prot, prot_scope_e scope)
-{
- /* These choices are based on the single filesystem bit that controls
- * the given behavior. They are -not- recommended for any set protection
- * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
- */
- ACCESS_MASK acc = 0;
- prot = (prot >> scope) & 0x0F;
- if (prot & ACR_FPROT_WEXECUTE)
- acc = GENERIC_ALL | SEMAPHORE_ALL_ACCESS;
- else {
- if (prot & ACR_FPROT_WWRITE)
- acc |= GENERIC_WRITE | SEMAPHORE_MODIFY_STATE;
- if (prot & ACR_FPROT_WREAD)
- acc |= GENERIC_READ;
- }
- return acc;
-}
-
static int semaphore_cleanup(void *sema, int type, unsigned int flags)
{
if (type == ACR_DT_SEMAPHORE) {
@@ -108,10 +82,11 @@
* with Modify access to Authenticated users
*/
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
- sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
- GENERIC_ALL | SEMAPHORE_ALL_ACCESS,
- GENERIC_ALL | SEMAPHORE_ALL_ACCESS,
- GENERIC_READ | GENERIC_WRITE | SEMAPHORE_MODIFY_STATE);
+ sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE,
+ ACR_DT_SEMAPHORE,
+ ACR_FPROT_URWX |
+ ACR_FPROT_GRWX |
+ ACR_FPROT_WRDWR);
sa.bInheritHandle = FALSE;
s = CreateSemaphoreW(&sa, (LONG)value, (LONG)maxval, reskey);
if (!s) {
@@ -165,7 +140,6 @@
acr_uid_t uid, acr_uid_t gid)
{
DWORD rc;
- LPVOID sd;
HANDLE s = (HANDLE)ACR_IOH_FDATA(sema);
if (ACR_IOH_FTYPE(sema) != ACR_DT_SEMAPHORE) {
@@ -174,16 +148,7 @@
if (IS_INVALID_HANDLE(s)) {
return ACR_EBADF;
}
- sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
- convert_acc(perms, prot_scope_user),
- convert_acc(perms, prot_scope_group),
- convert_acc(perms, prot_scope_world));
- if (sd == NULL) {
- /* Return the error from GetSecurityDescriptor */
- return ACR_GET_OS_ERROR();
- }
- rc = ACR_SetSecurityInfoD(s, SE_KERNEL_OBJECT, uid, gid, sd);
-
+ rc = ACR_SetSecurityInfo(s, ACR_DT_SEMAPHORE, uid, gid, perms);
return rc;
}
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c Wed Sep 9 12:30:24 2009
@@ -57,32 +57,6 @@
const wchar_t *filename;
};
-/* Left bit shifts from World scope to given scope */
-typedef enum prot_scope_e {
- prot_scope_world = 0,
- prot_scope_group = 4,
- prot_scope_user = 8
-} prot_scope_e;
-
-static ACCESS_MASK convert_acc(int prot, prot_scope_e scope)
-{
- /* These choices are based on the single filesystem bit that controls
- * the given behavior. They are -not- recommended for any set protection
- * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
- */
- ACCESS_MASK acc = 0;
- prot = (prot >> scope) & 0x0F;
- if (prot & ACR_FPROT_WEXECUTE)
- acc = GENERIC_ALL | FILE_MAP_ALL_ACCESS;
- else {
- if (prot & ACR_FPROT_WWRITE)
- acc |= GENERIC_WRITE | FILE_MAP_WRITE;
- if (prot & ACR_FPROT_WREAD)
- acc |= GENERIC_READ | FILE_MAP_READ;
- }
- return acc;
-}
-
static int shm_cleanup(void *shm, int type, unsigned int flags)
{
int rc = 0;
