This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[newlib-cygwin] Evaluate all group perms in ACL to emulate POSIX user perms


https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=c19f1b9f8ef50a4498dd8de89399cf4382d1ebd7

commit c19f1b9f8ef50a4498dd8de89399cf4382d1ebd7
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Fri Aug 14 10:10:34 2015 +0200

    Evaluate all group perms in ACL to emulate POSIX user perms
    
            * security,cc (get_attribute_from_acl): Merge all group perms into
            user perms if user is member of group.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/ChangeLog   |  5 +++++
 winsup/cygwin/security.cc | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index cf0495e..4cde08b 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2015-08-14  Corinna Vinschen  <corinna@vinschen.de>
+
+	* security,cc (get_attribute_from_acl): Merge all group perms into
+	user perms if user is member of group.
+
 2015-08-13  Corinna Vinschen  <corinna@vinschen.de>
 
 	* autoload.cc (GetLogicalProcessorInformationEx): Import.
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 86ebe2c..4625060 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -243,6 +243,7 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
   mode_t deny = 0;
   mode_t *flags, *anti;
   bool isownergroup = RtlEqualSid (owner_sid, group_sid);
+  bool userisowner  = RtlEqualSid (owner_sid, cygheap->user.sid ());
 
   for (DWORD i = 0; i < acl->AceCount; ++i)
     {
@@ -340,6 +341,24 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
 	    *flags |= S_IWGRP;
 	  if (ace->Mask & FILE_EXEC_BITS)
 	    *flags |= S_IXGRP;
+	  /* If the current user is the owner of the file, check if the
+	     additional SIDs are in the user's token.  Note that this is
+	     some ugly hack, but a full-fledged solution requires to
+	     create tokens or perhaps using AUTHZ. */
+	  BOOL ret;
+	  if (userisowner
+	      && CheckTokenMembership (cygheap->user.issetuid ()
+				       ? cygheap->user.imp_token () : NULL,
+				       ace_sid, &ret)
+	      && ret)
+	    {
+	      if (ace->Mask & FILE_READ_BITS)
+		*flags |= (!(*anti & S_IRUSR)) ? S_IRUSR : 0;
+	      if (ace->Mask & FILE_WRITE_BITS)
+		*flags |= (!(*anti & S_IWUSR)) ? S_IWUSR : 0;
+	      if (ace->Mask & FILE_EXEC_BITS)
+		*flags |= (!(*anti & S_IXUSR)) ? S_IXUSR : 0;
+	    }
 	}
     }
   *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]