2 files changed, 153 insertions, 142 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index a6eeef1da..93903fd34 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,25 @@
+2002-11-24  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc: Fix some formatting.  Only set and check `other' bits in
+	a_perm throughout.  Use ILLEGAL_GID id for all entries having no id.
+	(setacl): Fix inheritance condition.
+	(getacl): Set all permission bits in CLASS_OBJ and DEF_CLASS_OBJ
+	entries.  Remove DENY bits before returning to calling function.
+	(acltomode): Fix usage of searchace().  If available, use CLASS_OBJ
+	to mask GROUP_OBJ permissions.
+	(aclfrommode): Fix usage of searchace().  If available, set CLASS_OBJ
+	permissions to same value as GROUP_OBJ permissions.
+
+2002-11-24  Pierre Humblet <pierre.humblet@ieee.org>
+
+	* sec_acl.cc (getace): Fix the behavior when allow and
+	deny entries are present in arbitrary order.
+	(getacl): Report the actual number of entries when
+	aclbufp is NULL, even if nentries is zero. Fix the mask
+	reporting, handle the case where the owner and group sids
+	are equal and streamline the code.
+	(acl_worker): Take allow_ntsec into account.
+
 2002-11-05  Thomas Pfaff  <tpfaff@gmx.net>
 
 	* dcrt0.cc (dll_crt0_1): Add call to pthread::initMainThread to
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 90b6ef082..43f301209 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -140,7 +140,7 @@ setacl (const char *file, int nentries, __aclent16_t *aclbufp)
 			       aclbufp[i].a_type | ACL_DEFAULT,
 			       (aclbufp[i].a_type & (USER|GROUP))
 			       ? aclbufp[i].a_id : -1)) >= 0
-	  && pos < nentries
+	  && aclbufp[pos].a_type
 	  && aclbufp[i].a_perm == aclbufp[pos].a_perm)
 	{
 	  inheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
@@ -213,29 +213,35 @@ setacl (const char *file, int nentries, __aclent16_t *aclbufp)
   return write_sd (file, psd, sd_size);
 }
 
+/* Temporary access denied bits */
+#define DENY_R 040000
+#define DENY_W 020000
+#define DENY_X 010000
+
 static void
-getace (__aclent16_t &acl, int type, int id, DWORD win_ace_mask, DWORD win_ace_type)
+getace (__aclent16_t &acl, int type, int id, DWORD win_ace_mask,
+        DWORD win_ace_type)
 {
   acl.a_type = type;
   acl.a_id = id;
 
-  if (win_ace_mask & FILE_READ_DATA)
+  if ((win_ace_mask & FILE_READ_DATA) && !(acl.a_perm & (S_IROTH | DENY_R)))
     if (win_ace_type == ACCESS_ALLOWED_ACE_TYPE)
-      acl.a_perm |= (acl.a_perm & S_IRGRP) ? 0 : S_IRUSR;
+      acl.a_perm |= S_IROTH;
     else if (win_ace_type == ACCESS_DENIED_ACE_TYPE)
-      acl.a_perm &= ~S_IRGRP;
+      acl.a_perm |= DENY_R;
 
-  if (win_ace_mask & FILE_WRITE_DATA)
+  if ((win_ace_mask & FILE_WRITE_DATA) && !(acl.a_perm & (S_IWOTH | DENY_W)))
     if (win_ace_type == ACCESS_ALLOWED_ACE_TYPE)
-      acl.a_perm |= (acl.a_perm & S_IWGRP) ? 0 : S_IWUSR;
+      acl.a_perm |= S_IWOTH;
     else if (win_ace_type == ACCESS_DENIED_ACE_TYPE)
-      acl.a_perm &= ~S_IWGRP;
+      acl.a_perm |= DENY_W;
 
