diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2015-08-14 10:10:34 +0200 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2015-08-14 10:10:34 +0200 |
| commit | c19f1b9f8ef50a4498dd8de89399cf4382d1ebd7 (patch) | |
| tree | d499fb71c853b4e48e7d35446f60f2b5bd129c27 /winsup | |
| parent | e0d48debedfa27a7a31dd1caf8e23cf71708cf4c (diff) | |
| download | newlib-c19f1b9f8ef50a4498dd8de89399cf4382d1ebd7.zip newlib-c19f1b9f8ef50a4498dd8de89399cf4382d1ebd7.tar.gz newlib-c19f1b9f8ef50a4498dd8de89399cf4382d1ebd7.tar.bz2 | |
Evaluate all group perms in ACL to emulate POSIX user perms
* security,cc (get_attribute_from_acl): Merge all group perms into
user perms if user is member of group.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'winsup')
| -rw-r--r-- | winsup/cygwin/ChangeLog | 5 | ||||
| -rw-r--r-- | winsup/cygwin/security.cc | 19 |
2 files changed, 24 insertions, 0 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index cf0495e..4cde08b 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,8 @@ +2015-08-14 Corinna Vinschen <corinna@vinschen.de> + + * security,cc (get_attribute_from_acl): Merge all group perms into + user perms if user is member of group. + 2015-08-13 Corinna Vinschen <corinna@vinschen.de> * autoload.cc (GetLogicalProcessorInformationEx): Import. diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 86ebe2c..4625060 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -243,6 +243,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid, mode_t deny = 0; mode_t *flags, *anti; bool isownergroup = RtlEqualSid (owner_sid, group_sid); + bool userisowner = RtlEqualSid (owner_sid, cygheap->user.sid ()); for (DWORD i = 0; i < acl->AceCount; ++i) { @@ -340,6 +341,24 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid, *flags |= S_IWGRP; if (ace->Mask & FILE_EXEC_BITS) *flags |= S_IXGRP; + /* If the current user is the owner of the file, check if the + additional SIDs are in the user's token. Note that this is + some ugly hack, but a full-fledged solution requires to + create tokens or perhaps using AUTHZ. */ + BOOL ret; + if (userisowner + && CheckTokenMembership (cygheap->user.issetuid () + ? cygheap->user.imp_token () : NULL, + ace_sid, &ret) + && ret) + { + if (ace->Mask & FILE_READ_BITS) + *flags |= (!(*anti & S_IRUSR)) ? S_IRUSR : 0; + if (ace->Mask & FILE_WRITE_BITS) + *flags |= (!(*anti & S_IWUSR)) ? S_IWUSR : 0; + if (ace->Mask & FILE_EXEC_BITS) + *flags |= (!(*anti & S_IXUSR)) ? S_IXUSR : 0; + } } } *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID); |