* sec_helper.cc (security_descriptor::free): If sd_size is 0, call

LocalFree instead of ::free.

	* sec_acl.cc: Throughout replace old ACE flag definitions with current
	definitions as used in MSDN man pages.
	* security.cc: Ditto.

	* fhandler.cc (fhandler_base::open): Make sure file has really been
	just created before fixing file permissions.  Add S_JUSTCREATED
	attribute to set_file_attribute call.
	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
	with default security descriptor and fix descriptor afterwards.
	Add S_JUSTCREATED flag to set_file_attribute call.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
	socket files.
	* path.cc (symlink_worker): Ditto for symlinks.
	* security.cc (get_file_sd): Call GetSecurityInfo rather than
	NtQuerySecurityObject.  Explain why.  Change error handling accordingly.
	(alloc_sd): Skip non-inherited, non-standard entries in ACL if
	S_JUSTCREATED attribute is set.  Explain why.  Minor format fixes.
	* security.h (S_JUSTCREATED): New define.
	(security_descriptor::operator=): New operator.
This commit is contained in:
Corinna Vinschen
2009-10-30 19:58:53 +00:00
parent 53be6f3df6
commit b42441d32b
9 changed files with 93 additions and 57 deletions

View File

@ -14,6 +14,10 @@ details. */
#include <accctrl.h>
/* Special file attribute set, for instance, in open() and mkdir() to
flag that a file has just been created. Used in alloc_sd, see there. */
#define S_JUSTCREATED 0x80000000
#define DEFAULT_UID DOMAIN_USER_RID_ADMIN
#define UNKNOWN_UID 400 /* Non conflicting number */
#define UNKNOWN_GID 401
@ -279,6 +283,7 @@ public:
}
inline operator const PSECURITY_DESCRIPTOR () { return psd; }
inline operator PSECURITY_DESCRIPTOR *() { return &psd; }
inline void operator =(PSECURITY_DESCRIPTOR nsd) { psd = nsd; }
};
class user_groups {