diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2016-01-28 22:05:49 +0100 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2016-01-28 22:05:49 +0100 |
| commit | ac4648c13eab48d1e7626d272ae47839da579429 (patch) | |
| tree | f46131a6ea4ccf27688355f761d7c7bd4c443291 /winsup/cygwin/sec_acl.cc | |
| parent | a16ab1751c64557b46945d4c093b8977c0584327 (diff) | |
| download | cygnal-ac4648c13eab48d1e7626d272ae47839da579429.tar.gz cygnal-ac4648c13eab48d1e7626d272ae47839da579429.tar.bz2 cygnal-ac4648c13eab48d1e7626d272ae47839da579429.zip | |
Treat ACLs with extra ACEs for Admins and SYSTEM like a trivial ACL
POSIX.1e requires that chmod changes the MASK rather than the
GROUP_OBJ value if the ACL is non-trivial.
On Windows, especially on home machines, a standard ACL often
consists of entries for the user, maybe the group, and additional
entries for SYSTEM and the Administrators group. A user calling
chmod on a file with bog standard Windows perms usually expects
that chmod changes the GROUP_OBJ perms, but given the rules from
POSIX.1e we can't do that.
However, since we already treat Admins and SYSTEM special in a
ACL (they are not used in MASK computations) we go a step in the
Windows direction to follow user expectations. If an ACL only
consists of the three POSIX permissions, plus entries for Admins
and SYSTEM *only*, then we change the permissions of the GROUP_OBJ
entry *and* the MASK entry.
* fhandler_disk_file.cc (fhandler_disk_file::chmod): Drop unused
code. Add special handling for a "standard" Windows ACL. Add
comment to explain.
* sec_acl.cc (get_posix_access): Allow to return "standard-ness"
of an ACL to the caller. Add preceeding comment to explain a bit.
* security.h (get_posix_access): Align prototype.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'winsup/cygwin/sec_acl.cc')
| -rw-r--r-- | winsup/cygwin/sec_acl.cc | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index be5442336..96c6fc314 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -561,11 +561,17 @@ getace (aclent_t &acl, int type, int id, DWORD win_ace_mask, /* From the SECURITY_DESCRIPTOR given in psd, compute user, owner, posix attributes, as well as the POSIX acl. The function returns the number - of entries returned in aclbufp, or -1 in case of error. */ + of entries returned in aclbufp, or -1 in case of error. + + When called from chmod, it also returns the fact if the ACL is a "standard" + ACL. A "standard" ACL is an ACL which only consists of ACEs for owner, + group, other, as well as (this is Windows) the Administrators group and + SYSTEM. See fhandler_disk_file::fchmod for how this is used to fake + stock POSIX perms even if Administrators and SYSTEM is in the ACE. */ int get_posix_access (PSECURITY_DESCRIPTOR psd, mode_t *attr_ret, uid_t *uid_ret, gid_t *gid_ret, - aclent_t *aclbufp, int nentries) + aclent_t *aclbufp, int nentries, bool *std_acl) { tmp_pathbuf tp; NTSTATUS status; @@ -852,7 +858,10 @@ get_posix_access (PSECURITY_DESCRIPTOR psd, GROUP_OBJ entry. */ if (ace_sid != well_known_system_sid && ace_sid != well_known_admins_sid) - class_perm |= lacl[pos].a_perm; + { + class_perm |= lacl[pos].a_perm; + standard_ACEs_only = false; + } } } /* For a newly created file, we'd like to know if we're running @@ -861,7 +870,6 @@ get_posix_access (PSECURITY_DESCRIPTOR psd, a standard ACL, we apply umask. That's not entirely correct, but it's probably the best we can do. */ else if (type & (USER | GROUP) - && just_created && standard_ACEs_only && ace_sid != well_known_system_sid && ace_sid != well_known_admins_sid) @@ -1104,6 +1112,8 @@ out: aclbufp[idx].a_perm &= S_IRWXO; aclsort32 (pos, 0, aclbufp); } + if (std_acl) + *std_acl = standard_ACEs_only; return pos; } |