This is the mail archive of the
cygwin-patches
mailing list for the Cygwin project.
[PATCH] Ensure that the default ACL contains the standard entries
- From: Christian Franke <Christian dot Franke at t-online dot de>
- To: cygwin-patches at cygwin dot com
- Date: Fri, 10 Dec 2010 23:05:16 +0100
- Subject: [PATCH] Ensure that the default ACL contains the standard entries
The ACL from Cygwin always contains the three (USER|GROUP|OTHER)_OBJ
entries. It might be existing practice elsewhere to return these entries
also in the default ACL. The attached patch adds these entries with
empty permissions if necessary.
The patch would fix this rsync issue:
http://cygwin.com/ml/cygwin/2010-11/msg00429.html
The logic for DEF_CLASS_OBJ is unchanged.
Christian
2010-12-10 Christian Franke <franke@computer.org>
* sec_acl.cc (getacl): Ensure that the default acl contains
at least DEF_(USER|GROUP|OTHER)_OBJ entries.
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 24f2468..34424a8 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -357,11 +357,13 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp)
else if (ace_sid == well_known_creator_group_sid)
{
type = GROUP_OBJ | ACL_DEFAULT;
+ types_def |= type;
id = ILLEGAL_GID;
}
else if (ace_sid == well_known_creator_owner_sid)
{
type = USER_OBJ | ACL_DEFAULT;
+ types_def |= type;
id = ILLEGAL_GID;
}
else
@@ -388,13 +390,38 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp)
getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType);
}
}
- /* Include DEF_CLASS_OBJ if any default ace exists */
- if ((types_def & (USER|GROUP))
- && ((pos = searchace (lacl, MAX_ACL_ENTRIES, DEF_CLASS_OBJ)) >= 0))
+ if (types_def && (pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) >= 0)
{
- lacl[pos].a_type = DEF_CLASS_OBJ;
- lacl[pos].a_id = ILLEGAL_GID;
- lacl[pos].a_perm = S_IROTH | S_IWOTH | S_IXOTH;
+ /* Ensure that the default acl contains at
+ least DEF_(USER|GROUP|OTHER)_OBJ entries. */
+ if (!(types_def & USER_OBJ))
+ {
+ lacl[pos].a_type = DEF_USER_OBJ;
+ lacl[pos].a_id = uid;
+ /* lacl[pos].a_perm = 0; */
+ pos++;
+ }
+ if (!(types_def & GROUP_OBJ) && pos < MAX_ACL_ENTRIES)
+ {
+ lacl[pos].a_type = DEF_GROUP_OBJ;
+ lacl[pos].a_id = gid;
+ /* lacl[pos].a_perm = 0; */
+ pos++;
+ }
+ if (!(types_def & OTHER_OBJ) && pos < MAX_ACL_ENTRIES)
+ {
+ lacl[pos].a_type = DEF_OTHER_OBJ;
+ lacl[pos].a_id = ILLEGAL_GID;
+ /* lacl[pos].a_perm = 0; */
+ pos++;
+ }
+ /* Include DEF_CLASS_OBJ if any named default ace exists. */
+ if ((types_def & (USER|GROUP)) && pos < MAX_ACL_ENTRIES)
+ {
+ lacl[pos].a_type = DEF_CLASS_OBJ;
+ lacl[pos].a_id = ILLEGAL_GID;
+ lacl[pos].a_perm = S_IROTH | S_IWOTH | S_IXOTH;
+ }
}
}
if ((pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) < 0)