drew
/
acadia-newlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* dir.cc (mkdir): Set security attributes correctly for 

CreateDirectoryA () call if ntsec is on. Don't call
        set_file_attributes () then.
        * fhandler.cc (fhandler_base::open): Ditto for CreateFileA () call.
        * path.cc (symlink): Ditto.
        * security.cc (set_security_attribute): New function.
        * security.h: Add declaration for `allow_ntea' and
        `set_security_attribute'.
This commit is contained in:
Corinna Vinschen 2001-08-07 15:09:54 +00:00
parent f5e8e2be4a
commit 86fb039324
6 changed files with 65 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,14 @@
Tue Aug 7 16:24:00 2001 Corinna Vinschen <corinna@vinschen.de>
* dir.cc (mkdir): Set security attributes correctly for
CreateDirectoryA () call if ntsec is on. Don't call
set_file_attributes () then.
* fhandler.cc (fhandler_base::open): Ditto for CreateFileA () call.
* path.cc (symlink): Ditto.
* security.cc (set_security_attribute): New function.
* security.h: Add declaration for `allow_ntea' and
`set_security_attribute'.
Tue Aug 7 10:54:00 2001 Corinna Vinschen <corinna@vinschen.de> Tue Aug 7 10:54:00 2001 Corinna Vinschen <corinna@vinschen.de>
* grp.cc (class grp_check): New class. Make `group_state' * grp.cc (class grp_check): New class. Make `group_state'

12
winsup/cygwin/dir.cc
View File

@ -305,6 +305,7 @@ extern "C" int
mkdir (const char *dir, mode_t mode) mkdir (const char *dir, mode_t mode)
{ {
int res = -1; int res = -1;
SECURITY_ATTRIBUTES sa = sec_none_nih;
path_conv real_dir (dir, PC_SYM_NOFOLLOW); path_conv real_dir (dir, PC_SYM_NOFOLLOW);
@ -318,10 +319,15 @@ mkdir (const char *dir, mode_t mode)
if (! writable_directory (real_dir.get_win32 ())) if (! writable_directory (real_dir.get_win32 ()))
goto done; goto done;
if (CreateDirectoryA (real_dir.get_win32 (), 0)) if (allow_ntsec && real_dir.has_acls ())
set_security_attribute (S_IFDIR | ((mode & 0777) & ~cygheap->umask),
&sa, alloca (256), 256);
if (CreateDirectoryA (real_dir.get_win32 (), &sa))
{ {
set_file_attribute (real_dir.has_acls (), real_dir.get_win32 (), if (!allow_ntsec && allow_ntea)
S_IFDIR | ((mode & 0777) & ~cygheap->umask)); set_file_attribute (real_dir.has_acls (), real_dir.get_win32 (),
S_IFDIR | ((mode & 0777) & ~cygheap->umask));
res = 0; res = 0;
} }
else else

18
winsup/cygwin/fhandler.cc
View File

@ -300,6 +300,7 @@ fhandler_base::open (int flags, mode_t mode)
int file_attributes; int file_attributes;
int shared; int shared;
int creation_distribution; int creation_distribution;
SECURITY_ATTRIBUTES sa = sec_none;
syscall_printf ("(%s, %p)", get_win32_name (), flags); syscall_printf ("(%s, %p)", get_win32_name (), flags);
@ -382,14 +383,20 @@ fhandler_base::open (int flags, mode_t mode)
set_errno (ENOENT); set_errno (ENOENT);
goto done; goto done;
} }
/* If the file should actually be created and ntsec is on,
set files attributes. */
if (flags & O_CREAT && get_device () == FH_DISK && allow_ntsec && has_acls ())
set_security_attribute (mode, &sa, alloca (256), 256);
x = CreateFileA (get_win32_name (), access, shared, x = CreateFileA (get_win32_name (), access, shared,
&sec_none, creation_distribution, &sa, creation_distribution,
file_attributes, file_attributes,
0); 0);
syscall_printf ("%p = CreateFileA (%s, %p, %p, %p, %p, %p, 0)", syscall_printf ("%p = CreateFileA (%s, %p, %p, %p, %p, %p, 0)",
x, get_win32_name (), access, shared, x, get_win32_name (), access, shared,
&sec_none, creation_distribution, &sa, creation_distribution,
file_attributes); file_attributes);
if (x == INVALID_HANDLE_VALUE) if (x == INVALID_HANDLE_VALUE)
@ -401,9 +408,12 @@ fhandler_base::open (int flags, mode_t mode)
goto done; goto done;
} }
// Attributes may be set only if a file is _really_ created. /* Attributes may be set only if a file is _really_ created.
This code is now only used for ntea here since the files
security attributes are set in CreateFile () now. */
if (flags & O_CREAT && get_device () == FH_DISK if (flags & O_CREAT && get_device () == FH_DISK
&& GetLastError () != ERROR_ALREADY_EXISTS) && GetLastError () != ERROR_ALREADY_EXISTS
&& !allow_ntsec && allow_ntea)
set_file_attribute (has_acls (), get_win32_name (), mode); set_file_attribute (has_acls (), get_win32_name (), mode);
namehash = hash_path_name (0, get_win32_name ()); namehash = hash_path_name (0, get_win32_name ());

14
winsup/cygwin/path.cc
View File

@ -2395,6 +2395,7 @@ symlink (const char *topath, const char *frompath)
char cwd[MAX_PATH + 1], *cp = NULL, c = 0; char cwd[MAX_PATH + 1], *cp = NULL, c = 0;
char w32topath[MAX_PATH + 1]; char w32topath[MAX_PATH + 1];
DWORD written; DWORD written;
SECURITY_ATTRIBUTES sa = sec_none_nih;
win32_path.check (frompath, PC_SYM_NOFOLLOW); win32_path.check (frompath, PC_SYM_NOFOLLOW);
if (allow_winsymlinks && !win32_path.error) if (allow_winsymlinks && !win32_path.error)
@ -2456,7 +2457,11 @@ symlink (const char *topath, const char *frompath)
} }
} }
h = CreateFileA(win32_path, GENERIC_WRITE, 0, &sec_none_nih, if (allow_ntsec && win32_path.has_acls ())
set_security_attribute (S_IFLNK | S_IRWXU | S_IRWXG | S_IRWXO,
&sa, alloca (256), 256);
h = CreateFileA(win32_path, GENERIC_WRITE, 0, &sa,
CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0); CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0);
if (h == INVALID_HANDLE_VALUE) if (h == INVALID_HANDLE_VALUE)
__seterrno (); __seterrno ();
@ -2499,9 +2504,10 @@ symlink (const char *topath, const char *frompath)
if (success) if (success)
{ {
CloseHandle (h); CloseHandle (h);
set_file_attribute (win32_path.has_acls (), if (!allow_ntsec && allow_ntea)
win32_path.get_win32 (), set_file_attribute (win32_path.has_acls (),
S_IFLNK | S_IRWXU | S_IRWXG | S_IRWXO); win32_path.get_win32 (),
S_IFLNK | S_IRWXU | S_IRWXG | S_IRWXO);
SetFileAttributesA (win32_path.get_win32 (), SetFileAttributesA (win32_path.get_win32 (),
allow_winsymlinks ? FILE_ATTRIBUTE_READONLY allow_winsymlinks ? FILE_ATTRIBUTE_READONLY
: FILE_ATTRIBUTE_SYSTEM); : FILE_ATTRIBUTE_SYSTEM);

21
winsup/cygwin/security.cc
View File

@ -1553,6 +1553,23 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
return psd; return psd;
} }
void
set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
void *sd_buf, DWORD sd_buf_size)
{
/* symlinks are anything for everyone!*/
if ((attribute & S_IFLNK) == S_IFLNK)
attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
psa->lpSecurityDescriptor = sd_buf;
InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)sd_buf,
SECURITY_DESCRIPTOR_REVISION);
psa->lpSecurityDescriptor = alloc_sd (geteuid (), getegid (),
cygheap->user.logsrv (),
attribute, (PSECURITY_DESCRIPTOR)sd_buf,
&sd_buf_size);
}
static int static int
set_nt_attribute (const char *file, uid_t uid, gid_t gid, set_nt_attribute (const char *file, uid_t uid, gid_t gid,
const char *logsrv, int attribute) const char *logsrv, int attribute)
@ -1583,10 +1600,6 @@ set_file_attribute (int use_ntsec, const char *file,
uid_t uid, gid_t gid, uid_t uid, gid_t gid,
int attribute, const char *logsrv) int attribute, const char *logsrv)
{ {
/* symlinks are anything for everyone!*/
if ((attribute & S_IFLNK) == S_IFLNK)
attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
int ret = 0; int ret = 0;
if (use_ntsec && allow_ntsec) if (use_ntsec && allow_ntsec)

4
winsup/cygwin/security.h
View File

@ -151,6 +151,7 @@ legal_sid_type (SID_NAME_USE type)
|| type == SidTypeAlias || type == SidTypeWellKnownGroup; || type == SidTypeAlias || type == SidTypeWellKnownGroup;
} }
extern BOOL allow_ntea;
extern BOOL allow_ntsec; extern BOOL allow_ntsec;
extern BOOL allow_smbntsec; extern BOOL allow_smbntsec;
@ -171,6 +172,9 @@ LONG __stdcall write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_
BOOL __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit); BOOL __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);
BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit); BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);
void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
void *sd_buf, DWORD sd_buf_size);
/* Try a subauthentication. */ /* Try a subauthentication. */
HANDLE subauth (struct passwd *pw); HANDLE subauth (struct passwd *pw);
/* Try creating a token directly. */ /* Try creating a token directly. */