Drop unused parameter from add_access_*_ace
* security.cc (add_access_allowed_ace): Drop unused parameter "offset". Accommodate throughout. (add_access_denied_ace): Ditto. * sec_acl.cc: Accommodate above change throughout. * security.h (add_access_allowed_ace): Adjust prototype to above change. (add_access_denied_ace): Ditto. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen
@@ -1,3 +1,12 @@
|
||||
2015-04-02 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
|
||||
Accommodate throughout.
|
||||
(add_access_denied_ace): Ditto.
|
||||
* sec_acl.cc: Accommodate above change throughout.
|
||||
* security.h (add_access_allowed_ace): Adjust prototype to above change.
|
||||
(add_access_denied_ace): Ditto.
|
||||
|
||||
2015-04-01 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* include/cygwin/types.h: Include sys/_stdint.h rather than stdint.h.
|
||||
|
||||
@@ -171,7 +171,6 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
|
||||
/* Fill access control list. */
|
||||
acl = (PACL) tp.w_get ();
|
||||
size_t acl_len = sizeof (ACL);
|
||||
int ace_off = 0;
|
||||
|
||||
cygsid sid;
|
||||
struct passwd *pw;
|
||||
@@ -236,37 +235,37 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
|
||||
|
||||
/* Set deny ACE for owner. */
|
||||
if (owner_deny
|
||||
&& !add_access_denied_ace (acl, ace_off++, owner_deny,
|
||||
owner, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_denied_ace (acl, owner_deny, owner, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set deny ACE for group here to respect the canonical order,
|
||||
if this does not impact owner */
|
||||
if (group_deny && !(group_deny & owner_allow) && !isownergroup
|
||||
&& !add_access_denied_ace (acl, ace_off++, group_deny,
|
||||
group, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_denied_ace (acl, group_deny, group, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set allow ACE for owner. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, owner_allow,
|
||||
owner, acl_len, NO_INHERITANCE))
|
||||
if (!add_access_allowed_ace (acl, owner_allow, owner, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set deny ACE for group, if still needed. */
|
||||
if (group_deny & owner_allow && !isownergroup
|
||||
&& !add_access_denied_ace (acl, ace_off++, group_deny,
|
||||
group, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_denied_ace (acl, group_deny, group, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set allow ACE for group. */
|
||||
if (!isownergroup
|
||||
&& !add_access_allowed_ace (acl, ace_off++, group_allow,
|
||||
group, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_allowed_ace (acl, group_allow, group, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return -1;
|
||||
/* Set allow ACE for everyone. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, other_allow,
|
||||
well_known_world_sid, acl_len, NO_INHERITANCE))
|
||||
if (!add_access_allowed_ace (acl, other_allow, well_known_world_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return -1;
|
||||
/* If a NULL ACE exists, copy it verbatim. */
|
||||
if (null_mask)
|
||||
if (!add_access_allowed_ace (acl, ace_off++, null_mask, well_known_null_sid,
|
||||
acl_len, NO_INHERITANCE))
|
||||
if (!add_access_allowed_ace (acl, null_mask, well_known_null_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return -1;
|
||||
for (int i = 0; i < nentries; ++i)
|
||||
{
|
||||
@@ -317,8 +316,8 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
|
||||
case DEF_USER_OBJ:
|
||||
allow |= STANDARD_RIGHTS_ALL
|
||||
| (pc.fs_is_samba () ? 0 : FILE_WRITE_ATTRIBUTES);
|
||||
if (!add_access_allowed_ace (acl, ace_off++, allow,
|
||||
well_known_creator_owner_sid, acl_len, inheritance))
|
||||
if (!add_access_allowed_ace (acl, allow, well_known_creator_owner_sid,
|
||||
acl_len, inheritance))
|
||||
return -1;
|
||||
break;
|
||||
case USER:
|
||||
