aboutsummaryrefslogtreecommitdiff
path: root/winsup
diff options
context:
space:
mode:
authorCorinna Vinschen <corinna@vinschen.de>2002-08-26 09:56:06 +0000
committerCorinna Vinschen <corinna@vinschen.de>2002-08-26 09:56:06 +0000
commit38170b13ea763c0e62f7a5568f07d1f482e69232 (patch)
treed002674171164ad9dbd3cb0ebbf434cf7a82ba18 /winsup
parent2e2b268ce6c2cf278e255a8cccaf40cbdfe7b4ec (diff)
downloadnewlib-38170b13ea763c0e62f7a5568f07d1f482e69232.zip
newlib-38170b13ea763c0e62f7a5568f07d1f482e69232.tar.gz
newlib-38170b13ea763c0e62f7a5568f07d1f482e69232.tar.bz2
* sec_acl.cc (getacl): Check ace_sid == well_known_world_sid
before owner_sid and group_sid so that well_known_world_sid means "other" even when owner_sid and/or group_sid are Everyone. * security.cc (get_attribute_from_acl): Created from code common to get_nt_attribute() and get_nt_object_attribute(), with same reordering as in getacl() above. (get_nt_attribute): Call get_attribute_from_acl(). (get_nt_object_attribute): Ditto.
Diffstat (limited to 'winsup')
-rw-r--r--winsup/cygwin/ChangeLog11
-rw-r--r--winsup/cygwin/sec_acl.cc12
-rw-r--r--winsup/cygwin/security.cc255
3 files changed, 108 insertions, 170 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index e908c27..dcd3f51 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,14 @@
+2002-08-25 Pierre Humblet <Pierre.Humblet@ieee.org>
+
+ * sec_acl.cc (getacl): Check ace_sid == well_known_world_sid
+ before owner_sid and group_sid so that well_known_world_sid
+ means "other" even when owner_sid and/or group_sid are Everyone.
+ * security.cc (get_attribute_from_acl): Created from code common
+ to get_nt_attribute() and get_nt_object_attribute(), with same
+ reordering as in getacl() above.
+ (get_nt_attribute): Call get_attribute_from_acl().
+ (get_nt_object_attribute): Ditto.
+
2002-08-26 Christopher Faylor <cgf@redhat.com>
* Makefile.in (cygcheck.exe): Make a -mno-cygwin program.
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 26ab878..cd20cfd 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -314,7 +314,12 @@ getacl (const char *file, DWORD attr, int nentries, __aclent16_t *aclbufp)
int id;
int type = 0;
- if (ace_sid == owner_sid)
+ if (ace_sid == well_known_world_sid)
+ {
+ type = OTHER_OBJ;
+ id = 0;
+ }
+ else if (ace_sid == owner_sid)
{
type = USER_OBJ;
id = uid;
@@ -324,11 +329,6 @@ getacl (const char *file, DWORD attr, int nentries, __aclent16_t *aclbufp)
type = GROUP_OBJ;
id = gid;
}
- else if (ace_sid == well_known_world_sid)
- {
- type = OTHER_OBJ;
- id = 0;
- }
else
{
id = ace_sid.get_id (FALSE, &type);
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index f22c7dc..43841c1 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1202,6 +1202,95 @@ write_sd (const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
return 0;
}
+static void
+get_attribute_from_acl(int * attribute, PACL acl, PSID owner_sid,
+ PSID group_sid, BOOL grp_member)
+{
+ ACCESS_ALLOWED_ACE *ace;
+ int allow = 0;
+ int deny = 0;
+ int *flags, *anti;
+
+ for (DWORD i = 0; i < acl->AceCount; ++i)
+ {
+ if (!GetAce (acl, i, (PVOID *) &ace))
+ continue;
+ if (ace->Header.AceFlags & INHERIT_ONLY)
+ continue;
+ switch (ace->Header.AceType)
+ {
+ case ACCESS_ALLOWED_ACE_TYPE:
+ flags = &allow;
+ anti = &deny;
+ break;
+ case ACCESS_DENIED_ACE_TYPE:
+ flags = &deny;
