* security.cc (get_attribute_from_acl): Always test "anti",
just in case an access_denied ACE follows an access_allowed.
	Handle the case owner_sid == group_sid, with a FIXME.
	Remove unnecessary tests for non-NULL PSIDs.
	(alloc_sd): Use existing owner and group sids if {ug}id == -1.
	Handle case where owner_sid == group_sid.
	Do not call is_grp_member. Try to preserve canonical ACE order.
	Remove unnecessary tests for non-NULL PSIDs. Reorganize
	debug_printf's.
	(get_initgroups_sidlist): Put well_known_system_sid on left
	side of ==.
	(add_access_denied_ace): Only call GetAce if inherit != 0.
	(add_access_allowed_ace): Ditto. Use appropriate sizeof.
	* syscalls.cc (chown_worker): Pass {ug}id equal to -1 to
	alloc_sd, which removes the need to obtain old_{ug}id.
	(chmod): Remove call to get_file_attribute (), simply pass
	{ug}id equal to -1 to alloc_sd.
			
			
This commit is contained in:
		| @@ -1,3 +1,23 @@ | |||||||
|  | 2002-11-20  Pierre Humblet <pierre.humblet@ieee.org> | ||||||
|  |  | ||||||
|  | 	* security.cc (get_attribute_from_acl): Always test "anti", | ||||||
|  | 	just in case an access_denied ACE follows an access_allowed. | ||||||
|  | 	Handle the case owner_sid == group_sid, with a FIXME. | ||||||
|  | 	Remove unnecessary tests for non-NULL PSIDs. | ||||||
|  | 	(alloc_sd): Use existing owner and group sids if {ug}id == -1. | ||||||
|  | 	Handle case where owner_sid == group_sid. | ||||||
|  | 	Do not call is_grp_member. Try to preserve canonical ACE order. | ||||||
|  | 	Remove unnecessary tests for non-NULL PSIDs. Reorganize | ||||||
|  | 	debug_printf's. | ||||||
|  | 	(get_initgroups_sidlist): Put well_known_system_sid on left | ||||||
|  | 	side of ==. | ||||||
|  | 	(add_access_denied_ace): Only call GetAce if inherit != 0. | ||||||
|  | 	(add_access_allowed_ace): Ditto. Use appropriate sizeof. | ||||||
|  | 	* syscalls.cc (chown_worker): Pass {ug}id equal to -1 to | ||||||
|  | 	alloc_sd, which removes the need to obtain old_{ug}id. | ||||||
|  | 	(chmod): Remove call to get_file_attribute (), simply pass | ||||||
|  | 	{ug}id equal to -1 to alloc_sd. | ||||||
|  |  | ||||||
| 2002-11-20  Corinna Vinschen  <corinna@vinschen.de> | 2002-11-20  Corinna Vinschen  <corinna@vinschen.de> | ||||||
|  |  | ||||||
| 	* poll.cc (poll): Don't set POLLERR if a listening socket has a | 	* poll.cc (poll): Don't set POLLERR if a listening socket has a | ||||||
|   | |||||||
| @@ -449,7 +449,7 @@ get_user_primary_group (WCHAR *wlogonserver, const char *user, | |||||||
|   BOOL retval = FALSE; |   BOOL retval = FALSE; | ||||||
|   UCHAR count = 0; |   UCHAR count = 0; | ||||||
|  |  | ||||||
|   if (pusersid == well_known_system_sid) |   if (well_known_system_sid == pusersid) | ||||||
|     { |     { | ||||||
|       pgrpsid = well_known_system_sid; |       pgrpsid = well_known_system_sid; | ||||||
|       return TRUE; |       return TRUE; | ||||||
| @@ -540,7 +540,7 @@ get_initgroups_sidlist (cygsidlist &grp_list, | |||||||
| { | { | ||||||
|   grp_list += well_known_world_sid; |   grp_list += well_known_world_sid; | ||||||
|   grp_list += well_known_authenticated_users_sid; |   grp_list += well_known_authenticated_users_sid; | ||||||
