* security.cc (get_attribute_from_acl): Always test "anti",

just in case an access_denied ACE follows an access_allowed.
	Handle the case owner_sid == group_sid, with a FIXME.
	Remove unnecessary tests for non-NULL PSIDs.
	(alloc_sd): Use existing owner and group sids if {ug}id == -1.
	Handle case where owner_sid == group_sid.
	Do not call is_grp_member. Try to preserve canonical ACE order.
	Remove unnecessary tests for non-NULL PSIDs. Reorganize
	debug_printf's.
	(get_initgroups_sidlist): Put well_known_system_sid on left
	side of ==.
	(add_access_denied_ace): Only call GetAce if inherit != 0.
	(add_access_allowed_ace): Ditto. Use appropriate sizeof.
	* syscalls.cc (chown_worker): Pass {ug}id equal to -1 to
	alloc_sd, which removes the need to obtain old_{ug}id.
	(chmod): Remove call to get_file_attribute (), simply pass
	{ug}id equal to -1 to alloc_sd.
This commit is contained in:
Corinna Vinschen
2002-11-20 09:23:21 +00:00
parent 03b65245db
commit dbcb75780a
3 changed files with 107 additions and 96 deletions

View File

@@ -773,8 +773,6 @@ static int
chown_worker (const char *name, unsigned fmode, __uid32_t uid, __gid32_t gid)
{
int res;
__uid32_t old_uid;
__gid32_t old_gid;
if (check_null_empty_str_errno (name))
return -1;
@@ -806,20 +804,10 @@ chown_worker (const char *name, unsigned fmode, __uid32_t uid, __gid32_t gid)
attrib |= S_IFDIR;
res = get_file_attribute (win32_path.has_acls (),
win32_path.get_win32 (),
(int *) &attrib,
&old_uid,
&old_gid);
(int *) &attrib);
if (!res)
{
if (uid == ILLEGAL_UID)
uid = old_uid;
if (gid == ILLEGAL_GID)
gid = old_gid;
if (win32_path.isdir ())
attrib |= S_IFDIR;
res = set_file_attribute (win32_path.has_acls (), win32_path, uid,
gid, attrib);
}
res = set_file_attribute (win32_path.has_acls (), win32_path, uid,
gid, attrib);
if (res != 0 && (!win32_path.has_acls () || !allow_ntsec))
{
/* fake - if not supported, pretend we're like win95
@@ -936,19 +924,10 @@ chmod (const char *path, mode_t mode)
/* temporary erase read only bit, to be able to set file security */
SetFileAttributes (win32_path, (DWORD) win32_path & ~FILE_ATTRIBUTE_READONLY);
__uid32_t uid;
__gid32_t gid;
if (win32_path.isdir ())
mode |= S_IFDIR;
get_file_attribute (win32_path.has_acls (),
win32_path.get_win32 (),
NULL, &uid, &gid);
/* FIXME: Do we really need this to be specified twice? */
if (win32_path.isdir ())
mode |= S_IFDIR;
if (!set_file_attribute (win32_path.has_acls (), win32_path, uid, gid,
mode)
if (!set_file_attribute (win32_path.has_acls (), win32_path,
ILLEGAL_UID, ILLEGAL_GID, mode)
&& allow_ntsec)
res = 0;