commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r805674 - in /commons/sandbox/runtime/trunk/src/main/native: include/arch/windows/acr_arch_private.h os/win32/main.c os/win32/platform.c os/win32/pmutex.c os/win32/psema.c os/win32/shm.c os/win32/wusec.c
Date Wed, 19 Aug 2009 06:27:49 GMT
Author: mturk
Date: Wed Aug 19 06:27:48 2009
New Revision: 805674

URL: http://svn.apache.org/viewvc?rev=805674&view=rev
Log:
Add SecurityDecriptor cache

Modified:
    commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
    commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/pmutex.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/psema.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c

Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h?rev=805674&r1=805673&r2=805674&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
Wed Aug 19 06:27:48 2009
@@ -98,6 +98,7 @@
 DWORD        ACR_SetTokenPrivilege(LPCWSTR szPrivilege, BOOL bEnablePrivilege);
 DWORD        ACR_EnablePrivilege(LPCWSTR szPrivilege);
 PSID         ACR_DuplicateSid(JNIEnv *_E, PSID sSID);
+int          ACR_InitSecurityDescriptorTable(JNIEnv *);
 LPVOID       ACR_GetSecurityDescriptor(JNIEnv *, DWORD, DWORD);
 
 /**

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c?rev=805674&r1=805673&r2=805674&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c Wed Aug 19 06:27:48 2009
@@ -47,11 +47,6 @@
 PSID acr_everyone_sid = NULL;
 PSID acr_adminsgr_sid = NULL;
 
-PSECURITY_DESCRIPTOR acr_sd_generic_admin = NULL;
-PSECURITY_DESCRIPTOR acr_sd_filesys_admin = NULL;
-PSECURITY_DESCRIPTOR acr_sd_generic_users = NULL;
-PSECURITY_DESCRIPTOR acr_sd_filesys_users = NULL;
-
 typedef struct acr_thread_local_t {
     JNIEnv  *env;
     int     attached;

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c?rev=805674&r1=805673&r2=805674&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c Wed Aug 19 06:27:48
2009
@@ -26,10 +26,6 @@
 extern PSID acr_everyone_sid;
 extern PSID acr_adminsgr_sid;
 extern LPSYSTEM_INFO acr_osinf;
-extern PSECURITY_DESCRIPTOR acr_sd_generic_admin;
-extern PSECURITY_DESCRIPTOR acr_sd_filesys_admin;
-extern PSECURITY_DESCRIPTOR acr_sd_generic_users;
-extern PSECURITY_DESCRIPTOR acr_sd_filesys_users;
 
 acr_size_t  acr_page_size;
 int         acr_native_codepage = ACR_CP_DEFAULT;
@@ -43,6 +39,7 @@
 static int initialized = 0;
 ACR_DECLARE(int) ACR_PlatformInitialize(JNIEnv *_E, int ios)
 {
+    int rc;
     if (initialized++)
         return 0;
     acr_page_size = (acr_size_t)acr_osinf->dwPageSize;
@@ -52,34 +49,27 @@
     if (!acr_adminsgr_sid) {
         acr_adminsgr_sid = ACR_AllocateWellKnownSid(_E, WinBuiltinAdministratorsSid);
     }
+    if ((rc = ACR_InitSecurityDescriptorTable(_E)))
+        return rc;
     /*
      * Create standard security descriptors
      */
-    if (!acr_sd_generic_admin) {
-        /* All access to Admins */
-        acr_sd_generic_admin = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
-                                                         GENERIC_ALL,
-                                                         0);
-    }
-    if (!acr_sd_filesys_admin) {
-        /* All file access to Admins */
-        acr_sd_filesys_admin = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
-                                                         GENERIC_ALL | FILE_ALL_ACCESS,
-                                                         0);
-    }
-    if (!acr_sd_generic_users) {
-        /* RWX access to Authenticated users */
-        acr_sd_generic_users = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
-                                                         GENERIC_ALL,
-                                                         GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE);
-    }
-    if (!acr_sd_filesys_users) {
-        /* RWX file access to Authenticated users */
-        acr_sd_filesys_users = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
-                                                         GENERIC_ALL | FILE_ALL_ACCESS,
-                                                         GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE
|
-                                                         FILE_GENERIC_READ | FILE_GENERIC_WRITE
| FILE_GENERIC_EXECUTE);
-    }
+    ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                              GENERIC_ALL,
+                              0);
+    /* All file access to Admins */
+    ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                              GENERIC_ALL | FILE_ALL_ACCESS,
+                              0);
+    /* RWX access to Authenticated users */
+    ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                              GENERIC_ALL,
+                              GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE);
+    /* RWX file access to Authenticated users */
+    ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                              GENERIC_ALL | FILE_ALL_ACCESS,
+                              GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE |
+                              FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE);
     return acr_ioh_init(ios);
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/pmutex.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/pmutex.c?rev=805674&r1=805673&r2=805674&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/pmutex.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/pmutex.c Wed Aug 19 06:27:48 2009
@@ -53,11 +53,13 @@
         reskey = res_name_from_filenamew(ACR_DT_MUTEX, keybuf, fname);
     }
     /* Mark the mutex as non inheritable
+     * with Modify access to Authenticated users
      */
     sa.nLength = sizeof(SECURITY_ATTRIBUTES);
-    sa.lpSecurityDescriptor = NULL;
+    sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
+                                                GENERIC_ALL | MUTEX_ALL_ACCESS,
+                                                MUTEX_MODIFY_STATE);
     sa.bInheritHandle = FALSE;
-
     m = CreateMutexW(&sa, FALSE, reskey);
     if (!m)
         return -1;

