Fix permission evaluation for !new_style ACLs

* security.h (authz_get_user_attribute): Declare bool.
	* sec_helper.cc (authz_ctx::get_user_attribute): Make bool method.
	Set S_IxOTH bits in returned attributes rather than S_IxUSR bits.
	(authz_get_user_attribute): Make bool function.
	* sec_acl.cc (get_posix_access): Introduce cygsid array to keep
	track of all SIDs in the ACL.  Move AuthZ calls into !new_style
	permission post processing.  When not using AuthZ, use
	CheckTokenMembership to collect group permissions.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen
2015-09-02 00:05:46 +02:00
parent 7edb6b8d3e
commit 911808dd5e
4 changed files with 71 additions and 53 deletions

View File

@@ -456,7 +456,7 @@ void set_security_attribute (path_conv &pc, int attribute,
PSECURITY_ATTRIBUTES psa,
security_descriptor &sd_buf);
void authz_get_user_attribute (mode_t *attribute, PSECURITY_DESCRIPTOR psd,
bool authz_get_user_attribute (mode_t *attribute, PSECURITY_DESCRIPTOR psd,
PSID user_sid);
/* sec_acl.cc */