Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
8eb03845
Commit
8eb03845
authored
Feb 14, 2020
by
Daniel Black
Committed by
GitHub
Feb 14, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
mysys: remove windac my_security_attr_create (#1391)
No longer used.
parent
c400a73d
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
0 additions
and
210 deletions
+0
-210
include/my_sys.h
include/my_sys.h
+0
-7
mysys/CMakeLists.txt
mysys/CMakeLists.txt
+0
-1
mysys/my_windac.c
mysys/my_windac.c
+0
-202
No files found.
include/my_sys.h
View file @
8eb03845
...
@@ -1070,13 +1070,6 @@ extern void thd_increment_net_big_packet_count(void *thd, size_t length);
...
@@ -1070,13 +1070,6 @@ extern void thd_increment_net_big_packet_count(void *thd, size_t length);
#ifdef __WIN__
#ifdef __WIN__
extern
my_bool
have_tcpip
;
/* Is set if tcpip is used */
extern
my_bool
have_tcpip
;
/* Is set if tcpip is used */
/* implemented in my_windac.c */
int
my_security_attr_create
(
SECURITY_ATTRIBUTES
**
psa
,
const
char
**
perror
,
DWORD
owner_rights
,
DWORD
everybody_rights
);
void
my_security_attr_free
(
SECURITY_ATTRIBUTES
*
sa
);
/* implemented in my_conio.c */
/* implemented in my_conio.c */
char
*
my_cgets
(
char
*
string
,
size_t
clen
,
size_t
*
plen
);
char
*
my_cgets
(
char
*
string
,
size_t
clen
,
size_t
*
plen
);
...
...
mysys/CMakeLists.txt
View file @
8eb03845
...
@@ -53,7 +53,6 @@ IF (WIN32)
...
@@ -53,7 +53,6 @@ IF (WIN32)
my_wincond.c
my_wincond.c
my_winerr.c
my_winerr.c
my_winfile.c
my_winfile.c
my_windac.c
my_conio.c
my_conio.c
my_win_popen.cc
)
my_win_popen.cc
)
ENDIF
()
ENDIF
()
...
...
mysys/my_windac.c
deleted
100644 → 0
View file @
c400a73d
/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */
#include "mysys_priv.h"
#include "m_string.h"
#ifdef __WIN__
/*
Auxiliary structure to store pointers to the data which we need to keep
around while SECURITY_ATTRIBUTES is in use.
*/
typedef
struct
st_my_security_attr
{
PSID
everyone_sid
;
PACL
dacl
;
}
My_security_attr
;
/*
Allocate and initialize SECURITY_ATTRIBUTES setting up access
rights for the owner and group `Everybody'.
SYNOPSIS
my_security_attr_create()
psa [OUT] pointer to store the pointer to SA in
perror [OUT] pointer to store error message if there was an
error
owner_rights [IN] access rights for the owner
everyone_rights [IN] access rights for group Everybody
DESCRIPTION
Set up the security attributes to provide clients with sufficient
access rights to a kernel object. We need this function
because if we simply grant all access to everybody (by installing
a NULL DACL) a mailicious user can attempt a denial of service
attack by taking ownership over the kernel object. Upon successful
return `psa' contains a pointer to SECUIRITY_ATTRIBUTES that can be used
to create kernel objects with proper access rights.
RETURN
0 success, psa is 0 or points to a valid SA structure,
perror is left intact
!0 error, SA is set to 0, error message is stored in perror
*/
int
my_security_attr_create
(
SECURITY_ATTRIBUTES
**
psa
,
const
char
**
perror
,
DWORD
owner_rights
,
DWORD
everyone_rights
)
{
/* Top-level SID authority */
SID_IDENTIFIER_AUTHORITY
world_auth
=
SECURITY_WORLD_SID_AUTHORITY
;
PSID
everyone_sid
=
0
;
HANDLE
htoken
=
0
;
SECURITY_ATTRIBUTES
*
sa
=
0
;
PACL
dacl
=
0
;
DWORD
owner_token_length
,
dacl_length
;
SECURITY_DESCRIPTOR
*
sd
;
PTOKEN_USER
owner_token
;
PSID
owner_sid
;
My_security_attr
*
attr
;
/*
Get SID of Everyone group. Easier to retrieve all SIDs each time
this function is called than worry about thread safety.
*/
if
(
!
AllocateAndInitializeSid
(
&
world_auth
,
1
,
SECURITY_WORLD_RID
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
&
everyone_sid
))
{
*
perror
=
"Failed to retrieve the SID of Everyone group"
;
goto
error
;
}
/*
Get SID of the owner. Using GetSecurityInfo this task can be done
in just one call instead of five, but GetSecurityInfo declared in
aclapi.h, so I hesitate to use it.