|   if (usersid == well_known_system_sid) |   if (well_known_system_sid == usersid) | ||||||
|     { |     { | ||||||
|       auth_pos = -1; |       auth_pos = -1; | ||||||
|       grp_list += well_known_admins_sid; |       grp_list += well_known_admins_sid; | ||||||
| @@ -1238,19 +1238,17 @@ get_attribute_from_acl (int * attribute, PACL acl, PSID owner_sid, | |||||||
|       if (ace_sid == well_known_world_sid) |       if (ace_sid == well_known_world_sid) | ||||||
| 	{ | 	{ | ||||||
| 	  if (ace->Mask & FILE_READ_DATA) | 	  if (ace->Mask & FILE_READ_DATA) | ||||||
| 	    *flags |= S_IROTH | 	    *flags |= ((!(*anti & S_IROTH)) ? S_IROTH : 0) | ||||||
| 		      | ((!(*anti & S_IRGRP)) ? S_IRGRP : 0) | 		      | ((!(*anti & S_IRGRP)) ? S_IRGRP : 0) | ||||||
| 		      | ((!(*anti & S_IRUSR)) ? S_IRUSR : 0); | 		      | ((!(*anti & S_IRUSR)) ? S_IRUSR : 0); | ||||||
| 	  if (ace->Mask & FILE_WRITE_DATA) | 	  if (ace->Mask & FILE_WRITE_DATA) | ||||||
| 	    *flags |= S_IWOTH | 	    *flags |= ((!(*anti & S_IWOTH)) ? S_IWOTH : 0) | ||||||
| 		      | ((!(*anti & S_IWGRP)) ? S_IWGRP : 0) | 		      | ((!(*anti & S_IWGRP)) ? S_IWGRP : 0) | ||||||
| 		      | ((!(*anti & S_IWUSR)) ? S_IWUSR : 0); | 		      | ((!(*anti & S_IWUSR)) ? S_IWUSR : 0); | ||||||
| 	  if (ace->Mask & FILE_EXECUTE) | 	  if (ace->Mask & FILE_EXECUTE) | ||||||
| 	    { | 	    *flags |= ((!(*anti & S_IXOTH)) ? S_IXOTH : 0) | ||||||
| 	      *flags |= S_IXOTH |  | ||||||
| 	              | ((!(*anti & S_IXGRP)) ? S_IXGRP : 0) | 	              | ((!(*anti & S_IXGRP)) ? S_IXGRP : 0) | ||||||
| 	              | ((!(*anti & S_IXUSR)) ? S_IXUSR : 0); | 	              | ((!(*anti & S_IXUSR)) ? S_IXUSR : 0); | ||||||
| 	    } |  | ||||||
| 	  if ((*attribute & S_IFDIR) && | 	  if ((*attribute & S_IFDIR) && | ||||||
| 	      (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD)) | 	      (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD)) | ||||||
| 	      == (FILE_WRITE_DATA | FILE_EXECUTE)) | 	      == (FILE_WRITE_DATA | FILE_EXECUTE)) | ||||||
| @@ -1266,31 +1264,39 @@ get_attribute_from_acl (int * attribute, PACL acl, PSID owner_sid, | |||||||
| 	  if (ace->Mask & FILE_APPEND_DATA) | 	  if (ace->Mask & FILE_APPEND_DATA) | ||||||
| 	    *flags |= S_ISUID; | 	    *flags |= S_ISUID; | ||||||
| 	} | 	} | ||||||
|       else if (owner_sid && ace_sid == owner_sid) |       else if (ace_sid == owner_sid) | ||||||
| 	{ | 	{ | ||||||
| 	  if (ace->Mask & FILE_READ_DATA) | 	  if (ace->Mask & FILE_READ_DATA) | ||||||
| 	    *flags |= S_IRUSR; | 	    *flags |= ((!(*anti & S_IRUSR)) ? S_IRUSR : 0); | ||||||
| 	  if (ace->Mask & FILE_WRITE_DATA) | 	  if (ace->Mask & FILE_WRITE_DATA) | ||||||
| 	    *flags |= S_IWUSR; | 	    *flags |= ((!(*anti & S_IWUSR)) ? S_IWUSR : 0); | ||||||
| 	  if (ace->Mask & FILE_EXECUTE) | 	  if (ace->Mask & FILE_EXECUTE) | ||||||
| 	    *flags |= S_IXUSR; | 	    *flags |= ((!(*anti & S_IXUSR)) ? S_IXUSR : 0); | ||||||
| 	} | 	} | ||||||
|       else if (group_sid && ace_sid == group_sid) |       else if (ace_sid == group_sid) | ||||||
| 	{ | 	{ | ||||||
| 	  if (ace->Mask & FILE_READ_DATA) | 	  if (ace->Mask & FILE_READ_DATA) | ||||||
