Fix pty permssion handling in new permission handling code
* sec_acl.cc (set_posix_access): Always make sure Admins have
WRITE_DAC and WRITE_OWNER permissions.
* security.h (create_object_sd_from_attribute): Drop handle parameter
from prototype.
* security.cc (create_object_sd_from_attribute): Drop handle parameter.
Just create the standard POSIXy security descriptor.
(set_object_attribute): Accommodate dropped paramter in call to
create_object_sd_from_attribute.
* fhandler_tty.cc: Ditto, throughout.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen
parent
7d061316c0
commit
cf6ff1c321
|
|
@ -1,3 +1,15 @@
|
||||||
|
2015-04-12 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* sec_acl.cc (set_posix_access): Always make sure Admins have
|
||||||
|
WRITE_DAC and WRITE_OWNER permissions.
|
||||||
|
* security.h (create_object_sd_from_attribute): Drop handle parameter
|
||||||
|
from prototype.
|
||||||
|
* security.cc (create_object_sd_from_attribute): Drop handle parameter.
|
||||||
|
Just create the standard POSIXy security descriptor.
|
||||||
|
(set_object_attribute): Accommodate dropped paramter in call to
|
||||||
|
create_object_sd_from_attribute.
|
||||||
|
* fhandler_tty.cc: Ditto, throughout.
|
||||||
|
|
||||||
2015-04-12 Corinna Vinschen <corinna@vinschen.de>
|
2015-04-12 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
* shm.cc (shmget): Fetch segment size from server rather than using
|
* shm.cc (shmget): Fetch segment size from server rather than using
|
||||||
|
|
|
||||||
|
|
@ -387,9 +387,8 @@ fhandler_pty_slave::open (int flags, mode_t)
|
||||||
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
|
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
|
||||||
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
|
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
|
||||||
SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE };
|
SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE };
|
||||||
if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid,
|
if (!create_object_sd_from_attribute (myself->uid, myself->gid,
|
||||||
S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP,
|
S_IRUSR | S_IWUSR | S_IWGRP, sd))
|
||||||
sd))
|
|
||||||
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd;
|
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd;
|
||||||
acquire_output_mutex (INFINITE);
|
acquire_output_mutex (INFINITE);
|
||||||
inuse = get_ttyp ()->create_inuse (&sa);
|
inuse = get_ttyp ()->create_inuse (&sa);
|
||||||
|
|
@ -1093,7 +1092,7 @@ fhandler_pty_slave::fchmod (mode_t mode)
|
||||||
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
|
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
|
||||||
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
|
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
|
||||||
if (!get_object_attribute (input_available_event, &uid, &gid, NULL)
|
if (!get_object_attribute (input_available_event, &uid, &gid, NULL)
|
||||||
&& !create_object_sd_from_attribute (NULL, uid, gid, S_IFCHR | mode, sd))
|
&& !create_object_sd_from_attribute (uid, gid, mode, sd))
|
||||||
ret = fch_set_sd (sd, false);
|
ret = fch_set_sd (sd, false);
|
||||||
errout:
|
errout:
|
||||||
if (to_close)
|
if (to_close)
|
||||||
|
|
@ -1126,8 +1125,7 @@ fhandler_pty_slave::fchown (uid_t uid, gid_t gid)
|
||||||
if ((uid == ILLEGAL_UID || uid == o_uid)
|
if ((uid == ILLEGAL_UID || uid == o_uid)
|
||||||
&& (gid == ILLEGAL_GID || gid == o_gid))
|
&& (gid == ILLEGAL_GID || gid == o_gid))
|
||||||
ret = 0;
|
ret = 0;
|
||||||
else if (!create_object_sd_from_attribute (input_available_event,
|
else if (!create_object_sd_from_attribute (uid, gid, mode, sd))
|
||||||
uid, gid, S_IFCHR | mode, sd))
|
|
||||||
ret = fch_set_sd (sd, true);
|
ret = fch_set_sd (sd, true);
|
||||||
}
|
}
|
||||||
errout:
|
errout:
|
||||||
|
|
@ -1598,9 +1596,8 @@ fhandler_pty_master::setup ()
|
||||||
/* Create security attribute. Default permissions are 0620. */
|
/* Create security attribute. Default permissions are 0620. */
|
||||||
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
|
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
|
||||||
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
|
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
|
||||||
if (!create_object_sd_from_attribute (NULL, myself->uid, myself->gid,
|
if (!create_object_sd_from_attribute (myself->uid, myself->gid,
|
||||||
S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP,
|
S_IRUSR | S_IWUSR | S_IWGRP, sd))
|
||||||
sd))
|
|
||||||
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd;
|
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd;
|
||||||
|
|
||||||
/* Carefully check that the input_available_event didn't already exist.
|
/* Carefully check that the input_available_event didn't already exist.
