JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Handle S_ISGID bit and multiple ACEs for owner

Browse Source 
* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
	owner and primary group of the file.  Handle the default primary
	group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
	set.  Add comments.  Minor code rearrangements.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-03-19 18:27:03 +01:00
parent ff39a89e02
commit 1c144ed142
No known key found for this signature in database
GPG Key ID: F536069DAE444FA0
2 changed files with 43 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,10 @@
2015-03-19 Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
owner and primary group of the file. Handle the default primary
group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
set. Add comments. Minor code rearrangements.
2015-03-18 Corinna Vinschen <corinna@vinschen.de>
Preliminary read side implementation of new permission handling.

41
winsup/cygwin/sec_acl.cc
View File

@ -456,10 +456,16 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
int pos, type, id;
bool new_style = false;
bool saw_user_obj = false;
bool saw_group_obj = false;
bool saw_def_group_obj = false;
bool has_class_perm = false;
bool has_def_class_perm = false;
mode_t class_perm = 0;
mode_t def_class_perm = 0;
int types_def = 0;
int def_pgrp_pos = -1;
bool has_class_perm = false, has_def_class_perm = false;
mode_t class_perm = 0, def_class_perm = 0;
if (aclbufp && nentries < MIN_ACL_ENTRIES)
{
@ -561,8 +567,7 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
new_style = true;
type = (ace->Header.AceFlags & SUB_CONTAINERS_AND_OBJECTS_INHERIT)
? DEF_CLASS_OBJ : CLASS_OBJ;
if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, ILLEGAL_GID))
>= 0)
if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type)) >= 0)
{
lacl[pos].a_type = type;
lacl[pos].a_id = ILLEGAL_GID;
@ -607,6 +612,7 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
type = DEF_GROUP_OBJ;
types_def |= type;
id = ILLEGAL_GID;
saw_def_group_obj = true;
}
else
{
@ -616,6 +622,23 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
}
if (!(ace->Header.AceFlags & INHERIT_ONLY || type & ACL_DEFAULT))
{
if (type == USER_OBJ)
{
/* If we get a second entry for the owner, it's an additional
USER entry. This can happen when chown'ing a file. */
if (saw_user_obj)
type = USER;
if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
saw_user_obj = true;
}
else if (type == GROUP_OBJ)
{
/* Same for the primary group. */
if (saw_group_obj)
type = GROUP;
if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
saw_group_obj = true;
}
if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)
{
getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType,
@ -636,7 +659,15 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
if (type == USER_OBJ)
type = USER;
else if (type == GROUP_OBJ)
type = GROUP;
{
/* If the SGID bit is set, the inheritable entry for the
primary group is, in fact, the DEF_GROUP_OBJ entry,
so don't change the type to GROUP in this case. */
if (!new_style || saw_def_group_obj || !(attr & S_ISGID))
type = GROUP;
else if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
saw_def_group_obj = true;
}
type |= ACL_DEFAULT;
types_def |= type;
if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)