This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: ntsec change needed to read one of my partitions
- From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
- To: cygwin-developers at cygwin dot com
- Date: Mon, 24 Nov 2003 23:06:16 -0500
- Subject: Re: ntsec change needed to read one of my partitions
At 10:50 PM 11/24/2003 -0500, you wrote:
>I needed to bump up the size of the various buffers throughout
>sec_acl.cc and security.cc to manipulate one of the partitions on my
>hard drive.
>
>I was having problems with the root directory of an NTFS filesystem.
>It formerly was compressed but I don't think that had anything to do
>with it.
>
>getfacl didn't work prior to this change but after bumping the buffers
>up, it did. Here's what it reported:
>
> k:\>getfacl .
> # file: .
> # owner: Administrators
> # group: SYSTEM
> user::rwx
> group::rwx
> group:Users:r-x
> mask:rwx
> other:r-x
> default:user::---
> default:user:Administrators:rwx
> default:group:SYSTEM:rwx
> default:group:Users:rwx
> default:mask:rwx
>
>Does anything in the above look strange?
Nope, it looks very mundane.
>FWIW, the size returned by read_sd was 4144 so bumping things up to
>8192 was probably overkill.
4144 IS very strange, way high.
What does cacls report?
Pierre
>I wouldn't have noticed this previously but the recent addition of
>access checking in opendir made it obvious since I was no longer
>able to get a directory listing with the CVS version of cygwin.
>The 1.5.5 version of cygwin allowed a directory listing but did
>not allow the manipulation of the directory in any other way, i.e.,
>with chmod or chown.
>
>Corinna or Pierre, can you explain this?
>
>cgf
>
>Index: security.cc
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/security.cc,v
>retrieving revision 1.154
>diff -u -p -r1.154 security.cc
>--- security.cc 16 Oct 2003 23:20:41 -0000 1.154
>+++ security.cc 25 Nov 2003 03:49:10 -0000
>@@ -1362,8 +1362,8 @@ get_nt_attribute (const char *file, mode
> __uid32_t *uidret, __gid32_t *gidret)
> {
> /* Yeah, sounds too much, but I've seen SDs of 2100 bytes! */
>- DWORD sd_size = 4096;
>- char sd_buf[4096];
>+ char sd_buf[8192];
>+ DWORD sd_size = sizeof sd_buf;
> PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
>
> if (read_sd (file, psd, &sd_size) <= 0)
>@@ -1414,7 +1414,7 @@ get_nt_object_attribute (HANDLE handle,
> mode_t *attribute, __uid32_t *uidret, __gid32_t *gidret)
> {
> PSECURITY_DESCRIPTOR psd;
>- char sd_buf[4096];
>+ char sd_buf[8192];
>
> if (object_type == SE_REGISTRY_KEY)
> {
>@@ -1824,8 +1824,8 @@ set_nt_attribute (const char *file, __ui
> if (!wincap.has_security ())
> return 0;
>
>- DWORD sd_size = 4096;
>- char sd_buf[4096];
>+ char sd_buf[8192];
>+ DWORD sd_size = sizeof sd_buf;
> PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
>
> int ret;
>@@ -1835,7 +1835,7 @@ set_nt_attribute (const char *file, __ui
> return -1;
> }
>
>- sd_size = 4096;
>+ sd_size = sizeof sd_buf;
> if (!(psd = alloc_sd (uid, gid, attribute, psd, &sd_size)))
> return -1;
>
>@@ -1872,7 +1872,7 @@ int
> check_file_access (const char *fn, int flags)
> {
> int ret = -1;
>- char sd_buf[4096];
>+ char sd_buf[8192];
> DWORD sd_size = sizeof sd_buf;
> PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
> HANDLE hToken, hIToken;
>Index: sec_acl.cc
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/sec_acl.cc,v
>retrieving revision 1.32
>diff -u -p -r1.32 sec_acl.cc
>--- sec_acl.cc 25 Sep 2003 00:37:17 -0000 1.32
>+++ sec_acl.cc 25 Nov 2003 03:49:10 -0000
>@@ -49,8 +49,8 @@ searchace (__aclent32_t *aclp, int nentr
> static int
> setacl (const char *file, int nentries, __aclent32_t *aclbufp)
> {
>- DWORD sd_size = 4096;
>- char sd_buf[4096];
>+ char sd_buf[8192];
>+ DWORD sd_size = sizeof sd_buf;
> PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
>
> if (read_sd (file, psd, &sd_size) <= 0)
>@@ -257,8 +257,8 @@ getace (__aclent32_t &acl, int type, int
> static int
> getacl (const char *file, DWORD attr, int nentries, __aclent32_t *aclbufp)
> {
>- DWORD sd_size = 4096;
>- char sd_buf[4096];
>+ char sd_buf[8192];
>+ DWORD sd_size = sizeof sd_buf;
> PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
>
> int ret;
>Index: path.cc
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/path.cc,v
>retrieving revision 1.279
>diff -u -p -r1.279 path.cc
>--- path.cc 14 Nov 2003 23:40:05 -0000 1.279
>+++ path.cc 25 Nov 2003 03:49:11 -0000
>@@ -2565,7 +2564,7 @@ symlink_worker (const char *topath, cons
>
> if (allow_ntsec && win32_path.has_acls ())
> set_security_attribute (S_IFLNK | STD_RBITS | STD_WBITS,
>- &sa, alloca (4096), 4096);
>+ &sa, alloca (8192), 8192);
>
> h = CreateFile (win32_path, GENERIC_WRITE, 0, &sa, create_how,
> FILE_ATTRIBUTE_NORMAL, 0);
>