diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2008-08-14 14:05:04 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2008-08-14 14:05:04 +0000 |
| commit | 88797e5979c906e8bb5b181e4c2511b8b79b5818 (patch) | |
| tree | 1c40f694b610a1aa5330c429febb9adc68416662 /winsup/cygwin/fhandler_disk_file.cc | |
| parent | 56d81795705a67bef7e1e5fa934a2109e34b316f (diff) | |
| download | cygnal-88797e5979c906e8bb5b181e4c2511b8b79b5818.tar.gz cygnal-88797e5979c906e8bb5b181e4c2511b8b79b5818.tar.bz2 cygnal-88797e5979c906e8bb5b181e4c2511b8b79b5818.zip | |
* external.cc (cygwin_internal): Call set_security_attribute with
additional path_conv argument.
* fhandler.cc (fhandler_base::open): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Never set DOS
R/O attribute when using ACLs.
(fhandler_disk_file::mkdir): Ditto. Set
security descriptor on remote dirs after creating the dir, same as in
fhandler_base::open.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for remote AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto. for remote symlinks.
* security.cc (alloc_sd): Take additional path_conv argument.
Accommodate throughout. Drop setting FILE_WRITE_EA/FILE_READ_EA
flags unconditionally (was only necessary for "ntea"). Don't set
FILE_READ_ATTRIBUTES and FILE_WRITE_ATTRIBUTES unconditionally on
Samba. Add comment to explain. Drop useless setting of
STANDARD_RIGHTS_WRITE, it's in FILE_GENERIC_WRITE anyway.
Remove FILE_READ_ATTRIBUTES bit from FILE_GENERIC_EXECUTE so as not
to enforce read permissions on Samba.
(set_security_attribute): Take additional path_conv argument.
* security.h (set_security_attribute): Change prototype accordingly.
Diffstat (limited to 'winsup/cygwin/fhandler_disk_file.cc')
| -rw-r--r-- | winsup/cygwin/fhandler_disk_file.cc | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc index de2b0d06e..5fc82302d 100644 --- a/winsup/cygwin/fhandler_disk_file.cc +++ b/winsup/cygwin/fhandler_disk_file.cc @@ -807,10 +807,10 @@ fhandler_disk_file::fchmod (mode_t mode) res = 0; } - /* if the mode we want has any write bits set, we can't be read only. */ + /* If the mode has any write bits set, the DOS R/O flag is in the way. */ if (mode & (S_IWUSR | S_IWGRP | S_IWOTH)) pc &= (DWORD) ~FILE_ATTRIBUTE_READONLY; - else + else if (!pc.has_acls ()) /* Never set DOS R/O if security is used. */ pc |= (DWORD) FILE_ATTRIBUTE_READONLY; if (S_ISSOCK (mode)) pc |= (DWORD) FILE_ATTRIBUTE_SYSTEM; @@ -1380,8 +1380,10 @@ fhandler_disk_file::mkdir (mode_t mode) SECURITY_ATTRIBUTES sa = sec_none_nih; security_descriptor sd; - if (has_acls ()) - set_security_attribute (S_IFDIR | ((mode & 07777) & ~cygheap->umask), + /* See comments in fhander_base::open () for an explanation why we defer + setting security attributes on remote files. */ + if (has_acls () && !pc.isremote ()) + set_security_attribute (pc, S_IFDIR | ((mode & 07777) & ~cygheap->umask), &sa, sd); NTSTATUS status; @@ -1418,6 +1420,9 @@ fhandler_disk_file::mkdir (mode_t mode) p, plen); if (NT_SUCCESS (status)) { + if (has_acls () && pc.isremote ()) + set_file_attribute (dir, pc, ILLEGAL_UID, ILLEGAL_GID, + S_IFDIR | ((mode & 07777) & ~cygheap->umask)); NtClose (dir); res = 0; } |