ntsec-patch15

Corinna Vinschen corinna@vinschen.de
Sun Dec 26 09:55:00 GMT 1999


Hi!

Here's another patch to ntsec that solves different problems when
chown and chmod. This are real patches, extensions to ntsec have to
wait 'til next year.

Happy Y2K,
Corinna


ChangeLog:
==========

Sun Dec 26 18:18:00 1999  Corinna Vinschen  <corinna@vinschen.de>

	* path.cc (symlink_check_one): Initialize local variable
	`unixattr' before calling `get_file_attribute'.
	* syscalls.cc (chown): Ditto.
	* security.cc (get_nt_attribute): Eliminate attribute
	copying from world to user/group in case of missing ACEs.
	(alloc_sd): Setting special rights for administrators group
	only if it's neither owner nor group.
	* utils/mkpasswd.c: Create entry for local group
	administrators (SID 544).
Index: path.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/path.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 path.cc
--- path.cc	1999/12/26 15:03:15	1.1.1.1
+++ path.cc	1999/12/26 15:22:12
@@ -2130,7 +2130,9 @@ symlink_check_one (const char *in_path, 
 	goto file_not_symlink;
 
       /* Check the file's extended attributes, if it has any.  */
-      int unixattr;
+      int unixattr = 0;
+      if (fileattr & FILE_ATTRIBUTE_DIRECTORY)
+        unixattr |= S_IFDIR;
 
       if (! get_file_attribute (TRUE, path, &unixattr))
 	{
Index: security.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/security.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 security.cc
--- security.cc	1999/12/26 15:03:16	1.1.1.1
+++ security.cc	1999/12/26 17:26:14
@@ -652,28 +652,12 @@ get_nt_attribute (const char *file, int 
 		  *attribute &= ~S_IRWXO;
 		  has_world_bits = TRUE;
 		  if (ace->Mask & FILE_READ_DATA)
-		    {
-		      *attribute |= S_IROTH;
-		      if (! owner_sid || ! has_owner_bits)
-			*attribute |= S_IRUSR;
-		      if (! group_sid || ! has_group_bits)
-			*attribute |= S_IRGRP;
-		    }
+		    *attribute |= S_IROTH;
 		  if (ace->Mask & FILE_WRITE_DATA)
-		    {
-		      *attribute |= S_IWOTH;
-		      if (! owner_sid || ! has_owner_bits)
-			*attribute |= S_IWUSR;
-		      if (! group_sid || ! has_group_bits)
-			*attribute |= S_IWGRP;
-		    }
+		    *attribute |= S_IWOTH;
 		  if (ace->Mask & FILE_EXECUTE)
 		    {
 		      *attribute |= S_IXOTH;
-		      if (! owner_sid || ! has_owner_bits)
-			*attribute |= S_IXUSR;
-		      if (! group_sid || ! has_group_bits)
-			*attribute |= S_IXGRP;
 		      // Sticky bit for directories according to linux rules.
 		      // No sense for files.
 		      if (! (ace->Mask & FILE_DELETE_CHILD) &&
@@ -841,7 +825,8 @@ alloc_sd (uid_t uid, gid_t gid, const ch
       if (GetAce(acl, 0, (PVOID *) &ace))
         ace->Header.AceFlags |= OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
 
-      if (! group_sid || ! EqualSid (group_sid, get_admin_sid ()))
+      if (! EqualSid (owner_sid, get_admin_sid ())
+          && (! group_sid || ! EqualSid (group_sid, get_admin_sid ())))
 	{
 	  if (! AddAccessAllowedAce (acl, ACL_REVISION,
 	                             STANDARD_RIGHTS_READ | WRITE_OWNER,
Index: syscalls.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/syscalls.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 syscalls.cc
--- syscalls.cc	1999/12/26 15:03:16	1.1.1.1
+++ syscalls.cc	1999/12/26 15:23:12
@@ -653,7 +653,9 @@ chown (const char * name, uid_t uid, gid
 	  goto done;
 	}
 
-      DWORD attrib;
+      DWORD attrib = 0;
+      if (win32_path.file_attributes () & FILE_ATTRIBUTE_DIRECTORY)
+        attrib |= S_IFDIR;
       int has_acls;
       has_acls = allow_ntsec && win32_path.has_acls ();
       res = get_file_attribute (has_acls, win32_path.get_win32 (), (int *) &attrib);
Index: utils/mkpasswd.c
===================================================================
RCS file: /src/cvsroot/winsup-991223/utils/mkpasswd.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mkpasswd.c
--- utils/mkpasswd.c	1999/12/26 15:03:37	1.1.1.1
+++ utils/mkpasswd.c	1999/12/26 17:34:06
@@ -389,6 +389,25 @@ main (int argc, char **argv)
       FreeSid (sid);
     }
 
+  /*
+   * Get `administrators' group
+  */
+  if (AllocateAndInitializeSid (&sid_nt_auth, 2, SECURITY_BUILTIN_DOMAIN_RID,
+                                DOMAIN_ALIAS_RID_ADMINS,
+                                0, 0, 0, 0, 0, 0, &sid))
+    {
+      if (LookupAccountSid (NULL, sid,
+                            name, (len = 256, &len),
+                            dom, (len2 = 256, &len),
+                            &use))
+        printf ("%s:*:%ld:%ld:%s%s::\n", name,
+                                         DOMAIN_ALIAS_RID_ADMINS,
+                                         DOMAIN_ALIAS_RID_ADMINS,
+                                         print_sids ? "," : "",
+                                         print_sids ? put_sid (sid) : "");
+      FreeSid (sid);
+    }
+
   if (print_local_groups)
     enum_local_groups (print_sids);
 


More information about the Cygwin-developers mailing list