| 	    *flags |= S_IRGRP | 	    *flags |= ((!(*anti & S_IRGRP)) ? S_IRGRP : 0) | ||||||
| 		      | ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0); | 		      | ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0); | ||||||
| 	  if (ace->Mask & FILE_WRITE_DATA) | 	  if (ace->Mask & FILE_WRITE_DATA) | ||||||
| 	    *flags |= S_IWGRP | 	    *flags |= ((!(*anti & S_IWGRP)) ? S_IWGRP : 0) | ||||||
| 		      | ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0); | 		      | ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0); | ||||||
| 	  if (ace->Mask & FILE_EXECUTE) | 	  if (ace->Mask & FILE_EXECUTE) | ||||||
| 	    *flags |= S_IXGRP | 	    *flags |= ((!(*anti & S_IXGRP)) ? S_IXGRP : 0) | ||||||
| 		      | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0); | 		      | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0); | ||||||
| 	} | 	} | ||||||
|     } |     } | ||||||
|   *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID); |   *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID); | ||||||
|  |   if (owner_sid && group_sid && EqualSid (owner_sid, group_sid) | ||||||
|  |       /* FIXME: temporary exception for /var/empty */ | ||||||
|  |       && well_known_system_sid != group_sid) | ||||||
|  |     { | ||||||
|  |       allow &= ~(S_IRGRP | S_IWGRP | S_IXGRP); | ||||||
|  |       allow |= (((allow & S_IRUSR) ? S_IRGRP : 0) | ||||||
|  | 		| ((allow & S_IWUSR) ? S_IWGRP : 0) | ||||||
|  | 		| ((allow & S_IXUSR) ? S_IXGRP : 0)); | ||||||
|  |     } | ||||||
|   *attribute |= allow; |   *attribute |= allow; | ||||||
|   *attribute &= ~deny; |  | ||||||
|   return; |   return; | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -1494,9 +1500,9 @@ add_access_allowed_ace (PACL acl, int offset, DWORD attributes, | |||||||
|       return FALSE; |       return FALSE; | ||||||
|     } |     } | ||||||
|   ACCESS_ALLOWED_ACE *ace; |   ACCESS_ALLOWED_ACE *ace; | ||||||
|   if (GetAce (acl, offset, (PVOID *) &ace)) |   if (inherit && GetAce (acl, offset, (PVOID *) &ace)) | ||||||
|     ace->Header.AceFlags |= inherit; |     ace->Header.AceFlags |= inherit; | ||||||
|   len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + GetLengthSid (sid); |   len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + GetLengthSid (sid); | ||||||
|   return TRUE; |   return TRUE; | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -1510,7 +1516,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes, | |||||||
|       return FALSE; |       return FALSE; | ||||||
|     } |     } | ||||||
|   ACCESS_DENIED_ACE *ace; |   ACCESS_DENIED_ACE *ace; | ||||||
|   if (GetAce (acl, offset, (PVOID *) &ace)) |   if (inherit && GetAce (acl, offset, (PVOID *) &ace)) | ||||||
|     ace->Header.AceFlags |= inherit; |     ace->Header.AceFlags |= inherit; | ||||||
|   len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + GetLengthSid (sid); |   len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + GetLengthSid (sid); | ||||||
|   return TRUE; |   return TRUE; | ||||||
| @@ -1522,37 +1528,33 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, | |||||||
| { | { | ||||||
|   BOOL dummy; |   BOOL dummy; | ||||||
|  |  | ||||||
