commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r812923 - in /commons/sandbox/runtime/trunk/src/main/native: include/acr_file.h include/arch/windows/acr_arch_private.h os/win32/mutex.c os/win32/sema.c os/win32/shm.c os/win32/temps.c os/win32/wusec.c
Date Wed, 09 Sep 2009 12:30:25 GMT
Author: mturk
Date: Wed Sep  9 12:30:24 2009
New Revision: 812923

URL: http://svn.apache.org/viewvc?rev=812923&view=rev
Log:
Add common object security setter

Modified:
    commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h
    commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
    commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h Wed Sep  9 12:30:24 2009
@@ -50,16 +50,22 @@
 #define ACR_FPROT_UREAD       0x0400 /**< Read by user */
 #define ACR_FPROT_UWRITE      0x0200 /**< Write by user */
 #define ACR_FPROT_UEXECUTE    0x0100 /**< Execute by user */
+#define ACR_FPROT_URDWR       0x0600 /**< User Read/Write access */
+#define ACR_FPROT_URWX        0x0700 /**< User all access */
 
 #define ACR_FPROT_GSETID      0x4000 /**< Set group id */
 #define ACR_FPROT_GREAD       0x0040 /**< Read by group */
 #define ACR_FPROT_GWRITE      0x0020 /**< Write by group */
 #define ACR_FPROT_GEXECUTE    0x0010 /**< Execute by group */
+#define ACR_FPROT_GRDWR       0x0060 /**< Group Read/Write access */
+#define ACR_FPROT_GRWX        0x0070 /**< Group all access */
 
 #define ACR_FPROT_WSTICKY     0x2000 /**< Sticky bit */
 #define ACR_FPROT_WREAD       0x0004 /**< Read by others */
 #define ACR_FPROT_WWRITE      0x0002 /**< Write by others */
 #define ACR_FPROT_WEXECUTE    0x0001 /**< Execute by others */
+#define ACR_FPROT_WRDWR       0x0006 /**< Read/Write by others */
+#define ACR_FPROT_WRWX        0x0007 /**< All access by others */
 
 #define ACR_FPROT_OS_DEFAULT  0x0FFF /**< use OS's default permissions */
 

Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
Wed Sep  9 12:30:24 2009
@@ -127,7 +127,8 @@
 PSID         ACR_DuplicateSid(JNIEnv *_E, PSID sSID);
 int          ACR_InitSecurityDescriptorTable(JNIEnv *);
 LPVOID       ACR_GetSecurityDescriptor(JNIEnv *, DWORD, DWORD, DWORD);
-DWORD        ACR_SetSecurityInfoD(HANDLE, SE_OBJECT_TYPE, PSID, PSID, LPVOID);
+LPVOID       ACR_StdSecurityDescriptor(JNIEnv *, int, int);
+DWORD        ACR_SetSecurityInfo(HANDLE, int, PSID, PSID, int);
 
 /**
  * Heap allocation from main.c

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c Wed Sep  9 12:30:24 2009
@@ -38,32 +38,6 @@
     "(L" ACR_CLASS_PATH "Descriptor;)V"
 };
 
