diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2003-02-21 14:29:18 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2003-02-21 14:29:18 +0000 |
| commit | cf762b08cfb010d9d63e4ca44658c80bdf6ed8cb (patch) | |
| tree | 18f96c59a7ee7b81b288251ebf493e5bd0e62637 /winsup/cygwin/security.cc | |
| parent | d05ef21d4f7e409472361b98945099485052efc0 (diff) | |
| download | cygnal-cf762b08cfb010d9d63e4ca44658c80bdf6ed8cb.tar.gz cygnal-cf762b08cfb010d9d63e4ca44658c80bdf6ed8cb.tar.bz2 cygnal-cf762b08cfb010d9d63e4ca44658c80bdf6ed8cb.zip | |
* dtable.cc (dtable::build_fhandler_from_name): Set some fhandler
data on sockets to evaluate AF_LOCAL sockets correctly.
(dtable::build_fhandler): Set unit number on sockets.
* fhandler.h (fhandler_socket): Add unit number.
(fhandler_socket::get_unit): New method.
* fhandler_socket.cc (fhandler_socket::fhandler_socket): Set unit
number.
(fhandler_socket::fstat): Reorganize to return more Linux-like
values.
* net.cc: include ctype.h.
(fdsock): Set unit number when building fhandler.
* path.cc (path_conv::check): Set device type to FH_SOCKET if file
is a AF_UNIX socket.
(get_devn): Evaluate unit for virtual socket devices.
(win32_device_name): Set windows path for sockets to unix_path with
just backslashes to keep the different names.
* syscalls.cc (fstat64): Don't override st_ino, st_dev and st_rdev
for sockets.
(stat_worker): Ditto.
From Pierre Humblet:
* autoload.cc (AccessCheck): Add.
(DuplicateToken): Add.
* security.h (check_file_access): Declare.
* syscalls.cc (access): Convert path to Windows, check existence
and readonly attribute. Call check_file_access instead of acl_access.
* security.cc (check_file_access): Create.
* sec_acl (acl_access): Delete.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 35ac5cfac..847aa4afb 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -1918,3 +1918,54 @@ set_file_attribute (int use_ntsec, const char *file, int attribute) return set_file_attribute (use_ntsec, file, myself->uid, myself->gid, attribute); } + +int +check_file_access (const char *fn, int flags) +{ + int ret = -1; + char sd_buf[4096]; + DWORD sd_size = sizeof sd_buf; + PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf; + HANDLE hToken, hIToken; + BOOL status; + char pbuf[sizeof (PRIVILEGE_SET) + 3 * sizeof (LUID_AND_ATTRIBUTES)]; + DWORD desired = 0, granted, plength = sizeof pbuf; + static GENERIC_MAPPING NO_COPY mapping = { FILE_GENERIC_READ, + FILE_GENERIC_WRITE, + FILE_GENERIC_EXECUTE, + FILE_ALL_ACCESS }; + if (read_sd (fn, psd, &sd_size) <= 0) + goto done; + + if (cygheap->user.issetuid ()) + hToken = cygheap->user.token; + else if (!OpenProcessToken (hMainProc, TOKEN_DUPLICATE, &hToken)) + { + __seterrno (); + goto done; + } + if (!(status = DuplicateToken (hToken, SecurityIdentification, &hIToken))) + __seterrno (); + if (hToken != cygheap->user.token) + CloseHandle (hToken); + if (!status) + goto done; + + if (flags & R_OK) + desired |= FILE_READ_DATA; + if (flags & W_OK) + desired |= FILE_WRITE_DATA; + if (flags & X_OK) + desired |= FILE_EXECUTE; + if (!AccessCheck (psd, hIToken, desired, &mapping, + (PPRIVILEGE_SET) pbuf, &plength, &granted, &status)) + __seterrno (); + else if (!status) + set_errno (EACCES); + else + ret = 0; + CloseHandle (hIToken); + done: + debug_printf ("flags %x, ret %d", flags, ret); + return ret; +} |