SIC: OpenThreadToken works only if there is an active impersonation
token, hence OpenProcessToken is used.
*/
if
(
!
OpenProcessToken
(
GetCurrentProcess
(),
TOKEN_QUERY
,
&
htoken
))
{
*
perror
=
"Failed to retrieve thread access token"
;
goto
error
;
}
GetTokenInformation
(
htoken
,
TokenUser
,
0
,
0
,
&
owner_token_length
);
if
(
!
my_multi_malloc
(
MYF
(
MY_WME
),
&
sa
,
ALIGN_SIZE
(
sizeof
(
SECURITY_ATTRIBUTES
))
+
sizeof
(
My_security_attr
),
&
sd
,
sizeof
(
SECURITY_DESCRIPTOR
),
&
owner_token
,
owner_token_length
,
0
))
{
*
perror
=
"Failed to allocate memory for SECURITY_ATTRIBUTES"
;
goto
error
;
}
bzero
(
owner_token
,
owner_token_length
);
if
(
!
GetTokenInformation
(
htoken
,
TokenUser
,
owner_token
,
owner_token_length
,
&
owner_token_length
))
{
*
perror
=
"GetTokenInformation failed"
;
goto
error
;
}
owner_sid
=
owner_token
->
User
.
Sid
;
if
(
!
IsValidSid
(
owner_sid
))
{
*
perror
=
"IsValidSid failed"
;
goto
error
;
}
/* Calculate the amount of memory that must be allocated for the DACL */
dacl_length
=
sizeof
(
ACL
)
+
(
sizeof
(
ACCESS_ALLOWED_ACE
)
-
sizeof
(
DWORD
))
*
2
+
GetLengthSid
(
everyone_sid
)
+
GetLengthSid
(
owner_sid
);
/* Create an ACL */
if
(
!
(
dacl
=
(
PACL
)
my_malloc
(
dacl_length
,
MYF
(
MY_ZEROFILL
|
MY_WME
))))
{
*
perror
=
"Failed to allocate memory for DACL"
;
goto
error
;
}
if
(
!
InitializeAcl
(
dacl
,
dacl_length
,
ACL_REVISION
))
{
*
perror
=
"Failed to initialize DACL"
;
goto
error
;
}
if
(
!
AddAccessAllowedAce
(
dacl
,
ACL_REVISION
,
everyone_rights
,
everyone_sid
))
{
*
perror
=
"Failed to set up DACL"
;
goto
error
;
}
if
(
!
AddAccessAllowedAce
(
dacl
,
ACL_REVISION
,
owner_rights
,
owner_sid
))
{
*
perror
=
"Failed to set up DACL"
;
goto
error
;
}
if
(
!
InitializeSecurityDescriptor
(
sd
,
SECURITY_DESCRIPTOR_REVISION
))
{
*
perror
=
"Could not initialize security descriptor"
;
goto
error
;
}
if
(
!
SetSecurityDescriptorDacl
(
sd
,
TRUE
,
dacl
,
FALSE
))
{
*
perror
=
"Failed to install DACL"
;
goto
error
;
}
sa
->
nLength
=
sizeof
(
*
sa
);
sa
->
bInheritHandle
=
TRUE
;
sa
->
lpSecurityDescriptor
=
sd
;
/* Save pointers to everyone_sid and dacl to be able to clean them up */
attr
=
(
My_security_attr
*
)
(((
char
*
)
sa
)
+
ALIGN_SIZE
(
sizeof
(
*
sa
)));
attr
->
everyone_sid
=
everyone_sid
;
attr
->
dacl
=
dacl
;
*
psa
=
sa
;
CloseHandle
(
htoken
);
return
0
;
error:
if
(
everyone_sid
)
FreeSid
(
everyone_sid
);
if
(
htoken
)
CloseHandle
(
htoken
);
my_free
(
sa
);
my_free
(
dacl
);
*
psa
=
0
;
return
1
;
}
/*
Cleanup security attributes freeing used memory.
SYNOPSIS
my_security_attr_free()
sa security attributes
*/
void
my_security_attr_free
(
SECURITY_ATTRIBUTES
*
sa
)
{
if
(
sa
)
{
My_security_attr
*
attr
=
(
My_security_attr
*
)
(((
char
*
)
sa
)
+
ALIGN_SIZE
(
sizeof
(
*
sa
)));
FreeSid
(
attr
->
everyone_sid
);
my_free
(
attr
->
dacl
);
my_free
(
sa
);
}
}
#endif
/* __WIN__ */
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment