* fhandler.cc (fhandler_base::facl): Drop CLASS_OBJ entry.
* fhandler_disk_file.cc (fhandler_disk_file::facl): Ditto in noacl case. * sec_acl.cc (getacl): Compute useful fake CLASS_OBJ and DEF_CLASS_OBJ permission bits based on how these values are generated on Linux. Add commants to explain what the code is doing. * security.cc (get_attribute_from_acl): Compute group permission based on the actual primary group permissions and all secondary user and group ACCESS_ALLOWED_ACEs to emulate Linux' behaviour more closely. (check_access): Fix typos im comment. * include/cygwin/acl.h (MIN_ACL_ENTRIES): Redefine as 3.
This commit is contained in:
@@ -314,6 +314,21 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
|
||||
*flags |= ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
|
||||
| ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
|
||||
}
|
||||
else if (flags == &allow)
|
||||
{
|
||||
/* Simplified computation of additional group permissions based on
|
||||
the CLASS_OBJ value. CLASS_OBJ represents the or'ed value of
|
||||
the primary group permissions and all secondary user and group
|
||||
permissions. FIXME: This only takes ACCESS_ALLOWED_ACEs into
|
||||
account. The computation with additional ACCESS_DENIED_ACE
|
||||
handling is much more complicated. */
|
||||
if (ace->Mask & FILE_READ_BITS)
|
||||
*flags |= S_IRGRP;
|
||||
if (ace->Mask & FILE_WRITE_BITS)
|
||||
*flags |= S_IWGRP;
|
||||
if (ace->Mask & FILE_EXEC_BITS)
|
||||
*flags |= S_IXGRP;
|
||||
}
|
||||
}
|
||||
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
|
||||
if (owner_sid && group_sid && RtlEqualSid (owner_sid, group_sid)
|
||||
@@ -1049,8 +1064,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
|
||||
|
||||
/* Samba override. Check security descriptor for Samba UNIX user and group
|
||||
accounts and check if we have an RFC 2307 mapping to a Windows account.
|
||||
Create a new security descriptor with all of the UNIX acocunts with
|
||||
valid mapping replaced with their WIndows counterpart. */
|
||||
Create a new security descriptor with all of the UNIX accounts with
|
||||
valid mapping replaced with their Windows counterpart. */
|
||||
static void
|
||||
convert_samba_sd (security_descriptor &sd_ret)
|
||||
{
|
||||
|
Reference in New Issue
Block a user