diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2014-08-28 12:38:52 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2014-08-28 12:38:52 +0000 |
| commit | 1a33a5c6d3d4c4713a89950470002f5f9ef11159 (patch) | |
| tree | aba6a6d901f745ac1adccb3a0ebb98d948ebf938 /winsup/cygwin/security.cc | |
| parent | c51ce2447a7cce971500131011711fb499f5bbde (diff) | |
| download | cygnal-1a33a5c6d3d4c4713a89950470002f5f9ef11159.tar.gz cygnal-1a33a5c6d3d4c4713a89950470002f5f9ef11159.tar.bz2 cygnal-1a33a5c6d3d4c4713a89950470002f5f9ef11159.zip | |
* fhandler.cc (fhandler_base::facl): Drop CLASS_OBJ entry.
* fhandler_disk_file.cc (fhandler_disk_file::facl): Ditto in noacl case.
* sec_acl.cc (getacl): Compute useful fake CLASS_OBJ and DEF_CLASS_OBJ
permission bits based on how these values are generated on Linux.
Add commants to explain what the code is doing.
* security.cc (get_attribute_from_acl): Compute group permission based
on the actual primary group permissions and all secondary user and group
ACCESS_ALLOWED_ACEs to emulate Linux' behaviour more closely.
(check_access): Fix typos im comment.
* include/cygwin/acl.h (MIN_ACL_ENTRIES): Redefine as 3.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index af89a5238..4c46e05d9 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -314,6 +314,21 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid, *flags |= ((!(*anti & S_IXGRP)) ? S_IXGRP : 0) | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0); } + else if (flags == &allow) + { + /* Simplified computation of additional group permissions based on + the CLASS_OBJ value. CLASS_OBJ represents the or'ed value of + the primary group permissions and all secondary user and group + permissions. FIXME: This only takes ACCESS_ALLOWED_ACEs into + account. The computation with additional ACCESS_DENIED_ACE + handling is much more complicated. */ + if (ace->Mask & FILE_READ_BITS) + *flags |= S_IRGRP; + if (ace->Mask & FILE_WRITE_BITS) + *flags |= S_IWGRP; + if (ace->Mask & FILE_EXEC_BITS) + *flags |= S_IXGRP; + } } *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID); if (owner_sid && group_sid && RtlEqualSid (owner_sid, group_sid) @@ -1049,8 +1064,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, /* Samba override. Check security descriptor for Samba UNIX user and group accounts and check if we have an RFC 2307 mapping to a Windows account. - Create a new security descriptor with all of the UNIX acocunts with - valid mapping replaced with their WIndows counterpart. */ + Create a new security descriptor with all of the UNIX accounts with + valid mapping replaced with their Windows counterpart. */ static void convert_samba_sd (security_descriptor &sd_ret) { |