@@ -329,13 +328,12 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
|
||||
set_errno (EINVAL);
|
||||
return -1;
|
||||
}
|
||||
if (!add_access_allowed_ace (acl, ace_off++, allow,
|
||||
sid, acl_len, inheritance))
|
||||
if (!add_access_allowed_ace (acl, allow, sid, acl_len, inheritance))
|
||||
return -1;
|
||||
break;
|
||||
case DEF_GROUP_OBJ:
|
||||
if (!add_access_allowed_ace (acl, ace_off++, allow,
|
||||
well_known_creator_group_sid, acl_len, inheritance))
|
||||
if (!add_access_allowed_ace (acl, allow, well_known_creator_group_sid,
|
||||
acl_len, inheritance))
|
||||
return -1;
|
||||
break;
|
||||
case GROUP:
|
||||
@@ -346,13 +344,11 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
|
||||
set_errno (EINVAL);
|
||||
return -1;
|
||||
}
|
||||
if (!add_access_allowed_ace (acl, ace_off++, allow,
|
||||
sid, acl_len, inheritance))
|
||||
if (!add_access_allowed_ace (acl, allow, sid, acl_len, inheritance))
|
||||
return -1;
|
||||
break;
|
||||
case DEF_OTHER_OBJ:
|
||||
if (!add_access_allowed_ace (acl, ace_off++, allow,
|
||||
well_known_world_sid,
|
||||
if (!add_access_allowed_ace (acl, allow, well_known_world_sid,
|
||||
acl_len, inheritance))
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -311,8 +311,8 @@ get_file_attribute (HANDLE handle, path_conv &pc,
|
||||
}
|
||||
|
||||
bool
|
||||
add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
|
||||
PSID sid, size_t &len_add, DWORD inherit)
|
||||
add_access_allowed_ace (PACL acl, DWORD attributes, PSID sid, size_t &len_add,
|
||||
DWORD inherit)
|
||||
{
|
||||
NTSTATUS status = RtlAddAccessAllowedAceEx (acl, ACL_REVISION, inherit,
|
||||
attributes, sid);
|
||||
@@ -326,8 +326,8 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
|
||||
}
|
||||
|
||||
bool
|
||||
add_access_denied_ace (PACL acl, int offset, DWORD attributes,
|
||||
PSID sid, size_t &len_add, DWORD inherit)
|
||||
add_access_denied_ace (PACL acl, DWORD attributes, PSID sid, size_t &len_add,
|
||||
DWORD inherit)
|
||||
{
|
||||
NTSTATUS status = RtlAddAccessDeniedAceEx (acl, ACL_REVISION, inherit,
|
||||
attributes, sid);
|
||||
@@ -421,7 +421,6 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
|
||||
|
||||
/* From here fill ACL. */
|
||||
size_t acl_len = sizeof (ACL);
|
||||
int ace_off = 0;
|
||||
/* Only used for sync objects (for ttys). The admins group should
|
||||
always have the right to manipulate the ACL, so we have to make sure
|
||||
that the ACL gives the admins group STANDARD_RIGHTS_ALL access. */
|
||||
@@ -507,35 +506,35 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
|
||||
|
||||
/* Set deny ACE for owner. */
|
||||
if (owner_deny
|
||||
&& !add_access_denied_ace (acl, ace_off++, owner_deny,
|
||||
owner_sid, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_denied_ace (acl, owner_deny, owner_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return NULL;
|
||||
/* Set deny ACE for group here to respect the canonical order,
|
||||
if this does not impact owner */
|
||||
if (group_deny && !(group_deny & owner_allow) && !isownergroup
|
||||
&& !add_access_denied_ace (acl, ace_off++, group_deny,
|
||||
group_sid, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_denied_ace (acl, group_deny, group_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return NULL;
|
||||
/* Set allow ACE for owner. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, owner_allow,
|
||||
owner_sid, acl_len, NO_INHERITANCE))
|
||||
if (!add_access_allowed_ace (acl, owner_allow, owner_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return NULL;
|
||||
/* Set deny ACE for group, if still needed. */
|
||||
if ((group_deny & owner_allow) && !isownergroup
|
||||
&& !add_access_denied_ace (acl, ace_off++, group_deny,
|
||||
group_sid, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_denied_ace (acl, group_deny, group_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return NULL;
|
||||