|   if (!wincap.has_security ()) |   debug_printf("uid %d, gid %d, attribute %x", uid, gid, attribute); | ||||||
|     return NULL; |  | ||||||
|  |  | ||||||
|   if (!sd_ret || !sd_size_ret) |   if (!sd_ret || !sd_size_ret) | ||||||
|     { |     { | ||||||
|       set_errno (EINVAL); |       set_errno (EINVAL); | ||||||
|       return NULL; |       return NULL; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |   /* Get owner and group from current security descriptor. */ | ||||||
|  |   PSID cur_owner_sid = NULL; | ||||||
|  |   PSID cur_group_sid = NULL; | ||||||
|  |   if (!GetSecurityDescriptorOwner (sd_ret, &cur_owner_sid, &dummy)) | ||||||
|  |     debug_printf ("GetSecurityDescriptorOwner %E"); | ||||||
|  |   if (!GetSecurityDescriptorGroup (sd_ret, &cur_group_sid, &dummy)) | ||||||
|  |     debug_printf ("GetSecurityDescriptorGroup %E"); | ||||||
|  |  | ||||||
|   /* Get SID of owner. */ |   /* Get SID of owner. */ | ||||||
|   cygsid owner_sid (NO_SID); |   cygsid owner_sid (NO_SID); | ||||||
|   /* Check for current user first */ |   /* Check for current user first */ | ||||||
|   if (uid == myself->uid) |   if (uid == myself->uid) | ||||||
|     owner_sid = cygheap->user.sid (); |     owner_sid = cygheap->user.sid (); | ||||||
|   else |   else if (uid == ILLEGAL_UID) | ||||||
|  |     owner_sid = cur_owner_sid; | ||||||
|  |   else if (!owner_sid.getfrompw (getpwuid32 (uid))) | ||||||
|     { |     { | ||||||
|       /* Otherwise retrieve user data from /etc/passwd */ |  | ||||||
|       struct passwd *pw = getpwuid32 (uid); |  | ||||||
|       if (!pw) |  | ||||||
| 	{ |  | ||||||
| 	  debug_printf ("no /etc/passwd entry for %d", uid); |  | ||||||
|       set_errno (EINVAL); |       set_errno (EINVAL); | ||||||
|       return NULL; |       return NULL; | ||||||
|     } |     } | ||||||
|       else if (!owner_sid.getfrompw (pw)) |  | ||||||
| 	{ |  | ||||||
| 	  debug_printf ("no SID for user %d", uid); |  | ||||||
| 	  set_errno (EINVAL); |  | ||||||
| 	  return NULL; |  | ||||||
| 	} |  | ||||||
|     } |  | ||||||
|   owner_sid.debug_print ("alloc_sd: owner SID ="); |   owner_sid.debug_print ("alloc_sd: owner SID ="); | ||||||
|  |  | ||||||
|   /* Get SID of new group. */ |   /* Get SID of new group. */ | ||||||
| @@ -1560,14 +1562,15 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, | |||||||
|   /* Check for current user first */ |   /* Check for current user first */ | ||||||
|   if (gid == myself->gid) |   if (gid == myself->gid) | ||||||
|     group_sid = cygheap->user.groups.pgsid; |     group_sid = cygheap->user.groups.pgsid; | ||||||
|   else |   else if (gid == ILLEGAL_GID) | ||||||
|  |     group_sid = cur_group_sid; | ||||||
|  |   else if (!group_sid.getfromgr (getgrgid32 (gid))) | ||||||
|     { |     { | ||||||
|       struct __group32 *grp = getgrgid32 (gid); |       set_errno (EINVAL); | ||||||
|       if (!grp) |       return NULL; | ||||||
| 	debug_printf ("no /etc/group entry for %d", gid); |  | ||||||
|       else if (!group_sid.getfromgr (grp)) |  | ||||||
| 	debug_printf ("no SID for group %d", gid); |  | ||||||
|     } |     } | ||||||
|  |   group_sid.debug_print ("alloc_sd: group SID ="); | ||||||