-/* Left bit shifts from World scope to given scope */
-typedef enum prot_scope_e {
-    prot_scope_world = 0,
-    prot_scope_group = 4,
-    prot_scope_user =  8
-} prot_scope_e;
-
-static ACCESS_MASK convert_acc(int prot, prot_scope_e scope)
-{
-    /* These choices are based on the single filesystem bit that controls
-     * the given behavior.  They are -not- recommended for any set protection
-     * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
-     */
-    ACCESS_MASK acc = 0;
-    prot = (prot >> scope) & 0x0F;
-    if (prot & ACR_FPROT_WEXECUTE)
-        acc = GENERIC_ALL | MUTEX_ALL_ACCESS;
-    else {
-        if (prot & ACR_FPROT_WWRITE)
-            acc |= GENERIC_WRITE | MUTEX_MODIFY_STATE;
-        if (prot & ACR_FPROT_WREAD)
-            acc |= GENERIC_READ;
-    }
-    return acc;
-}
-
 static int mutex_cleanup(void *mutex, int type, unsigned int flags)
 {
     if (type == ACR_DT_MUTEX) {
@@ -100,10 +74,11 @@
      * with Modify access to Authenticated users
      */
     sa.nLength = sizeof(SECURITY_ATTRIBUTES);
-    sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
-                                                GENERIC_ALL | MUTEX_ALL_ACCESS,
-                                                GENERIC_ALL | MUTEX_ALL_ACCESS,
-                                                GENERIC_READ | GENERIC_WRITE | MUTEX_MODIFY_STATE);
+    sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                                        ACR_DT_MUTEX,
+                                                        ACR_FPROT_URWX |
+                                                        ACR_FPROT_GRWX |
+                                                        ACR_FPROT_WRDWR);
     sa.bInheritHandle = FALSE;
     m = CreateMutexW(&sa, FALSE, reskey);
     if (!m) {
@@ -229,7 +204,6 @@
                                       acr_uid_t uid, acr_uid_t gid)
 {
     DWORD  rc;
-    LPVOID sd;
     HANDLE m = (HANDLE)ACR_IOH_FDATA(mutex);
 
     if (ACR_IOH_FTYPE(mutex) != ACR_DT_MUTEX) {
@@ -238,16 +212,7 @@
     if (IS_INVALID_HANDLE(m)) {
         return ACR_EBADF;
     }
-    sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
-                                   convert_acc(perms, prot_scope_user),
-                                   convert_acc(perms, prot_scope_group),
-                                   convert_acc(perms, prot_scope_world));
-    if (sd == NULL) {
-        /* Return the error from GetSecurityDescriptor */
-        return ACR_GET_OS_ERROR();
-    }
-    rc = ACR_SetSecurityInfoD(m, SE_KERNEL_OBJECT, uid, gid, sd);
-
+    rc = ACR_SetSecurityInfo(m, ACR_DT_MUTEX, uid, gid, perms);
     return rc;
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c Wed Sep  9 12:30:24 2009
@@ -38,32 +38,6 @@
     "(L" ACR_CLASS_PATH "Descriptor;)V"
 };
 
-/* Left bit shifts from World scope to given scope */
-typedef enum prot_scope_e {
-    prot_scope_world = 0,
-    prot_scope_group = 4,
-    prot_scope_user =  8
-} prot_scope_e;
-
-static ACCESS_MASK convert_acc(int prot, prot_scope_e scope)
-{
-    /* These choices are based on the single filesystem bit that controls
-     * the given behavior.  They are -not- recommended for any set protection
-     * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
-     */
-    ACCESS_MASK acc = 0;
-    prot = (prot >> scope) & 0x0F;
-    if (prot & ACR_FPROT_WEXECUTE)
-        acc = GENERIC_ALL | SEMAPHORE_ALL_ACCESS;
-    else {
-        if (prot & ACR_FPROT_WWRITE)
-            acc |= GENERIC_WRITE | SEMAPHORE_MODIFY_STATE;
-        if (prot & ACR_FPROT_WREAD)
-            acc |= GENERIC_READ;
-    }
-    return acc;
-}
-
 static int semaphore_cleanup(void *sema, int type, unsigned int flags)
 {
     if (type == ACR_DT_SEMAPHORE) {
@@ -108,10 +82,11 @@
      * with Modify access to Authenticated users
      */
     sa.nLength = sizeof(SECURITY_ATTRIBUTES);
-    sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
-                                            GENERIC_ALL | SEMAPHORE_ALL_ACCESS,
-                                            GENERIC_ALL | SEMAPHORE_ALL_ACCESS,
-                                            GENERIC_READ | GENERIC_WRITE | SEMAPHORE_MODIFY_STATE);
+    sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                                        ACR_DT_SEMAPHORE,
+                                                        ACR_FPROT_URWX |
+                                                        ACR_FPROT_GRWX |
+                                                        ACR_FPROT_WRDWR);
     sa.bInheritHandle = FALSE;
     s = CreateSemaphoreW(&sa, (LONG)value, (LONG)maxval, reskey);
     if (!s) {
@@ -165,7 +140,6 @@
                                       acr_uid_t uid, acr_uid_t gid)
 {
     DWORD  rc;
-    LPVOID sd;
     HANDLE s = (HANDLE)ACR_IOH_FDATA(sema);
 
