commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r805323 - in /commons/sandbox/runtime/trunk/src/main/native: include/arch/windows/acr_arch_private.h os/win32/main.c os/win32/wusec.c
Date Tue, 18 Aug 2009 08:50:05 GMT
Author: mturk
Date: Tue Aug 18 08:50:05 2009
New Revision: 805323

URL: http://svn.apache.org/viewvc?rev=805323&view=rev
Log:
Init common security descriptors

Modified:
    commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
    commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c

Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h?rev=805323&r1=805322&r2=805323&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
Tue Aug 18 08:50:05 2009
@@ -98,6 +98,7 @@
 DWORD        ACR_SetTokenPrivilege(LPCWSTR szPrivilege, BOOL bEnablePrivilege);
 DWORD        ACR_EnablePrivilege(LPCWSTR szPrivilege);
 PSID         ACR_DuplicateSid(JNIEnv *_E, PSID sSID);
+LPVOID       ACR_GetSecurityDescriptor(JNIEnv *, DWORD, DWORD, DWORD);
 
 /**
  * Heap allocation from main.c

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c?rev=805323&r1=805322&r2=805323&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c Tue Aug 18 08:50:05 2009
@@ -47,6 +47,11 @@
 PSID acr_everyone_sid = NULL;
 PSID acr_adminsgr_sid = NULL;
 
+LPSECURITY_DESCRIPTOR acr_sd_generic_admin = NULL;
+LPSECURITY_DESCRIPTOR acr_sd_filesys_admin = NULL;
+LPSECURITY_DESCRIPTOR acr_sd_generic_users = NULL;
+LPSECURITY_DESCRIPTOR acr_sd_filesys_users = NULL;
+
 typedef struct acr_thread_local_t {
     JNIEnv  *env;
     int     attached;
@@ -277,6 +282,27 @@
     dll_psig_handle = CreateEvent(NULL, TRUE, FALSE, NULL);
     if (IS_INVALID_HANDLE(dll_psig_handle))
         return ACR_GET_OS_ERROR();
+
+    /*
+     * Create standard security descriptors
+     */
+    acr_sd_generic_admin = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                                     GENERIC_ALL,
+                                                     0,
+                                                     0);
+    acr_sd_filesys_admin = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                                     GENERIC_ALL | FILE_ALL_ACCESS,
+                                                     0,
+                                                     0);
+    acr_sd_generic_users = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                                     GENERIC_ALL,
+                                                     GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
+                                                     0);
+    acr_sd_filesys_users = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                                     GENERIC_ALL | FILE_ALL_ACCESS,
+                                                     GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE
|
+                                                     FILE_GENERIC_READ | FILE_GENERIC_WRITE
| FILE_GENERIC_EXECUTE,
+                                                     0);
     /* Do not display file not found messge boxes.
      * Return the error to the application instead
      */

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c?rev=805323&r1=805322&r2=805323&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Tue Aug 18 08:50:05 2009
@@ -293,23 +293,103 @@
     return dwError;
 }
 
-PSID ACR_DuplicateSid(JNIEnv *_E, PSID sSID)
+LPVOID ACR_GetSecurityDescriptor(JNIEnv *_E,
+                                 DWORD dwAdminAccessMask,
+                                 DWORD dwUsersAccessMask,
+                                 DWORD dwGroupAccessMask)
 {
-    PSID  pSID = NULL;
+    wchar_t sdd[ACR_MBUFF_SIZ];
+    wchar_t saa[32] = L"";
+    LPSECURITY_DESCRIPTOR pSD = NULL;
 