|  |  | ||||||
|   /* Initialize local security descriptor. */ |   /* Initialize local security descriptor. */ | ||||||
|   SECURITY_DESCRIPTOR sd; |   SECURITY_DESCRIPTOR sd; | ||||||
|   PSECURITY_DESCRIPTOR psd = NULL; |   PSECURITY_DESCRIPTOR psd = NULL; | ||||||
| @@ -1594,7 +1597,7 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, | |||||||
|     } |     } | ||||||
|  |  | ||||||
|   /* Create group for local security descriptor. */ |   /* Create group for local security descriptor. */ | ||||||
|   if (group_sid && !SetSecurityDescriptorGroup (&sd, group_sid, FALSE)) |   if (!SetSecurityDescriptorGroup (&sd, group_sid, FALSE)) | ||||||
|     { |     { | ||||||
|       __seterrno (); |       __seterrno (); | ||||||
|       return NULL; |       return NULL; | ||||||
| @@ -1665,17 +1668,24 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, | |||||||
| 	null_allow |= FILE_READ_DATA; | 	null_allow |= FILE_READ_DATA; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|   /* Construct deny attributes for owner and group. */ |   /* Add owner and group permissions if SIDs are equal | ||||||
|   DWORD owner_deny = 0; |      and construct deny attributes for group and owner. */ | ||||||
|   if (is_grp_member (uid, gid)) |   DWORD group_deny; | ||||||
|     owner_deny = ~owner_allow & (group_allow | other_allow); |   if (owner_sid == group_sid) | ||||||
|  |     { | ||||||
|  |       owner_allow |= group_allow; | ||||||
|  |       group_allow = group_deny = 0L; | ||||||
|  |     } | ||||||
|   else |   else | ||||||
|     owner_deny = ~owner_allow & other_allow; |     { | ||||||
|  |       group_deny = ~group_allow & other_allow; | ||||||
|  |       group_deny &= ~(STANDARD_RIGHTS_READ | ||||||
|  | 		      | FILE_READ_ATTRIBUTES | FILE_READ_EA); | ||||||
|  |     } | ||||||
|  |   DWORD owner_deny = ~owner_allow & (group_allow | other_allow); | ||||||
|   owner_deny &= ~(STANDARD_RIGHTS_READ |   owner_deny &= ~(STANDARD_RIGHTS_READ | ||||||
| 		  | FILE_READ_ATTRIBUTES | FILE_READ_EA | 		  | FILE_READ_ATTRIBUTES | FILE_READ_EA | ||||||
| 		  | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA); | 		  | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA); | ||||||
|   DWORD group_deny = ~group_allow & other_allow; |  | ||||||
|   group_deny &= ~(STANDARD_RIGHTS_READ | FILE_READ_ATTRIBUTES | FILE_READ_EA); |  | ||||||
|  |  | ||||||
|   /* Construct appropriate inherit attribute. */ |   /* Construct appropriate inherit attribute. */ | ||||||
|   DWORD inherit = (attribute & S_IFDIR) ? SUB_CONTAINERS_AND_OBJECTS_INHERIT |   DWORD inherit = (attribute & S_IFDIR) ? SUB_CONTAINERS_AND_OBJECTS_INHERIT | ||||||
| @@ -1686,17 +1696,27 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, | |||||||
|       && !add_access_denied_ace (acl, ace_off++, owner_deny, |       && !add_access_denied_ace (acl, ace_off++, owner_deny, | ||||||
| 				 owner_sid, acl_len, inherit)) | 				 owner_sid, acl_len, inherit)) | ||||||
|     return NULL; |     return NULL; | ||||||
|  |   /* Set deny ACE for group here to respect the canonical order, | ||||||
|  |      if this does not impact owner */ | ||||||
|  |   if (group_deny && !(owner_allow & group_deny)) | ||||||
