Change well_known_admin_sid to well_known_admins_sid throughout.
* sec_acl.cc (setacl): Never set DELETE permission. Set FILE_DELETE_CHILD only on readable and executable directories. * sec_helper.cc: Add constructor for `well_known_null_sid'. * security.cc (get_nt_attribute): Set S_ISVTX for directories if FILE_WRITE_DATA and FILE_EXECUTE but not FILE_DELETE_CHILD is set. Add evaluation of S_ISVTX, S_ISGID and S_ISUID from NULL ACE. (alloc_sd): Never set DELETE permission. Set FILE_DELETE_CHILD only on readable and executable directories. Add creation of NULL ACE for S_ISVTX, S_ISGID and S_ISUID permissions. * security.h: Add extern declaration for `well_known_null_sid'.
This commit is contained in:
@@ -249,7 +249,7 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
|
||||
size_t acl_len = sizeof (ACL)
|
||||
+ 4 * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD))
|
||||
+ GetLengthSid (sid)
|
||||
+ GetLengthSid (well_known_admin_sid)
|
||||
+ GetLengthSid (well_known_admins_sid)
|
||||
+ GetLengthSid (well_known_system_sid)
|
||||
+ GetLengthSid (well_known_creator_owner_sid);
|
||||
if (sid2)
|
||||
@@ -266,7 +266,7 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
|
||||
|
||||
if (! AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
|
||||
well_known_admin_sid))
|
||||
well_known_admins_sid))
|
||||
debug_printf ("AddAccessAllowedAce(admin) %E");
|
||||
|
||||
if (! AddAccessAllowedAce (acl, ACL_REVISION,
|
||||
|
Reference in New Issue
Block a user