* sec_acl.cc (setacl): Fix bug which leads to ACE duplication in
case owner SID == group SID. (getacl): Reverse order of SID test against group or owner sid to prefer owner attributes over group attributes. Disable setting group permissions equivalent to owner permissions if owner == group. Add comment to explain why. Fix indentation. * security.cc (get_attribute_from_acl): Change type of local variables containing permission to mode_t. Apply deny mask to group if group SID == owner SID to avoid Everyone permissions to spill over into group permissions. Disable setting group permissions equivalent to owner permissions if owner == group. Add comment to explain why. * uinfo.cc (pwdgrp::fetch_account_from_windows): Allow user SID as group account if user is a "Microsoft Account". Explain why. Drop workaround enforcing primary group "Users" for "Microsoft Accounts".
This commit is contained in:
@@ -169,7 +169,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
|
||||
*allow |= FILE_DELETE_CHILD;
|
||||
invalid[i] = true;
|
||||
}
|
||||
bool isownergroup = (owner_sid == group_sid);
|
||||
bool isownergroup = (owner == group);
|
||||
DWORD owner_deny = ~owner_allow & (group_allow | other_allow);
|
||||
owner_deny &= ~(STANDARD_RIGHTS_READ
|
||||
| FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES);
|
||||
@@ -179,27 +179,27 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
|
||||
/* Set deny ACE for owner. */
|
||||
if (owner_deny
|
||||
&& !add_access_denied_ace (acl, ace_off++, owner_deny,
|
||||
owner_sid, acl_len, NO_INHERITANCE))
|
||||
owner, acl_len, NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set deny ACE for group here to respect the canonical order,
|
||||
if this does not impact owner */
|
||||
if (group_deny && !(group_deny & owner_allow) && !isownergroup
|
||||
&& !add_access_denied_ace (acl, ace_off++, group_deny,
|
||||
group_sid, acl_len, NO_INHERITANCE))
|
||||
group, acl_len, NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set allow ACE for owner. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, owner_allow,
|
||||
owner_sid, acl_len, NO_INHERITANCE))
|
||||
owner, acl_len, NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set deny ACE for group, if still needed. */
|
||||
if (group_deny & owner_allow && !isownergroup
|
||||
&& !add_access_denied_ace (acl, ace_off++, group_deny,
|
||||
group_sid, acl_len, NO_INHERITANCE))
|
||||
group, acl_len, NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set allow ACE for group. */
|
||||
if (!isownergroup
|
||||
&& !add_access_allowed_ace (acl, ace_off++, group_allow,
|
||||
group_sid, acl_len, NO_INHERITANCE))
|
||||
group, acl_len, NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set allow ACE for everyone. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, other_allow,
|
||||
@@ -451,16 +451,16 @@ getacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp)
|
||||
type = OTHER_OBJ;
|
||||
id = ILLEGAL_GID;
|
||||
}
|
||||
else if (ace_sid == group_sid)
|
||||
{
|
||||
type = GROUP_OBJ;
|
||||
id = gid;
|
||||
}
|
||||
else if (ace_sid == owner_sid)
|
||||
{
|
||||
type = USER_OBJ;
|
||||
id = uid;
|
||||
}
|
||||
else if (ace_sid == group_sid)
|
||||
{
|
||||
type = GROUP_OBJ;
|
||||
id = gid;
|
||||
}
|
||||
else if (ace_sid == well_known_creator_group_sid)
|
||||
{
|
||||
type = DEF_GROUP_OBJ;
|
||||
@@ -563,19 +563,26 @@ getacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp)
|
||||
}
|
||||
if ((pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) < 0)
|
||||
pos = MAX_ACL_ENTRIES;
|
||||
if (aclbufp) {
|
||||
if (owner_sid == group_sid)
|
||||
lacl[0].a_perm = lacl[1].a_perm;
|
||||
if (pos > nentries)
|
||||
{
|
||||
set_errno (ENOSPC);
|
||||
return -1;
|
||||
}
|
||||
memcpy (aclbufp, lacl, pos * sizeof (aclent_t));
|
||||
for (i = 0; i < pos; ++i)
|
||||
aclbufp[i].a_perm &= ~(DENY_R | DENY_W | DENY_X);
|
||||
aclsort32 (pos, 0, aclbufp);
|
||||
}
|
||||
if (aclbufp)
|
||||
{
|
||||
#if 0
|
||||
/* Disable owner/group permissions equivalence if owner SID == group SID.
|
||||
It's technically not quite correct, but it helps in case a security
|
||||
conscious application checks if a file has too open permissions. In
|
||||
fact, since owner == group, there's no security issue here. */
|
||||
if (owner_sid == group_sid)
|
||||
lacl[1].a_perm = lacl[0].a_perm;
|
||||
#endif
|
||||
if (pos > nentries)
|
||||
{
|
||||
set_errno (ENOSPC);
|
||||
return -1;
|
||||
}
|
||||
memcpy (aclbufp, lacl, pos * sizeof (aclent_t));
|
||||
for (i = 0; i < pos; ++i)
|
||||
aclbufp[i].a_perm &= ~(DENY_R | DENY_W | DENY_X);
|
||||
aclsort32 (pos, 0, aclbufp);
|
||||
}
|
||||
syscall_printf ("%R = getacl(%S)", pos, pc.get_nt_native_path ());
|
||||
return pos;
|
||||
}
|
||||
|
Reference in New Issue
Block a user