Return-Path: Delivered-To: apmail-commons-commits-archive@minotaur.apache.org Received: (qmail 87089 invoked from network); 9 Sep 2009 12:30:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 9 Sep 2009 12:30:51 -0000 Received: (qmail 45135 invoked by uid 500); 9 Sep 2009 12:30:51 -0000 Delivered-To: apmail-commons-commits-archive@commons.apache.org Received: (qmail 45023 invoked by uid 500); 9 Sep 2009 12:30:51 -0000 Mailing-List: contact commits-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@commons.apache.org Delivered-To: mailing list commits@commons.apache.org Received: (qmail 45014 invoked by uid 99); 9 Sep 2009 12:30:51 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Sep 2009 12:30:51 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Sep 2009 12:30:46 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 622C523888E7; Wed, 9 Sep 2009 12:30:25 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r812923 - in /commons/sandbox/runtime/trunk/src/main/native: include/acr_file.h include/arch/windows/acr_arch_private.h os/win32/mutex.c os/win32/sema.c os/win32/shm.c os/win32/temps.c os/win32/wusec.c Date: Wed, 09 Sep 2009 12:30:25 -0000 To: commits@commons.apache.org From: mturk@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090909123025.622C523888E7@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: mturk Date: Wed Sep 9 12:30:24 2009 New Revision: 812923 URL: http://svn.apache.org/viewvc?rev=812923&view=rev Log: Add common object security setter Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h?rev=812923&r1=812922&r2=812923&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h (original) +++ commons/sandbox/runtime/trunk/src/main/native/include/acr_file.h Wed Sep 9 12:30:24 2009 @@ -50,16 +50,22 @@ #define ACR_FPROT_UREAD 0x0400 /**< Read by user */ #define ACR_FPROT_UWRITE 0x0200 /**< Write by user */ #define ACR_FPROT_UEXECUTE 0x0100 /**< Execute by user */ +#define ACR_FPROT_URDWR 0x0600 /**< User Read/Write access */ +#define ACR_FPROT_URWX 0x0700 /**< User all access */ #define ACR_FPROT_GSETID 0x4000 /**< Set group id */ #define ACR_FPROT_GREAD 0x0040 /**< Read by group */ #define ACR_FPROT_GWRITE 0x0020 /**< Write by group */ #define ACR_FPROT_GEXECUTE 0x0010 /**< Execute by group */ +#define ACR_FPROT_GRDWR 0x0060 /**< Group Read/Write access */ +#define ACR_FPROT_GRWX 0x0070 /**< Group all access */ #define ACR_FPROT_WSTICKY 0x2000 /**< Sticky bit */ #define ACR_FPROT_WREAD 0x0004 /**< Read by others */ #define ACR_FPROT_WWRITE 0x0002 /**< Write by others */ #define ACR_FPROT_WEXECUTE 0x0001 /**< Execute by others */ +#define ACR_FPROT_WRDWR 0x0006 /**< Read/Write by others */ +#define ACR_FPROT_WRWX 0x0007 /**< All access by others */ #define ACR_FPROT_OS_DEFAULT 0x0FFF /**< use OS's default permissions */ Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h?rev=812923&r1=812922&r2=812923&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h (original) +++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h Wed Sep 9 12:30:24 2009 @@ -127,7 +127,8 @@ PSID ACR_DuplicateSid(JNIEnv *_E, PSID sSID); int ACR_InitSecurityDescriptorTable(JNIEnv *); LPVOID ACR_GetSecurityDescriptor(JNIEnv *, DWORD, DWORD, DWORD); -DWORD ACR_SetSecurityInfoD(HANDLE, SE_OBJECT_TYPE, PSID, PSID, LPVOID); +LPVOID ACR_StdSecurityDescriptor(JNIEnv *, int, int); +DWORD ACR_SetSecurityInfo(HANDLE, int, PSID, PSID, int); /** * Heap allocation from main.c Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c?rev=812923&r1=812922&r2=812923&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/mutex.c Wed Sep 9 12:30:24 2009 @@ -38,32 +38,6 @@ "(L" ACR_CLASS_PATH "Descriptor;)V" }; -/* Left bit shifts from World scope