This is the mail archive of the
cygwin-developers@sourceware.cygnus.com
mailing list for the Cygwin project.
ntsec-patch15
- To: Chris Faylor <cgf at cygnus dot com>
- Subject: ntsec-patch15
- From: Corinna Vinschen <corinna at vinschen dot de>
- Date: Sun, 26 Dec 1999 18:40:50 +0100
- CC: cygdev <cygwin-developers at sourceware dot cygnus dot com>
Hi!
Here's another patch to ntsec that solves different problems when
chown and chmod. This are real patches, extensions to ntsec have to
wait 'til next year.
Happy Y2K,
Corinna
ChangeLog:
==========
Sun Dec 26 18:18:00 1999 Corinna Vinschen <corinna@vinschen.de>
* path.cc (symlink_check_one): Initialize local variable
`unixattr' before calling `get_file_attribute'.
* syscalls.cc (chown): Ditto.
* security.cc (get_nt_attribute): Eliminate attribute
copying from world to user/group in case of missing ACEs.
(alloc_sd): Setting special rights for administrators group
only if it's neither owner nor group.
* utils/mkpasswd.c: Create entry for local group
administrators (SID 544).
Index: path.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/path.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 path.cc
--- path.cc 1999/12/26 15:03:15 1.1.1.1
+++ path.cc 1999/12/26 15:22:12
@@ -2130,7 +2130,9 @@ symlink_check_one (const char *in_path,
goto file_not_symlink;
/* Check the file's extended attributes, if it has any. */
- int unixattr;
+ int unixattr = 0;
+ if (fileattr & FILE_ATTRIBUTE_DIRECTORY)
+ unixattr |= S_IFDIR;
if (! get_file_attribute (TRUE, path, &unixattr))
{
Index: security.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/security.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 security.cc
--- security.cc 1999/12/26 15:03:16 1.1.1.1
+++ security.cc 1999/12/26 17:26:14
@@ -652,28 +652,12 @@ get_nt_attribute (const char *file, int
*attribute &= ~S_IRWXO;
has_world_bits = TRUE;
if (ace->Mask & FILE_READ_DATA)
- {
- *attribute |= S_IROTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IRUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IRGRP;
- }
+ *attribute |= S_IROTH;
if (ace->Mask & FILE_WRITE_DATA)
- {
- *attribute |= S_IWOTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IWUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IWGRP;
- }
+ *attribute |= S_IWOTH;
if (ace->Mask & FILE_EXECUTE)
{
*attribute |= S_IXOTH;
- if (! owner_sid || ! has_owner_bits)
- *attribute |= S_IXUSR;
- if (! group_sid || ! has_group_bits)
- *attribute |= S_IXGRP;
// Sticky bit for directories according to linux rules.
// No sense for files.
if (! (ace->Mask & FILE_DELETE_CHILD) &&
@@ -841,7 +825,8 @@ alloc_sd (uid_t uid, gid_t gid, const ch
if (GetAce(acl, 0, (PVOID *) &ace))
ace->Header.AceFlags |= OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
- if (! group_sid || ! EqualSid (group_sid, get_admin_sid ()))
+ if (! EqualSid (owner_sid, get_admin_sid ())
+ && (! group_sid || ! EqualSid (group_sid, get_admin_sid ())))
{
if (! AddAccessAllowedAce (acl, ACL_REVISION,
STANDARD_RIGHTS_READ | WRITE_OWNER,
Index: syscalls.cc
===================================================================
RCS file: /src/cvsroot/winsup-991223/syscalls.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 syscalls.cc
--- syscalls.cc 1999/12/26 15:03:16 1.1.1.1
+++ syscalls.cc 1999/12/26 15:23:12
@@ -653,7 +653,9 @@ chown (const char * name, uid_t uid, gid
goto done;
}
- DWORD attrib;
+ DWORD attrib = 0;
+ if (win32_path.file_attributes () & FILE_ATTRIBUTE_DIRECTORY)
+ attrib |= S_IFDIR;
int has_acls;
has_acls = allow_ntsec && win32_path.has_acls ();
res = get_file_attribute (has_acls, win32_path.get_win32 (), (int *) &attrib);
Index: utils/mkpasswd.c
===================================================================
RCS file: /src/cvsroot/winsup-991223/utils/mkpasswd.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mkpasswd.c
--- utils/mkpasswd.c 1999/12/26 15:03:37 1.1.1.1
+++ utils/mkpasswd.c 1999/12/26 17:34:06
@@ -389,6 +389,25 @@ main (int argc, char **argv)
FreeSid (sid);
}
+ /*
+ * Get `administrators' group
+ */
+ if (AllocateAndInitializeSid (&sid_nt_auth, 2, SECURITY_BUILTIN_DOMAIN_RID,
+ DOMAIN_ALIAS_RID_ADMINS,
+ 0, 0, 0, 0, 0, 0, &sid))
+ {
+ if (LookupAccountSid (NULL, sid,
+ name, (len = 256, &len),
+ dom, (len2 = 256, &len),
+ &use))
+ printf ("%s:*:%ld:%ld:%s%s::\n", name,
+ DOMAIN_ALIAS_RID_ADMINS,
+ DOMAIN_ALIAS_RID_ADMINS,
+ print_sids ? "," : "",
+ print_sids ? put_sid (sid) : "");
+ FreeSid (sid);
+ }
+
if (print_local_groups)
enum_local_groups (print_sids);