* sec_acl.cc (setacl): Align standard owner and group permissions

with alloc_sd.  Strip FILE_READ_ATTRIBUTES fromn setting
	FILE_GENERIC_EXECUTE permissions same as in alloc_sd.
	* security.cc (alloc_sd): Reformat expression.  Strip EA permission
	bits from owner_deny and group_deny computation.
This commit is contained in:
Corinna Vinschen
2008-10-13 16:01:50 +00:00
parent 423fd4f2f4
commit 5f9ca0d25a
3 changed files with 19 additions and 10 deletions

View File

@@ -104,18 +104,21 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
DWORD allow;
/* Owner has more standard rights set. */
if ((aclbufp[i].a_type & ~ACL_DEFAULT) == USER_OBJ)
allow = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA;
allow = STANDARD_RIGHTS_ALL
| (pc.fs_is_samba ()
? 0 : (FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES));
else
allow = STANDARD_RIGHTS_READ | FILE_READ_ATTRIBUTES | FILE_READ_EA;
allow = STANDARD_RIGHTS_READ
| (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES);
if (aclbufp[i].a_perm & S_IROTH)
allow |= FILE_GENERIC_READ;
if (aclbufp[i].a_perm & S_IWOTH)
{
allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE;
allow |= FILE_GENERIC_WRITE;
writable = true;
}
if (aclbufp[i].a_perm & S_IXOTH)
allow |= FILE_GENERIC_EXECUTE;
allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES;
if ((aclbufp[i].a_perm & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH))
allow |= FILE_DELETE_CHILD;
/* Set inherit property. */