Change well_known_admin_sid to well_known_admins_sid throughout.

        * sec_acl.cc (setacl): Never set DELETE permission. Set
        FILE_DELETE_CHILD only on readable and executable directories.
        * sec_helper.cc: Add constructor for `well_known_null_sid'.
        * security.cc (get_nt_attribute): Set S_ISVTX for directories if
        FILE_WRITE_DATA and FILE_EXECUTE but not FILE_DELETE_CHILD is set.
        Add evaluation of S_ISVTX, S_ISGID and S_ISUID from NULL ACE.
        (alloc_sd): Never set DELETE permission. Set FILE_DELETE_CHILD
        only on readable and executable directories.
        Add creation of NULL ACE for S_ISVTX, S_ISGID and S_ISUID permissions.
        * security.h: Add extern declaration for `well_known_null_sid'.

7 files changed, 73 insertions, 35 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 6d7fd7741..e311289b6 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,17 @@
+Mon 16 Jul 2001 00:11:00  Corinna Vinschen <corinna@vinschen.de>
+
+	Change well_known_admin_sid to well_known_admins_sid throughout.
+	* sec_acl.cc (setacl): Never set DELETE permission. Set
+	FILE_DELETE_CHILD only on readable and executable directories.
+	* sec_helper.cc: Add constructor for `well_known_null_sid'.
+	* security.cc (get_nt_attribute): Set S_ISVTX for directories if
+	FILE_WRITE_DATA and FILE_EXECUTE but not FILE_DELETE_CHILD is set.
+	Add evaluation of S_ISVTX, S_ISGID and S_ISUID from NULL ACE.
+	(alloc_sd): Never set DELETE permission. Set FILE_DELETE_CHILD
+	only on readable and executable directories.
+	Add creation of NULL ACE for S_ISVTX, S_ISGID and S_ISUID permissions.
+	* security.h: Add extern declaration for `well_known_null_sid'.
+
 Fri 13 Jul 2001 08:08:49 PM EDT  Christopher Faylor <cgf@cygnus.com>
 
 	* syscalls.cc (stat_worker): Simplify previous change.
diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc
index 604f1a8d6..70817470b 100644
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@@ -174,7 +174,7 @@ read_etc_group ()
 	  SID_NAME_USE acType;
 	  debug_printf ("Emulating /etc/group");
 	  if (! LookupAccountSidA (NULL ,
-				    well_known_admin_sid,
+				    well_known_admins_sid,
 				    group_name,
 				    &group_name_len,
 				    domain_name,
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index cd5722f0c..6b9b7cc31 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -121,10 +121,11 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
       if (aclbufp[i].a_perm & S_IROTH)
 	allow |= FILE_GENERIC_READ;
       if (aclbufp[i].a_perm & S_IWOTH)
-	allow |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE
-		 | DELETE | FILE_DELETE_CHILD;
+	allow |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE;
       if (aclbufp[i].a_perm & S_IXOTH)
 	allow |= FILE_GENERIC_EXECUTE;
+      if ((aclbufp[i].a_perm & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH))
+        allow |= FILE_DELETE_CHILD;
       /* Set inherit property. */
       DWORD inheritance = (aclbufp[i].a_type & ACL_DEFAULT)
 			  ? INHERIT_ONLY : DONT_INHERIT;
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 4789732a4..6a6867c48 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -44,6 +44,7 @@ SID_IDENTIFIER_AUTHORITY sid_auth[] = {
         {SECURITY_NT_AUTHORITY}
 };
 
+cygsid well_known_null_sid ("S-1-0-0");
 cygsid well_known_world_sid ("S-1-1-0");
 cygsid well_known_local_sid ("S-1-2-0");
 cygsid well_known_creator_owner_sid ("S-1-3-0");
@@ -54,7 +55,7 @@ cygsid well_known_interactive_sid ("S-1-5-4");
 cygsid well_known_service_sid ("S-1-5-6");
 cygsid well_known_authenticated_users_sid ("S-1-5-11");
 cygsid well_known_system_sid ("S-1-5-18");
-cygsid well_known_admin_sid ("S-1-5-32-544");
+cygsid well_known_admins_sid ("S-1-5-32-544");
 
