* sec_helper.cc (security_descriptor::free): If sd_size is 0, call
LocalFree instead of ::free. * sec_acl.cc: Throughout replace old ACE flag definitions with current definitions as used in MSDN man pages. * security.cc: Ditto. * fhandler.cc (fhandler_base::open): Make sure file has really been just created before fixing file permissions. Add S_JUSTCREATED attribute to set_file_attribute call. * fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir with default security descriptor and fix descriptor afterwards. Add S_JUSTCREATED flag to set_file_attribute call. * fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL socket files. * path.cc (symlink_worker): Ditto for symlinks. * security.cc (get_file_sd): Call GetSecurityInfo rather than NtQuerySecurityObject. Explain why. Change error handling accordingly. (alloc_sd): Skip non-inherited, non-standard entries in ACL if S_JUSTCREATED attribute is set. Explain why. Minor format fixes. * security.h (S_JUSTCREATED): New define. (security_descriptor::operator=): New operator.
This commit is contained in:
@@ -1399,7 +1399,6 @@ symlink_worker (const char *oldpath, const char *newpath, bool use_winsym,
|
||||
path_conv win32_newpath, win32_oldpath;
|
||||
char *buf, *cp;
|
||||
SECURITY_ATTRIBUTES sa = sec_none_nih;
|
||||
security_descriptor sd;
|
||||
OBJECT_ATTRIBUTES attr;
|
||||
IO_STATUS_BLOCK io;
|
||||
NTSTATUS status;
|
||||
@@ -1660,11 +1659,6 @@ symlink_worker (const char *oldpath, const char *newpath, bool use_winsym,
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
/* See comments in fhander_base::open () for an explanation why we defer
|
||||
setting security attributes on remote files. */
|
||||
if (win32_newpath.has_acls () && !win32_newpath.isremote ())
|
||||
set_security_attribute (win32_newpath, S_IFLNK | STD_RBITS | STD_WBITS,
|
||||
&sa, sd);
|
||||
status = NtCreateFile (&fh, DELETE | FILE_GENERIC_WRITE,
|
||||
win32_newpath.get_object_attr (attr, sa),
|
||||
&io, NULL, FILE_ATTRIBUTE_NORMAL,
|
||||
@@ -1679,9 +1673,10 @@ symlink_worker (const char *oldpath, const char *newpath, bool use_winsym,
|
||||
__seterrno_from_nt_status (status);
|
||||
goto done;
|
||||
}
|
||||
if (win32_newpath.has_acls () && win32_newpath.isremote ())
|
||||
if (win32_newpath.has_acls ())
|
||||
set_file_attribute (fh, win32_newpath, ILLEGAL_UID, ILLEGAL_GID,
|
||||
S_IFLNK | STD_RBITS | STD_WBITS);
|
||||
(io.Information == FILE_CREATED ? S_JUSTCREATED : 0)
|
||||
| S_IFLNK | STD_RBITS | STD_WBITS);
|
||||
status = NtWriteFile (fh, NULL, NULL, NULL, &io, buf, cp - buf, NULL, NULL);
|
||||
if (NT_SUCCESS (status) && io.Information == (ULONG) (cp - buf))
|
||||
{
|
||||
|
Reference in New Issue
Block a user