Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Unified Diff: nspr/pr/src/md/windows/ntsec.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nspr/pr/src/md/windows/ntmisc.c ('k') | nspr/pr/src/md/windows/ntsem.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nspr/pr/src/md/windows/ntsec.c
diff --git a/nspr/pr/src/md/windows/ntsec.c b/nspr/pr/src/md/windows/ntsec.c
deleted file mode 100644
index c0682e4542174caab0e203c105586e0093242460..0000000000000000000000000000000000000000
--- a/nspr/pr/src/md/windows/ntsec.c
+++ /dev/null
@@ -1,261 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "primpl.h"
-
-/*
- * ntsec.c
- *
- * Implement the POSIX-style mode bits (access permissions) for
- * files and other securable objects in Windows NT using Windows
- * NT's security descriptors with appropriate discretionary
- * access-control lists.
- */
-
-/*
- * The security identifiers (SIDs) for owner, primary group,
- * and the Everyone (World) group.
- *
- * These SIDs are looked up during NSPR initialization and
- * saved in this global structure (see _PR_NT_InitSids) so
- * that _PR_NT_MakeSecurityDescriptorACL doesn't need to
- * look them up every time.
- */
-static struct {
- PSID owner;
- PSID group;
- PSID everyone;
-} _pr_nt_sids;
-
-/*
- * Initialize the SIDs for owner, primary group, and the Everyone
- * group in the _pr_nt_sids structure.
- *
- * This function needs to be called by NSPR initialization.
- */
-void _PR_NT_InitSids(void)
-{
-#ifdef WINCE /* not supported */
- return;
-#else
- SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
- HANDLE hToken = NULL; /* initialized to an arbitrary value to
- * silence a Purify UMR warning */
- PSID infoBuffer[1024/sizeof(PSID)]; /* defined as an array of PSIDs
- * to force proper alignment */
- PTOKEN_OWNER pTokenOwner = (PTOKEN_OWNER) infoBuffer;
- PTOKEN_PRIMARY_GROUP pTokenPrimaryGroup
- = (PTOKEN_PRIMARY_GROUP) infoBuffer;
- DWORD dwLength;
- BOOL rv;
-
- /*
- * Look up and make a copy of the owner and primary group
- * SIDs in the access token of the calling process.
- */
- rv = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);
- if (rv == 0) {
- /*
- * On non-NT systems, this function is not implemented
- * (error code ERROR_CALL_NOT_IMPLEMENTED), and neither are
- * the other security functions. There is no point in
- * going further.
- *
- * A process with insufficient access permissions may fail
- * with the error code ERROR_ACCESS_DENIED.
- */
- PR_LOG(_pr_io_lm, PR_LOG_DEBUG,
- ("_PR_NT_InitSids: OpenProcessToken() failed. Error: %d",
- GetLastError()));
- return;
- }
-
- rv = GetTokenInformation(hToken, TokenOwner, infoBuffer,
- sizeof(infoBuffer), &dwLength);
- PR_ASSERT(rv != 0);
- dwLength = GetLengthSid(pTokenOwner->Owner);
- _pr_nt_sids.owner = (PSID) PR_Malloc(dwLength);
- PR_ASSERT(_pr_nt_sids.owner != NULL);
- rv = CopySid(dwLength, _pr_nt_sids.owner, pTokenOwner->Owner);
- PR_ASSERT(rv != 0);
-
- rv = GetTokenInformation(hToken, TokenPrimaryGroup, infoBuffer,
- sizeof(infoBuffer), &dwLength);
- PR_ASSERT(rv != 0);
- dwLength = GetLengthSid(pTokenPrimaryGroup->PrimaryGroup);
- _pr_nt_sids.group = (PSID) PR_Malloc(dwLength);
- PR_ASSERT(_pr_nt_sids.group != NULL);
- rv = CopySid(dwLength, _pr_nt_sids.group,
- pTokenPrimaryGroup->PrimaryGroup);
- PR_ASSERT(rv != 0);
-
- rv = CloseHandle(hToken);
- PR_ASSERT(rv != 0);
-
- /* Create a well-known SID for the Everyone group. */
- rv = AllocateAndInitializeSid(&SIDAuthWorld, 1,
- SECURITY_WORLD_RID,
- 0, 0, 0, 0, 0, 0, 0,
- &_pr_nt_sids.everyone);
- PR_ASSERT(rv != 0);
-#endif
-}
-
-/*
- * Free the SIDs for owner, primary group, and the Everyone group
- * in the _pr_nt_sids structure.