-  if (win_ace_mask & FILE_EXECUTE)
+  if ((win_ace_mask & FILE_EXECUTE) && !(acl.a_perm & (S_IXOTH | DENY_X)))
     if (win_ace_type == ACCESS_ALLOWED_ACE_TYPE)
-      acl.a_perm |= (acl.a_perm & S_IXGRP) ? 0 : S_IXUSR;
+      acl.a_perm |= S_IXOTH;
     else if (win_ace_type == ACCESS_DENIED_ACE_TYPE)
-      acl.a_perm &= ~S_IXGRP;
+      acl.a_perm |= DENY_X;
 }
 
 static int
@@ -281,6 +287,10 @@ getacl (const char *file, DWORD attr, int nentries, __aclent16_t *aclbufp)
   lacl[1].a_type = GROUP_OBJ;
   lacl[1].a_id = gid;
   lacl[2].a_type = OTHER_OBJ;
+  lacl[2].a_id = ILLEGAL_GID;
+  lacl[3].a_type = CLASS_OBJ;
+  lacl[3].a_id = ILLEGAL_GID;
+  lacl[3].a_perm = S_IROTH | S_IWOTH | S_IXOTH;
 
   PACL acl;
   BOOL acl_exists;
@@ -292,106 +302,90 @@ getacl (const char *file, DWORD attr, int nentries, __aclent16_t *aclbufp)
       return -1;
     }
 
-  int pos, i;
+  int pos, i, types_def = 0;
 
   if (!acl_exists || !acl)
+    for (pos = 0; pos < 3; ++pos) /* Don't change CLASS_OBJ entry */
+      lacl[pos].a_perm = S_IROTH | S_IWOTH | S_IXOTH;
+  else
     {
-      for (pos = 0; pos < MIN_ACL_ENTRIES; ++pos)
-	lacl[pos].a_perm = S_IRWXU | S_IRWXG | S_IRWXO;
-      pos = nentries < MIN_ACL_ENTRIES ? nentries : MIN_ACL_ENTRIES;
-      memcpy (aclbufp, lacl, pos * sizeof (__aclent16_t));
-      return pos;
-    }
-
-  for (i = 0; i < acl->AceCount && (!nentries || i < nentries); ++i)
-    {
-      ACCESS_ALLOWED_ACE *ace;
-
-      if (!GetAce (acl, i, (PVOID *) &ace))
-	continue;
+      for (i = 0; i < acl->AceCount; ++i)
+	{
+	  ACCESS_ALLOWED_ACE *ace;
+	  
+	  if (!GetAce (acl, i, (PVOID *) &ace))
+	    continue;
 
-      cygsid ace_sid ((PSID) &ace->SidStart);
-      int id;
-      int type = 0;
+	  cygsid ace_sid ((PSID) &ace->SidStart);
+	  int id;
+	  int type = 0;
 
