This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]
[newlib-cygwin] Simplify "Windows-standard-like" permissions

From: Corinna Vinschen <corinna at sourceware dot org>
To: cygwin-cvs at sourceware dot org
Date: 19 Aug 2016 14:50:34 -0000
Subject: [newlib-cygwin] Simplify "Windows-standard-like" permissions
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=a8716448cecc1c09f1ee8896d1b148c5bdda8fca

commit a8716448cecc1c09f1ee8896d1b148c5bdda8fca
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Fri Aug 19 16:50:04 2016 +0200

    Simplify "Windows-standard-like" permissions
    
    Commit 97d0449 left a bit to be desired.  First, the fact that any
    new-style ACL couldn't be "standard ACL" anymore was very much over
    the top.  On one hand Admins and SYSTEM ACEs are not supposed to be
    masked, but on the other hand we *must* create the CLASS_OBJ
    because otherwise we don't have information about masking the
    execute perms for both groups.  The ACL would also fail aclcheck.
    
    And while get_posix_access now returns the "is standard acl" flag,
    it hasn't been utilized by set_created_file_access.  Rather,
    set_created_file_access has simply continued to check for
    nentries > MIN_ACL_ENTRIES, which led to all kinds of weird group
    and CLASS_OBJ perms.  The new code now always manipulates CLASS_OBJ
    perms if a CLASS_OBJ is present, and it always manipulates group perms
    if the ACL has been marked as "standard" ACL.
    
    Another problem (not related to commit 97d0449) is the order
    get_posix_access adds missing perms.  CLASS_OBJ perms are computed
    *before* missing GROUP_OBJ perms have been added.  Thus the CLASS_OBJ
    perms could be too tight and led to additional, buggy DENY ACEs.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/sec_acl.cc  | 31 +++++++++++++++----------------
 winsup/cygwin/security.cc | 14 +++++++-------
 2 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 64d183c..4a47d22 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -809,7 +809,6 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 			  aclsid[pos] = well_known_null_sid;
 			}
 		      has_class_perm = true;
-		      standard_ACEs_only = false;
 		      class_perm = lacl[pos].a_perm;
 		    }
 		  if (ace->Header.AceFlags & SUB_CONTAINERS_AND_OBJECTS_INHERIT)
@@ -1013,6 +1012,21 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 	    }
 	}
     }
+  /* If this is a just created file, and this is an ACL with only standard
+     entries, or if standard POSIX permissions are missing (probably no
+     inherited ACEs so created from a default DACL), assign the permissions
+     specified by the file creation mask.  The values get masked by the
+     actually requested permissions by the caller per POSIX 1003.1e draft 17. */
+  if (just_created)
+    {
+      mode_t perms = (S_IRWXU | S_IRWXG | S_IRWXO) & ~cygheap->umask;
+      if (standard_ACEs_only || !saw_user_obj)
+	lacl[0].a_perm = (perms >> 6) & S_IRWXO;
+      if (standard_ACEs_only || !saw_group_obj)
+	lacl[1].a_perm = (perms >> 3) & S_IRWXO;
+      if (standard_ACEs_only || !saw_other_obj)
+	lacl[2].a_perm = perms & S_IRWXO;
+    }
   /* If this is an old-style or non-Cygwin ACL, and secondary user and group
      entries exist in the ACL, fake a matching CLASS_OBJ entry. The CLASS_OBJ
      permissions are the or'ed permissions of the primary group permissions
@@ -1041,21 +1055,6 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
       lacl[pos].a_perm = lacl[1].a_perm; /* == group perms */
       aclsid[pos] = well_known_null_sid;
     }
-  /* If this is a just created file, and this is an ACL with only standard
-     entries, or if standard POSIX permissions are missing (probably no
-     inherited ACEs so created from a default DACL), assign the permissions
-     specified by the file creation mask.  The values get masked by the
-     actually requested permissions by the caller per POSIX 1003.1e draft 17. */
-  if (just_created)
-    {
-      mode_t perms = (S_IRWXU | S_IRWXG | S_IRWXO) & ~cygheap->umask;
-      if (standard_ACEs_only || !saw_user_obj)
-	lacl[0].a_perm = (perms >> 6) & S_IRWXO;
-      if (standard_ACEs_only || !saw_group_obj)
-	lacl[1].a_perm = (perms >> 3) & S_IRWXO;
-      if (standard_ACEs_only || !saw_other_obj)
-	lacl[2].a_perm = perms & S_IRWXO;
-    }
   /* Ensure that the default acl contains at least
      DEF_(USER|GROUP|OTHER)_OBJ entries.  */
   if (types_def && (pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) >= 0)
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 7894a60..819e43d 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -449,6 +449,7 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
   tmp_pathbuf tp;
   aclent_t *aclp;
   int nentries, idx;
+  bool std_acl;
 
   if (!get_file_sd (handle, pc, sd, true))
     {
@@ -457,8 +458,8 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
 	attr |= S_IFDIR;
       attr_rd = attr;
       aclp = (aclent_t *) tp.c_get ();
-      if ((nentries = get_posix_access (sd, &attr_rd, &uid, &gid,
-					aclp, MAX_ACL_ENTRIES)) >= 0)
+      if ((nentries = get_posix_access (sd, &attr_rd, &uid, &gid, aclp,
+					MAX_ACL_ENTRIES, &std_acl)) >= 0)
 	{
 	  if (S_ISLNK (attr))
 	    {
@@ -466,8 +467,7 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
 	      aclp[0].a_perm = (attr >> 6) & S_IRWXO;
 	      if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
 		aclp[idx].a_perm = (attr >> 3) & S_IRWXO;
-	      if (nentries > MIN_ACL_ENTRIES
-		  && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
+	      if ((idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
 		aclp[idx].a_perm = (attr >> 3) & S_IRWXO;
 	      if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
 		aclp[idx].a_perm = attr & S_IRWXO;
@@ -477,10 +477,10 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
 	      /* Overwrite ACL permissions as required by POSIX 1003.1e
 		 draft 17. */
 	      aclp[0].a_perm &= (attr >> 6) & S_IRWXO;
-	      if (nentries > MIN_ACL_ENTRIES
-		  && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
+	      if ((idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
 		aclp[idx].a_perm &= (attr >> 3) & S_IRWXO;
-	      else if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
+	      if (std_acl
+		  && (idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
 		aclp[idx].a_perm &= (attr >> 3) & S_IRWXO;
 	      if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
 		aclp[idx].a_perm &= attr & S_IRWXO;
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]