diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2009-04-09 09:19:03 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2009-04-09 09:19:03 +0000 |
| commit | 2d647173bb2056dfd87a184ac2b6e5ded660a466 (patch) | |
| tree | cc84ef1e8f66f8ecae0c889e1ea16e3ba8e9430c /winsup/cygwin/security.cc | |
| parent | 9b26525ec38243245b9736272e58ee1a0d492959 (diff) | |
| download | cygnal-2d647173bb2056dfd87a184ac2b6e5ded660a466.tar.gz cygnal-2d647173bb2056dfd87a184ac2b6e5ded660a466.tar.bz2 cygnal-2d647173bb2056dfd87a184ac2b6e5ded660a466.zip | |
* fhandler_disk_file.cc (fhandler_disk_file::fchown): Catch an
error when changing the user account on a standalone Samba server.
Explain why.
* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
(well_known_samba_unix_user_fake_sid): Define.
* security.cc (set_file_sd): Take additional parameter if ownership
should be changed. Restrict requested permissions accordingly.
(set_file_attribute): Accommodate additional parameter to set_file_sd.
* security.h (well_known_samba_unix_user_fake_sid): Declare.
(set_file_sd): Align declaration to above change.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index c9de92b0a..a7d4a56f7 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -83,7 +83,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd) } LONG -set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd) +set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, bool is_chown) { NTSTATUS status = STATUS_SUCCESS; int retry = 0; @@ -93,7 +93,10 @@ set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd) { if (fh) { - status = NtSetSecurityObject (fh, ALL_SECURITY_INFORMATION, sd); + status = NtSetSecurityObject (fh, + is_chown ? ALL_SECURITY_INFORMATION + : DACL_SECURITY_INFORMATION, + sd); if (NT_SUCCESS (status)) { res = 0; @@ -104,8 +107,7 @@ set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd) { OBJECT_ATTRIBUTES attr; IO_STATUS_BLOCK io; - - status = NtOpenFile (&fh, WRITE_OWNER | WRITE_DAC, + status = NtOpenFile (&fh, (is_chown ? WRITE_OWNER : 0) | WRITE_DAC, pc.get_object_attr (attr, sec_none_nih), &io, FILE_SHARE_VALID_FLAGS, FILE_OPEN_FOR_BACKUP_INTENT @@ -712,7 +714,8 @@ set_file_attribute (HANDLE handle, path_conv &pc, if (!get_file_sd (handle, pc, sd) && alloc_sd (pc, uid, gid, attribute, sd)) - ret = set_file_sd (handle, pc, sd); + ret = set_file_sd (handle, pc, sd, + uid != ILLEGAL_UID || gid != ILLEGAL_GID); } else ret = 0; |