[newlib-cygwin] Use Authz to fetch correct user permissions.

Wed, 18 Nov 2015 14:12:55 -0800 

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=7972e63402eaca6ca78e0f8bffdcc95a141c0f64

commit 7972e63402eaca6ca78e0f8bffdcc95a141c0f64
Author: Corinna Vinschen <cori...@vinschen.de>
Date:   Mon Aug 31 11:34:38 2015 +0200

    Use Authz to fetch correct user permissions.
    
        * sec_acl.cc (getacl): Use Authz to fetch correct user permissions.
    
    Signed-off-by: Corinna Vinschen <cori...@vinschen.de>

Diff:
---
 winsup/cygwin/ChangeLog  |  4 ++++
 winsup/cygwin/sec_acl.cc | 26 ++++++++++++++++++++++++--
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 6d0f91a..697082a 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,9 @@
 2015-11-18  Corinna Vinschen  <cori...@vinschen.de>
 
+       * sec_acl.cc (getacl): Use Authz to fetch correct user permissions.
+
+2015-11-18  Corinna Vinschen  <cori...@vinschen.de>
+
        * autoload.cc (AuthzAccessCheck): Import.
        (AuthzFreeContext): Import.
        (AuthzInitializeContextFromSid): Import.
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index e52cdb7..82e9cb5 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -642,6 +642,15 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
       goto out;
     }
 
+  /* If we use the Windows user DB, use Authz to make sure the owner
+     permissions are correctly reflecting the Windows permissions. */
+  if (cygheap->pg.nss_pwd_db ())
+    {
+      mode_t attr = 0;
+      authz_get_user_attribute (&attr, psd, owner_sid);
+      lacl[0].a_perm = attr >> 6;
+    }
+
   /* Files and dirs are created with a NULL descriptor, so inheritence
      rules kick in.  If no inheritable entries exist in the parent object,
      Windows will create entries according to the user token's default DACL.
@@ -787,8 +796,21 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
            }
          if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)
            {
-             getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType,
-                     new_style && type & (USER | GROUP_OBJ | GROUP));
+             /* If we use the Windows user DB, use Authz to check for user
+                permissions. */
+             if (cygheap->pg.nss_pwd_db () && (type & (USER_OBJ | USER)))
+               {
+                 /* We already handle the USER_OBJ entry above. */
+                 if (type == USER)
+                   {
+                     mode_t attr = 0;
+                     authz_get_user_attribute (&attr, psd, ace_sid);
+                     lacl[pos].a_perm = attr >> 6;
+                   }
+               }
+             else
+               getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType,
+                       new_style && type & (USER | GROUP_OBJ | GROUP));
              if (!new_style)
                {
                  /* Fix up CLASS_OBJ value. */

Reply via email to