Mail Archives: cygwin-developers/1999/12/26/12:54:10
This is a multi-part message in MIME format.
--------------3DDEFB2582AB0D4D00C44D08
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi!
Here's another patch to ntsec that solves different problems when
chown and chmod. This are real patches, extensions to ntsec have to
wait 'til next year.
Happy Y2K,
Corinna
ChangeLog:
==========
Sun Dec 26 18:18:00 1999 Corinna Vinschen <corinna AT vinschen DOT de>
* path.cc (symlink_check_one): Initialize local variable
`unixattr' before calling `get_file_attribute'.
* syscalls.cc (chown): Ditto.
* security.cc (get_nt_attribute): Eliminate attribute
copying from world to user/group in case of missing ACEs.
(alloc_sd): Setting special rights for administrators group
only if it's neither owner nor group.
* utils/mkpasswd.c: Create entry for local group
administrators (SID 544).
--------------3DDEFB2582AB0D4D00C44D08
Content-Type: text/plain; charset=us-ascii;
name="ntsec-patch15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ntsec-patch15"
Index: path.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/path.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 path.cc
--- path.cc 1999/12/26 15:03:15 1.1.1.1
+++ path.cc 1999/12/26 15:22:12
@@ -2130,7 +2130,9 @@ symlink_check_one (const char *in_path,
goto file_not_symlink;
/* Check the file's extended attributes, if it has any. */
- int unixattr;
+ int unixattr = 0;
+ if (fileattr & FILE_ATTRIBUTE_DIRECTORY)
+ unixattr |= S_IFDIR;
if (! get_file_attribute (TRUE, path, &unixattr))
{
Index: security.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/security.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 security.cc
--- security.cc 1999/12/26 15:03:16 1.1.1.1
+++ security.cc 1999/12/26 17:26:14
@@ -652,28 +652,12 @@ get_nt_attribute (const char *file, int
*attribute &= ~S_IRWXO;
has_world_bits = TRUE;
if (ace->Mask & FILE_READ_DATA)
- {
- *attribute |= S_IROTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IRUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IRGRP;
- }
+ *attribute |= S_IROTH;
if (ace->Mask & FILE_WRITE_DATA)
- {
- *attribute |= S_IWOTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IWUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IWGRP;
- }
+ *attribute |= S_IWOTH;
if (ace->Mask & FILE_EXECUTE)
{
*attribute |= S_IXOTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IXUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IXGRP;
// Sticky bit for directories according to linux rules.
// No sense for files.
if (! (ace->Mask & FILE_DELETE_CHILD) &&
@@ -841,7 +825,8 @@ alloc_sd (uid_t uid, gid_t gid, const ch
if (GetAce(acl, 0, (PVOID *) &ace))
ace->Header.AceFlags |= OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
- if (! group_sid || ! EqualSid (group_sid, get_admin_sid ()))
+ if (! EqualSid (owner_sid, get_admin_sid ())
+ && (! group_sid || ! EqualSid (group_sid, get_admin_sid ())))
{
if (! AddAccessAllowedAce (acl, ACL_REVISION,
STANDARD_RIGHTS_READ | WRITE_OWNER,
Index: syscalls.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/syscalls.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 syscalls.cc
--- syscalls.cc 1999/12/26 15:03:16 1.1.1.1
+++ syscalls.cc 1999/12/26 15:23:12
@@ -653,7 +653,9 @@ chown (const char * name, uid_t uid, gid
goto done;
}
- DWORD attrib;
+ DWORD attrib = 0;
+ if (win32_path.file_attributes () & FILE_ATTRIBUTE_DIRECTORY)
+ attrib |= S_IFDIR;
int has_acls;
has_acls = allow_ntsec && win32_path.has_acls ();
res = get_file_attribute (has_acls, win32_path.get_win32 (), (int *) &attrib);
Index: utils/mkpasswd.c
===================================================================
RCS file: /src/cvsroot/winsup-991223/utils/mkpasswd.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mkpasswd.c
--- utils/mkpasswd.c 1999/12/26 15:03:37 1.1.1.1
+++ utils/mkpasswd.c 1999/12/26 17:34:06
@@ -389,6 +389,25 @@ main (int argc, char **argv)
FreeSid (sid);
}
+ /*
+ * Get `administrators' group
+ */
+ if (AllocateAndInitializeSid (&sid_nt_auth, 2, SECURITY_BUILTIN_DOMAIN_RID,
+ DOMAIN_ALIAS_RID_ADMINS,
+ 0, 0, 0, 0, 0, 0, &sid))
+ {
+ if (LookupAccountSid (NULL, sid,
+ name, (len = 256, &len),
+ dom, (len2 = 256, &len),
+ &use))
+ printf ("%s:*:%ld:%ld:%s%s::\n", name,
+ DOMAIN_ALIAS_RID_ADMINS,
+ DOMAIN_ALIAS_RID_ADMINS,
+ print_sids ? "," : "",
+ print_sids ? put_sid (sid) : "");
+ FreeSid (sid);
+ }
+
if (print_local_groups)
enum_local_groups (print_sids);
--------------3DDEFB2582AB0D4D00C44D08--
- Raw text -