Apply umask on "standard" Cygwin ACL

* sec_acl.cc (get_posix_access): Check for Cygwin "standard" ACL. Apply umask, if so. Align comments. * security.cc (set_created_file_access): Fix permission masking by incoming requested file mode. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-21 11:49:38 +02:00
parent b364582734
commit a8ec1e804e
3 changed files with 54 additions and 23 deletions
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@ -468,22 +468,34 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
      if ((nentries = get_posix_access (sd, &attr_rd, &uid, &gid,
 					aclp, MAX_ACL_ENTRIES)) >= 0)
 	{
-	  /* Symlinks always get the request POSIX perms. */
 	  if (S_ISLNK (attr))
-	    attr_rd = 0777;
-	  /* Overwrite ACL permissions as required by POSIX 1003.1e
-	     draft 17. */
-	  aclp[0].a_perm = ((attr & attr_rd) >> 6) & S_IRWXO;
-	  /* Deliberate deviation from POSIX 1003.1e here.  We're not
-	     writing CLASS_OBJ *or* GROUP_OBJ, but both.  Otherwise we're
-	     going to be in constant trouble with user expectations. */
-	  if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
-	    aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO;
-	  if (nentries > MIN_ACL_ENTRIES
-	      && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
-	    aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO;
-	  if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
-	    aclp[idx].a_perm = (attr & attr_rd) & S_IRWXO;
+	    {
+	      /* Symlinks always get the request POSIX perms. */
+	      aclp[0].a_perm = (attr >> 6) & S_IRWXO;
+	      if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
+		aclp[idx].a_perm = (attr >> 3) & S_IRWXO;
+	      if (nentries > MIN_ACL_ENTRIES
+		  && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
+		aclp[idx].a_perm = (attr >> 3) & S_IRWXO;
+	      if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
+		aclp[idx].a_perm = attr & S_IRWXO;
+	    }
+	  else
+	    {
+	      /* Overwrite ACL permissions as required by POSIX 1003.1e
+		 draft 17. */
+	      aclp[0].a_perm &= (attr >> 6) & S_IRWXO;
+	      /* Deliberate deviation from POSIX 1003.1e here.  We're not
+		 writing CLASS_OBJ *or* GROUP_OBJ, but both.  Otherwise we're
+		 going to be in constant trouble with user expectations. */
+	      if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
+		aclp[idx].a_perm &= (attr >> 3) & S_IRWXO;
+	      if (nentries > MIN_ACL_ENTRIES
+		  && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
+		aclp[idx].a_perm &= (attr >> 3) & S_IRWXO;
+	      if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
+		aclp[idx].a_perm &= attr & S_IRWXO;
+	    }
 	  /* Construct appropriate inherit attribute for new directories.
 	     Basically we do this only for the sake of non-Cygwin applications.
 	     Cygwin applications don't need these.  Additionally, if the