From 8eb0384556b68401f420b19a257aaedd6722a91c Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 14 Feb 2020 20:32:46 +1100 Subject: mysys: remove windac my_security_attr_create (#1391) No longer used. --- include/my_sys.h | 7 -- mysys/CMakeLists.txt | 1 - mysys/my_windac.c | 202 --------------------------------------------------- 3 files changed, 210 deletions(-) delete mode 100644 mysys/my_windac.c diff --git a/include/my_sys.h b/include/my_sys.h index 19faf320b24..71ec7f917c6 100644 --- a/include/my_sys.h +++ b/include/my_sys.h @@ -1070,13 +1070,6 @@ extern void thd_increment_net_big_packet_count(void *thd, size_t length); #ifdef __WIN__ extern my_bool have_tcpip; /* Is set if tcpip is used */ -/* implemented in my_windac.c */ - -int my_security_attr_create(SECURITY_ATTRIBUTES **psa, const char **perror, - DWORD owner_rights, DWORD everybody_rights); - -void my_security_attr_free(SECURITY_ATTRIBUTES *sa); - /* implemented in my_conio.c */ char* my_cgets(char *string, size_t clen, size_t* plen); diff --git a/mysys/CMakeLists.txt b/mysys/CMakeLists.txt index a8be235f5e2..4ee839c6d13 100644 --- a/mysys/CMakeLists.txt +++ b/mysys/CMakeLists.txt @@ -53,7 +53,6 @@ IF (WIN32) my_wincond.c my_winerr.c my_winfile.c - my_windac.c my_conio.c my_win_popen.cc) ENDIF() diff --git a/mysys/my_windac.c b/mysys/my_windac.c deleted file mode 100644 index 9a2686a44f4..00000000000 --- a/mysys/my_windac.c +++ /dev/null @@ -1,202 +0,0 @@ -/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ - -#include "mysys_priv.h" -#include "m_string.h" -#ifdef __WIN__ - -/* - Auxiliary structure to store pointers to the data which we need to keep - around while SECURITY_ATTRIBUTES is in use. -*/ - -typedef struct st_my_security_attr -{ - PSID everyone_sid; - PACL dacl; -} My_security_attr; - - -/* - Allocate and initialize SECURITY_ATTRIBUTES setting up access - rights for the owner and group `Everybody'. - - SYNOPSIS - my_security_attr_create() - psa [OUT] pointer to store the pointer to SA in - perror [OUT] pointer to store error message if there was an - error - owner_rights [IN] access rights for the owner - everyone_rights [IN] access rights for group Everybody - - DESCRIPTION - Set up the security attributes to provide clients with sufficient - access rights to a kernel object. We need this function - because if we simply grant all access to everybody (by installing - a NULL DACL) a mailicious user can attempt a denial of service - attack by taking ownership over the kernel object. Upon successful - return `psa' contains a pointer to SECUIRITY_ATTRIBUTES that can be used - to create kernel objects with proper access rights. - - RETURN - 0 success, psa is 0 or points to a valid SA structure, - perror is left intact - !0 error, SA is set to 0, error message is stored in perror -*/ - -int my_security_attr_create(SECURITY_ATTRIBUTES **psa, const char **perror, - DWORD owner_rights, DWORD everyone_rights) -{ - /* Top-level SID authority */ - SID_IDENTIFIER_AUTHORITY world_auth= SECURITY_WORLD_SID_AUTHORITY; - PSID everyone_sid= 0; - HANDLE htoken= 0; - SECURITY_ATTRIBUTES *sa= 0; - PACL dacl= 0; - DWORD owner_token_length, dacl_length; - SECURITY_DESCRIPTOR *sd; - PTOKEN_USER owner_token; - PSID owner_sid; - My_security_attr *attr; - - /* - Get SID of Everyone group. Easier to retrieve all SIDs each time - this function is called than worry about thread safety. - */ - if (! AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID, - 0, 0, 0, 0, 0, 0, 0, &everyone_sid)) - { - *perror= "Failed to retrieve the SID of Everyone group"; - goto error; - } - - /* - Get SID of the owner. Using GetSecurityInfo this task can be done - in just one call instead of five, but GetSecurityInfo declared in - aclapi.h, so I hesitate to use it. - SIC: OpenThreadToken works only if there is an active impersonation - token, hence OpenProcessToken is used. - */ - if (! OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &htoken)) - { - *perror= "Failed to retrieve thread access token"; - goto error; - } - GetTokenInformation(htoken, TokenUser, 0, 0, &owner_token_length); - - if (! my_multi_malloc(MYF(MY_WME), - &sa, ALIGN_SIZE(sizeof(SECURITY_ATTRIBUTES)) + - sizeof(My_security_attr), - &sd, sizeof(SECURITY_DESCRIPTOR), - &owner_token, owner_token_length, - 0)) - { - *perror= "Failed to allocate memory for SECURITY_ATTRIBUTES"; - goto error; - } - bzero(owner_token, owner_token_length); - if (! GetTokenInformation(htoken, TokenUser, owner_token, - owner_token_length, &owner_token_length)) - { - *perror= "GetTokenInformation failed"; - goto error; - } - owner_sid= owner_token->User.Sid; - - if (! IsValidSid(owner_sid)) - { - *perror= "IsValidSid failed"; - goto error; - } - - /* Calculate the amount of memory that must be allocated for the DACL */ - dacl_length= sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD)) * 2 + - GetLengthSid(everyone_sid) + GetLengthSid(owner_sid); - - /* Create an ACL */ - if (! (dacl= (PACL) my_malloc(dacl_length, MYF(MY_ZEROFILL|MY_WME)))) - { - *perror= "Failed to allocate memory for DACL"; - goto error; - } - if (! InitializeAcl(dacl, dacl_length, ACL_REVISION)) - { - *perror= "Failed to initialize DACL"; - goto error; - } - if (! AddAccessAllowedAce(dacl, ACL_REVISION, everyone_rights, everyone_sid)) - { - *perror= "Failed to set up DACL"; - goto error; - } - if (! AddAccessAllowedAce(dacl, ACL_REVISION, owner_rights, owner_sid)) - { - *perror= "Failed to set up DACL"; - goto error; - } - if (! InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) - { - *perror= "Could not initialize security descriptor"; - goto error; - } - if (! SetSecurityDescriptorDacl(sd, TRUE, dacl, FALSE)) - { - *perror= "Failed to install DACL"; - goto error; - } - - sa->nLength= sizeof(*sa); - sa->bInheritHandle= TRUE; - sa->lpSecurityDescriptor= sd; - /* Save pointers to everyone_sid and dacl to be able to clean them up */ - attr= (My_security_attr*) (((char*) sa) + ALIGN_SIZE(sizeof(*sa))); - attr->everyone_sid= everyone_sid; - attr->dacl= dacl; - *psa= sa; - - CloseHandle(htoken); - return 0; -error: - if (everyone_sid) - FreeSid(everyone_sid); - if (htoken) - CloseHandle(htoken); - my_free(sa); - my_free(dacl); - *psa= 0; - return 1; -} - -/* - Cleanup security attributes freeing used memory. - - SYNOPSIS - my_security_attr_free() - sa security attributes -*/ - -void my_security_attr_free(SECURITY_ATTRIBUTES *sa) -{ - if (sa) - { - My_security_attr *attr= (My_security_attr*) - (((char*)sa) + ALIGN_SIZE(sizeof(*sa))); - FreeSid(attr->everyone_sid); - my_free(attr->dacl); - my_free(sa); - } -} - -#endif /* __WIN__ */ -- cgit v1.2.1