     if (ACR_IOH_FTYPE(sema) != ACR_DT_SEMAPHORE) {
@@ -174,16 +148,7 @@
     if (IS_INVALID_HANDLE(s)) {
         return ACR_EBADF;
     }
-    sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
-                                   convert_acc(perms, prot_scope_user),
-                                   convert_acc(perms, prot_scope_group),
-                                   convert_acc(perms, prot_scope_world));
-    if (sd == NULL) {
-        /* Return the error from GetSecurityDescriptor */
-        return ACR_GET_OS_ERROR();
-    }
-    rc = ACR_SetSecurityInfoD(s, SE_KERNEL_OBJECT, uid, gid, sd);
-
+    rc = ACR_SetSecurityInfo(s, ACR_DT_SEMAPHORE, uid, gid, perms);
     return rc;
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c Wed Sep  9 12:30:24 2009
@@ -57,32 +57,6 @@
     const wchar_t  *filename;
 };
 
-/* Left bit shifts from World scope to given scope */
-typedef enum prot_scope_e {
-    prot_scope_world = 0,
-    prot_scope_group = 4,
-    prot_scope_user =  8
-} prot_scope_e;
-
-static ACCESS_MASK convert_acc(int prot, prot_scope_e scope)
-{
-    /* These choices are based on the single filesystem bit that controls
-     * the given behavior.  They are -not- recommended for any set protection
-     * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
-     */
-    ACCESS_MASK acc = 0;
-    prot = (prot >> scope) & 0x0F;
-    if (prot & ACR_FPROT_WEXECUTE)
-        acc = GENERIC_ALL | FILE_MAP_ALL_ACCESS;
-    else {
-        if (prot & ACR_FPROT_WWRITE)
-            acc |= GENERIC_WRITE | FILE_MAP_WRITE;
-        if (prot & ACR_FPROT_WREAD)
-            acc |= GENERIC_READ | FILE_MAP_READ;
-    }
-    return acc;
-}
-
 static int shm_cleanup(void *shm, int type, unsigned int flags)
 {
     int rc = 0;
@@ -188,10 +162,10 @@
     /* Name-based shared memory */
     else {
         sa.nLength = sizeof(SECURITY_ATTRIBUTES);
-        sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E,
-                                                GENERIC_ALL | FILE_ALL_ACCESS,
-                                                GENERIC_ALL | FILE_ALL_ACCESS,
-                                                0);
+        sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                                            ACR_DT_FILE,
+                                                            ACR_FPROT_URWX |
+                                                            ACR_FPROT_GRWX);
         sa.bInheritHandle = FALSE;
         /* Do file backed, which is not an inherited handle
          * While we could open APR_EXCL, it doesn't seem that Unix
@@ -365,30 +339,16 @@
                                 acr_uid_t uid, acr_uid_t gid)
 {
     DWORD  rc = 0;
-    LPVOID sd;
     acr_shm_t *m = (acr_shm_t *)ACR_IOH_FDATA(shm);
 
     if (ACR_IOH_FTYPE(shm) != ACR_DT_SHM) {
-        rc = ACR_EFTYPE;
-        goto finally;
+        return ACR_EFTYPE;
     }
     if (IS_INVALID_HANDLE(m)) {
-        rc = ACR_EBADF;
-        goto finally;
+        return ACR_EBADF;
     }
 
