* fhandler.cc (fhandler_base::open): Always create file with default

	security descriptor and fix descriptor afterwards.  Change comment to
	explain why.
	* security.cc (alloc_sd): Drop setting the SE_DACL_PROTECTED flag.
	* wincap.cc: Remove has_dacl_protect throughout.
	* wincap.h: Ditto.

1 files changed, 21 insertions, 27 deletions

diff --git a/winsup/cygwin/fhandler.cc b/winsup/cygwin/fhandler.cc
index 7a7d80148..3e6e158c5 100644
--- a/winsup/cygwin/fhandler.cc
+++ b/winsup/cygwin/fhandler.cc
@@ -553,20 +553,7 @@ fhandler_base::open (int flags, mode_t mode)
 	{
 	  file_attributes |= FILE_ATTRIBUTE_NORMAL;
 
-	  /* If mode has no write bits set, and ACLs are not used, we set
-	     the DOS R/O attribute. */
-	  if (!has_acls () && !(mode & (S_IWUSR | S_IWGRP | S_IWOTH)))
-	    file_attributes |= FILE_ATTRIBUTE_READONLY;
-
-	  /* If the file should actually be created and has ACLs,
-	     set files attributes, except on remote file systems.
-	     See below. */
-	  if (has_acls () && !pc.isremote ())
-	    {
-	      set_security_attribute (pc, mode, &sa, sd);
-	      attr.SecurityDescriptor = sa.lpSecurityDescriptor;
-	    }
-	  else if (pc.fs_is_nfs ())
+	  if (pc.fs_is_nfs ())
 	    {
 	      /* When creating a file on an NFS share, we have to set the
 		 file mode by writing a NFS fattr3 structure with the
@@ -586,6 +573,10 @@ fhandler_base::open (int flags, mode_t mode)
 	      nfs_attr->type = NF3REG;
 	      nfs_attr->mode = mode;
 	    }
+	  else if (!has_acls () && !(mode & (S_IWUSR | S_IWGRP | S_IWOTH)))
+	    /* If mode has no write bits set, and ACLs are not used, we set
+	       the DOS R/O attribute. */
+	    file_attributes |= FILE_ATTRIBUTE_READONLY;
 	  /* The file attributes are needed for later use in, e.g. fchmod. */
 	  pc.file_attributes (file_attributes);
 	}
@@ -606,24 +597,27 @@ fhandler_base::open (int flags, mode_t mode)
 	goto done;
    }
 
-  /* After some discussion on the samba-technical list, starting here:
-     http://lists.samba.org/archive/samba-technical/2008-July/060247.html
+  /* Always create files using a NULL SD.  Create correct permission bits
+     afterwards, maintaining the owner and group information just like chmod.
+
+     This is done for two reasons.
 
-     Always create files on a remote share using a NULL SD.  Create
-     correct permission bits afterwards, maintaing the owner and group
-     information just like chmod.
+     On Windows filesystems we need to create the file with default
+     permissions to allow inheriting ACEs.  When providing an explicit DACL
+     in calls to [Nt]CreateFile, the created file will not inherit default
+     permissions from the parent object.  This breaks not only Windows
+     inheritance, but also POSIX ACL inheritance.
 
-     The reason to do this is to maintain the Windows behaviour when
-     creating files on a remote share.  Files on a remote share are
-     created as the user used for authentication.  In a domain that's
+     Another reason to do this are remote shares.  Files on a remote share
+     are created as the user used for authentication.  In a domain that's
      usually the user you're logged in as.  Outside of a domain you're
      authenticating using a local user account on the sharing machine.
      If the SIDs of the client machine are used, that's entirely
-     unexpected behaviour.
-
-     Doing it like we do here creates the expected SD in a domain as
-     well as on standalone servers. */
-  if ((flags & O_CREAT) && has_acls () && pc.isremote ())
+     unexpected behaviour.  Doing it like we do here creates the expected SD
+     in a domain as well as on standalone servers.
+     This is the result of a discussion on the samba-technical list, starting at
+     http://lists.samba.org/archive/samba-technical/2008-July/060247.html */
+  if ((flags & O_CREAT) && has_acls ())
     set_file_attribute (fh, pc, ILLEGAL_UID, ILLEGAL_GID, mode);
 
   set_io_handle (fh);