More more Everyone
Pierre A. Humblet
Pierre.Humblet@ieee.org
Sun Aug 25 15:02:00 GMT 2002
At 11:04 AM 8/25/2002 +0100, Chris January wrote:
>Can you please make sure these changes are also reflected in
>get_nt_object_attribute?
Good point. Thanks.
I took this opportunity to collect a chunk of common code in a new function.
This patch supersedes those I sent yesterday.
Pierre
2002-08-25 Pierre Humblet <Pierre.Humblet@ieee.org>
* sec_acl.cc (getacl): Check ace_sid == well_known_world_sid
before owner_sid and group_sid so that well_known_world_sid
means "other" even when owner_sid and/or group_sid are Everyone.
* security.cc (get_attribute_from_acl): Created from code common
to get_nt_attribute() and get_nt_object_attribute(), with same
reordering as in getacl() above.
(get_nt_attribute): Call get_attribute_from_acl().
(get_nt_object_attribute): Ditto.
-------------- next part --------------
--- sec_acl.cc.orig 2002-07-02 20:29:16.000000000 -0400
+++ sec_acl.cc 2002-08-24 17:01:02.000000000 -0400
@@ -314,7 +314,12 @@
int id;
int type = 0;
- if (ace_sid == owner_sid)
+ if (ace_sid == well_known_world_sid)
+ {
+ type = OTHER_OBJ;
+ id = 0;
+ }
+ else if (ace_sid == owner_sid)
{
type = USER_OBJ;
id = uid;
@@ -324,11 +329,6 @@
type = GROUP_OBJ;
id = gid;
}
- else if (ace_sid == well_known_world_sid)
- {
- type = OTHER_OBJ;
- id = 0;
- }
else
{
id = ace_sid.get_id (FALSE, &type);
--- security.cc.orig 2002-08-23 18:37:10.000000000 -0400
+++ security.cc 2002-08-25 10:51:48.000000000 -0400
@@ -1202,6 +1202,95 @@
return 0;
}
+static void
+get_attribute_from_acl(int * attribute, PACL acl, PSID owner_sid,
+ PSID group_sid, BOOL grp_member)
+{
+ ACCESS_ALLOWED_ACE *ace;
+ int allow = 0;
+ int deny = 0;
+ int *flags, *anti;
+
+ for (DWORD i = 0; i < acl->AceCount; ++i)
+ {
+ if (!GetAce (acl, i, (PVOID *) &ace))
+ continue;
+ if (ace->Header.AceFlags & INHERIT_ONLY)
+ continue;
+ switch (ace->Header.AceType)
+ {
+ case ACCESS_ALLOWED_ACE_TYPE:
+ flags = &allow;
+ anti = &deny;
+ break;
+ case ACCESS_DENIED_ACE_TYPE:
+ flags = &deny;
+ anti = &allow;
+ break;
+ default:
+ continue;
+ }
+
+ cygsid ace_sid ((PSID) &ace->SidStart);
+ if (ace_sid == well_known_world_sid)
+ {
+ if (ace->Mask & FILE_READ_DATA)
+ *flags |= S_IROTH
+ | ((!(*anti & S_IRGRP)) ? S_IRGRP : 0)
+ | ((!(*anti & S_IRUSR)) ? S_IRUSR : 0);
+ if (ace->Mask & FILE_WRITE_DATA)
+ *flags |= S_IWOTH
+ | ((!(*anti & S_IWGRP)) ? S_IWGRP : 0)
+ | ((!(*anti & S_IWUSR)) ? S_IWUSR : 0);
+ if (ace->Mask & FILE_EXECUTE)
+ {
+ *flags |= S_IXOTH
+ | ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
+ | ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
+ }
+ if ((*attribute & S_IFDIR) &&
+ (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD))
+ == (FILE_WRITE_DATA | FILE_EXECUTE))
+ *flags |= S_ISVTX;
+ }
+ else if (ace_sid == well_known_null_sid)
+ {
+ /* Read SUID, SGID and VTX bits from NULL ACE. */
+ if (ace->Mask & FILE_READ_DATA)
+ *flags |= S_ISVTX;
+ if (ace->Mask & FILE_WRITE_DATA)
+ *flags |= S_ISGID;
+ if (ace->Mask & FILE_APPEND_DATA)
+ *flags |= S_ISUID;
+ }
+ else if (owner_sid && ace_sid == owner_sid)
+ {
+ if (ace->Mask & FILE_READ_DATA)
+ *flags |= S_IRUSR;
+ if (ace->Mask & FILE_WRITE_DATA)
+ *flags |= S_IWUSR;
+ if (ace->Mask & FILE_EXECUTE)
+ *flags |= S_IXUSR;
+ }
+ else if (group_sid && ace_sid == group_sid)
+ {
+ if (ace->Mask & FILE_READ_DATA)
+ *flags |= S_IRGRP
+ | ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0);
+ if (ace->Mask & FILE_WRITE_DATA)
+ *flags |= S_IWGRP
+ | ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0);
+ if (ace->Mask & FILE_EXECUTE)
+ *flags |= S_IXGRP
+ | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
+ }
+ }
+ *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
+ *attribute |= allow;
+ *attribute &= ~deny;
+ return;
+}
+
static int
get_nt_attribute (const char *file, int *attribute,
__uid32_t *uidret, __gid32_t *gidret)
@@ -1264,89 +1353,8 @@
file, *attribute, uid, gid);
return 0;
}
+ get_attribute_from_acl (attribute, acl, owner_sid, group_sid, grp_member);
- ACCESS_ALLOWED_ACE *ace;
- int allow = 0;
- int deny = 0;
- int *flags, *anti;
-
- for (DWORD i = 0; i < acl->AceCount; ++i)
- {
- if (!GetAce (acl, i, (PVOID *) &ace))
- continue;
- if (ace->Header.AceFlags & INHERIT_ONLY)
- continue;
- switch (ace->Header.AceType)
