[newlib-cygwin] Evaluate all group perms in ACL to emulate POSIX user perms
Corinna Vinschen
corinna@sourceware.org
Fri Aug 14 08:10:00 GMT 2015
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=c19f1b9f8ef50a4498dd8de89399cf4382d1ebd7
commit c19f1b9f8ef50a4498dd8de89399cf4382d1ebd7
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Fri Aug 14 10:10:34 2015 +0200
Evaluate all group perms in ACL to emulate POSIX user perms
* security,cc (get_attribute_from_acl): Merge all group perms into
user perms if user is member of group.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/ChangeLog | 5 +++++
winsup/cygwin/security.cc | 19 +++++++++++++++++++
2 files changed, 24 insertions(+)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index cf0495e..4cde08b 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2015-08-14 Corinna Vinschen <corinna@vinschen.de>
+
+ * security,cc (get_attribute_from_acl): Merge all group perms into
+ user perms if user is member of group.
+
2015-08-13 Corinna Vinschen <corinna@vinschen.de>
* autoload.cc (GetLogicalProcessorInformationEx): Import.
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 86ebe2c..4625060 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -243,6 +243,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
mode_t deny = 0;
mode_t *flags, *anti;
bool isownergroup = RtlEqualSid (owner_sid, group_sid);
+ bool userisowner = RtlEqualSid (owner_sid, cygheap->user.sid ());
for (DWORD i = 0; i < acl->AceCount; ++i)
{
@@ -340,6 +341,24 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
*flags |= S_IWGRP;
if (ace->Mask & FILE_EXEC_BITS)
*flags |= S_IXGRP;
+ /* If the current user is the owner of the file, check if the
+ additional SIDs are in the user's token. Note that this is
+ some ugly hack, but a full-fledged solution requires to
+ create tokens or perhaps using AUTHZ. */
+ BOOL ret;
+ if (userisowner
+ && CheckTokenMembership (cygheap->user.issetuid ()
+ ? cygheap->user.imp_token () : NULL,
+ ace_sid, &ret)
+ && ret)
+ {
+ if (ace->Mask & FILE_READ_BITS)
+ *flags |= (!(*anti & S_IRUSR)) ? S_IRUSR : 0;
+ if (ace->Mask & FILE_WRITE_BITS)
+ *flags |= (!(*anti & S_IWUSR)) ? S_IWUSR : 0;
+ if (ace->Mask & FILE_EXEC_BITS)
+ *flags |= (!(*anti & S_IXUSR)) ? S_IXUSR : 0;
+ }
}
}
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
More information about the Cygwin-cvs
mailing list