-    sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
-                                   convert_acc(perms, prot_scope_user),
-                                   convert_acc(perms, prot_scope_group),
-                                   convert_acc(perms, prot_scope_world));
-    if (sd == NULL) {
-        rc = ACR_GET_OS_ERROR();
-        goto finally;
-    }
-    rc = ACR_SetSecurityInfoD(m->hmap, SE_KERNEL_OBJECT, uid, gid, sd);
-
-finally:
-    ACR_THROW_IO_IF_ERR(rc);
+    rc = ACR_SetSecurityInfo(m->hmap, ACR_DT_SHM, uid, gid, perms);
     return rc;
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c Wed Sep  9 12:30:24 2009
@@ -116,10 +116,10 @@
 
     sa.nLength = sizeof(SECURITY_ATTRIBUTES);
     /* Allow access only to owner and Administrators Group */
-    sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
-                                                GENERIC_ALL | FILE_ALL_ACCESS,
-                                                GENERIC_ALL | FILE_ALL_ACCESS,
-                                                0);
+    sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                                        ACR_DT_FILE,
+                                                        ACR_FPROT_URWX |
+                                                        ACR_FPROT_GRWX);
     sa.bInheritHandle       = FALSE;
     for (;;) {
         fh = CreateFileW(path,

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c?rev=812923&r1=812922&r2=812923&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Wed Sep  9 12:30:24 2009
@@ -23,6 +23,7 @@
 #include "acr_string.h"
 #include "acr_tables.h"
 #include "acr_descriptor.h"
+#include "acr_file.h"
 #include "acr_users.h"
 
 PSID ACR_GetSidFromAccountName(LPCWSTR name, PSID_NAME_USE sidtype)
@@ -314,6 +315,97 @@
     return ACR_SUCCESS;
 }
 
+static struct {
+    int            type;
+    SE_OBJECT_TYPE krnl;
+    DWORD          a;
+    DWORD          x;
+    DWORD          w;
+    DWORD          r;
+} prot_types [] = {
+    { ACR_DT_FILE,
+      SE_FILE_OBJECT,
+      FILE_ALL_ACCESS,
+      FILE_GENERIC_EXECUTE,
+      FILE_GENERIC_WRITE,
+      FILE_GENERIC_READ
+    },
+    { ACR_DT_MUTEX,
+      SE_KERNEL_OBJECT,
+      MUTEX_ALL_ACCESS,
+      MUTEX_ALL_ACCESS,
+      MUTEX_ALL_ACCESS,
+      MUTEX_MODIFY_STATE
+    },
+    { ACR_DT_SHM,
+      SE_KERNEL_OBJECT,
+      FILE_MAP_ALL_ACCESS | FILE_MAP_EXECUTE,
+      FILE_MAP_EXECUTE,
+      FILE_MAP_WRITE | FILE_MAP_COPY,
+      FILE_MAP_READ  | FILE_MAP_COPY
+    },
+    { ACR_DT_SEMAPHORE,
+      SE_KERNEL_OBJECT,
+      SEMAPHORE_ALL_ACCESS,
+      SEMAPHORE_ALL_ACCESS,
+      SEMAPHORE_ALL_ACCESS,
+      SEMAPHORE_MODIFY_STATE
+    },
+    { ACR_DT_UNKNOWN,
+      0,
+      0,
+      0,
+      0,
+      0
+    }
+};
+
+/* Left bit shifts from World scope to given scope */
+typedef enum prot_scope_e {
+    prot_scope_world = 0,
+    prot_scope_group = 4,
+    prot_scope_user =  8
+} prot_scope_e;
+
+static ACCESS_MASK convert_acc(int prot, int type, SE_OBJECT_TYPE *ktype,
+                               prot_scope_e scope)
+{
+    int i = 0;
+    /* These choices are based on the single filesystem bit that controls
+     * the given behavior.  They are -not- recommended for any set protection
+     * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
+     */
+    ACCESS_MASK acc = 0;
+    prot = (prot >> scope) & 0x0F;
+
+    if (prot & ACR_FPROT_WEXECUTE)
+        acc |= GENERIC_EXECUTE;
+    if (prot & ACR_FPROT_WWRITE)
+        acc |= GENERIC_WRITE;
+    if (prot & ACR_FPROT_WREAD)
+        acc |= GENERIC_READ;
+    while (prot_types[i].type != ACR_DT_UNKNOWN) {
+        if (prot_types[i].type == type)
+            break;
+        i++;
+    }
+    if (prot_types[i].type != ACR_DT_UNKNOWN) {
+        if ((prot & 0x07) == (ACR_FPROT_WEXECUTE | ACR_FPROT_WWRITE | ACR_FPROT_WREAD))
{
+            acc |= prot_types[i].a;
+        }
+        else {
+            if (prot & ACR_FPROT_WEXECUTE)
+                acc |= prot_types[i].x;
+            if (prot & ACR_FPROT_WWRITE)
+                acc |= prot_types[i].w;
+            if (prot & ACR_FPROT_WREAD)
+                acc |= prot_types[i].r;
+        }
+        if (ktype)
+            *ktype = prot_types[i].krnl;
+    }
+    return acc;
+}
 