 char *
 cygsid::string (char *nsidstr) const
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 0a843c7a0..6a5b86b27 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -456,7 +456,7 @@ get_group_sidlist (const char *logonserver, cygsidlist &grp_list,
   if (usersid == well_known_system_sid)
     {
       grp_list += well_known_system_sid;
-      grp_list += well_known_admin_sid;
+      grp_list += well_known_admins_sid;
     }
   else
     {
@@ -626,10 +626,10 @@ get_dacl (PACL acl, cygsid usersid, cygsidlist &grp_list)
       __seterrno ();
       return FALSE;
     }
-  if (grp_list.contains (well_known_admin_sid))
+  if (grp_list.contains (well_known_admins_sid))
     {
       if (!AddAccessAllowedAce(acl, ACL_REVISION, GENERIC_ALL,
-			       well_known_admin_sid))
+			       well_known_admins_sid))
         {
 	  __seterrno ();
           return FALSE;
@@ -1162,15 +1162,24 @@ get_nt_attribute (const char *file, int *attribute,
 	      *flags |= S_IXOTH
 			| ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
 			| ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
-	      /* Sticky bit for directories according to linux rules. */
-	      if (!(ace->Mask & FILE_DELETE_CHILD)
-		  && S_ISDIR(*attribute)
-		  && !(*anti & S_ISVTX))
-		*flags |= S_ISVTX;
 	    }
+	  if ((*attribute & S_IFDIR) &&
+	      (ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD))
+	      == (FILE_WRITE_DATA | FILE_EXECUTE))
+	    *flags |= S_ISVTX;
+	}
+      else if (ace_sid == well_known_null_sid)
+        {
+	  /* Read SUID, SGID and VTX bits from NULL ACE. */
+	  if (ace->Mask & FILE_READ_DATA)
+	    *flags |= S_ISVTX;
+	  if (ace->Mask & FILE_WRITE_DATA)
+	    *flags |= S_ISGID;
+	  if (ace->Mask & FILE_APPEND_DATA)
+	    *flags |= S_ISUID;
 	}
     }
-  *attribute &= ~(S_IRWXU|S_IRWXG|S_IRWXO|S_ISVTX);
+  *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
   *attribute |= allow;
   *attribute &= ~deny;
   syscall_printf ("file: %s %x, uid %d, gid %d", file, *attribute, uid, gid);
@@ -1335,16 +1344,6 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
       return NULL;
     }
 
-  /*
-   * VTX bit may only be set if executable for `other' is set.
-   * For correct handling under WinNT, FILE_DELETE_CHILD has to
-   * be (un)set in each ACE.
-   */
-  if (!(attribute & S_IXOTH))
-    attribute &= ~S_ISVTX;
-  if (!(attribute & S_IFDIR))
-    attribute |= S_ISVTX;
-
   /* From here fill ACL. */
   size_t acl_len = sizeof (ACL);
   int ace_off = 0;
@@ -1355,10 +1354,11 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
   if (attribute & S_IRUSR)
     owner_allow |= FILE_GENERIC_READ;
   if (attribute & S_IWUSR)
-    owner_allow |= FILE_GENERIC_WRITE | DELETE;
+    owner_allow |= FILE_GENERIC_WRITE;
   if (attribute & S_IXUSR)
     owner_allow |= FILE_GENERIC_EXECUTE;
-  if (!(attribute & S_ISVTX))
+  if ((attribute & (S_IFDIR | S_IWUSR | S_IXUSR))
+      == (S_IFDIR | S_IWUSR | S_IXUSR))
     owner_allow |= FILE_DELETE_CHILD;
 
   /* Construct allow attribute for group. */
@@ -1367,10 +1367,11 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
   if (attribute & S_IRGRP)
     group_allow |= FILE_GENERIC_READ;
   if (attribute & S_IWGRP)
-    group_allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE | DELETE;
+    group_allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE;
   if (attribute & S_IXGRP)
     group_allow |= FILE_GENERIC_EXECUTE;
-  if (!(attribute & S_ISVTX))
+  if ((attribute & (S_IFDIR | S_IWGRP | S_IXGRP))
+      == (S_IFDIR | S_IWGRP | S_IXGRP))
     group_allow |= FILE_DELETE_CHILD;
 
   /* Construct allow attribute for everyone. */
@@ -1379,12 +1380,26 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
   if (attribute & S_IROTH)
     other_allow |= FILE_GENERIC_READ;
   if (attribute & S_IWOTH)
-    other_allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE | DELETE;
+    other_allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE;
   if (attribute & S_IXOTH)
     other_allow |= FILE_GENERIC_EXECUTE;
-  if (!(attribute & S_ISVTX))
+  if ((attribute & (S_IFDIR | S_IWOTH | S_IXOTH))
+      == (S_IFDIR | S_IWOTH | S_IXOTH)
+      && !(attribute & S_ISVTX))
     other_allow |= FILE_DELETE_CHILD;
 
