2003-09-15 Pierre Humblet <pierre.humblet@ieee.org>

	* security.h (__sec_user): Add "access2" argument.
	(sec_acl): Add "original" and "access2" arguments.
	(sec_user): Add "sid2" and "access2" argument. Remove dependence on
	allow_ntsec.
	(sec_user_nih): Ditto.
	* sec_helper.cc (__sec_user): Add "has_security" test.
	Call sec_acl with new arguments, letting it handle original_sid.
	(sec_acl): Add "original" and "access2" arguments. Handle original_sid
	depending on flag but avoiding duplicates. Use "access2" for sid2.
	* pinfo.cc (pinfo::init): Use security attributes created by sec_user
	when creating the mapping.
	* security.cc (create_token): Adjust arguments in call to sec_acl.
	Call sec_user instead of __sec_user.
	* syscall.cc (seteuid32):  Adjust arguments in call to sec_acl. Remove
	now unnecessary test. Remove useless conversions to psid.
	* dcrt0.cc (dll_crt0_1): Call cygsid::init before pinfo_init.

7 files changed, 52 insertions, 32 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 915567658..bdb4e9795 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,22 @@
+2003-09-15  Pierre Humblet <pierre.humblet@ieee.org>
+
+	* security.h (__sec_user): Add "access2" argument.
+	(sec_acl): Add "original" and "access2" arguments.
+	(sec_user): Add "sid2" and "access2" argument. Remove dependence on 
+	allow_ntsec.
+	(sec_user_nih): Ditto.
+	* sec_helper.cc (__sec_user): Add "has_security" test.
+	Call sec_acl with new arguments, letting it handle original_sid.
+	(sec_acl): Add "original" and "access2" arguments. Handle original_sid 
+	depending on flag but avoiding duplicates. Use "access2" for sid2.
+	* pinfo.cc (pinfo::init): Use security attributes created by sec_user
+	when creating the mapping.
+	* security.cc (create_token): Adjust arguments in call to sec_acl.
+	Call sec_user instead of __sec_user.
+	* syscall.cc (seteuid32):  Adjust arguments in call to sec_acl. Remove 
+	now unnecessary test. Remove useless conversions to psid.
+	* dcrt0.cc (dll_crt0_1): Call cygsid::init before pinfo_init.
+
 2003-09-13  Christopher Faylor  <cgf@redhat.com>
 
 	* Makefile.in: Make malloc_wrapper -fomit-frame-pointer.
diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc
index 51cc55f25..c907399bf 100644
--- a/winsup/cygwin/dcrt0.cc
+++ b/winsup/cygwin/dcrt0.cc
@@ -678,6 +678,9 @@ dll_crt0_1 ()
   }
 #endif
 
+  /* Init global well known SID objects */
+  cygsid::init ();
+
   /* Initialize our process table entry. */
   pinfo_init (envp, envc);
 
@@ -687,9 +690,6 @@ dll_crt0_1 ()
   /* Allocate cygheap->fdtab */
   dtable_init ();
 
-  /* Init global well known SID objects */
-  cygsid::init ();
-
   /* Initialize user info. */
   uinfo_init ();
 
diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc
index aca4dff4d..a1f068c2f 100644
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@@ -164,7 +164,11 @@ pinfo::init (pid_t n, DWORD flag, HANDLE in_h)
 	}
       else
 	{
-	  h = CreateFileMapping (INVALID_HANDLE_VALUE, &sec_all_nih,
+	  char sa_buf[1024];
+	  PSECURITY_ATTRIBUTES sec_attribs =
+	    sec_user_nih (sa_buf, cygheap->user.sid(), well_known_world_sid,
+			  FILE_MAP_READ | FILE_MAP_WRITE); /* FIXME */
+	  h = CreateFileMapping (INVALID_HANDLE_VALUE, sec_attribs,
 				 PAGE_READWRITE, 0, mapsize, mapname);
 	  created = h && GetLastError () != ERROR_ALREADY_EXISTS;
 	}
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index c8c627ae1..70817c5c5 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -372,23 +372,29 @@ get_null_sd ()
 }
 
 BOOL
-sec_acl (PACL acl, BOOL admins, PSID sid1, PSID sid2)
+sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD access2)
 {
   size_t acl_len = MAX_DACL_LEN(5);
+  cygpsid psid;
 
   if (!InitializeAcl (acl, acl_len, ACL_REVISION))
     {
       debug_printf ("InitializeAcl %E");
       return FALSE;
     }
-  if (sid2)
-    if (!AddAccessAllowedAce (acl, ACL_REVISION,
-			      GENERIC_ALL, sid2))
-      debug_printf ("AddAccessAllowedAce(sid2) %E");
   if (sid1)
     if (!AddAccessAllowedAce (acl, ACL_REVISION,
 			      GENERIC_ALL, sid1))
       debug_printf ("AddAccessAllowedAce(sid1) %E");
+  if (original && (psid = cygheap->user.orig_sid ())
+      && psid != sid1 && psid != well_known_system_sid)
+    if (!AddAccessAllowedAce (acl, ACL_REVISION,
+			      GENERIC_ALL, psid))
+      debug_printf ("AddAccessAllowedAce(original) %E");
+  if (sid2)
+    if (!AddAccessAllowedAce (acl, ACL_REVISION,
+			      access2, sid2))
+      debug_printf ("AddAccessAllowedAce(sid2) %E");
   if (admins)
     if (!AddAccessAllowedAce (acl, ACL_REVISION,
 			      GENERIC_ALL, well_known_admins_sid))
@@ -396,26 +402,18 @@ sec_acl (PACL acl, BOOL admins, PSID sid1, PSID sid2)
   if (!AddAccessAllowedAce (acl, ACL_REVISION,
 			    GENERIC_ALL, well_known_system_sid))
     debug_printf ("AddAccessAllowedAce(system) %E");
-#if 0 /* Does not seem to help */
-  if (!AddAccessAllowedAce (acl, ACL_REVISION,
-			    GENERIC_ALL, well_known_creator_owner_sid))
-    debug_printf ("AddAccessAllowedAce(creator_owner) %E");
-#endif
   return TRUE;
 }
 