@@ -188,10 +162,10 @@
/* Name-based shared memory */
else {
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
- sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
- GENERIC_ALL | FILE_ALL_ACCESS,
- GENERIC_ALL | FILE_ALL_ACCESS,
- 0);
+ sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE,
+ ACR_DT_FILE,
+ ACR_FPROT_URWX |
+ ACR_FPROT_GRWX);
sa.bInheritHandle = FALSE;
/* Do file backed, which is not an inherited handle
* While we could open APR_EXCL, it doesn't seem that Unix
@@ -365,30 +339,16 @@
acr_uid_t uid, acr_uid_t gid)
{
DWORD rc = 0;
- LPVOID sd;
acr_shm_t *m = (acr_shm_t *)ACR_IOH_FDATA(shm);
if (ACR_IOH_FTYPE(shm) != ACR_DT_SHM) {
- rc = ACR_EFTYPE;
- goto finally;
+ return ACR_EFTYPE;
}
if (IS_INVALID_HANDLE(m)) {
- rc = ACR_EBADF;
- goto finally;
+ return ACR_EBADF;
}
- sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
- convert_acc(perms, prot_scope_user),
- convert_acc(perms, prot_scope_group),
- convert_acc(perms, prot_scope_world));
- if (sd == NULL) {
- rc = ACR_GET_OS_ERROR();
- goto finally;
- }
- rc = ACR_SetSecurityInfoD(m->hmap, SE_KERNEL_OBJECT, uid, gid, sd);
-
-finally:
- ACR_THROW_IO_IF_ERR(rc);
+ rc = ACR_SetSecurityInfo(m->hmap, ACR_DT_SHM, uid, gid, perms);
return rc;
}
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c Wed Sep 9 12:30:24 2009
@@ -116,10 +116,10 @@
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
/* Allow access only to owner and Administrators Group */
- sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
- GENERIC_ALL | FILE_ALL_ACCESS,
- GENERIC_ALL | FILE_ALL_ACCESS,
- 0);
+ sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE,
+ ACR_DT_FILE,
+ ACR_FPROT_URWX |
+ ACR_FPROT_GRWX);
sa.bInheritHandle = FALSE;
for (;;) {
fh = CreateFileW(path,
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Wed Sep 9 12:30:24 2009
@@ -23,6 +23,7 @@
#include "acr_string.h"
#include "acr_tables.h"
#include "acr_descriptor.h"
+#include "acr_file.h"
#include "acr_users.h"
PSID ACR_GetSidFromAccountName(LPCWSTR name, PSID_NAME_USE sidtype)
@@ -314,6 +315,97 @@
return ACR_SUCCESS;
}
+static struct {
+ int type;
+ SE_OBJECT_TYPE krnl;
+ DWORD a;
+ DWORD x;
+ DWORD w;
+ DWORD r;
+} prot_types [] = {
+ { ACR_DT_FILE,
+ SE_FILE_OBJECT,
+ FILE_ALL_ACCESS,
+ FILE_GENERIC_EXECUTE,
+ FILE_GENERIC_WRITE,
+ FILE_GENERIC_READ
+ },
+ { ACR_DT_MUTEX,
+ SE_KERNEL_OBJECT,
+ MUTEX_ALL_ACCESS,
+ MUTEX_ALL_ACCESS,
+ MUTEX_ALL_ACCESS,
+ MUTEX_MODIFY_STATE
+ },
+ { ACR_DT_SHM,
+ SE_KERNEL_OBJECT,
+ FILE_MAP_ALL_ACCESS | FILE_MAP_EXECUTE,
+ FILE_MAP_EXECUTE,
+ FILE_MAP_WRITE | FILE_MAP_COPY,
+ FILE_MAP_READ | FILE_MAP_COPY
+ },
+ { ACR_DT_SEMAPHORE,
+ SE_KERNEL_OBJECT,
+ SEMAPHORE_ALL_ACCESS,
+ SEMAPHORE_ALL_ACCESS,
+ SEMAPHORE_ALL_ACCESS,
+ SEMAPHORE_MODIFY_STATE
+ },
+ { ACR_DT_UNKNOWN,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0