+ anti = &allow;
+ break;
+ default:
+ continue;
+ }
+
+ cygsid ace_sid ((PSID) &ace->SidStart);
+ if (ace_sid == well_known_world_sid)
+ {
+ if (ace->Mask & FILE_READ_DATA)
+ *flags |= S_IROTH
+ | ((!(*anti & S_IRGRP)) ? S_IRGRP : 0)
+ | ((!(*anti & S_IRUSR)) ? S_IRUSR : 0);
+ if (ace->Mask & FILE_WRITE_DATA)
+ *flags |= S_IWOTH
+ | ((!(*anti & S_IWGRP)) ? S_IWGRP : 0)
+ | ((!(*anti & S_IWUSR)) ? S_IWUSR : 0);
+ if (ace->Mask & FILE_EXECUTE)
+ {
+ *flags |= S_IXOTH
+ | ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
+ | ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
+ }
+ if ((*attribute & S_IFDIR) &&
+ (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD))
+ == (FILE_WRITE_DATA | FILE_EXECUTE))
+ *flags |= S_ISVTX;
+ }
+ else if (ace_sid == well_known_null_sid)
+ {
+ /* Read SUID, SGID and VTX bits from NULL ACE. */
+ if (ace->Mask & FILE_READ_DATA)
+ *flags |= S_ISVTX;
+ if (ace->Mask & FILE_WRITE_DATA)
+ *flags |= S_ISGID;
+ if (ace->Mask & FILE_APPEND_DATA)
+ *flags |= S_ISUID;
+ }
+ else if (owner_sid && ace_sid == owner_sid)
+ {
+ if (ace->Mask & FILE_READ_DATA)
+ *flags |= S_IRUSR;
+ if (ace->Mask & FILE_WRITE_DATA)
+ *flags |= S_IWUSR;
+ if (ace->Mask & FILE_EXECUTE)
+ *flags |= S_IXUSR;
+ }
+ else if (group_sid && ace_sid == group_sid)
+ {
+ if (ace->Mask & FILE_READ_DATA)
+ *flags |= S_IRGRP
+ | ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0);
+ if (ace->Mask & FILE_WRITE_DATA)
+ *flags |= S_IWGRP
+ | ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0);
+ if (ace->Mask & FILE_EXECUTE)
+ *flags |= S_IXGRP
+ | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
+ }
+ }
+ *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
+ *attribute |= allow;
+ *attribute &= ~deny;
+ return;
+}
+
static int
get_nt_attribute (const char *file, int *attribute,
__uid32_t *uidret, __gid32_t *gidret)
@@ -1264,89 +1353,8 @@ get_nt_attribute (const char *file, int *attribute,
file, *attribute, uid, gid);
return 0;
}
+ get_attribute_from_acl (attribute, acl, owner_sid, group_sid, grp_member);
- ACCESS_ALLOWED_ACE *ace;
- int allow = 0;
- int deny = 0;
- int *flags, *anti;
-
- for (DWORD i = 0; i < acl->AceCount; ++i)
- {
- if (!GetAce (acl, i, (PVOID *) &ace))
- continue;
- if (ace->Header.AceFlags & INHERIT_ONLY)
- continue;
- switch (ace->Header.AceType)
- {
- case ACCESS_ALLOWED_ACE_TYPE:
- flags = &allow;
- anti = &deny;
- break;
- case ACCESS_DENIED_ACE_TYPE:
- flags = &deny;
- anti = &allow;
- break;
- default:
- continue;
- }
-
- cygsid ace_sid ((PSID) &ace->SidStart);
- if (owner_sid && ace_sid == owner_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IRUSR;
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWUSR;
- if (ace->Mask & FILE_EXECUTE)
- *flags |= S_IXUSR;
- }
- else if (group_sid && ace_sid == group_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IRGRP
- | ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0);
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWGRP
- | ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0);
- if (ace->Mask & FILE_EXECUTE)
- *flags |= S_IXGRP
- | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
- }
- else if (ace_sid == well_known_world_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IROTH
- | ((!(*anti & S_IRGRP)) ? S_IRGRP : 0)
- | ((!(*anti & S_IRUSR)) ? S_IRUSR : 0);
