This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ntsec change needed to read one of my partitions


At 10:50 PM 11/24/2003 -0500, you wrote:
>I needed to bump up the size of the various buffers throughout
>sec_acl.cc and security.cc to manipulate one of the partitions on my
>hard drive.
>
>I was having problems with the root directory of an NTFS filesystem.
>It formerly was compressed but I don't think that had anything to do
>with it.
>
>getfacl didn't work prior to this change but after bumping the buffers
>up, it did.  Here's what it reported:
>
>  k:\>getfacl .
>  # file: .
>  # owner: Administrators
>  # group: SYSTEM
>  user::rwx
>  group::rwx
>  group:Users:r-x
>  mask:rwx
>  other:r-x
>  default:user::---
>  default:user:Administrators:rwx
>  default:group:SYSTEM:rwx
>  default:group:Users:rwx
>  default:mask:rwx
>
>Does anything in the above look strange?

Nope, it looks very mundane.

>FWIW, the size returned by read_sd was 4144 so bumping things up to
>8192 was probably overkill.

4144 IS very strange, way high. 
What does cacls report?

Pierre
 
>I wouldn't have noticed this previously but the recent addition of
>access checking in opendir made it obvious since I was no longer
>able to get a directory listing with the CVS version of cygwin.
>The 1.5.5 version of cygwin allowed a directory listing but did
>not allow the manipulation of the directory in any other way, i.e.,
>with chmod or chown.
>
>Corinna or Pierre, can you explain this?
>
>cgf
>
>Index: security.cc
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/security.cc,v
>retrieving revision 1.154
>diff -u -p -r1.154 security.cc
>--- security.cc	16 Oct 2003 23:20:41 -0000	1.154
>+++ security.cc	25 Nov 2003 03:49:10 -0000
>@@ -1362,8 +1362,8 @@ get_nt_attribute (const char *file, mode
> 		  __uid32_t *uidret, __gid32_t *gidret)
> {
>   /* Yeah, sounds too much, but I've seen SDs of 2100 bytes! */
>-  DWORD sd_size = 4096;
>-  char sd_buf[4096];
>+  char sd_buf[8192];
>+  DWORD sd_size = sizeof sd_buf;
>   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
> 
>   if (read_sd (file, psd, &sd_size) <= 0)
>@@ -1414,7 +1414,7 @@ get_nt_object_attribute (HANDLE handle, 
> 			 mode_t *attribute, __uid32_t *uidret, __gid32_t *gidret)
> {
>   PSECURITY_DESCRIPTOR psd;
>-  char sd_buf[4096];
>+  char sd_buf[8192];
> 
>   if (object_type == SE_REGISTRY_KEY)
>     {
>@@ -1824,8 +1824,8 @@ set_nt_attribute (const char *file, __ui
>   if (!wincap.has_security ())
>     return 0;
> 
>-  DWORD sd_size = 4096;
>-  char sd_buf[4096];
>+  char sd_buf[8192];
>+  DWORD sd_size = sizeof sd_buf;
>   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
> 
>   int ret;
>@@ -1835,7 +1835,7 @@ set_nt_attribute (const char *file, __ui
>       return -1;
>     }
> 
>-  sd_size = 4096;
>+  sd_size = sizeof sd_buf;
>   if (!(psd = alloc_sd (uid, gid, attribute, psd, &sd_size)))
>     return -1;
> 
>@@ -1872,7 +1872,7 @@ int
> check_file_access (const char *fn, int flags)
> {
>   int ret = -1;
>-  char sd_buf[4096];
>+  char sd_buf[8192];
>   DWORD sd_size = sizeof sd_buf;
>   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
>   HANDLE hToken, hIToken;
>Index: sec_acl.cc
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/sec_acl.cc,v
>retrieving revision 1.32
>diff -u -p -r1.32 sec_acl.cc
>--- sec_acl.cc	25 Sep 2003 00:37:17 -0000	1.32
>+++ sec_acl.cc	25 Nov 2003 03:49:10 -0000
>@@ -49,8 +49,8 @@ searchace (__aclent32_t *aclp, int nentr
> static int
> setacl (const char *file, int nentries, __aclent32_t *aclbufp)
> {
>-  DWORD sd_size = 4096;
>-  char sd_buf[4096];
>+  char sd_buf[8192];
>+  DWORD sd_size = sizeof sd_buf;
>   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
> 
>   if (read_sd (file, psd, &sd_size) <= 0)
>@@ -257,8 +257,8 @@ getace (__aclent32_t &acl, int type, int
> static int
> getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
> {
>-  DWORD sd_size = 4096;
>-  char sd_buf[4096];
>+  char sd_buf[8192];
>+  DWORD sd_size = sizeof sd_buf;
>   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
> 
>   int ret;
>Index: path.cc
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/path.cc,v
>retrieving revision 1.279
>diff -u -p -r1.279 path.cc
>--- path.cc	14 Nov 2003 23:40:05 -0000	1.279
>+++ path.cc	25 Nov 2003 03:49:11 -0000
>@@ -2565,7 +2564,7 @@ symlink_worker (const char *topath, cons
> 
>   if (allow_ntsec && win32_path.has_acls ())
>     set_security_attribute (S_IFLNK | STD_RBITS | STD_WBITS,
>-			    &sa, alloca (4096), 4096);
>+			    &sa, alloca (8192), 8192);
> 
>   h = CreateFile (win32_path, GENERIC_WRITE, 0, &sa, create_how,
> 		  FILE_ATTRIBUTE_NORMAL, 0);
>


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]