JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Preliminary read side implementation of new permission handling.

Browse Source 
* acl.h (MAX_ACL_ENTRIES): Raise to 2730.  Add comment to explain.
	* sec_acl.cc:  Add leading comment to explain new ACL style.
	Add definitions and macros to use for bits in new Cygwin ACL.
	(DENY_RWX): New mask value for all temporary deny bits.
	(getace): Add bool parameter to decide when leaving all bits intact,
	rather than filtering them per the already set bits.
	(get_posix_access): New function, taking over functionality to read
	POSIX ACL from SECURITY_DESCRIPTOR.
	(getacl): Just call get_posix_access.
	* sec_helper.cc (well_known_cygwin_sid): Define.
	* security.cc (get_attribute_from_acl): Remove.
	(get_info_from_sd): Remove.
	(get_reg_sd): Call get_posix_access instead of get_info_from_sd.
	(get_file_attribute): Ditto.
	(get_object_attribute): Ditto.
	* security.h (well_known_cygwin_sid): Declare.
	(get_posix_access): Add prototype.

	* Throughout, use simpler ACE macros from Windows' accctrl.h.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen
2015-03-18 17:49:12 +01:00
parent 4a9636b1d6
commit 52f01a0ff8
6 changed files with 399 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
winsup/cygwin/sec_helper.cc
View File

@ -40,6 +40,8 @@ SECURITY_ATTRIBUTES NO_COPY_RO sec_all_nih =
MKSID (well_known_null_sid, "S-1-0-0",
SECURITY_NULL_SID_AUTHORITY, 1, SECURITY_NULL_RID);
MKSID (well_known_cygwin_sid, "S-1-0-1132029815",
SECURITY_NULL_SID_AUTHORITY, 1, 0x43796777); /* "Cygw" */
MKSID (well_known_world_sid, "S-1-1-0",
SECURITY_WORLD_SID_AUTHORITY, 1, SECURITY_WORLD_RID);
MKSID (well_known_local_sid, "S-1-2-0",
@ -616,22 +618,21 @@ _recycler_sd (void *buf, bool users, bool dir)
pre-Vista permissions the same way as on Vista and later. */
RtlCreateAcl (dacl, MAX_DACL_LEN (3), ACL_REVISION);
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION,
dir ? CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
dir ? SUB_CONTAINERS_AND_OBJECTS_INHERIT
: NO_INHERITANCE,
FILE_ALL_ACCESS, well_known_admins_sid);
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION,
dir ? CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
dir ? SUB_CONTAINERS_AND_OBJECTS_INHERIT
: NO_INHERITANCE,
FILE_ALL_ACCESS, well_known_system_sid);
if (users)
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION, NO_PROPAGATE_INHERIT_ACE,
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION, INHERIT_NO_PROPAGATE,
FILE_GENERIC_READ | FILE_GENERIC_EXECUTE
| FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES,
well_known_users_sid);
else
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION,
dir ? CONTAINER_INHERIT_ACE
| OBJECT_INHERIT_ACE
dir ? SUB_CONTAINERS_AND_OBJECTS_INHERIT
: NO_INHERITANCE,
FILE_ALL_ACCESS, cygheap->user.sid ());
LPVOID ace;