|
||||||
|
|
|
||||||
|
|
@ -141,6 +141,7 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
|
||||||
mode_t class_obj = 0, other_obj, group_obj, deny;
|
mode_t class_obj = 0, other_obj, group_obj, deny;
|
||||||
DWORD access;
|
DWORD access;
|
||||||
int idx, start_idx, class_idx, tmp_idx;
|
int idx, start_idx, class_idx, tmp_idx;
|
||||||
|
bool dev_saw_admins = false;
|
||||||
|
|
||||||
/* Initialize local security descriptor. */
|
/* Initialize local security descriptor. */
|
||||||
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
|
||||||
|
|
@ -335,6 +336,14 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
|
||||||
if (aclbufp[idx].a_perm == S_IRWXO)
|
if (aclbufp[idx].a_perm == S_IRWXO)
|
||||||
access |= FILE_DELETE_CHILD;
|
access |= FILE_DELETE_CHILD;
|
||||||
}
|
}
|
||||||
|
/* For ptys check if the admins group is in the ACL. If so,
|
||||||
|
make sure the group has WRITE_DAC and WRITE_OWNER perms. */
|
||||||
|
if (S_ISCHR (attr) && !dev_saw_admins
|
||||||
|
&& aclsid[idx] == well_known_admins_sid)
|
||||||
|
{
|
||||||
|
access |= STD_RIGHTS_OWNER;
|
||||||
|
dev_saw_admins = true;
|
||||||
|
}
|
||||||
if (aclbufp[idx].a_perm & S_IROTH)
|
if (aclbufp[idx].a_perm & S_IROTH)
|
||||||
access |= FILE_ALLOW_READ;
|
access |= FILE_ALLOW_READ;
|
||||||
if (aclbufp[idx].a_perm & S_IWOTH)
|
if (aclbufp[idx].a_perm & S_IWOTH)
|
||||||
|
|
@ -352,6 +361,13 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* For ptys if the admins group isn't in the ACL, add an ACE to make
|
||||||
|
sure the group has WRITE_DAC and WRITE_OWNER perms. */
|
||||||
|
if (S_ISCHR (attr) && !dev_saw_admins
|
||||||
|
&& !add_access_allowed_ace (acl, STD_RIGHTS_OWNER,
|
||||||
|
well_known_admins_sid, acl_len,
|
||||||
|
NO_INHERITANCE))
|
||||||
|
return NULL;
|
||||||
/* Create allow ACE for other. It's preceeded by class_obj if it exists.
|
/* Create allow ACE for other. It's preceeded by class_obj if it exists.
|
||||||
If so, skip it. */
|
If so, skip it. */
|
||||||
if (aclbufp[idx].a_type & CLASS_OBJ)
|
if (aclbufp[idx].a_type & CLASS_OBJ)
|
||||||
|
|
|
||||||
|
|
@ -409,14 +409,11 @@ get_object_attribute (HANDLE handle, uid_t *uidret, gid_t *gidret,
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
create_object_sd_from_attribute (HANDLE handle, uid_t uid, gid_t gid,
|
create_object_sd_from_attribute (uid_t uid, gid_t gid, mode_t attribute,
|
||||||
mode_t attribute, security_descriptor &sd)
|
security_descriptor &sd)
|
||||||
{
|
{
|
||||||
path_conv pc;
|
return set_posix_access (S_IFCHR | attribute, uid, gid, NULL, 0, sd, false)
|
||||||
if ((handle && get_object_sd (handle, sd))
|
? 0 : -1;
|
||||||
|| !set_posix_access (attribute, uid, gid, NULL, 0, sd, false))
|
|
||||||
return -1;
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|
@ -434,12 +431,11 @@ set_object_sd (HANDLE handle, security_descriptor &sd, bool chown)
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
set_object_attribute (HANDLE handle, uid_t uid, gid_t gid,
|
set_object_attribute (HANDLE handle, uid_t uid, gid_t gid, mode_t attribute)
|
||||||
mode_t attribute)
|
|
||||||
{
|
{
|
||||||
security_descriptor sd;
|
security_descriptor sd;
|
||||||
|
|
||||||
if (create_object_sd_from_attribute (handle, uid, gid, attribute, sd)
|
if (create_object_sd_from_attribute (uid, gid, attribute, sd)
|
||||||
|| set_object_sd (handle, sd, uid != ILLEGAL_UID || gid != ILLEGAL_GID))
|
|| set_object_sd (handle, sd, uid != ILLEGAL_UID || gid != ILLEGAL_GID))
|
||||||
return -1;
|
return -1;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -440,8 +440,8 @@ int __reg3 set_created_file_access (HANDLE, path_conv &, mode_t);
|
||||||
int __reg2 get_object_sd (HANDLE, security_descriptor &);
|
int __reg2 get_object_sd (HANDLE, security_descriptor &);
|
||||||
int __reg3 get_object_attribute (HANDLE, uid_t *, gid_t *, mode_t *);
|
int __reg3 get_object_attribute (HANDLE, uid_t *, gid_t *, mode_t *);
|
||||||
int __reg3 set_object_attribute (HANDLE, uid_t, gid_t, mode_t);
|
int __reg3 set_object_attribute (HANDLE, uid_t, gid_t, mode_t);
|
||||||
int __reg3 create_object_sd_from_attribute (HANDLE, uid_t, gid_t,
|
int __reg3 create_object_sd_from_attribute (uid_t, gid_t, mode_t,
|
||||||
mode_t, security_descriptor &);
|
security_descriptor &);
|
||||||
int __reg3 set_object_sd (HANDLE, security_descriptor &, bool);
|
int __reg3 set_object_sd (HANDLE, security_descriptor &, bool);
|
||||||
|
|
||||||
int __reg3 get_reg_attribute (HKEY hkey, mode_t *, uid_t *, gid_t *);
|
int __reg3 get_reg_attribute (HKEY hkey, mode_t *, uid_t *, gid_t *);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue