This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[newlib-cygwin] Better workaround owner/group SIDs being NULL

From: Corinna Vinschen <corinna at sourceware dot org>
To: cygwin-cvs at sourceware dot org
Date: 16 Apr 2015 20:45:18 -0000
Subject: [newlib-cygwin] Better workaround owner/group SIDs being NULL

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=ea503bf4c955857d9969d9896e98c7729b3ea845

commit ea503bf4c955857d9969d9896e98c7729b3ea845
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Thu Apr 16 22:19:57 2015 +0200

    Better workaround owner/group SIDs being NULL
    
            * sec_acl.cc (set_posix_access): Replace previous patch.  Return
            EINVAL if uid and/or guid is invalid and not backed by an actual
            Windows account.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/ChangeLog  |  6 ++++++
 winsup/cygwin/sec_acl.cc | 12 ++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index f645031..ce198e2 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,11 @@
 2015-04-16  Corinna Vinschen  <corinna@vinschen.de>
 
+	* sec_acl.cc (set_posix_access): Replace previous patch.  Return
+	EINVAL if uid and/or guid is invalid and not backed by an actual
+	Windows account.
+
+2015-04-16  Corinna Vinschen  <corinna@vinschen.de>
+
 	* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.
 
 2015-04-15  Corinna Vinschen  <corinna@vinschen.de>
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 6c96977..58683cf 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -154,6 +154,11 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
   /* Fetch owner and group and set in security descriptor. */
   owner = sidfromuid (uid, &cldap);
   group = sidfromgid (gid, &cldap);
+  if (!owner || !group)
+    {
+      set_errno (EINVAL);
+      return NULL;
+    }
   status = RtlSetOwnerSecurityDescriptor (&sd, owner, FALSE);
   if (!NT_SUCCESS (status))
     {
@@ -166,10 +171,9 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
       __seterrno_from_nt_status (status);
       return NULL;
     }
-  /* If the account DBs are broken, we might end up without SIDs.  Better
-     check them here. */
-  if (owner && group)
-    owner_eq_group = RtlEqualSid (owner, group);
+  owner_eq_group = RtlEqualSid (owner, group);
+
+
 
   /* No POSIX ACL?  Use attr to generate one from scratch. */
   if (!aclbufp)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]