-      if (ace_sid == well_known_world_sid)
-	{
-	  type = OTHER_OBJ;
-	  id = 0;
-	}
-      else if (ace_sid == owner_sid)
-	{
-	  type = USER_OBJ;
-	  id = uid;
-	}
-      else if (ace_sid == group_sid)
-	{
-	  type = GROUP_OBJ;
-	  id = gid;
-	}
-      else
-	{
-	  id = ace_sid.get_id (FALSE, &type);
-	  if (type != GROUP)
+	  if (ace_sid == well_known_world_sid)
+	    {
+	      type = OTHER_OBJ;
+	      id = ILLEGAL_GID;
+	    }
+	  else if (ace_sid == group_sid)
+	    {
+	      type = GROUP_OBJ;
+	      id = gid;
+	    }
+	  else if (ace_sid == owner_sid)
+	    {
+	      type = USER_OBJ;
+	      id = uid;
+	    }
+	  else
 	    {
-	      int type2 = 0;
-	      int id2 = ace_sid.get_id (TRUE, &type2);
-	      if (type2 == GROUP)
+	      id = ace_sid.get_id (FALSE, &type);
+	      if (type != GROUP)
 		{
-		  id = id2;
-		  type = GROUP;
+		  int type2 = 0;
+		  int id2 = ace_sid.get_id (TRUE, &type2);
+		  if (type2 == GROUP)
+		    {
+		      id = id2;
+		      type = GROUP;
+		    }
 		}
 	    }
+	  if (!type)
+	    continue;
+	  if (!(ace->Header.AceFlags & INHERIT_ONLY))
+	    {
+	      if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)
+		getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType);
+	    }
+	  if ((ace->Header.AceFlags & SUB_CONTAINERS_AND_OBJECTS_INHERIT)
+	      && (attr & FILE_ATTRIBUTE_DIRECTORY))
+	    {
+	      type |= ACL_DEFAULT;
+	      types_def |= type;
+	      if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)
+		getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType);
+	    }
 	}
-      if (!type)
-	continue;
-      if (!(ace->Header.AceFlags & INHERIT_ONLY))
-	{
-	  if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)
-	    getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType);
-	}
-      if ((ace->Header.AceFlags & SUB_CONTAINERS_AND_OBJECTS_INHERIT)
-	  && (attr & FILE_ATTRIBUTE_DIRECTORY))
+      /* Include DEF_CLASS_OBJ if any default ace exists */
+      if ((types_def & (USER|GROUP)) 
+	  && ((pos = searchace (lacl, MAX_ACL_ENTRIES, DEF_CLASS_OBJ)) >= 0))
 	{
-	  type |= ACL_DEFAULT;
-	  if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)
-	    getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType);
+	  lacl[pos].a_type = DEF_CLASS_OBJ;
+	  lacl[pos].a_id = ILLEGAL_GID;
+	  lacl[pos].a_perm = S_IRWXU | S_IRWXG | S_IRWXO;
 	}
     }
   if ((pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) < 0)
     pos = MAX_ACL_ENTRIES;
-  for (i = 0; i < pos; ++i)
-    {
-      lacl[i].a_perm = (lacl[i].a_perm & S_IRWXU)
-		       & ~((lacl[i].a_perm & S_IRWXG) << 3);
-      lacl[i].a_perm |= (lacl[i].a_perm & S_IRWXU) >> 3
-			| (lacl[i].a_perm & S_IRWXU) >> 6;
-    }
-  if ((searchace (lacl, MAX_ACL_ENTRIES, USER) >= 0
-       || searchace (lacl, MAX_ACL_ENTRIES, GROUP) >= 0)
-      && (pos = searchace (lacl, MAX_ACL_ENTRIES, CLASS_OBJ)) >= 0)
-    {
-      lacl[pos].a_type = CLASS_OBJ;
-      lacl[pos].a_perm =
-	  lacl[searchace (lacl, MAX_ACL_ENTRIES, GROUP_OBJ)].a_perm;
-    }
-  int dgpos;
-  if ((searchace (lacl, MAX_ACL_ENTRIES, DEF_USER) >= 0
-       || searchace (lacl, MAX_ACL_ENTRIES, DEF_GROUP) >= 0)
-      && (dgpos = searchace (lacl, MAX_ACL_ENTRIES, DEF_GROUP_OBJ)) >= 0
-      && (pos = searchace (lacl, MAX_ACL_ENTRIES, DEF_CLASS_OBJ)) >= 0
-      && (attr & FILE_ATTRIBUTE_DIRECTORY))
-    {
-      lacl[pos].a_type = DEF_CLASS_OBJ;
-      lacl[pos].a_perm = lacl[dgpos].a_perm;
-    }
-  if ((pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) < 0)
-    pos = MAX_ACL_ENTRIES;
-  if (pos > nentries)
-    pos = nentries;
-  if (aclbufp)
+  if (aclbufp) {
+    if (EqualSid (owner_sid, group_sid)) 
+      lacl[0].a_perm = lacl[1].a_perm;
+    if (pos > nentries)
+      pos = nentries;
     memcpy (aclbufp, lacl, pos * sizeof (__aclent16_t));
-  aclsort (pos, 0, aclbufp);
+    for (i = 0; i < pos; ++i)
+      aclbufp[i].a_perm &= ~(DENY_R | DENY_W | DENY_X);
+    aclsort (pos, 0, aclbufp);
+  }
   syscall_printf ("%d = getacl (%s)", pos, file);
   return pos;
 }
@@ -406,7 +400,7 @@ acl_access (const char *path, int flags)
     return -1;
 
