* autoload.cc (NtCreateFile): Add.
* dir.cc (mkdir): Change set_file_attribute call to indicate that NT security isn't used. * fhandler.cc (fhandler_base::open_9x): New method, created from fhandler_base::open. (fhandler_base::open): Rearrange to use NtCreateFile instead of CreateFile. * fhandler.h (enum query_state): Redefine query_null_access to query_stat_control. query_null_access isn't allowed in NtCreateFile. (fhandler_base::open_9x): Declare. * fhandler_disk_file.cc (fhandler_base::fstat_fs): Use query_stat_control first, query_read_control if that fails. (fhandler_disk_file::fchmod): Call enable_restore_privilege before trying to open for query_write_control. Don't fall back to opening for query_read_control. (fhandler_disk_file::fchown): Ditto. (fhandler_disk_file::facl): Only request restore privilege and query access necessary for given cmd. * fhandler_raw.cc (fhandler_dev_raw::open): Call fhandler_base::open instead of opening device here. * ntdll.h (NtCreateFile): Declare. * path.cc (symlink_worker): Change set_file_attribute call to indicate that NT security isn't used. * sec_acl.cc (getacl): Fix bracketing. * sec_helper.cc (enable_restore_privilege): New function. * security.cc (str2buf2uni_cat): New function. (write_sd): Don't request restore permission here. * security.h (set_process_privileges): Drop stale declaration. (str2buf2uni): Declare. (str2buf2uni_cat): Declare. (enable_restore_privilege): Declare. * syscalls.cc (fchown32): Return immediate success on 9x.
This commit is contained in:
Corinna Vinschen
@ -174,16 +174,16 @@ fhandler_base::fstat_fs (struct __stat64 *buf)
|
||||
then just do a "query open" as it is apparently much faster. */
|
||||
if (pc.exec_state () != dont_know_if_executable)
|
||||
{
|
||||
query_open (query_read_control);
|
||||
if (pc.fs_is_fat () && !strpbrk (get_win32_name (), "?*|<>"))
|
||||
return fstat_by_name (buf);
|
||||
query_open (query_stat_control);
|
||||
}
|
||||
if (!(oret = open_fs (open_flags, 0)) && get_errno () == EACCES)
|
||||
{
|
||||
/* If we couldn't open the file, try a query open with no permissions.
|
||||
This allows us to determine *some* things about the file, at least. */
|
||||
pc.set_exec (0);
|
||||
query_open (query_null_access);
|
||||
query_open (query_read_control);
|
||||
oret = open_fs (open_flags, 0);
|
||||
}
|
||||
|
||||
@ -378,15 +378,15 @@ fhandler_disk_file::fchmod (mode_t mode)
|
||||
if (pc.is_fs_special ())
|
||||
return chmod_device (pc, mode);
|
||||
|
||||
if (!get_io_handle ())
|
||||
if (wincap.has_security ())
|
||||
{
|
||||
query_open (query_write_control);
|
||||
if (!(oret = open_fs (O_BINARY, 0)))
|
||||
{
|
||||
query_open (query_read_control);
|
||||
enable_restore_privilege ();
|
||||
if (!get_io_handle ())
|
||||
{
|
||||
query_open (query_write_control);
|
||||
if (!(oret = open_fs (O_BINARY, 0)))
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!allow_ntsec && allow_ntea) /* Not necessary when manipulating SD. */
|
||||
@ -423,15 +423,13 @@ int __stdcall
