get_posix_access: Skip merging permissions if user can't get more permissions

* sec_acl.cc (get_posix_access): Skip merging permissions if current
        user has rwx permissions anywa, or if the sum of all group and other
        permissions is less than or equal to the user's permissions.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-11-10 10:00:33 +01:00
parent a5d81afc71
commit 90e006a63d
2 changed files with 17 additions and 2 deletions

View File

@ -1,3 +1,9 @@
2015-11-18 Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (get_posix_access): Skip merging permissions if current
user has rwx permissions anywa, or if the sum of all group and other
permissions is less than or equal to the user's permissions.
2015-11-18 Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (get_posix_access): Fix computation of effective user

View File

@ -1019,8 +1019,17 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
{
mode_t perm;
/* If we use the Windows user DB, utilize Authz to make sure all
user permissions are correctly reflecting the Windows
/* Don't merge if the user already has all permissions, or... */
if (lacl[idx].a_perm == S_IRWXO)
continue;
/* ...if the sum of perms is less than or equal the user's perms. */
perm = lacl[idx].a_perm
| (has_class_perm ? class_perm : lacl[1].a_perm)
| lacl[2].a_perm;
if (perm == lacl[idx].a_perm)
continue;
/* Otherwise, if we use the Windows user DB, utilize Authz to make
sure all user permissions are correctly reflecting the Windows
permissions. */
if (cygheap->pg.nss_pwd_db ()
&& authz_get_user_attribute (&perm, psd, aclsid[idx]))