Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
Sender: cygwin-developers-owner AT sourceware DOT cygnus DOT com
Message-ID: <38665322.F3AF9B9D@vinschen.de>
Date: Sun, 26 Dec 1999 18:40:50 +0100
From: Corinna Vinschen <corinna AT vinschen DOT de>
MIME-Version: 1.0
To: Chris Faylor <cgf AT cygnus DOT com>
CC: cygdev <cygwin-developers AT sourceware DOT cygnus DOT com>
Subject: ntsec-patch15
Content-Type: multipart/mixed;
 boundary="------------3DDEFB2582AB0D4D00C44D08"

This is a multi-part message in MIME format.
--------------3DDEFB2582AB0D4D00C44D08
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


Hi!

Here's another patch to ntsec that solves different problems when
chown and chmod. This are real patches, extensions to ntsec have to
wait 'til next year.

Happy Y2K,
Corinna


ChangeLog:
==========

Sun Dec 26 18:18:00 1999  Corinna Vinschen  <corinna AT vinschen DOT de>

	* path.cc (symlink_check_one): Initialize local variable
	`unixattr' before calling `get_file_attribute'.
	* syscalls.cc (chown): Ditto.
	* security.cc (get_nt_attribute): Eliminate attribute
	copying from world to user/group in case of missing ACEs.
	(alloc_sd): Setting special rights for administrators group
	only if it's neither owner nor group.
	* utils/mkpasswd.c: Create entry for local group
	administrators (SID 544).
--------------3DDEFB2582AB0D4D00C44D08
Content-Type: text/plain; charset=us-ascii;
 name="ntsec-patch15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="ntsec-patch15"

Index: path.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/path.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 path.cc
--- path.cc	1999/12/26 15:03:15	1.1.1.1
+++ path.cc	1999/12/26 15:22:12
@@ -2130,7 +2130,9 @@ symlink_check_one (const char *in_path, 
 	goto file_not_symlink;
 
       /* Check the file's extended attributes, if it has any.  */
-      int unixattr;
+      int unixattr = 0;
+      if (fileattr & FILE_ATTRIBUTE_DIRECTORY)
+        unixattr |= S_IFDIR;
 
       if (! get_file_attribute (TRUE, path, &unixattr))
 	{
Index: security.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/security.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 security.cc
--- security.cc	1999/12/26 15:03:16	1.1.1.1
+++ security.cc	1999/12/26 17:26:14
@@ -652,28 +652,12 @@ get_nt_attribute (const char *file, int 
 		  *attribute &= ~S_IRWXO;
 		  has_world_bits = TRUE;
 		  if (ace->Mask & FILE_READ_DATA)
-		    {
-		      *attribute |= S_IROTH;
-		      if (! owner_sid || ! has_owner_bits)
-			*attribute |= S_IRUSR;
-		      if (! group_sid || ! has_group_bits)
-			*attribute |= S_IRGRP;
-		    }
+		    *attribute |= S_IROTH;
 		  if (ace->Mask & FILE_WRITE_DATA)
-		    {
-		      *attribute |= S_IWOTH;
-		      if (! owner_sid || ! has_owner_bits)
-			*attribute |= S_IWUSR;
-		      if (! group_sid || ! has_group_bits)
-			*attribute |= S_IWGRP;
-		    }
+		    *attribute |= S_IWOTH;
 		  if (ace->Mask & FILE_EXECUTE)
 		    {
 		      *attribute |= S_IXOTH;
-		      if (! owner_sid || ! has_owner_bits)
-			*attribute |= S_IXUSR;
-		      if (! group_sid || ! has_group_bits)
-			*attribute |= S_IXGRP;
 		      // Sticky bit for directories according to linux rules.
 		      // No sense for files.
 		      if (! (ace->Mask & FILE_DELETE_CHILD) &&
@@ -841,7 +825,8 @@ alloc_sd (uid_t uid, gid_t gid, const ch
       if (GetAce(acl, 0, (PVOID *) &ace))
         ace->Header.AceFlags |= OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
 
-      if (! group_sid || ! EqualSid (group_sid, get_admin_sid ()))
+      if (! EqualSid (owner_sid, get_admin_sid ())
+          && (! group_sid || ! EqualSid (group_sid, get_admin_sid ())))
 	{
 	  if (! AddAccessAllowedAce (acl, ACL_REVISION,
 	                             STANDARD_RIGHTS_READ | WRITE_OWNER,
Index: syscalls.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/syscalls.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 syscalls.cc
--- syscalls.cc	1999/12/26 15:03:16	1.1.1.1
+++ syscalls.cc	1999/12/26 15:23:12
@@ -653,7 +653,9 @@ chown (const char * name, uid_t uid, gid
 	  goto done;
 	}
 
-      DWORD attrib;
+      DWORD attrib = 0;
+      if (win32_path.file_attributes () & FILE_ATTRIBUTE_DIRECTORY)
+        attrib |= S_IFDIR;
       int has_acls;
       has_acls = allow_ntsec && win32_path.has_acls ();
       res = get_file_attribute (has_acls, win32_path.get_win32 (), (int *) &attrib);
Index: utils/mkpasswd.c
===================================================================
RCS file: /src/cvsroot/winsup-991223/utils/mkpasswd.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mkpasswd.c
--- utils/mkpasswd.c	1999/12/26 15:03:37	1.1.1.1
+++ utils/mkpasswd.c	1999/12/26 17:34:06
@@ -389,6 +389,25 @@ main (int argc, char **argv)
       FreeSid (sid);
     }
 
+  /*
+   * Get `administrators' group
+  */
+  if (AllocateAndInitializeSid (&sid_nt_auth, 2, SECURITY_BUILTIN_DOMAIN_RID,
+                                DOMAIN_ALIAS_RID_ADMINS,
+                                0, 0, 0, 0, 0, 0, &sid))
+    {
+      if (LookupAccountSid (NULL, sid,
+                            name, (len = 256, &len),
+                            dom, (len2 = 256, &len),
+                            &use))
+        printf ("%s:*:%ld:%ld:%s%s::\n", name,
+                                         DOMAIN_ALIAS_RID_ADMINS,
+                                         DOMAIN_ALIAS_RID_ADMINS,
+                                         print_sids ? "," : "",
+                                         print_sids ? put_sid (sid) : "");
+      FreeSid (sid);
+    }
+
   if (print_local_groups)
     enum_local_groups (print_sids);
 

--------------3DDEFB2582AB0D4D00C44D08--