   /* Only check existance. */
-  if (!(flags & (R_OK|W_OK|X_OK)))
+  if (!(flags & (R_OK | W_OK | X_OK)))
     return 0;
 
   for (int i = 0; i < cnt; ++i)
@@ -450,9 +444,9 @@ acl_access (const char *path, int flags)
 	default:
 	  continue;
 	}
-      if ((!(flags & R_OK) || (acls[i].a_perm & S_IREAD))
-	  && (!(flags & W_OK) || (acls[i].a_perm & S_IWRITE))
-	  && (!(flags & X_OK) || (acls[i].a_perm & S_IEXEC)))
+      if ((!(flags & R_OK) || (acls[i].a_perm & S_IROTH))
+	  && (!(flags & W_OK) || (acls[i].a_perm & S_IWOTH))
+	  && (!(flags & X_OK) || (acls[i].a_perm & S_IXOTH)))
 	return 0;
     }
   set_errno (EACCES);
@@ -472,7 +466,7 @@ acl_worker (const char *path, int cmd, int nentries, __aclent16_t *aclbufp,
       syscall_printf ("-1 = acl (%s)", path);
       return -1;
     }
-  if (!real_path.has_acls ())
+  if (!real_path.has_acls () || !allow_ntsec)
     {
       struct __stat64 st;
       int ret = -1;
@@ -493,33 +487,25 @@ acl_worker (const char *path, int cmd, int nentries, __aclent16_t *aclbufp,
 		{
 		  lacl[0].a_type = USER_OBJ;
 		  lacl[0].a_id = st.st_uid;
-		  lacl[0].a_perm = (st.st_mode & S_IRWXU)
-				   | (st.st_mode & S_IRWXU) >> 3
-				   | (st.st_mode & S_IRWXU) >> 6;
+		  lacl[0].a_perm = (st.st_mode & S_IRWXU) >> 6;
 		}
 	      if (nentries > 1)
 		{
 		  lacl[1].a_type = GROUP_OBJ;
 		  lacl[1].a_id = st.st_gid;
-		  lacl[1].a_perm = (st.st_mode & S_IRWXG)
-				   | (st.st_mode & S_IRWXG) << 3
-				   | (st.st_mode & S_IRWXG) >> 3;
+		  lacl[1].a_perm = (st.st_mode & S_IRWXG) >> 3;
 		}
 	      if (nentries > 2)
 		{
 		  lacl[2].a_type = OTHER_OBJ;
-		  lacl[2].a_id = 0;
-		  lacl[2].a_perm = (st.st_mode & S_IRWXO)
-				   | (st.st_mode & S_IRWXO) << 6
-				   | (st.st_mode & S_IRWXO) << 3;
+		  lacl[2].a_id = ILLEGAL_GID;
+		  lacl[2].a_perm = st.st_mode & S_IRWXO;
 		}
 	      if (nentries > 3)
 		{
 		  lacl[3].a_type = CLASS_OBJ;
-		  lacl[3].a_id = 0;
-		  lacl[3].a_perm = (st.st_mode & S_IRWXG)
-				   | (st.st_mode & S_IRWXG) << 3
-				   | (st.st_mode & S_IRWXG) >> 3;
+		  lacl[3].a_id = ILLEGAL_GID;
+		  lacl[3].a_perm = S_IRWXU | S_IRWXG | S_IRWXO;
 		}
 	      if (nentries > 4)
 		nentries = 4;
@@ -766,26 +752,31 @@ acltomode (__aclent16_t *aclbufp, int nentries, mode_t *modep)
       return -1;
     }
   *modep = 0;
-  if ((pos = searchace (aclbufp, nentries, USER_OBJ)) < 0)
+  if ((pos = searchace (aclbufp, nentries, USER_OBJ)) < 0
+      || !aclbufp[pos].a_type)
     {
       set_errno (EINVAL);
       return -1;
     }
-  *modep |= aclbufp[pos].a_perm & S_IRWXU;
-  if ((pos = searchace (aclbufp, nentries, GROUP_OBJ)) < 0)
+  *modep |= (aclbufp[pos].a_perm & S_IRWXO) << 6;
+  if ((pos = searchace (aclbufp, nentries, GROUP_OBJ)) < 0
+      || !aclbufp[pos].a_type)
     {
       set_errno (EINVAL);
       return -1;
     }
-  if (searchace (aclbufp, nentries, CLASS_OBJ) < 0)
-    pos = searchace (aclbufp, nentries, CLASS_OBJ);
-  *modep |= (aclbufp[pos].a_perm & S_IRWXU) >> 3;
-  if ((pos = searchace (aclbufp, nentries, OTHER_OBJ)) < 0)
+  *modep |= (aclbufp[pos].a_perm & S_IRWXO) << 3;
+  int cpos;
+  if ((cpos = searchace (aclbufp, nentries, CLASS_OBJ)) >= 0
+      && aclbufp[cpos].a_type == CLASS_OBJ)
+    *modep |= ((aclbufp[pos].a_perm & S_IRWXO) & aclbufp[cpos].a_perm) << 3;
+  if ((pos = searchace (aclbufp, nentries, OTHER_OBJ)) < 0
+      || !aclbufp[pos].a_type)
     {
       set_errno (EINVAL);
       return -1;
     }
-  *modep |= (aclbufp[pos].a_perm & S_IRWXU) >> 6;
+  *modep |= aclbufp[pos].a_perm & S_IRWXO;
   return 0;
 }
 