|
||||
fhandler_disk_file::fchown (__uid32_t uid, __gid32_t gid)
|
||||
{
|
||||
int oret = 0;
|
||||
|
||||
enable_restore_privilege ();
|
||||
if (!get_io_handle ())
|
||||
{
|
||||
query_open (query_write_control);
|
||||
if (!(oret = open_fs (O_BINARY, 0)))
|
||||
{
|
||||
query_open (query_read_control);
|
||||
if (!(oret = open_fs (O_BINARY, 0)))
|
||||
return -1;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
mode_t attrib = 0;
|
||||
@ -460,17 +458,6 @@ fhandler_disk_file::facl (int cmd, int nentries, __aclent32_t *aclbufp)
|
||||
int res = -1;
|
||||
int oret = 0;
|
||||
|
||||
if (!get_io_handle ())
|
||||
{
|
||||
query_open (query_write_control);
|
||||
if (!(oret = open_fs (O_BINARY, 0)))
|
||||
{
|
||||
query_open (query_read_control);
|
||||
if (!(oret = open_fs (O_BINARY, 0)))
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (!pc.has_acls () || !allow_ntsec)
|
||||
{
|
||||
switch (cmd)
|
||||
@ -485,30 +472,50 @@ fhandler_disk_file::facl (int cmd, int nentries, __aclent32_t *aclbufp)
|
||||
set_errno(EFAULT);
|
||||
else if (nentries < MIN_ACL_ENTRIES)
|
||||
set_errno (ENOSPC);
|
||||
else if (!fstat_by_handle (&st))
|
||||
else
|
||||
{
|
||||
aclbufp[0].a_type = USER_OBJ;
|
||||
aclbufp[0].a_id = st.st_uid;
|
||||
aclbufp[0].a_perm = (st.st_mode & S_IRWXU) >> 6;
|
||||
aclbufp[1].a_type = GROUP_OBJ;
|
||||
aclbufp[1].a_id = st.st_gid;
|
||||
aclbufp[1].a_perm = (st.st_mode & S_IRWXG) >> 3;
|
||||
aclbufp[2].a_type = OTHER_OBJ;
|
||||
aclbufp[2].a_id = ILLEGAL_GID;
|
||||
aclbufp[2].a_perm = st.st_mode & S_IRWXO;
|
||||
aclbufp[3].a_type = CLASS_OBJ;
|
||||
aclbufp[3].a_id = ILLEGAL_GID;
|
||||
aclbufp[3].a_perm = S_IRWXU | S_IRWXG | S_IRWXO;
|
||||
res = MIN_ACL_ENTRIES;
|
||||
if (!get_io_handle ())
|
||||
{
|
||||
query_open (query_read_control);
|
||||
if (!(oret = open_fs (O_BINARY, 0)))
|
||||
return -1;
|
||||
}
|
||||
if (!fstat_by_handle (&st))
|
||||
{
|
||||
aclbufp[0].a_type = USER_OBJ;
|
||||
aclbufp[0].a_id = st.st_uid;
|
||||
aclbufp[0].a_perm = (st.st_mode & S_IRWXU) >> 6;
|
||||
aclbufp[1].a_type = GROUP_OBJ;
|
||||
aclbufp[1].a_id = st.st_gid;
|
||||
aclbufp[1].a_perm = (st.st_mode & S_IRWXG) >> 3;
|
||||
aclbufp[2].a_type = OTHER_OBJ;
|
||||
aclbufp[2].a_id = ILLEGAL_GID;
|
||||
aclbufp[2].a_perm = st.st_mode & S_IRWXO;
|
||||
aclbufp[3].a_type = CLASS_OBJ;
|
||||
aclbufp[3].a_id = ILLEGAL_GID;
|
||||
aclbufp[3].a_perm = S_IRWXU | S_IRWXG | S_IRWXO;
|
||||
res = MIN_ACL_ENTRIES;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case GETACLCNT:
|
||||
res = MIN_ACL_ENTRIES;
|
||||
break;
|
||||
default:
|
||||
set_errno (EINVAL);
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (cmd == SETACL)
|
||||
enable_restore_privilege ();
|
||||
if (!get_io_handle ())
|
||||
{
|
||||
query_open (cmd == SETACL ? query_write_control : query_read_control);
|
||||
if (!(oret = open_fs (O_BINARY, 0)))
|
||||
return -1;
|
||||
}
|
||||
switch (cmd)
|
||||
{
|
||||
case SETACL:
|
||||
|
||||
Reference in New Issue
Block a user