From 6bcc8fd7b1406ec6b5240f1137e0907b28da4f87 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Sun, 7 Jan 2007 12:44:10 +0000
Subject: [PATCH] * security.h (setacl): Add parameter for writability
flag. * sec_acl.cc (setacl): Ditto. Set to true if any ACE with write
permissions is created. * fhandler_disk_file.cc
(fhandler_disk_file::facl): Reset FILE_ATTRIBUTE_READONLY if ACL
contains an ACE with write permissions.
---
winsup/cygwin/ChangeLog | 8 ++++++++
winsup/cygwin/fhandler_disk_file.cc | 7 ++++++-
winsup/cygwin/sec_acl.cc | 13 ++++++++++---
winsup/cygwin/security.h | 4 ++--
4 files changed, 26 insertions(+), 6 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 3be0bf9e3..94d7150bc 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,11 @@
+2007-01-07 Corinna Vinschen <corinna@vinschen.de>
+
+ * security.h (setacl): Add parameter for writability flag.
+ * sec_acl.cc (setacl): Ditto. Set to true if any ACE with write
+ permissions is created.
+ * fhandler_disk_file.cc (fhandler_disk_file::facl): Reset
+ FILE_ATTRIBUTE_READONLY if ACL contains an ACE with write permissions.
+
2007-01-05 Corinna Vinschen <corinna@vinschen.de>
* include/strings.h: Don't include string.h. Only declare functions
diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc
index 15f39e42f..43aeff6b4 100644
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@@ -746,7 +746,12 @@ fhandler_disk_file::facl (int cmd, int nentries, __aclent32_t *aclbufp)
{
case SETACL:
if (!aclsort32 (nentries, 0, aclbufp))
- res = setacl (get_io_handle (), pc, nentries, aclbufp);
+ {
+ bool rw = false;
+ res = setacl (get_io_handle (), pc, nentries, aclbufp, rw);
+ if (rw)
+ SetFileAttributes (pc, (DWORD) pc & ~FILE_ATTRIBUTE_READONLY);
+ }
break;
case GETACL:
if (!aclbufp)
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 85f02013c..87c6428fe 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -1,6 +1,6 @@
/* sec_acl.cc: Sun compatible ACL functions.
- Copyright 2000, 2001, 2002, 2003, 2004 Red Hat, Inc.
+ Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de>
@@ -44,7 +44,8 @@ searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UI
}
int
-setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp)
+setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp,
+ bool &writable)
{
security_descriptor sd_ret;
@@ -108,6 +109,9 @@ setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp)
__seterrno ();
return -1;
}
+
+ writable = false;
+
for (int i = 0; i < nentries; ++i)
{
DWORD allow;
@@ -119,7 +123,10 @@ setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp)
if (aclbufp[i].a_perm & S_IROTH)
allow |= FILE_GENERIC_READ;
if (aclbufp[i].a_perm & S_IWOTH)
- allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE;
+ {
+ allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE;
+ writable = true;
+ }
if (aclbufp[i].a_perm & S_IXOTH)
allow |= FILE_GENERIC_EXECUTE;
if ((aclbufp[i].a_perm & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH))
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 08bcc2f09..f1d624ff7 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -1,6 +1,6 @@
/* security.h: security declarations
- Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006 Red Hat, Inc.
+ Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Red Hat, Inc.
This file is part of Cygwin.
@@ -360,7 +360,7 @@ struct __acl32;
extern "C" int aclsort32 (int, int, __acl32 *);
extern "C" int acl32 (const char *, int, int, __acl32 *);
int getacl (HANDLE, const char *, DWORD, int, __acl32 *);
-int setacl (HANDLE, const char *, int, __acl32 *);
+int setacl (HANDLE, const char *, int, __acl32 *, bool &);
struct _UNICODE_STRING;
void __stdcall str2buf2uni (_UNICODE_STRING &, WCHAR *, const char *) __attribute__ ((regparm (3)));