@@ -800,32 +791,30 @@ aclfrommode (__aclent16_t *aclbufp, int nentries, mode_t *modep)
       set_errno (EINVAL);
       return -1;
     }
-  if ((pos = searchace (aclbufp, nentries, USER_OBJ)) < 0)
+  if ((pos = searchace (aclbufp, nentries, USER_OBJ)) < 0
+      || !aclbufp[pos].a_type)
     {
       set_errno (EINVAL);
       return -1;
     }
-  aclbufp[pos].a_perm = (*modep & S_IRWXU)
-			| (*modep & S_IRWXU) >> 3
-			| (*modep & S_IRWXU) >> 6;
-  if ((pos = searchace (aclbufp, nentries, GROUP_OBJ)) < 0)
+  aclbufp[pos].a_perm = (*modep & S_IRWXU) >> 6;
+  if ((pos = searchace (aclbufp, nentries, GROUP_OBJ)) < 0
+      || !aclbufp[pos].a_type)
     {
       set_errno (EINVAL);
       return -1;
     }
-  if (searchace (aclbufp, nentries, CLASS_OBJ) < 0)
-    pos = searchace (aclbufp, nentries, CLASS_OBJ);
-  aclbufp[pos].a_perm = (*modep & S_IRWXG)
-			| (*modep & S_IRWXG) << 3
-			| (*modep & S_IRWXG) >> 3;
-  if ((pos = searchace (aclbufp, nentries, OTHER_OBJ)) < 0)
+  aclbufp[pos].a_perm = (*modep & S_IRWXG) >> 3;
+  if ((pos = searchace (aclbufp, nentries, CLASS_OBJ)) >= 0
+      && aclbufp[pos].a_type == CLASS_OBJ)
+    aclbufp[pos].a_perm = (*modep & S_IRWXG) >> 3;
+  if ((pos = searchace (aclbufp, nentries, OTHER_OBJ)) < 0
+      || !aclbufp[pos].a_type)
     {
       set_errno (EINVAL);
       return -1;
     }
-  aclbufp[pos].a_perm = (*modep & S_IRWXO)
-			| (*modep & S_IRWXO) << 6
-			| (*modep & S_IRWXO) << 3;
+  aclbufp[pos].a_perm = (*modep & S_IRWXO);
   return 0;
 }
 
@@ -848,9 +837,9 @@ permtostr (mode_t perm)
 {
   static char pbuf[4];
 
-  pbuf[0] = (perm & S_IREAD) ? 'r' : '-';
-  pbuf[1] = (perm & S_IWRITE) ? 'w' : '-';
-  pbuf[2] = (perm & S_IEXEC) ? 'x' : '-';
+  pbuf[0] = (perm & S_IROTH) ? 'r' : '-';
+  pbuf[1] = (perm & S_IWOTH) ? 'w' : '-';
+  pbuf[2] = (perm & S_IXOTH) ? 'x' : '-';
   pbuf[3] = '\0';
   return pbuf;
 }
@@ -918,15 +907,15 @@ permfromstr (char *perm)
   if (strlen (perm) != 3)
     return 01000;
   if (perm[0] == 'r')
-    mode |= S_IRUSR | S_IRGRP | S_IROTH;
+    mode |= S_IROTH;
   else if (perm[0] != '-')
     return 01000;
   if (perm[1] == 'w')
-    mode |= S_IWUSR | S_IWGRP | S_IWOTH;
+    mode |= S_IWOTH;
   else if (perm[1] != '-')
     return 01000;
   if (perm[2] == 'x')
-    mode |= S_IXUSR | S_IXGRP | S_IXOTH;
+    mode |= S_IXOTH;
   else if (perm[2] != '-')
     return 01000;
   return mode;