 PSECURITY_ATTRIBUTES __stdcall
-__sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
+__sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
 {
   PSECURITY_ATTRIBUTES psa = (PSECURITY_ATTRIBUTES) sa_buf;
   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)
 			     ((char *) sa_buf + sizeof (*psa));
   PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
 
-  cygsid sid;
-
-  if (!(sid = cygheap->user.orig_sid ()) ||
-	  (!sec_acl (acl, TRUE, sid, sid2)))
+  if (!wincap.has_security () || !sec_acl (acl, true, true, sid1, sid2, access2))
     return inherit ? &sec_none : &sec_none_nih;
 
   if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index d76964f91..d81d8ab72 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -906,7 +906,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
     goto out;
 
   /* Create default dacl. */
-  if (!sec_acl ((PACL) acl_buf, FALSE,
+  if (!sec_acl ((PACL) acl_buf, false, false,
 		tmp_gsids.contains (well_known_admins_sid) ?
 		well_known_admins_sid : usersid))
     goto out;
@@ -926,7 +926,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
   else
     {
       /* Set security descriptor and primary group */
-      psa = __sec_user (sa_buf, usersid, TRUE);
+      psa = sec_user (sa_buf, usersid);
       if (psa->lpSecurityDescriptor &&
 	  !SetSecurityDescriptorGroup ((PSECURITY_DESCRIPTOR)
 				       psa->lpSecurityDescriptor,
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 0112341a3..b39962aa2 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -256,9 +256,11 @@ SECURITY_DESCRIPTOR *__stdcall get_null_sd (void);
 
 /* Various types of security attributes for use in Create* functions. */
 extern SECURITY_ATTRIBUTES sec_none, sec_none_nih, sec_all, sec_all_nih;
-extern SECURITY_ATTRIBUTES *__stdcall __sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
+extern SECURITY_ATTRIBUTES *__stdcall __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, 
+						  DWORD access2, BOOL inherit)
   __attribute__ ((regparm (3)));
-extern BOOL sec_acl (PACL acl, BOOL admins, PSID sid1 = NO_SID, PSID sid2 = NO_SID);
+extern BOOL sec_acl (PACL acl, bool original, bool admins, PSID sid1 = NO_SID, 
+		     PSID sid2 = NO_SID, DWORD access2 = 0);
 
 int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len);
 BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len);
@@ -266,14 +268,14 @@ PSECURITY_DESCRIPTOR alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
 	  PSECURITY_DESCRIPTOR sd_ret, DWORD *sd_size_ret);
 
 extern inline SECURITY_ATTRIBUTES *
-sec_user_nih (char sa_buf[], PSID sid = NULL)
+sec_user_nih (char sa_buf[], PSID sid1 = NULL, PSID sid2 = NULL, DWORD access2 = 0)
 {
-  return allow_ntsec ? __sec_user (sa_buf, sid, FALSE) : &sec_none_nih;
+  return __sec_user (sa_buf, sid1, sid2, access2, FALSE);
 }
 
 extern inline SECURITY_ATTRIBUTES *
-sec_user (char sa_buf[], PSID sid = NULL)
+sec_user (char sa_buf[], PSID sid1 = NULL, PSID sid2 = NULL, DWORD access2 = 0)
 {
-  return allow_ntsec ? __sec_user (sa_buf, sid, TRUE) : &sec_none;
+  return __sec_user (sa_buf, sid1, sid2, access2, TRUE);
 }
 #endif /*_SECURITY_H*/
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index 041482346..c9d926462 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -2076,7 +2076,6 @@ seteuid32 (__uid32_t uid)
   user_groups &groups = cygheap->user.groups;
   HANDLE ptok, new_token = INVALID_HANDLE_VALUE;
   struct passwd * pw_new;
-  cygpsid origpsid, psid2 (NO_SID);
   BOOL token_is_internal, issamesid;
   
   pw_new = internal_getpwuid (uid);
@@ -2121,9 +2120,7 @@ seteuid32 (__uid32_t uid)
   if (cygheap->user.current_token != new_token)
     {
       char dacl_buf[MAX_DACL_LEN (5)];
-      if (usersid != (origpsid = cygheap->user.orig_sid ()))
-	psid2 = usersid;
-      if (sec_acl ((PACL) dacl_buf, FALSE, origpsid, psid2))
+      if (sec_acl ((PACL) dacl_buf, true, false, usersid))
 	{
 	  TOKEN_DEFAULT_DACL tdacl;
 	  tdacl.DefaultDacl = (PACL) dacl_buf;
@@ -2171,7 +2168,7 @@ seteuid32 (__uid32_t uid)
     }
 
   CloseHandle (ptok);
-  issamesid = (usersid == (psid2 = cygheap->user.sid ())); 
+  issamesid = (usersid == cygheap->user.sid ()); 
   cygheap->user.set_sid (usersid);
   cygheap->user.current_token = new_token == ptok ? INVALID_HANDLE_VALUE
                                                   : new_token;