* dir.cc (mkdir): Set security attributes correctly for
CreateDirectoryA () call if ntsec is on. Don't call set_file_attributes () then. * fhandler.cc (fhandler_base::open): Ditto for CreateFileA () call. * path.cc (symlink): Ditto. * security.cc (set_security_attribute): New function. * security.h: Add declaration for `allow_ntea' and `set_security_attribute'.
This commit is contained in:
parent
f5e8e2be4a
commit
86fb039324
@ -1,3 +1,14 @@
|
||||
Tue Aug 7 16:24:00 2001 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* dir.cc (mkdir): Set security attributes correctly for
|
||||
CreateDirectoryA () call if ntsec is on. Don't call
|
||||
set_file_attributes () then.
|
||||
* fhandler.cc (fhandler_base::open): Ditto for CreateFileA () call.
|
||||
* path.cc (symlink): Ditto.
|
||||
* security.cc (set_security_attribute): New function.
|
||||
* security.h: Add declaration for `allow_ntea' and
|
||||
`set_security_attribute'.
|
||||
|
||||
Tue Aug 7 10:54:00 2001 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* grp.cc (class grp_check): New class. Make `group_state'
|
||||
|
@ -305,6 +305,7 @@ extern "C" int
|
||||
mkdir (const char *dir, mode_t mode)
|
||||
{
|
||||
int res = -1;
|
||||
SECURITY_ATTRIBUTES sa = sec_none_nih;
|
||||
|
||||
path_conv real_dir (dir, PC_SYM_NOFOLLOW);
|
||||
|
||||
@ -318,10 +319,15 @@ mkdir (const char *dir, mode_t mode)
|
||||
if (! writable_directory (real_dir.get_win32 ()))
|
||||
goto done;
|
||||
|
||||
if (CreateDirectoryA (real_dir.get_win32 (), 0))
|
||||
if (allow_ntsec && real_dir.has_acls ())
|
||||
set_security_attribute (S_IFDIR | ((mode & 0777) & ~cygheap->umask),
|
||||
&sa, alloca (256), 256);
|
||||
|
||||
if (CreateDirectoryA (real_dir.get_win32 (), &sa))
|
||||
{
|
||||
set_file_attribute (real_dir.has_acls (), real_dir.get_win32 (),
|
||||
S_IFDIR | ((mode & 0777) & ~cygheap->umask));
|
||||
if (!allow_ntsec && allow_ntea)
|
||||
set_file_attribute (real_dir.has_acls (), real_dir.get_win32 (),
|
||||
S_IFDIR | ((mode & 0777) & ~cygheap->umask));
|
||||
res = 0;
|
||||
}
|
||||
else
|
||||
|
@ -300,6 +300,7 @@ fhandler_base::open (int flags, mode_t mode)
|
||||
int file_attributes;
|
||||
int shared;
|
||||
int creation_distribution;
|
||||
SECURITY_ATTRIBUTES sa = sec_none;
|
||||
|
||||
syscall_printf ("(%s, %p)", get_win32_name (), flags);
|
||||
|
||||
@ -382,14 +383,20 @@ fhandler_base::open (int flags, mode_t mode)
|
||||
set_errno (ENOENT);
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* If the file should actually be created and ntsec is on,
|
||||
set files attributes. */
|
||||
if (flags & O_CREAT && get_device () == FH_DISK && allow_ntsec && has_acls ())
|
||||
set_security_attribute (mode, &sa, alloca (256), 256);
|
||||
|
||||
x = CreateFileA (get_win32_name (), access, shared,
|
||||
&sec_none, creation_distribution,
|
||||
&sa, creation_distribution,
|
||||
file_attributes,
|
||||
0);
|
||||
|
||||
syscall_printf ("%p = CreateFileA (%s, %p, %p, %p, %p, %p, 0)",
|
||||
x, get_win32_name (), access, shared,
|
||||
&sec_none, creation_distribution,
|
||||
&sa, creation_distribution,
|
||||
file_attributes);
|
||||
|
||||
if (x == INVALID_HANDLE_VALUE)
|
||||
@ -401,9 +408,12 @@ fhandler_base::open (int flags, mode_t mode)
|
||||
goto done;
|
||||
}
|
||||
|
||||
// Attributes may be set only if a file is _really_ created.
|
||||
/* Attributes may be set only if a file is _really_ created.
