From 1a33a5c6d3d4c4713a89950470002f5f9ef11159 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 28 Aug 2014 12:38:52 +0000
Subject: 	* fhandler.cc (fhandler_base::facl): Drop CLASS_OBJ entry. 
 * fhandler_disk_file.cc (fhandler_disk_file::facl): Ditto in noacl case. 
 * sec_acl.cc (getacl): Compute useful fake CLASS_OBJ and DEF_CLASS_OBJ 
 permission bits based on how these values are generated on Linux. 	Add
 commants to explain what the code is doing. 	* security.cc
 (get_attribute_from_acl): Compute group permission based 	on the actual
 primary group permissions and all secondary user and group 
 ACCESS_ALLOWED_ACEs to emulate Linux' behaviour more closely. 
 (check_access): Fix typos im comment. 	* include/cygwin/acl.h
 (MIN_ACL_ENTRIES): Redefine as 3.

---
 winsup/cygwin/security.cc | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

(limited to 'winsup/cygwin/security.cc')

diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index af89a5238..4c46e05d9 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -314,6 +314,21 @@ get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
 	    *flags |= ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
 		      | ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
 	}
+      else if (flags == &allow)
+	{
+	  /* Simplified computation of additional group permissions based on
+	     the CLASS_OBJ value.  CLASS_OBJ represents the or'ed value of
+	     the primary group permissions and all secondary user and group
+	     permissions.  FIXME: This only takes ACCESS_ALLOWED_ACEs into
+	     account.  The computation with additional ACCESS_DENIED_ACE
+	     handling is much more complicated. */
+	  if (ace->Mask & FILE_READ_BITS)
+	    *flags |= S_IRGRP;
+	  if (ace->Mask & FILE_WRITE_BITS)
+	    *flags |= S_IWGRP;
+	  if (ace->Mask & FILE_EXEC_BITS)
+	    *flags |= S_IXGRP;
+	}
     }
   *attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
   if (owner_sid && group_sid && RtlEqualSid (owner_sid, group_sid)
@@ -1049,8 +1064,8 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
 
 /* Samba override.  Check security descriptor for Samba UNIX user and group
    accounts and check if we have an RFC 2307 mapping to a Windows account.
-   Create a new security descriptor with all of the UNIX acocunts with
-   valid mapping replaced with their WIndows counterpart. */
+   Create a new security descriptor with all of the UNIX accounts with
+   valid mapping replaced with their Windows counterpart. */
 static void
 convert_samba_sd (security_descriptor &sd_ret)
 {
-- 
cgit v1.2.3