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/psema.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/psema.c?rev=805674&r1=805673&r2=805674&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/psema.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/psema.c Wed Aug 19 06:27:48 2009
@@ -23,8 +23,6 @@
 #include "acr_descriptor.h"
 #include "acr_semaphore.h"
 
-static volatile unsigned int _sem_counter = 1;
-
 static int semaphore_cleanup(void *sema, int type, unsigned int flags)
 {
     if (type == ACR_DT_SEMAPHORE) {
@@ -60,13 +58,16 @@
          */
         reskey = res_name_from_filenamew(ACR_DT_MUTEX, keybuf, name);
     }
-    /* Mark the semaphore as non inheritable.
+    if (value > maxval)
+        maxval = value;
+    /* Mark the semaphore as non inheritable
+     * with Modify access to Authenticated users
      */
     sa.nLength = sizeof(SECURITY_ATTRIBUTES);
-    sa.lpSecurityDescriptor = NULL;
+    sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
+                                            GENERIC_ALL | SEMAPHORE_ALL_ACCESS,
+                                            SEMAPHORE_MODIFY_STATE);
     sa.bInheritHandle = FALSE;
-    if (value > maxval)
-        maxval = value;
     s = CreateSemaphoreW(&sa, (LONG)value, (LONG)maxval, reskey);
     if (!s)
         return -1;

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c?rev=805674&r1=805673&r2=805674&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c Wed Aug 19 06:27:48 2009
@@ -42,9 +42,6 @@
     const wchar_t  *filename;
 };
 
-extern PSECURITY_DESCRIPTOR acr_sd_filesys_admin;
-extern PSECURITY_DESCRIPTOR acr_sd_filesys_users;
-
 static int shm_cleanup(void *shm, int type, unsigned int flags)
 {
     int rc = 0;
@@ -150,7 +147,9 @@
     /* Name-based shared memory */
     else {
         sa.nLength = sizeof(SECURITY_ATTRIBUTES);
-        sa.lpSecurityDescriptor = acr_sd_filesys_admin;
+        sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
+                                                GENERIC_ALL | FILE_ALL_ACCESS,
+                                                0);
         sa.bInheritHandle = FALSE;
         /* Do file backed, which is not an inherited handle
          * While we could open APR_EXCL, it doesn't seem that Unix

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c?rev=805674&r1=805673&r2=805674&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Wed Aug 19 06:27:48 2009
@@ -21,6 +21,7 @@
 #include "acr_error.h"
 #include "acr_memory.h"
 #include "acr_string.h"
+#include "acr_tables.h"
 #include "acr_descriptor.h"
 #include "acr_users.h"
 
@@ -293,6 +294,23 @@
     return dwError;
 }
 
+static CRITICAL_SECTION  security_lock;
+static acr_table_t      *security_table = NULL;
+
+int ACR_InitSecurityDescriptorTable(JNIEnv *_E)
+{
+
+    if (security_table)
+        return ACR_SUCCESS;
+    InitializeCriticalSectionAndSpinCount(&security_lock, ACR_SPINCOUNT);
+    security_table =  ACR_TableMake(_E, THROW_FMARK, 16);
+    if (!security_table)
+        return ACR_ENOMEM;
+
+    return ACR_SUCCESS;
+}
+
+
 LPVOID ACR_GetSecurityDescriptor(JNIEnv *_E,
                                  DWORD dwAdminAccessMask,
                                  DWORD dwUsersAccessMask)
@@ -326,6 +344,12 @@
         strcat(sdd, saa);
         strcat(sdd, ";;;AU)");
     }
+    EnterCriticalSection(&security_lock);
+    if (ACR_TableGet(security_table, sdd, &pSD, NULL) == ACR_SUCCESS) {
+        /* Return catched entry */
+        LeaveCriticalSection(&security_lock);
+        return pSD;
+    }
     if (!ConvertStringSecurityDescriptorToSecurityDescriptorA(sdd,
                                                 SDDL_REVISION_1, &pSD, NULL)) {
         pSD = NULL;
@@ -334,6 +358,13 @@
                                ACR_GET_OS_ERROR());
         }
     }
+    if (pSD) {
+        /* Add the security descriptor to the cache.
+         * It will live there for the process life time.
+         */
+        ACR_TableAdd(security_table, sdd, pDS, sizeof(PSECURITY_DESCRIPTOR));
+    }
+    LeaveCriticalSection(&security_lock);
     return pSD;
 }
 



Mime
View raw message