+  /* Construct SUID, SGID and VTX bits in NULL ACE. */
+  DWORD null_allow = 0L;
+  if (attribute & (S_ISUID | S_ISGID | S_ISVTX))
+    {
+      if (attribute & S_ISUID)
+        null_allow |= FILE_APPEND_DATA;
+      if (attribute & S_ISGID)
+        null_allow |= FILE_WRITE_DATA;
+      if (attribute & S_ISVTX)
+        null_allow |= FILE_READ_DATA;
+    }
+
   /* Construct deny attributes for owner and group. */
   DWORD owner_deny = 0;
   if (is_grp_member (uid, gid))
@@ -1420,7 +1435,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
   if (owner_deny
       && !add_access_denied_ace (acl, ace_off++, owner_deny,
 				  owner_sid, acl_len, inherit))
-      return NULL;
+    return NULL;
   /* Set allow ACE for owner. */
   if (!add_access_allowed_ace (acl, ace_off++, owner_allow,
 				owner_sid, acl_len, inherit))
@@ -1429,7 +1444,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
   if (group_deny
       && !add_access_denied_ace (acl, ace_off++, group_deny,
 				  group_sid, acl_len, inherit))
-      return NULL;
+    return NULL;
   /* Set allow ACE for group. */
   if (!add_access_allowed_ace (acl, ace_off++, group_allow,
 				group_sid, acl_len, inherit))
@@ -1439,6 +1454,11 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
   if (!add_access_allowed_ace (acl, ace_off++, other_allow,
 				well_known_world_sid, acl_len, inherit))
     return NULL;
+  /* Set null ACE for special bits. */
+  if (null_allow
+      && !add_access_allowed_ace (acl, ace_off++, null_allow,
+				  well_known_null_sid, acl_len, inherit))
+    return NULL;
 
   /* Get owner and group from current security descriptor. */
   PSID cur_owner_sid = NULL;
@@ -1463,7 +1483,8 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
 	      || (owner_sid && ace_sid == owner_sid)
 	      || (cur_group_sid && ace_sid == cur_group_sid)
 	      || (group_sid && ace_sid == group_sid)
-	      || (ace_sid == well_known_world_sid))
+	      || (ace_sid == well_known_world_sid)
+	      || (ace_sid == well_known_null_sid))
 	    continue;
 	  /*
 	   * Add unrelated ACCESS_DENIED_ACE to the beginning but
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 5289a29d1..49c41c8cb 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -131,6 +131,7 @@ public:
     }
 };
 
+extern cygsid well_known_null_sid;
 extern cygsid well_known_world_sid;
 extern cygsid well_known_local_sid;
 extern cygsid well_known_creator_owner_sid;
@@ -141,7 +142,7 @@ extern cygsid well_known_interactive_sid;
 extern cygsid well_known_service_sid;
 extern cygsid well_known_authenticated_users_sid;
 extern cygsid well_known_system_sid;
-extern cygsid well_known_admin_sid;
+extern cygsid well_known_admins_sid;
 
 inline BOOL
 legal_sid_type (SID_NAME_USE type)
diff --git a/winsup/cygwin/shared.cc b/winsup/cygwin/shared.cc
index 28fbf4ceb..be93cfed2 100644
--- a/winsup/cygwin/shared.cc
+++ b/winsup/cygwin/shared.cc
@@ -249,7 +249,7 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
   size_t acl_len = sizeof (ACL)
 		   + 4 * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD))
 		   + GetLengthSid (sid)
-		   + GetLengthSid (well_known_admin_sid)
+		   + GetLengthSid (well_known_admins_sid)
 		   + GetLengthSid (well_known_system_sid)
 		   + GetLengthSid (well_known_creator_owner_sid);
   if (sid2)
@@ -266,7 +266,7 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
 
   if (! AddAccessAllowedAce (acl, ACL_REVISION,
 			     SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL,
-			     well_known_admin_sid))
+			     well_known_admins_sid))
     debug_printf ("AddAccessAllowedAce(admin) %E");
 
   if (! AddAccessAllowedAce (acl, ACL_REVISION,