diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2003-02-05 16:15:22 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2003-02-05 16:15:22 +0000 |
| commit | 62cd433e9813907639f8a30d8c5a3851424a57f6 (patch) | |
| tree | c705b7808dd30b0cbb561145a4d0038d27a20318 /winsup/cygwin/security.cc | |
| parent | 33c7867ef117710ac341c3d816d92e76d6cf7e9e (diff) | |
| download | cygnal-62cd433e9813907639f8a30d8c5a3851424a57f6.tar.gz cygnal-62cd433e9813907639f8a30d8c5a3851424a57f6.tar.bz2 cygnal-62cd433e9813907639f8a30d8c5a3851424a57f6.zip | |
* sec_acl.cc (setacl): Move all permission settings to beginning of
loop. Set default rights to same values as in alloc_sd(). Set DELETE
for owner and default owner only if S_IWOTH is given.
* sec_acl.cc: Change all __aclent16_t to __aclent32_t except in
wrapper function definitions. Replace call to the aclXYZ functions by
calls aclXYZ32.
(searchace): Change type of third argument to __uid32_t and use
ILLEGAL_UID instead of -1;
(setacl): Remove some initializations. Only give STANDARD_RIGHTS_WRITE
for S_IWOTH. Replace -1 by ILLEGAL_UID.
(getacl): Change type of owner_sid, group_sid and ace_sid to cygpsid.
In last else clause, suppress second call to ace_sid.get_id and use
TRUE in first call. Replace EqualSid by ==.
(acl_access): Call internal_getgroups in USER and GROUP cases.
(acecmp: Define static.
(acl32): Create from 16 bit type.
(facl32): Ditto.
(lacl32): Ditto.
(aclcheck32): Ditto.
(aclsort32): Ditto.
(acltomode32): Ditto.
(aclfrommode32): Ditto.
(acltopbits32): Ditto.
(aclfrompbits32): Ditto.
(acltotext32): Ditto.
(aclfromtext32): Ditto, and use strechr.
(acl16to32): Create.
(acl): Make it a wrapper function.
(facl): Ditto.
(lacl): Ditto.
(aclcheck): Ditto.
(aclsort): Ditto.
(acltomode): Ditto.
(aclfrommode): Ditto.
(acltopbits): Ditto.
(aclfrompbits): Ditto.
(acltotext): Ditto.
(aclfromtext): Ditto.
* security.cc (write_sd): Call set_process_privilege and check
ownership.
(alloc_sd): Remove call to set_process_privilege and the owner check.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 8c8727096..33b529d61 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -1140,6 +1140,30 @@ write_sd (const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size) return -1; } + BOOL dummy; + cygpsid owner; + + if (!GetSecurityDescriptorOwner (sd_buf, (PSID *) &owner, &dummy)) + { + __seterrno (); + return -1; + } + /* Try turning privilege on, may not have WRITE_OWNER or WRITE_DAC access. + Must have privilege to set different owner, else BackupWrite misbehaves */ + static int NO_COPY saved_res; /* 0: never, 1: failed, 2 & 3: OK */ + int res; + if (!saved_res || cygheap->user.issetuid ()) + { + res = 2 + set_process_privilege (SE_RESTORE_NAME, true, + cygheap->user.issetuid ()); + if (!cygheap->user.issetuid ()) + saved_res = res; + } + else + res = saved_res; + if (res == 1 && owner != cygheap->user.sid ()) + return -1; + HANDLE fh; fh = CreateFile (file, WRITE_OWNER | WRITE_DAC, @@ -1561,22 +1585,6 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, } owner_sid.debug_print ("alloc_sd: owner SID ="); - /* Try turning privilege on, may not have WRITE_OWNER or WRITE_DAC access. - Must have privilege to set different owner, else BackupWrite misbehaves */ - static int NO_COPY saved_res; /* 0: never, 1: failed, 2 & 3: OK */ - int res; - if (!saved_res || cygheap->user.issetuid ()) - { - res = 2 + set_process_privilege (SE_RESTORE_NAME, true, - cygheap->user.issetuid ()); - if (!cygheap->user.issetuid ()) - saved_res = res; - } - else - res = saved_res; - if (res == 1 && owner_sid != cygheap->user.sid ()) - return NULL; - /* Get SID of new group. */ cygsid group_sid; /* Check for current user first */ |