|
||||
This code is now only used for ntea here since the files
|
||||
security attributes are set in CreateFile () now. */
|
||||
if (flags & O_CREAT && get_device () == FH_DISK
|
||||
&& GetLastError () != ERROR_ALREADY_EXISTS)
|
||||
&& GetLastError () != ERROR_ALREADY_EXISTS
|
||||
&& !allow_ntsec && allow_ntea)
|
||||
set_file_attribute (has_acls (), get_win32_name (), mode);
|
||||
|
||||
namehash = hash_path_name (0, get_win32_name ());
|
||||
|
@ -2395,6 +2395,7 @@ symlink (const char *topath, const char *frompath)
|
||||
char cwd[MAX_PATH + 1], *cp = NULL, c = 0;
|
||||
char w32topath[MAX_PATH + 1];
|
||||
DWORD written;
|
||||
SECURITY_ATTRIBUTES sa = sec_none_nih;
|
||||
|
||||
win32_path.check (frompath, PC_SYM_NOFOLLOW);
|
||||
if (allow_winsymlinks && !win32_path.error)
|
||||
@ -2456,7 +2457,11 @@ symlink (const char *topath, const char *frompath)
|
||||
}
|
||||
}
|
||||
|
||||
h = CreateFileA(win32_path, GENERIC_WRITE, 0, &sec_none_nih,
|
||||
if (allow_ntsec && win32_path.has_acls ())
|
||||
set_security_attribute (S_IFLNK | S_IRWXU | S_IRWXG | S_IRWXO,
|
||||
&sa, alloca (256), 256);
|
||||
|
||||
h = CreateFileA(win32_path, GENERIC_WRITE, 0, &sa,
|
||||
CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0);
|
||||
if (h == INVALID_HANDLE_VALUE)
|
||||
__seterrno ();
|
||||
@ -2499,9 +2504,10 @@ symlink (const char *topath, const char *frompath)
|
||||
if (success)
|
||||
{
|
||||
CloseHandle (h);
|
||||
set_file_attribute (win32_path.has_acls (),
|
||||
win32_path.get_win32 (),
|
||||
S_IFLNK | S_IRWXU | S_IRWXG | S_IRWXO);
|
||||
if (!allow_ntsec && allow_ntea)
|
||||
set_file_attribute (win32_path.has_acls (),
|
||||
win32_path.get_win32 (),
|
||||
S_IFLNK | S_IRWXU | S_IRWXG | S_IRWXO);
|
||||
SetFileAttributesA (win32_path.get_win32 (),
|
||||
allow_winsymlinks ? FILE_ATTRIBUTE_READONLY
|
||||
: FILE_ATTRIBUTE_SYSTEM);
|
||||
|
@ -1553,6 +1553,23 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
|
||||
return psd;
|
||||
}
|
||||
|
||||
void
|
||||
set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
|
||||
void *sd_buf, DWORD sd_buf_size)
|
||||
{
|
||||
/* symlinks are anything for everyone!*/
|
||||
if ((attribute & S_IFLNK) == S_IFLNK)
|
||||
attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
|
||||
|
||||
psa->lpSecurityDescriptor = sd_buf;
|
||||
InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)sd_buf,
|
||||
SECURITY_DESCRIPTOR_REVISION);
|
||||
psa->lpSecurityDescriptor = alloc_sd (geteuid (), getegid (),
|
||||
cygheap->user.logsrv (),
|
||||
attribute, (PSECURITY_DESCRIPTOR)sd_buf,
|
||||
&sd_buf_size);
|
||||
}
|
||||
|
||||
static int
|
||||
set_nt_attribute (const char *file, uid_t uid, gid_t gid,
|
||||
const char *logsrv, int attribute)
|
||||
@ -1583,10 +1600,6 @@ set_file_attribute (int use_ntsec, const char *file,
|
||||
uid_t uid, gid_t gid,
|
||||
int attribute, const char *logsrv)
|
||||
{
|
||||
/* symlinks are anything for everyone!*/
|
||||
if ((attribute & S_IFLNK) == S_IFLNK)
|
||||
attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
|
||||
|
||||
int ret = 0;
|
||||
|
||||
if (use_ntsec && allow_ntsec)
|
||||
|
@ -151,6 +151,7 @@ legal_sid_type (SID_NAME_USE type)
|
||||
|| type == SidTypeAlias || type == SidTypeWellKnownGroup;
|
||||
}
|
||||
|
||||
extern BOOL allow_ntea;
|
||||
extern BOOL allow_ntsec;
|
||||
extern BOOL allow_smbntsec;
|
||||
|
||||
@ -171,6 +172,9 @@ LONG __stdcall write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_
|
||||
BOOL __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);
|
||||
BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);
|
||||
|
||||
void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
|
||||
void *sd_buf, DWORD sd_buf_size);
|
||||
|
||||
/* Try a subauthentication. */
|
||||
HANDLE subauth (struct passwd *pw);
|
||||
/* Try creating a token directly. */
|
||||
|
Loading…
x
Reference in New Issue
Block a user