- *
- * This function needs to be called by NSPR cleanup.
- */
-void
-_PR_NT_FreeSids(void)
-{
-#ifdef WINCE
- return;
-#else
- if (_pr_nt_sids.owner) {
- PR_Free(_pr_nt_sids.owner);
- }
- if (_pr_nt_sids.group) {
- PR_Free(_pr_nt_sids.group);
- }
- if (_pr_nt_sids.everyone) {
- FreeSid(_pr_nt_sids.everyone);
- }
-#endif
-}
-
-/*
- * Construct a security descriptor whose discretionary access-control
- * list implements the specified mode bits. The SIDs for owner, group,
- * and everyone are obtained from the global _pr_nt_sids structure.
- * Both the security descriptor and access-control list are returned
- * and should be freed by a _PR_NT_FreeSecurityDescriptorACL call.
- *
- * The accessTable array maps NSPR's read, write, and execute access
- * rights to the corresponding NT access rights for the securable
- * object.
- */
-PRStatus
-_PR_NT_MakeSecurityDescriptorACL(
- PRIntn mode,
- DWORD accessTable[],
- PSECURITY_DESCRIPTOR *resultSD,
- PACL *resultACL)
-{
-#ifdef WINCE
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return PR_FAILURE;
-#else
- PSECURITY_DESCRIPTOR pSD = NULL;
- PACL pACL = NULL;
- DWORD cbACL; /* size of ACL */
- DWORD accessMask;
-
- if (_pr_nt_sids.owner == NULL) {
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return PR_FAILURE;
- }
-
- pSD = (PSECURITY_DESCRIPTOR) PR_Malloc(SECURITY_DESCRIPTOR_MIN_LENGTH);
- if (pSD == NULL) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
- if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
- if (!SetSecurityDescriptorOwner(pSD, _pr_nt_sids.owner, FALSE)) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
- if (!SetSecurityDescriptorGroup(pSD, _pr_nt_sids.group, FALSE)) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
-
- /*
- * Construct a discretionary access-control list with three
- * access-control entries, one each for owner, primary group,
- * and Everyone.
- */
-
- cbACL = sizeof(ACL)
- + 3 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD))
- + GetLengthSid(_pr_nt_sids.owner)
- + GetLengthSid(_pr_nt_sids.group)
- + GetLengthSid(_pr_nt_sids.everyone);
- pACL = (PACL) PR_Malloc(cbACL);
- if (pACL == NULL) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
- if (!InitializeAcl(pACL, cbACL, ACL_REVISION)) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
- accessMask = 0;
- if (mode & 00400) accessMask |= accessTable[0];
- if (mode & 00200) accessMask |= accessTable[1];
- if (mode & 00100) accessMask |= accessTable[2];
- if (accessMask && !AddAccessAllowedAce(pACL, ACL_REVISION, accessMask,
- _pr_nt_sids.owner)) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
- accessMask = 0;
- if (mode & 00040) accessMask |= accessTable[0];
- if (mode & 00020) accessMask |= accessTable[1];
- if (mode & 00010) accessMask |= accessTable[2];
- if (accessMask && !AddAccessAllowedAce(pACL, ACL_REVISION, accessMask,
- _pr_nt_sids.group)) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
- accessMask = 0;
- if (mode & 00004) accessMask |= accessTable[0];
- if (mode & 00002) accessMask |= accessTable[1];
- if (mode & 00001) accessMask |= accessTable[2];
- if (accessMask && !AddAccessAllowedAce(pACL, ACL_REVISION, accessMask,
- _pr_nt_sids.everyone)) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
-
- if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) {
- _PR_MD_MAP_DEFAULT_ERROR(GetLastError());
- goto failed;
- }
-
- *resultSD = pSD;
- *resultACL = pACL;
- return PR_SUCCESS;
-
-failed:
- if (pSD) {
- PR_Free(pSD);
- }
- if (pACL) {
- PR_Free(pACL);
- }
- return PR_FAILURE;
-#endif
-}
-
-/*
- * Free the specified security descriptor and access-control list
- * previously created by _PR_NT_MakeSecurityDescriptorACL.
- */
-void
-_PR_NT_FreeSecurityDescriptorACL(PSECURITY_DESCRIPTOR pSD, PACL pACL)
-{
- if (pSD) {
- PR_Free(pSD);
- }
- if (pACL) {
- PR_Free(pACL);
- }
-}
« no previous file with comments | « nspr/pr/src/md/windows/ntmisc.c ('k') | nspr/pr/src/md/windows/ntsem.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698