to given scope */ -typedef enum prot_scope_e { - prot_scope_world = 0, - prot_scope_group = 4, - prot_scope_user = 8 -} prot_scope_e; - -static ACCESS_MASK convert_acc(int prot, prot_scope_e scope) -{ - /* These choices are based on the single filesystem bit that controls - * the given behavior. They are -not- recommended for any set protection - * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE - */ - ACCESS_MASK acc = 0; - prot = (prot >> scope) & 0x0F; - if (prot & ACR_FPROT_WEXECUTE) - acc = GENERIC_ALL | MUTEX_ALL_ACCESS; - else { - if (prot & ACR_FPROT_WWRITE) - acc |= GENERIC_WRITE | MUTEX_MODIFY_STATE; - if (prot & ACR_FPROT_WREAD) - acc |= GENERIC_READ; - } - return acc; -} - static int mutex_cleanup(void *mutex, int type, unsigned int flags) { if (type == ACR_DT_MUTEX) { @@ -100,10 +74,11 @@ * with Modify access to Authenticated users */ sa.nLength = sizeof(SECURITY_ATTRIBUTES); - sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E, - GENERIC_ALL | MUTEX_ALL_ACCESS, - GENERIC_ALL | MUTEX_ALL_ACCESS, - GENERIC_READ | GENERIC_WRITE | MUTEX_MODIFY_STATE); + sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE, + ACR_DT_MUTEX, + ACR_FPROT_URWX | + ACR_FPROT_GRWX | + ACR_FPROT_WRDWR); sa.bInheritHandle = FALSE; m = CreateMutexW(&sa, FALSE, reskey); if (!m) { @@ -229,7 +204,6 @@ acr_uid_t uid, acr_uid_t gid) { DWORD rc; - LPVOID sd; HANDLE m = (HANDLE)ACR_IOH_FDATA(mutex); if (ACR_IOH_FTYPE(mutex) != ACR_DT_MUTEX) { @@ -238,16 +212,7 @@ if (IS_INVALID_HANDLE(m)) { return ACR_EBADF; } - sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE, - convert_acc(perms, prot_scope_user), - convert_acc(perms, prot_scope_group), - convert_acc(perms, prot_scope_world)); - if (sd == NULL) { - /* Return the error from GetSecurityDescriptor */ - return ACR_GET_OS_ERROR(); - } - rc = ACR_SetSecurityInfoD(m, SE_KERNEL_OBJECT, uid, gid, sd); - + rc = ACR_SetSecurityInfo(m, ACR_DT_MUTEX, uid, gid, perms); return rc; } Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c?rev=812923&r1=812922&r2=812923&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/sema.c Wed Sep 9 12:30:24 2009 @@ -38,32 +38,6 @@ "(L" ACR_CLASS_PATH "Descriptor;)V" }; -/* Left bit shifts from World scope to given scope */ -typedef enum prot_scope_e { - prot_scope_world = 0, - prot_scope_group = 4, - prot_scope_user = 8 -} prot_scope_e; - -static ACCESS_MASK convert_acc(int prot, prot_scope_e scope) -{ - /* These choices are based on the single filesystem bit that controls - * the given behavior. They are -not- recommended for any set protection - * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE - */ - ACCESS_MASK acc = 0; - prot = (prot >> scope) & 0x0F; - if (prot & ACR_FPROT_WEXECUTE) - acc = GENERIC_ALL | SEMAPHORE_ALL_ACCESS; - else { - if (prot & ACR_FPROT_WWRITE) - acc |= GENERIC_WRITE | SEMAPHORE_MODIFY_STATE; - if (prot & ACR_FPROT_WREAD) - acc |= GENERIC_READ; - } - return acc; -} - static int semaphore_cleanup(void *sema, int type, unsigned int flags) { if (type == ACR_DT_SEMAPHORE) { @@ -108,10 +82,11 @@ * with Modify access to Authenticated users */ sa.nLength = sizeof(SECURITY_ATTRIBUTES); - sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E, - GENERIC_ALL | SEMAPHORE_ALL_ACCESS, - GENERIC_ALL | SEMAPHORE_ALL_ACCESS, - GENERIC_READ | GENERIC_WRITE | SEMAPHORE_MODIFY_STATE); + sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE, + ACR_DT_SEMAPHORE, + ACR_FPROT_URWX | + ACR_FPROT_GRWX | + ACR_FPROT_WRDWR); sa.bInheritHandle = FALSE; s = CreateSemaphoreW(&sa, (LONG)value, (LONG)maxval, reskey); if (!s) { @@ -165,7 +140,6 @@ acr_uid_t uid, acr_uid_t gid) { DWORD rc; - LPVOID sd; HANDLE s = (HANDLE)ACR_IOH_FDATA(sema); if (ACR_IOH_FTYPE(sema) != ACR_DT_SEMAPHORE) { @@ -174,16 +148,7 @@ if (IS_INVALID_HANDLE(s)) { return ACR_EBADF; } - sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE, - convert_acc(perms, prot_scope_user), - convert_acc(perms, prot_scope_group), - convert_acc(perms, prot_scope_world)); - if (sd == NULL) { - /* Return the error from GetSecurityDescriptor */ - return ACR_GET_OS_ERROR(); - } - rc = ACR_SetSecurityInfoD(s, SE_KERNEL_OBJECT, uid, gid, sd); - + rc = ACR_SetSecurityInfo(s, ACR_DT_SEMAPHORE, uid, gid, perms); return rc; } Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c?rev=812923&r1=812922&r2=812923&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c Wed Sep 9 12:30:24 2009 @@ -57,32 +57,6 @@ const wchar_t *filename; }; -/* Left bit shifts from World scope to given scope */ -typedef enum prot_scope_e { - prot_scope_world = 0, - prot_scope_group = 4, - prot_scope_user = 8 -} prot_scope_e; - -static ACCESS_MASK convert_acc(int prot, prot_scope_e scope) -{ - /* These choices are based on the single filesystem bit that controls - * the given behavior. They are -not- recommended for any set protection - * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE - */ - ACCESS_MASK acc = 0; - prot = (prot >> scope) & 0x0F; - if (prot & ACR_FPROT_WEXECUTE) - acc = GENERIC_ALL | FILE_MAP_ALL_ACCESS; - else { - if (prot & ACR_FPROT_WWRITE) - acc |= GENERIC_WRITE | FILE_MAP_WRITE; - if (prot & ACR_FPROT_WREAD) - acc |= GENERIC_READ | FILE_MAP_READ; - } - return acc; -} - static int shm_cleanup(void *shm, int type, unsigned int flags) { int rc = 0; @@ -188,10 +162,10 @@ /* Name-based shared memory */ else { sa.nLength = sizeof(SECURITY_ATTRIBUTES); - sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(_E, - GENERIC_ALL | FILE_ALL_ACCESS, - GENERIC_ALL | FILE_ALL_ACCESS, - 0); + sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE, + ACR_DT_FILE, + ACR_FPROT_URWX | + ACR_FPROT_GRWX); sa.bInheritHandle = FALSE; /* Do file backed, which is not an inherited handle * While we could open APR_EXCL, it doesn't seem that Unix @@ -365,30 +339,16 @@ acr_uid_t uid, acr_uid_t gid) { DWORD rc = 0; - LPVOID sd; acr_shm_t *m = (acr_shm_t *)ACR_IOH_FDATA(shm); if (ACR_IOH_FTYPE(shm) != ACR_DT_SHM) { - rc = ACR_EFTYPE; - goto finally; + return ACR_EFTYPE; } if (IS_INVALID_HANDLE(m)) { - rc = ACR_EBADF; - goto finally; + return ACR_EBADF; } - sd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE, - convert_acc(perms, prot_scope_user), - convert_acc(perms, prot_scope_group), - convert_acc(perms, prot_scope_world)); - if (sd == NULL) { - rc = ACR_GET_OS_ERROR(); - goto finally; - } - rc = ACR_SetSecurityInfoD(m->hmap, SE_KERNEL_OBJECT, uid, gid, sd); - -finally: - ACR_THROW_IO_IF_ERR(rc); + rc = ACR_SetSecurityInfo(m->hmap, ACR_DT_SHM, uid, gid, perms); return rc; } Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c?rev=812923&r1=812922&r2=812923&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/temps.c Wed Sep 9 12:30:24 2009 @@ -116,10 +116,10 @@ sa.nLength = sizeof(SECURITY_ATTRIBUTES); /* Allow access only to owner and Administrators Group */ - sa.lpSecurityDescriptor = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE, - GENERIC_ALL | FILE_ALL_ACCESS, - GENERIC_ALL | FILE_ALL_ACCESS, - 0); + sa.lpSecurityDescriptor = ACR_StdSecurityDescriptor(INVALID_HANDLE_VALUE, + ACR_DT_FILE, + ACR_FPROT_URWX | + ACR_FPROT_GRWX); sa.bInheritHandle = FALSE; for (;;) { fh = CreateFileW(path, Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c?rev=812923&r1=812922&r2=812923&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/os/win32/wusec.c Wed Sep 9 12:30:24 2009 @@ -23,6 +23,7 @@ #include "acr_string.h" #include "acr_tables.h" #include "acr_descriptor.h" +#include "acr_file.h" #include "acr_users.h" PSID ACR_GetSidFromAccountName(LPCWSTR name, PSID_NAME_USE sidtype) @@ -314,6 +315,97 @@ return ACR_SUCCESS; } +static struct { + int type; + SE_OBJECT_TYPE krnl; + DWORD a; + DWORD x; + DWORD w; + DWORD r; +} prot_types [] = { + { ACR_DT_FILE, + SE_FILE_OBJECT, + FILE_ALL_ACCESS, + FILE_GENERIC_EXECUTE, + FILE_GENERIC_WRITE, + FILE_GENERIC_READ + }, + { ACR_DT_MUTEX, + SE_KERNEL_OBJECT, + MUTEX_ALL_ACCESS, + MUTEX_ALL_ACCESS, + MUTEX_ALL_ACCESS, + MUTEX_MODIFY_STATE + }, + { ACR_DT_SHM, + SE_KERNEL_OBJECT, + FILE_MAP_ALL_ACCESS | FILE_MAP_EXECUTE, + FILE_MAP_EXECUTE, + FILE_MAP_WRITE | FILE_MAP_COPY, + FILE_MAP_READ | FILE_MAP_COPY + }, + { ACR_DT_SEMAPHORE, + SE_KERNEL_OBJECT, + SEMAPHORE_ALL_ACCESS, + SEMAPHORE_ALL_ACCESS, + SEMAPHORE_ALL_ACCESS, + SEMAPHORE_MODIFY_STATE + }, + { ACR_DT_UNKNOWN, + 0, + 0, + 0, + 0, + 0 + } +}; + +/* Left bit shifts from World scope to given scope */ +typedef enum prot_scope_e { + prot_scope_world = 0, + prot_scope_group = 4, + prot_scope_user = 8 +} prot_scope_e; + +static ACCESS_MASK convert_acc(int prot, int type, SE_OBJECT_TYPE *ktype, + prot_scope_e scope) +{ + int i = 0; + /* These choices are based on the single filesystem bit that controls + * the given behavior. They are -not- recommended for any set protection + * function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE + */ + ACCESS_MASK acc = 0; + prot = (prot >> scope) & 0x0F; + + if (prot & ACR_FPROT_WEXECUTE) + acc |= GENERIC_EXECUTE; + if (prot & ACR_FPROT_WWRITE) + acc |= GENERIC_WRITE; + if (prot & ACR_FPROT_WREAD) + acc |= GENERIC_READ; + while (prot_types[i].type != ACR_DT_UNKNOWN) { + if (prot_types[i].type == type) + break; + i++; + } + if (prot_types[i].type != ACR_DT_UNKNOWN) { + if ((prot & 0x07) == (ACR_FPROT_WEXECUTE | ACR_FPROT_WWRITE | ACR_FPROT_WREAD)) { + acc |= prot_types[i].a; + } + else { + if (prot & ACR_FPROT_WEXECUTE) + acc |= prot_types[i].x; + if (prot & ACR_FPROT_WWRITE) + acc |= prot_types[i].w; + if (prot & ACR_FPROT_WREAD) + acc |= prot_types[i].r; + } + if (ktype) + *ktype = prot_types[i].krnl; + } + return acc; +} LPVOID ACR_GetSecurityDescriptor(JNIEnv *_E, DWORD dwAdminAccessMask, @@ -346,7 +438,7 @@ if (dwGroupAccessMask) { sprintf(saa, "(A;OICI;0x%08x", dwGroupAccessMask); - /* Authenticated users */ + /* Creator Group */ strcat(sdd, saa); strcat(sdd, ";;;CG)"); } @@ -382,12 +474,37 @@ return pSD; } -DWORD ACR_SetSecurityInfoD(HANDLE handle, SE_OBJECT_TYPE type, - PSID uid, PSID gid, LPVOID psd) +LPVOID ACR_StdSecurityDescriptor(JNIEnv *_E, + int type, int perms) +{ + LPVOID psd; + psd = ACR_GetSecurityDescriptor(_E, + convert_acc(perms, type, NULL, prot_scope_user), + convert_acc(perms, type, NULL, prot_scope_group), + convert_acc(perms, type, NULL, prot_scope_world)); + return psd; +} + +DWORD ACR_SetSecurityInfo(HANDLE handle, int type, + PSID uid, PSID gid, int perms) { ACL *dacl = NULL; SECURITY_INFORMATION sinf = 0; + LPVOID psd; + SE_OBJECT_TYPE ko = SE_UNKNOWN_OBJECT_TYPE; + psd = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE, + convert_acc(perms, type, &ko, prot_scope_user), + convert_acc(perms, type, &ko, prot_scope_group), + convert_acc(perms, type, &ko, prot_scope_world)); + if (ko == SE_UNKNOWN_OBJECT_TYPE) { + /* Unknown descriptor type */ + return ACR_EINVAL; + } + if (psd == NULL) { + /* Return the error from GetSecurityDescriptor */ + return ACR_GET_OS_ERROR(); + } if (uid) { sinf |= OWNER_SECURITY_INFORMATION; } @@ -415,5 +532,5 @@ sinf |= DACL_SECURITY_INFORMATION; } } - return SetSecurityInfo(handle, type, sinf, uid, gid, dacl, NULL); + return SetSecurityInfo(handle, ko, sinf, uid, gid, dacl, NULL); }