/* Set allow ACE for group. */
|
||||
if (!isownergroup
|
||||
&& !add_access_allowed_ace (acl, ace_off++, group_allow,
|
||||
group_sid, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_allowed_ace (acl, group_allow, group_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return NULL;
|
||||
|
||||
/* For sync objects, if we didn't see the admins group so far, add entry
|
||||
with STANDARD_RIGHTS_ALL access. */
|
||||
if (S_ISCHR (attribute) && !saw_admins)
|
||||
{
|
||||
if (!add_access_allowed_ace (acl, ace_off++, STANDARD_RIGHTS_ALL,
|
||||
if (!add_access_allowed_ace (acl, STANDARD_RIGHTS_ALL,
|
||||
well_known_admins_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return NULL;
|
||||
@@ -543,13 +542,13 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
|
||||
}
|
||||
|
||||
/* Set allow ACE for everyone. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, other_allow,
|
||||
well_known_world_sid, acl_len, NO_INHERITANCE))
|
||||
if (!add_access_allowed_ace (acl, other_allow, well_known_world_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return NULL;
|
||||
/* Set null ACE for special bits. */
|
||||
if (null_allow
|
||||
&& !add_access_allowed_ace (acl, ace_off++, null_allow,
|
||||
well_known_null_sid, acl_len, NO_INHERITANCE))
|
||||
&& !add_access_allowed_ace (acl, null_allow, well_known_null_sid, acl_len,
|
||||
NO_INHERITANCE))
|
||||
return NULL;
|
||||
|
||||
/* Fill ACL with unrelated ACEs from current security descriptor. */
|
||||
@@ -637,7 +636,6 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
|
||||
__seterrno_from_nt_status (status);
|
||||
return NULL;
|
||||
}
|
||||
ace_off++;
|
||||
acl_len += ace->Header.AceSize;
|
||||
}
|
||||
|
||||
@@ -648,18 +646,18 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
|
||||
{
|
||||
const DWORD inherit = SUB_CONTAINERS_AND_OBJECTS_INHERIT | INHERIT_ONLY;
|
||||
/* Set allow ACE for owner. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, owner_allow,
|
||||
if (!add_access_allowed_ace (acl, owner_allow,
|
||||
well_known_creator_owner_sid, acl_len,
|
||||
inherit))
|
||||
return NULL;
|
||||
/* Set allow ACE for group. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, group_allow,
|
||||
if (!add_access_allowed_ace (acl, group_allow,
|
||||
well_known_creator_group_sid, acl_len,
|
||||
inherit))
|
||||
return NULL;
|
||||
/* Set allow ACE for everyone. */
|
||||
if (!add_access_allowed_ace (acl, ace_off++, other_allow,
|
||||
well_known_world_sid, acl_len, inherit))
|
||||
if (!add_access_allowed_ace (acl, other_allow, well_known_world_sid,
|
||||
acl_len, inherit))
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -955,7 +953,7 @@ convert_samba_sd (security_descriptor &sd_ret)
|
||||
if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid)))
|
||||
ace_sid.getfromgr (grp);
|
||||
}
|
||||
if (!add_access_allowed_ace (acl, i, ace->Mask, ace_sid, acl_len,
|
||||
if (!add_access_allowed_ace (acl, ace->Mask, ace_sid, acl_len,
|
||||
ace->Header.AceFlags))
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -449,8 +449,8 @@ int __reg3 set_object_sd (HANDLE, security_descriptor &, bool);
|
||||
int __reg3 get_reg_attribute (HKEY hkey, mode_t *, uid_t *, gid_t *);
|
||||
LONG __reg3 get_file_sd (HANDLE fh, path_conv &, security_descriptor &, bool);
|
||||
LONG __reg3 set_file_sd (HANDLE fh, path_conv &, security_descriptor &, bool);
|
||||
bool __reg3 add_access_allowed_ace (PACL, int, DWORD, PSID, size_t &, DWORD);
|
||||
bool __reg3 add_access_denied_ace (PACL, int, DWORD, PSID, size_t &, DWORD);
|
||||
bool __reg3 add_access_allowed_ace (PACL, DWORD, PSID, size_t &, DWORD);
|
||||
bool __reg3 add_access_denied_ace (PACL, DWORD, PSID, size_t &, DWORD);
|
||||
int __reg3 check_file_access (path_conv &, int, bool);
|
||||
int __reg3 check_registry_access (HANDLE, int, bool);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user