Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin-developers AT sourceware DOT cygnus DOT com Message-ID: <38665322.F3AF9B9D@vinschen.de> Date: Sun, 26 Dec 1999 18:40:50 +0100 From: Corinna Vinschen X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: de,en MIME-Version: 1.0 To: Chris Faylor CC: cygdev Subject: ntsec-patch15 Content-Type: multipart/mixed; boundary="------------3DDEFB2582AB0D4D00C44D08" This is a multi-part message in MIME format. --------------3DDEFB2582AB0D4D00C44D08 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi! Here's another patch to ntsec that solves different problems when chown and chmod. This are real patches, extensions to ntsec have to wait 'til next year. Happy Y2K, Corinna ChangeLog: ========== Sun Dec 26 18:18:00 1999 Corinna Vinschen * path.cc (symlink_check_one): Initialize local variable `unixattr' before calling `get_file_attribute'. * syscalls.cc (chown): Ditto. * security.cc (get_nt_attribute): Eliminate attribute copying from world to user/group in case of missing ACEs. (alloc_sd): Setting special rights for administrators group only if it's neither owner nor group. * utils/mkpasswd.c: Create entry for local group administrators (SID 544). --------------3DDEFB2582AB0D4D00C44D08 Content-Type: text/plain; charset=us-ascii; name="ntsec-patch15" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ntsec-patch15" Index: path.cc =================================================================== RCS file: /src/cvsroot/winsup-991223/path.cc,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 path.cc --- path.cc 1999/12/26 15:03:15 1.1.1.1 +++ path.cc 1999/12/26 15:22:12 @@ -2130,7 +2130,9 @@ symlink_check_one (const char *in_path, goto file_not_symlink; /* Check the file's extended attributes, if it has any. */ - int unixattr; + int unixattr = 0; + if (fileattr & FILE_ATTRIBUTE_DIRECTORY) + unixattr |= S_IFDIR; if (! get_file_attribute (TRUE, path, &unixattr)) { Index: security.cc =================================================================== RCS file: /src/cvsroot/winsup-991223/security.cc,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 security.cc --- security.cc 1999/12/26 15:03:16 1.1.1.1 +++ security.cc 1999/12/26 17:26:14 @@ -652,28 +652,12 @@ get_nt_attribute (const char *file, int *attribute &= ~S_IRWXO; has_world_bits = TRUE; if (ace->Mask & FILE_READ_DATA) - { - *attribute |= S_IROTH; - if (! owner_sid || ! has_owner_bits) - *attribute |= S_IRUSR; - if (! group_sid || ! has_group_bits) - *attribute |= S_IRGRP; - } + *attribute |= S_IROTH; if (ace->Mask & FILE_WRITE_DATA) - { - *attribute |= S_IWOTH; - if (! owner_sid || ! has_owner_bits) - *attribute |= S_IWUSR; - if (! group_sid || ! has_group_bits) - *attribute |= S_IWGRP; - } + *attribute |= S_IWOTH; if (ace->Mask & FILE_EXECUTE) { *attribute |= S_IXOTH; - if (! owner_sid || ! has_owner_bits) - *attribute |= S_IXUSR; - if (! group_sid || ! has_group_bits) - *attribute |= S_IXGRP; // Sticky bit for directories according to linux rules. // No sense for files. if (! (ace->Mask & FILE_DELETE_CHILD) && @@ -841,7 +825,8 @@ alloc_sd (uid_t uid, gid_t gid, const ch if (GetAce(acl, 0, (PVOID *) &ace)) ace->Header.AceFlags |= OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE; - if (! group_sid || ! EqualSid (group_sid, get_admin_sid ())) + if (! EqualSid (owner_sid, get_admin_sid ()) + && (! group_sid || ! EqualSid (group_sid, get_admin_sid ()))) { if (! AddAccessAllowedAce (acl, ACL_REVISION, STANDARD_RIGHTS_READ | WRITE_OWNER, Index: syscalls.cc =================================================================== RCS file: /src/cvsroot/winsup-991223/syscalls.cc,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 syscalls.cc --- syscalls.cc 1999/12/26 15:03:16 1.1.1.1 +++ syscalls.cc 1999/12/26 15:23:12 @@ -653,7 +653,9 @@ chown (const char * name, uid_t uid, gid goto done; } - DWORD attrib; + DWORD attrib = 0; + if (win32_path.file_attributes () & FILE_ATTRIBUTE_DIRECTORY) + attrib |= S_IFDIR; int has_acls; has_acls = allow_ntsec && win32_path.has_acls (); res = get_file_attribute (has_acls, win32_path.get_win32 (), (int *) &attrib); Index: utils/mkpasswd.c =================================================================== RCS file: /src/cvsroot/winsup-991223/utils/mkpasswd.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 mkpasswd.c --- utils/mkpasswd.c 1999/12/26 15:03:37 1.1.1.1 +++ utils/mkpasswd.c 1999/12/26 17:34:06 @@ -389,6 +389,25 @@ main (int argc, char **argv) FreeSid (sid); } + /* + * Get `administrators' group + */ + if (AllocateAndInitializeSid (&sid_nt_auth, 2, SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, &sid)) + { + if (LookupAccountSid (NULL, sid, + name, (len = 256, &len), + dom, (len2 = 256, &len), + &use)) + printf ("%s:*:%ld:%ld:%s%s::\n", name, + DOMAIN_ALIAS_RID_ADMINS, + DOMAIN_ALIAS_RID_ADMINS, + print_sids ? "," : "", + print_sids ? put_sid (sid) : ""); + FreeSid (sid); + } + if (print_local_groups) enum_local_groups (print_sids); --------------3DDEFB2582AB0D4D00C44D08--