 LPVOID ACR_GetSecurityDescriptor(JNIEnv *_E,
                                  DWORD dwAdminAccessMask,
@@ -346,7 +438,7 @@
 
     if (dwGroupAccessMask) {
         sprintf(saa, "(A;OICI;0x%08x", dwGroupAccessMask);
-        /* Authenticated users */
+        /* Creator Group */
         strcat(sdd, saa);
         strcat(sdd, ";;;CG)");
     }
@@ -382,12 +474,37 @@
     return pSD;
 }
 
-DWORD ACR_SetSecurityInfoD(HANDLE handle, SE_OBJECT_TYPE type,
-                           PSID uid, PSID gid, LPVOID psd)
+LPVOID ACR_StdSecurityDescriptor(JNIEnv *_E,
+                                 int type, int perms)
+{
+    LPVOID psd;
+    psd = ACR_GetSecurityDescriptor(_E,
+                                    convert_acc(perms, type, NULL, prot_scope_user),
+                                    convert_acc(perms, type, NULL, prot_scope_group),
+                                    convert_acc(perms, type, NULL, prot_scope_world));
+    return psd;
+}
+
+DWORD ACR_SetSecurityInfo(HANDLE handle, int type,
+                          PSID uid, PSID gid, int perms)
 {
     ACL *dacl = NULL;
     SECURITY_INFORMATION sinf = 0;
+    LPVOID psd;
+    SE_OBJECT_TYPE ko = SE_UNKNOWN_OBJECT_TYPE;
 
+    psd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+                                    convert_acc(perms, type, &ko, prot_scope_user),
+                                    convert_acc(perms, type, &ko, prot_scope_group),
+                                    convert_acc(perms, type, &ko, prot_scope_world));
+    if (ko == SE_UNKNOWN_OBJECT_TYPE) {
+        /* Unknown descriptor type */
+        return ACR_EINVAL;
+    }
+    if (psd == NULL) {
+        /* Return the error from GetSecurityDescriptor */
+        return ACR_GET_OS_ERROR();
+    }
     if (uid) {
         sinf |= OWNER_SECURITY_INFORMATION;
     }
@@ -415,5 +532,5 @@
             sinf |= DACL_SECURITY_INFORMATION;
         }
     }
-    return SetSecurityInfo(handle, type, sinf, uid, gid, dacl, NULL);
+    return SetSecurityInfo(handle, ko, sinf, uid, gid, dacl, NULL);
 }



Mime
View raw message