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWOTH
- | ((!(*anti & S_IWGRP)) ? S_IWGRP : 0)
- | ((!(*anti & S_IWUSR)) ? S_IWUSR : 0);
- if (ace->Mask & FILE_EXECUTE)
- {
- *flags |= S_IXOTH
- | ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
- | ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
- }
- if ((*attribute & S_IFDIR) &&
- (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD))
- == (FILE_WRITE_DATA | FILE_EXECUTE))
- *flags |= S_ISVTX;
- }
- else if (ace_sid == well_known_null_sid)
- {
- /* Read SUID, SGID and VTX bits from NULL ACE. */
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_ISVTX;
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_ISGID;
- if (ace->Mask & FILE_APPEND_DATA)
- *flags |= S_ISUID;
- }
- }
- *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
- *attribute |= allow;
- *attribute &= ~deny;
syscall_printf ("file: %s %x, uid %d, gid %d", file, *attribute, uid, gid);
return 0;
}
@@ -1437,88 +1445,7 @@ get_nt_object_attribute (HANDLE handle, SE_OBJECT_TYPE object_type,
return 0;
}
- ACCESS_ALLOWED_ACE *ace;
- int allow = 0;
- int deny = 0;
- int *flags, *anti;
-
- for (DWORD i = 0; i < acl->AceCount; ++i)
- {
- if (!GetAce (acl, i, (PVOID *) & ace))
- continue;
- if (ace->Header.AceFlags & INHERIT_ONLY)
- continue;
- switch (ace->Header.AceType)
- {
- case ACCESS_ALLOWED_ACE_TYPE:
- flags = &allow;
- anti = &deny;
- break;
- case ACCESS_DENIED_ACE_TYPE:
- flags = &deny;
- anti = &allow;
- break;
- default:
- continue;
- }
-
- cygsid ace_sid ((PSID) & ace->SidStart);
- if (owner_sid && ace_sid == owner_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IRUSR;
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWUSR;
- if (ace->Mask & FILE_EXECUTE)
- *flags |= S_IXUSR;
- }
- else if (group_sid && ace_sid == group_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IRGRP
- | ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0);
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWGRP
- | ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0);
- if (ace->Mask & FILE_EXECUTE)
- *flags |= S_IXGRP
- | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
- }
- else if (ace_sid == well_known_world_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IROTH
- | ((!(*anti & S_IRGRP)) ? S_IRGRP : 0)
- | ((!(*anti & S_IRUSR)) ? S_IRUSR : 0);
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWOTH
- | ((!(*anti & S_IWGRP)) ? S_IWGRP : 0)
- | ((!(*anti & S_IWUSR)) ? S_IWUSR : 0);
- if (ace->Mask & FILE_EXECUTE)
- {
- *flags |= S_IXOTH
- | ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
- | ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
- }
- if ((*attribute & S_IFDIR) &&
- (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD))
- == (FILE_WRITE_DATA | FILE_EXECUTE))
- *flags |= S_ISVTX;
- }
- else if (ace_sid == well_known_null_sid)
- {
- /* Read SUID, SGID and VTX bits from NULL ACE. */
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_ISVTX;
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_ISGID;
- if (ace->Mask & FILE_APPEND_DATA)
- *flags |= S_ISUID;
- }
- }
- *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
- *attribute |= allow;
- *attribute &= ~deny;
+ get_attribute_from_acl (attribute, acl, owner_sid, group_sid, grp_member);
LocalFree (psd);
generated by cgit v1.1 at 2024-11-16 11:20:45 +0000