- {
- case ACCESS_ALLOWED_ACE_TYPE:
- flags = &allow;
- anti = &deny;
- break;
- case ACCESS_DENIED_ACE_TYPE:
- flags = &deny;
- anti = &allow;
- break;
- default:
- continue;
- }
-
- cygsid ace_sid ((PSID) &ace->SidStart);
- if (owner_sid && ace_sid == owner_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IRUSR;
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWUSR;
- if (ace->Mask & FILE_EXECUTE)
- *flags |= S_IXUSR;
- }
- else if (group_sid && ace_sid == group_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IRGRP
- | ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0);
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWGRP
- | ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0);
- if (ace->Mask & FILE_EXECUTE)
- *flags |= S_IXGRP
- | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
- }
- else if (ace_sid == well_known_world_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IROTH
- | ((!(*anti & S_IRGRP)) ? S_IRGRP : 0)
- | ((!(*anti & S_IRUSR)) ? S_IRUSR : 0);
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWOTH
- | ((!(*anti & S_IWGRP)) ? S_IWGRP : 0)
- | ((!(*anti & S_IWUSR)) ? S_IWUSR : 0);
- if (ace->Mask & FILE_EXECUTE)
- {
- *flags |= S_IXOTH
- | ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
- | ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
- }
- if ((*attribute & S_IFDIR) &&
- (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD))
- == (FILE_WRITE_DATA | FILE_EXECUTE))
- *flags |= S_ISVTX;
- }
- else if (ace_sid == well_known_null_sid)
- {
- /* Read SUID, SGID and VTX bits from NULL ACE. */
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_ISVTX;
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_ISGID;
- if (ace->Mask & FILE_APPEND_DATA)
- *flags |= S_ISUID;
- }
- }
- *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
- *attribute |= allow;
- *attribute &= ~deny;
syscall_printf ("file: %s %x, uid %d, gid %d", file, *attribute, uid, gid);
return 0;
}
@@ -1437,88 +1445,7 @@
return 0;
}
- ACCESS_ALLOWED_ACE *ace;
- int allow = 0;
- int deny = 0;
- int *flags, *anti;
-
- for (DWORD i = 0; i < acl->AceCount; ++i)
- {
- if (!GetAce (acl, i, (PVOID *) & ace))
- continue;
- if (ace->Header.AceFlags & INHERIT_ONLY)
- continue;
- switch (ace->Header.AceType)
- {
- case ACCESS_ALLOWED_ACE_TYPE:
- flags = &allow;
- anti = &deny;
- break;
- case ACCESS_DENIED_ACE_TYPE:
- flags = &deny;
- anti = &allow;
- break;
- default:
- continue;
- }
-
- cygsid ace_sid ((PSID) & ace->SidStart);
- if (owner_sid && ace_sid == owner_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IRUSR;
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWUSR;
- if (ace->Mask & FILE_EXECUTE)
- *flags |= S_IXUSR;
- }
- else if (group_sid && ace_sid == group_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IRGRP
- | ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0);
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWGRP
- | ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0);
- if (ace->Mask & FILE_EXECUTE)
- *flags |= S_IXGRP
- | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
- }
- else if (ace_sid == well_known_world_sid)
- {
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_IROTH
- | ((!(*anti & S_IRGRP)) ? S_IRGRP : 0)
- | ((!(*anti & S_IRUSR)) ? S_IRUSR : 0);
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_IWOTH
- | ((!(*anti & S_IWGRP)) ? S_IWGRP : 0)
- | ((!(*anti & S_IWUSR)) ? S_IWUSR : 0);
- if (ace->Mask & FILE_EXECUTE)
- {
- *flags |= S_IXOTH
- | ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
- | ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
- }
- if ((*attribute & S_IFDIR) &&
- (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD))
- == (FILE_WRITE_DATA | FILE_EXECUTE))
- *flags |= S_ISVTX;
- }
- else if (ace_sid == well_known_null_sid)
- {
- /* Read SUID, SGID and VTX bits from NULL ACE. */
- if (ace->Mask & FILE_READ_DATA)
- *flags |= S_ISVTX;
- if (ace->Mask & FILE_WRITE_DATA)
- *flags |= S_ISGID;
- if (ace->Mask & FILE_APPEND_DATA)
- *flags |= S_ISUID;
- }
- }
- *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
- *attribute |= allow;
- *attribute &= ~deny;
+ get_attribute_from_acl (attribute, acl, owner_sid, group_sid, grp_member);
LocalFree (psd);
More information about the Cygwin-patches
mailing list