[newlib-cygwin] Use Authz to fetch correct user permissions.
Corinna Vinschen
corinna@sourceware.org
Wed Nov 18 22:12:00 GMT 2015
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=7972e63402eaca6ca78e0f8bffdcc95a141c0f64
commit 7972e63402eaca6ca78e0f8bffdcc95a141c0f64
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Mon Aug 31 11:34:38 2015 +0200
Use Authz to fetch correct user permissions.
* sec_acl.cc (getacl): Use Authz to fetch correct user permissions.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/ChangeLog | 4 ++++
winsup/cygwin/sec_acl.cc | 26 ++++++++++++++++++++++++--
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 6d0f91a..697082a 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,9 @@
2015-11-18 Corinna Vinschen <corinna@vinschen.de>
+ * sec_acl.cc (getacl): Use Authz to fetch correct user permissions.
+
+2015-11-18 Corinna Vinschen <corinna@vinschen.de>
+
* autoload.cc (AuthzAccessCheck): Import.
(AuthzFreeContext): Import.
(AuthzInitializeContextFromSid): Import.
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index e52cdb7..82e9cb5 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -642,6 +642,15 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
goto out;
}
+ /* If we use the Windows user DB, use Authz to make sure the owner
+ permissions are correctly reflecting the Windows permissions. */
+ if (cygheap->pg.nss_pwd_db ())
+ {
+ mode_t attr = 0;
+ authz_get_user_attribute (&attr, psd, owner_sid);
+ lacl[0].a_perm = attr >> 6;
+ }
+
/* Files and dirs are created with a NULL descriptor, so inheritence
rules kick in. If no inheritable entries exist in the parent object,
Windows will create entries according to the user token's default DACL.
@@ -787,8 +796,21 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
}
if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)
{
- getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType,
- new_style && type & (USER | GROUP_OBJ | GROUP));
+ /* If we use the Windows user DB, use Authz to check for user
+ permissions. */
+ if (cygheap->pg.nss_pwd_db () && (type & (USER_OBJ | USER)))
+ {
+ /* We already handle the USER_OBJ entry above. */
+ if (type == USER)
+ {
+ mode_t attr = 0;
+ authz_get_user_attribute (&attr, psd, ace_sid);
+ lacl[pos].a_perm = attr >> 6;
+ }
+ }
+ else
+ getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType,
+ new_style && type & (USER | GROUP_OBJ | GROUP));
if (!new_style)
{
/* Fix up CLASS_OBJ value. */
More information about the Cygwin-cvs
mailing list