-    if (IsValidSid(sSID)) {
-        DWORD dwLen = GetLengthSid(sSID);
-        pSID = (PSID) ACR_Calloc(_E, THROW_NMARK, dwLen);
-        if (!pSID)
-            return NULL;
-        if (!CopySid(dwLen, pSID, sSID)) {
-            int ec = ACR_GET_OS_ERROR();
-            free(pSID);
-            pSID = NULL;
-            if (_E) {
-                ACR_ThrowException(_E, THROW_NMARK, ACR_EX_OSERR, ec);
-            }
+    wcscpy(sdd, "D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)");
+    wcscpy(saa, L"(A;OICI;GA");
+    if ((dwAdminAccessMask & FILE_ALL_ACCESS) == FILE_ALL_ACCESS)
+        wcscat(saa, L"FA");
+
+    /* Builtin Adminstrators */
+    wcscat(sdd, saa);
+    wcscat(sdd, L";;;BA)");
+
+    /* Local Service */
+    wcscat(sdd, saa);
+    wcscat(sdd, L";;;LS)");
+
+    /* Local System */
+    wcscat(sdd, saa);
+    wcscat(sdd, L";;;SY)");
+
+    /* Logon Service */
+    wcscat(sdd, saa);
+    wcscat(sdd, L";;;SU)");
+
+    if (dwUsersAccessMask) {
+        /* Authenticated users */
+        wcscat(sdd, L"(A;OICI;");
+        if ((dwUsersAccessMask & GENERIC_ALL))
+            wcscat(sdd, L"GA");
+        else {
+            if ((dwUsersAccessMask & GENERIC_READ))
+                wcscat(sdd, L"GR");
+            if ((dwUsersAccessMask & GENERIC_WRITE))
+                wcscat(sdd, L"GW");
+            if ((dwUsersAccessMask & GENERIC_EXECUTE))
+                wcscat(sdd, L"GX");
         }
+        if ((dwUsersAccessMask & FILE_ALL_ACCESS) == FILE_ALL_ACCESS)
+            wcscat(sdd, L"FA");
+        else {
+            if ((dwUsersAccessMask & FILE_GENERIC_READ) == FILE_GENERIC_READ)
+                wcscat(sdd, L"FR");
+            if ((dwUsersAccessMask & FILE_GENERIC_WRITE) == FILE_GENERIC_WRITE)
+                wcscat(sdd, L"FW");
+            if ((dwUsersAccessMask & FILE_GENERIC_EXECUTE) == FILE_GENERIC_EXECUTE)
+                wcscat(sdd, L"FX");
+        }        
+        wcscat(sdd, L";;;AU)");
     }
-    return pSID;
+    if (dwGroupAccessMask) {
+        /* Creator Owner */
+        wcscat(sdd, L"(A;OICI;GA");
+        if ((dwGroupAccessMask & (FILE_ALL_ACCESS | FILE_GENERIC_READ)))
+            wcscat(sdd, L"FA");
+        wcscat(sdd, L";;;CO)");
+
+        /* Creator Group */
+        wcscat(sdd, L"(A;OICI;");
+        if ((dwGroupAccessMask & GENERIC_ALL))
+            wcscat(sdd, L"GA");
+        else {
+            if ((dwGroupAccessMask & GENERIC_READ))
+                wcscat(sdd, L"GR");
+            if ((dwGroupAccessMask & GENERIC_WRITE))
+                wcscat(sdd, L"GW");
+            if ((dwGroupAccessMask & GENERIC_EXECUTE))
+                wcscat(sdd, L"GX");
+        }
+        if ((dwGroupAccessMask & FILE_ALL_ACCESS) == FILE_ALL_ACCESS)
+            wcscat(sdd, L"FA");
+        else {
+            if ((dwGroupAccessMask & FILE_GENERIC_READ) == FILE_GENERIC_READ)
+                wcscat(sdd, L"FR");
+            if ((dwGroupAccessMask & FILE_GENERIC_WRITE) == FILE_GENERIC_WRITE)
+                wcscat(sdd, L"FW");
+            if ((dwGroupAccessMask & FILE_GENERIC_EXECUTE) == FILE_GENERIC_EXECUTE)
+                wcscat(sdd, L"FX");
+        }        
+        wcscat(sdd, L";;;CG)");
+    }
+    fprintf(stdout, "SD %S\n", sdd);
+    if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(sdd,
+                                                SDDL_REVISION_1, &pSD, NULL)) {
+        pSD = NULL;
+        if (!IS_INVALID_HANDLE(_E)) {
+            ACR_ThrowException(_E, THROW_FMARK, ACR_EX_ENOMEM,
+                               ACR_GET_OS_ERROR());
+        }
+        fprintf(stdout, "SSD failed !\n");
+    }
+    fflush(stdout);
+    return pSD;
 }
+



Mime
View raw message