From 2d647173bb2056dfd87a184ac2b6e5ded660a466 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Thu, 9 Apr 2009 09:19:03 +0000 Subject: * fhandler_disk_file.cc (fhandler_disk_file::fchown): Catch an error when changing the user account on a standalone Samba server. Explain why. * sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd. * sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define. (well_known_samba_unix_user_fake_sid): Define. * security.cc (set_file_sd): Take additional parameter if ownership should be changed. Restrict requested permissions accordingly. (set_file_attribute): Accommodate additional parameter to set_file_sd. * security.h (well_known_samba_unix_user_fake_sid): Declare. (set_file_sd): Align declaration to above change. --- winsup/cygwin/security.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'winsup/cygwin/security.h') diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index f186597c9..9d306feb0 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -327,6 +327,7 @@ extern cygpsid fake_logon_sid; extern cygpsid mandatory_medium_integrity_sid; extern cygpsid mandatory_high_integrity_sid; extern cygpsid mandatory_system_integrity_sid; +extern cygpsid well_known_samba_unix_user_fake_sid; bool privilege_luid (const PWCHAR pname, LUID *luid); @@ -345,7 +346,8 @@ int __stdcall set_file_attribute (HANDLE, path_conv &, __uid32_t, __gid32_t, int); int __stdcall get_reg_attribute (HKEY hkey, mode_t *, __uid32_t *, __gid32_t *); LONG __stdcall get_file_sd (HANDLE fh, path_conv &, security_descriptor &sd); -LONG __stdcall set_file_sd (HANDLE fh, path_conv &, security_descriptor &sd); +LONG __stdcall set_file_sd (HANDLE fh, path_conv &, security_descriptor &sd, + bool is_chown); bool __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit); bool __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit); int __stdcall check_file_access (path_conv &, int); -- cgit v1.2.3