diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2009-10-30 22:58:53 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2009-10-30 22:58:53 +0300 |
| commit | b42441d32b5a08a8d0e192535aaf7230236b2865 (patch) | |
| tree | 43e5eef49ba6368ed8932a5405ed50f6d8805489 /winsup/cygwin/sec_acl.cc | |
| parent | 53be6f3df61def98835a5b665064e2501986ccbd (diff) | |
* sec_helper.cc (security_descriptor::free): If sd_size is 0, call
LocalFree instead of ::free.
* sec_acl.cc: Throughout replace old ACE flag definitions with current
definitions as used in MSDN man pages.
* security.cc: Ditto.
* fhandler.cc (fhandler_base::open): Make sure file has really been
just created before fixing file permissions. Add S_JUSTCREATED
attribute to set_file_attribute call.
* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
with default security descriptor and fix descriptor afterwards.
Add S_JUSTCREATED flag to set_file_attribute call.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto for symlinks.
* security.cc (get_file_sd): Call GetSecurityInfo rather than
NtQuerySecurityObject. Explain why. Change error handling accordingly.
(alloc_sd): Skip non-inherited, non-standard entries in ACL if
S_JUSTCREATED attribute is set. Explain why. Minor format fixes.
* security.h (S_JUSTCREATED): New define.
(security_descriptor::operator=): New operator.
Diffstat (limited to 'winsup/cygwin/sec_acl.cc')
| -rw-r--r-- | winsup/cygwin/sec_acl.cc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index 2a9b4fc71..3a5497574 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -123,7 +123,8 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, allow |= FILE_DELETE_CHILD; /* Set inherit property. */ DWORD inheritance = (aclbufp[i].a_type & ACL_DEFAULT) - ? (SUB_CONTAINERS_AND_OBJECTS_INHERIT | INHERIT_ONLY) + ? (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE + | INHERIT_ONLY_ACE) : NO_INHERITANCE; /* * If a specific acl contains a corresponding default entry with @@ -138,7 +139,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, ? aclbufp[i].a_id : ILLEGAL_UID)) >= 0 && aclbufp[i].a_perm == aclbufp[i + 1 + pos].a_perm) { - inheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; + inheritance = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE; /* This invalidates the corresponding default entry. */ aclbufp[i + 1 + pos].a_type = USER|GROUP|ACL_DEFAULT; } @@ -365,12 +366,13 @@ getacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp) if (!type) continue; - if (!(ace->Header.AceFlags & INHERIT_ONLY || type & ACL_DEFAULT)) + if (!(ace->Header.AceFlags & INHERIT_ONLY_ACE || type & ACL_DEFAULT)) { if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0) getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType); } - if ((ace->Header.AceFlags & SUB_CONTAINERS_AND_OBJECTS_INHERIT) + if ((ace->Header.AceFlags + & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE)) && pc.isdir ()) { if (type == USER_OBJ) |