ntsec-patch15
Corinna Vinschen
corinna@vinschen.de
Sun Dec 26 09:55:00 GMT 1999
Hi!
Here's another patch to ntsec that solves different problems when
chown and chmod. This are real patches, extensions to ntsec have to
wait 'til next year.
Happy Y2K,
Corinna
ChangeLog:
==========
Sun Dec 26 18:18:00 1999 Corinna Vinschen <corinna@vinschen.de>
* path.cc (symlink_check_one): Initialize local variable
`unixattr' before calling `get_file_attribute'.
* syscalls.cc (chown): Ditto.
* security.cc (get_nt_attribute): Eliminate attribute
copying from world to user/group in case of missing ACEs.
(alloc_sd): Setting special rights for administrators group
only if it's neither owner nor group.
* utils/mkpasswd.c: Create entry for local group
administrators (SID 544).
Index: path.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/path.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 path.cc
--- path.cc 1999/12/26 15:03:15 1.1.1.1
+++ path.cc 1999/12/26 15:22:12
@@ -2130,7 +2130,9 @@ symlink_check_one (const char *in_path,
goto file_not_symlink;
/* Check the file's extended attributes, if it has any. */
- int unixattr;
+ int unixattr = 0;
+ if (fileattr & FILE_ATTRIBUTE_DIRECTORY)
+ unixattr |= S_IFDIR;
if (! get_file_attribute (TRUE, path, &unixattr))
{
Index: security.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/security.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 security.cc
--- security.cc 1999/12/26 15:03:16 1.1.1.1
+++ security.cc 1999/12/26 17:26:14
@@ -652,28 +652,12 @@ get_nt_attribute (const char *file, int
*attribute &= ~S_IRWXO;
has_world_bits = TRUE;
if (ace->Mask & FILE_READ_DATA)
- {
- *attribute |= S_IROTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IRUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IRGRP;
- }
+ *attribute |= S_IROTH;
if (ace->Mask & FILE_WRITE_DATA)
- {
- *attribute |= S_IWOTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IWUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IWGRP;
- }
+ *attribute |= S_IWOTH;
if (ace->Mask & FILE_EXECUTE)
{
*attribute |= S_IXOTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IXUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IXGRP;
// Sticky bit for directories according to linux rules.
// No sense for files.
if (! (ace->Mask & FILE_DELETE_CHILD) &&
@@ -841,7 +825,8 @@ alloc_sd (uid_t uid, gid_t gid, const ch
if (GetAce(acl, 0, (PVOID *) &ace))
ace->Header.AceFlags |= OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
- if (! group_sid || ! EqualSid (group_sid, get_admin_sid ()))
+ if (! EqualSid (owner_sid, get_admin_sid ())
+ && (! group_sid || ! EqualSid (group_sid, get_admin_sid ())))
{
if (! AddAccessAllowedAce (acl, ACL_REVISION,
STANDARD_RIGHTS_READ | WRITE_OWNER,
Index: syscalls.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/syscalls.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 syscalls.cc
--- syscalls.cc 1999/12/26 15:03:16 1.1.1.1
+++ syscalls.cc 1999/12/26 15:23:12
@@ -653,7 +653,9 @@ chown (const char * name, uid_t uid, gid
goto done;
}
- DWORD attrib;
+ DWORD attrib = 0;
+ if (win32_path.file_attributes () & FILE_ATTRIBUTE_DIRECTORY)
+ attrib |= S_IFDIR;
int has_acls;
has_acls = allow_ntsec && win32_path.has_acls ();
res = get_file_attribute (has_acls, win32_path.get_win32 (), (int *) &attrib);
Index: utils/mkpasswd.c
===================================================================
RCS file: /src/cvsroot/winsup-991223/utils/mkpasswd.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mkpasswd.c
--- utils/mkpasswd.c 1999/12/26 15:03:37 1.1.1.1
+++ utils/mkpasswd.c 1999/12/26 17:34:06
@@ -389,6 +389,25 @@ main (int argc, char **argv)
FreeSid (sid);
}
+ /*
+ * Get `administrators' group
+ */
+ if (AllocateAndInitializeSid (&sid_nt_auth, 2, SECURITY_BUILTIN_DOMAIN_RID,
+ DOMAIN_ALIAS_RID_ADMINS,
+ 0, 0, 0, 0, 0, 0, &sid))
+ {
+ if (LookupAccountSid (NULL, sid,
+ name, (len = 256, &len),
+ dom, (len2 = 256, &len),
+ &use))
+ printf ("%s:*:%ld:%ld:%s%s::\n", name,
+ DOMAIN_ALIAS_RID_ADMINS,
+ DOMAIN_ALIAS_RID_ADMINS,
+ print_sids ? "," : "",
+ print_sids ? put_sid (sid) : "");
+ FreeSid (sid);
+ }
+
if (print_local_groups)
enum_local_groups (print_sids);
More information about the Cygwin-developers
mailing list