Fix permission evaluation for !new_style ACLs
* security.h (authz_get_user_attribute): Declare bool. * sec_helper.cc (authz_ctx::get_user_attribute): Make bool method. Set S_IxOTH bits in returned attributes rather than S_IxUSR bits. (authz_get_user_attribute): Make bool function. * sec_acl.cc (get_posix_access): Introduce cygsid array to keep track of all SIDs in the ACL. Move AuthZ calls into !new_style permission post processing. When not using AuthZ, use CheckTokenMembership to collect group permissions. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
@@ -456,7 +456,7 @@ void set_security_attribute (path_conv &pc, int attribute,
|
||||
PSECURITY_ATTRIBUTES psa,
|
||||
security_descriptor &sd_buf);
|
||||
|
||||
void authz_get_user_attribute (mode_t *attribute, PSECURITY_DESCRIPTOR psd,
|
||||
bool authz_get_user_attribute (mode_t *attribute, PSECURITY_DESCRIPTOR psd,
|
||||
PSID user_sid);
|
||||
|
||||
/* sec_acl.cc */
|
||||
|
Reference in New Issue
Block a user