* fhandler.cc (fhandler_base::open): When creating a file on a

filesystem supporting ACLs, create the file with WRITE_DAC access.
	Explain why.
	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Ditto for
	directories.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for sockets.
	* path.cc (symlink_worker): Ditto for symlinks.
	* security.cc (get_file_sd): Always call GetSecurityInfo for directories
	on XP and Server 2003.  Improve comment to explain why.
	(set_file_attribute): Explicitely cast mode_t value to bool in call to
	get_file_sd.
	* wincap.h (wincaps::use_get_sec_info_on_dirs): New element.
	* wincap.cc: Implement above element throughout.
This commit is contained in:
Corinna Vinschen
2011-03-08 14:26:15 +00:00
parent 6777e53972
commit 69d7815eae
8 changed files with 85 additions and 21 deletions

View File

@@ -1415,6 +1415,7 @@ symlink_worker (const char *oldpath, const char *newpath, bool use_winsym,
IO_STATUS_BLOCK io;
NTSTATUS status;
HANDLE fh;
ULONG access = DELETE | FILE_GENERIC_WRITE;
tmp_pathbuf tp;
unsigned check_opt;
bool mk_winsym = use_winsym;
@@ -1671,8 +1672,14 @@ symlink_worker (const char *oldpath, const char *newpath, bool use_winsym,
goto done;
}
}
status = NtCreateFile (&fh, DELETE | FILE_GENERIC_WRITE,
win32_newpath.get_object_attr (attr, sa),
else if (!isdevice && win32_newpath.has_acls ())
/* If the filesystem supports ACLs, we will overwrite the DACL after the
call to NtCreateFile. This requires a handle with READ_CONTROL and
WRITE_DAC access, otherwise get_file_sd and set_file_sd both have to
open the file again. */
access |= READ_CONTROL | WRITE_DAC;
status = NtCreateFile (&fh, access, win32_newpath.get_object_attr (attr, sa),
&io, NULL, FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_VALID_FLAGS,
isdevice ? FILE_OVERWRITE_IF : FILE_CREATE,