|  |     { | ||||||
|  |       if (!add_access_denied_ace (acl, ace_off++, group_deny, | ||||||
|  | 				 group_sid, acl_len, inherit)) | ||||||
|  | 	return NULL; | ||||||
|  |       group_deny = 0; | ||||||
|  |     } | ||||||
|   /* Set allow ACE for owner. */ |   /* Set allow ACE for owner. */ | ||||||
|   if (!add_access_allowed_ace (acl, ace_off++, owner_allow, |   if (!add_access_allowed_ace (acl, ace_off++, owner_allow, | ||||||
| 			       owner_sid, acl_len, inherit)) | 			       owner_sid, acl_len, inherit)) | ||||||
|     return NULL; |     return NULL; | ||||||
|   /* Set deny ACE for group. */ |   /* Set deny ACE for group, if still needed. */ | ||||||
|   if (group_deny |   if (group_deny | ||||||
|       && !add_access_denied_ace (acl, ace_off++, group_deny, |       && !add_access_denied_ace (acl, ace_off++, group_deny, | ||||||
| 				 group_sid, acl_len, inherit)) | 				 group_sid, acl_len, inherit)) | ||||||
|     return NULL; |     return NULL; | ||||||
|   /* Set allow ACE for group. */ |   /* Set allow ACE for group. */ | ||||||
|   if (!add_access_allowed_ace (acl, ace_off++, group_allow, |   if (group_allow | ||||||
|  |       && !add_access_allowed_ace (acl, ace_off++, group_allow, | ||||||
| 				  group_sid, acl_len, inherit)) | 				  group_sid, acl_len, inherit)) | ||||||
|     return NULL; |     return NULL; | ||||||
|  |  | ||||||
| @@ -1710,14 +1730,6 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, | |||||||
| 				  well_known_null_sid, acl_len, NO_INHERITANCE)) | 				  well_known_null_sid, acl_len, NO_INHERITANCE)) | ||||||
|     return NULL; |     return NULL; | ||||||
|  |  | ||||||
|   /* Get owner and group from current security descriptor. */ |  | ||||||
|   PSID cur_owner_sid = NULL; |  | ||||||
|   PSID cur_group_sid = NULL; |  | ||||||
|   if (!GetSecurityDescriptorOwner (sd_ret, &cur_owner_sid, &dummy)) |  | ||||||
|     debug_printf ("GetSecurityDescriptorOwner %E"); |  | ||||||
|   if (!GetSecurityDescriptorGroup (sd_ret, &cur_group_sid, &dummy)) |  | ||||||
|     debug_printf ("GetSecurityDescriptorGroup %E"); |  | ||||||
|  |  | ||||||
|   /* Fill ACL with unrelated ACEs from current security descriptor. */ |   /* Fill ACL with unrelated ACEs from current security descriptor. */ | ||||||
|   PACL oacl; |   PACL oacl; | ||||||
|   BOOL acl_exists; |   BOOL acl_exists; | ||||||
| @@ -1729,10 +1741,10 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, | |||||||
| 	{ | 	{ | ||||||
| 	  cygsid ace_sid ((PSID) &ace->SidStart); | 	  cygsid ace_sid ((PSID) &ace->SidStart); | ||||||
| 	  /* Check for related ACEs. */ | 	  /* Check for related ACEs. */ | ||||||
| 	  if ((cur_owner_sid && ace_sid == cur_owner_sid) | 	  if ((ace_sid == cur_owner_sid) | ||||||
| 	      || (owner_sid && ace_sid == owner_sid) | 	      || (ace_sid == owner_sid) | ||||||
| 	      || (cur_group_sid && ace_sid == cur_group_sid) | 	      || (ace_sid == cur_group_sid) | ||||||
| 	      || (group_sid && ace_sid == group_sid) | 	      || (ace_sid == group_sid) | ||||||
| 	      || (ace_sid == well_known_world_sid) | 	      || (ace_sid == well_known_world_sid) | ||||||