+ }
+};
+
+/* Left bit shifts from World scope to given scope */
+typedef enum prot_scope_e {
+ prot_scope_world = 0,
+ prot_scope_group = 4,
+ prot_scope_user = 8
+} prot_scope_e;
+
+static ACCESS_MASK convert_acc(int prot, int type, SE_OBJECT_TYPE *ktype,
+ prot_scope_e scope)
+{
+ int i = 0;
+ /* These choices are based on the single filesystem bit that controls
+ * the given behavior. They are -not- recommended for any set protection
+ * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
+ */
+ ACCESS_MASK acc = 0;
+ prot = (prot >> scope) & 0x0F;
+
+ if (prot & ACR_FPROT_WEXECUTE)
+ acc |= GENERIC_EXECUTE;
+ if (prot & ACR_FPROT_WWRITE)
+ acc |= GENERIC_WRITE;
+ if (prot & ACR_FPROT_WREAD)
+ acc |= GENERIC_READ;
+ while (prot_types[i].type != ACR_DT_UNKNOWN) {
+ if (prot_types[i].type == type)
+ break;
+ i++;
+ }
+ if (prot_types[i].type != ACR_DT_UNKNOWN) {
+ if ((prot & 0x07) == (ACR_FPROT_WEXECUTE | ACR_FPROT_WWRITE | ACR_FPROT_WREAD)) {
+ acc |= prot_types[i].a;
+ }
+ else {
+ if (prot & ACR_FPROT_WEXECUTE)
+ acc |= prot_types[i].x;
+ if (prot & ACR_FPROT_WWRITE)
+ acc |= prot_types[i].w;
+ if (prot & ACR_FPROT_WREAD)
+ acc |= prot_types[i].r;
+ }
+ if (ktype)
+ *ktype = prot_types[i].krnl;
+ }
+ return acc;
+}
LPVOID ACR_GetSecurityDescriptor(JNIEnv *_E,
DWORD dwAdminAccessMask,
@@ -346,7 +438,7 @@
if (dwGroupAccessMask) {
sprintf(saa, "(A;OICI;0x%08x", dwGroupAccessMask);
- /* Authenticated users */
+ /* Creator Group */
strcat(sdd, saa);
strcat(sdd, ";;;CG)");
}
@@ -382,12 +474,37 @@
return pSD;
}
-DWORD ACR_SetSecurityInfoD(HANDLE handle, SE_OBJECT_TYPE type,
- PSID uid, PSID gid, LPVOID psd)
+LPVOID ACR_StdSecurityDescriptor(JNIEnv *_E,
+ int type, int perms)
+{
+ LPVOID psd;
+ psd = ACR_GetSecurityDescriptor(_E,
+ convert_acc(perms, type, NULL, prot_scope_user),
+ convert_acc(perms, type, NULL, prot_scope_group),
+ convert_acc(perms, type, NULL, prot_scope_world));
+ return psd;
+}
+
+DWORD ACR_SetSecurityInfo(HANDLE handle, int type,
+ PSID uid, PSID gid, int perms)
{
ACL *dacl = NULL;
SECURITY_INFORMATION sinf = 0;
+ LPVOID psd;
+ SE_OBJECT_TYPE ko = SE_UNKNOWN_OBJECT_TYPE;
+ psd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+ convert_acc(perms, type, &ko, prot_scope_user),
+ convert_acc(perms, type, &ko, prot_scope_group),
+ convert_acc(perms, type, &ko, prot_scope_world));
+ if (ko == SE_UNKNOWN_OBJECT_TYPE) {
+ /* Unknown descriptor type */
+ return ACR_EINVAL;
+ }
+ if (psd == NULL) {
+ /* Return the error from GetSecurityDescriptor */
+ return ACR_GET_OS_ERROR();
+ }
if (uid) {
sinf |= OWNER_SECURITY_INFORMATION;
}
@@ -415,5 +532,5 @@
sinf |= DACL_SECURITY_INFORMATION;
}
}
- return SetSecurityInfo(handle, type, sinf, uid, gid, dacl, NULL);
+ return SetSecurityInfo(handle, ko, sinf, uid, gid, dacl, NULL);
}