| 	      || (ace_sid == well_known_null_sid)) | 	      || (ace_sid == well_known_null_sid)) | ||||||
| 	    continue; | 	    continue; | ||||||
|   | |||||||
| @@ -773,8 +773,6 @@ static int | |||||||
| chown_worker (const char *name, unsigned fmode, __uid32_t uid, __gid32_t gid) | chown_worker (const char *name, unsigned fmode, __uid32_t uid, __gid32_t gid) | ||||||
| { | { | ||||||
|   int res; |   int res; | ||||||
|   __uid32_t old_uid; |  | ||||||
|   __gid32_t old_gid; |  | ||||||
|  |  | ||||||
|   if (check_null_empty_str_errno (name)) |   if (check_null_empty_str_errno (name)) | ||||||
|     return -1; |     return -1; | ||||||
| @@ -806,20 +804,10 @@ chown_worker (const char *name, unsigned fmode, __uid32_t uid, __gid32_t gid) | |||||||
| 	attrib |= S_IFDIR; | 	attrib |= S_IFDIR; | ||||||
|       res = get_file_attribute (win32_path.has_acls (), |       res = get_file_attribute (win32_path.has_acls (), | ||||||
| 				win32_path.get_win32 (), | 				win32_path.get_win32 (), | ||||||
| 				(int *) &attrib, | 				(int *) &attrib); | ||||||
| 				&old_uid, |  | ||||||
| 				&old_gid); |  | ||||||
|       if (!res) |       if (!res) | ||||||
| 	{ |  | ||||||
| 	  if (uid == ILLEGAL_UID) |  | ||||||
| 	    uid = old_uid; |  | ||||||
| 	  if (gid == ILLEGAL_GID) |  | ||||||
| 	    gid = old_gid; |  | ||||||
| 	  if (win32_path.isdir ()) |  | ||||||
| 	    attrib |= S_IFDIR; |  | ||||||
|          res = set_file_attribute (win32_path.has_acls (), win32_path, uid, |          res = set_file_attribute (win32_path.has_acls (), win32_path, uid, | ||||||
| 				   gid, attrib); | 				   gid, attrib); | ||||||
| 	} |  | ||||||
|       if (res != 0 && (!win32_path.has_acls () || !allow_ntsec)) |       if (res != 0 && (!win32_path.has_acls () || !allow_ntsec)) | ||||||
| 	{ | 	{ | ||||||
| 	  /* fake - if not supported, pretend we're like win95 | 	  /* fake - if not supported, pretend we're like win95 | ||||||
| @@ -936,19 +924,10 @@ chmod (const char *path, mode_t mode) | |||||||
|       /* temporary erase read only bit, to be able to set file security */ |       /* temporary erase read only bit, to be able to set file security */ | ||||||
|       SetFileAttributes (win32_path, (DWORD) win32_path & ~FILE_ATTRIBUTE_READONLY); |       SetFileAttributes (win32_path, (DWORD) win32_path & ~FILE_ATTRIBUTE_READONLY); | ||||||
|  |  | ||||||
|       __uid32_t uid; |  | ||||||
|       __gid32_t gid; |  | ||||||
|  |  | ||||||
|       if (win32_path.isdir ()) |       if (win32_path.isdir ()) | ||||||
| 	mode |= S_IFDIR; | 	mode |= S_IFDIR; | ||||||
|       get_file_attribute (win32_path.has_acls (), |       if (!set_file_attribute (win32_path.has_acls (), win32_path, | ||||||
| 			  win32_path.get_win32 (), | 			       ILLEGAL_UID, ILLEGAL_GID, mode) | ||||||
| 			  NULL, &uid, &gid); |  | ||||||
|       /* FIXME: Do we really need this to be specified twice? */ |  | ||||||
|       if (win32_path.isdir ()) |  | ||||||
| 	mode |= S_IFDIR; |  | ||||||
|       if (!set_file_attribute (win32_path.has_acls (), win32_path, uid, gid, |  | ||||||
| 				mode) |  | ||||||
| 	  && allow_ntsec) | 	  && allow_ntsec) | ||||||
| 	res = 0; | 	res = 0; | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user