This is the mail archive of the cygwin-developers@sourceware.cygnus.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

ntsec-patch11


Hello!

The attached patch corrects the setting of the FILE_DELETE_CHILD bit
in the security descriptor, which is similar to the S_ISVTX bit.
The settings of ntea are now only used if ntsec is not allowed.
_unlink now doesn't queue the file into the delqueue, if the last
error was ERROR_ACCESS_DENIED because this return code won't change
later if you don't have the permissions.

Regards,
Corinna

ChangeLog:
==========

Fri Oct 1 11:16:00  Corinna Vinschen  <corinna@vinschen.de>

	* security.cc (alloc_sd): Corrected setting of
	FILE_DELETE_CHILD.
	(get_file_attribute): read ntea attributes only if
	ntsec is disabled.
	* syscalls.cc (_unlink): Don't queue file into delqueue
	if DeleteFile returns ERROR_ACCESS_DENIED.
Index: security.cc
===================================================================
RCS file: /src/cvsroot/winsup-990916/security.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 security.cc
--- security.cc	1999/09/17 07:37:35	1.1.1.1
+++ security.cc	1999/10/01 08:57:47
@@ -537,8 +537,8 @@ get_nt_attribute (const char *file, int 
 			*attribute |= S_IXUSR;
 		      if (! group_sid || ! has_group_bits)
 			*attribute |= S_IXGRP;
-		      // sticky bit for directories according to linux rules
-		      // no sense for files but who cares?
+		      // Sticky bit for directories according to linux rules.
+		      // No sense for files.
 		      if (! (ace->Mask & FILE_DELETE_CHILD) &&
 			  S_ISDIR(*attribute))
 			*attribute |= S_ISVTX;
@@ -566,22 +566,25 @@ get_file_attribute (int use_ntsec, const
       return -1;
     }
 
-  int res = NTReadEA (file, ".UNIXATTR", (char *) attribute,
-		      sizeof (*attribute));
+  int res;
 
+  if (use_ntsec && allow_ntsec)
+    {
+      res = get_nt_attribute (file, attribute);
+      if (!res)
+        return 0;
+    }
+
+  res = NTReadEA (file, ".UNIXATTR", (char *) attribute, sizeof (*attribute));
+
   // symlinks are anything for everyone!
   if ((*attribute & S_IFLNK) == S_IFLNK)
     *attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
 
-  if (!use_ntsec || !allow_ntsec)
-    {
-      if (res > 0)
-	return 0;
-      set_errno (ENOSYS);
-      return -1;
-    }
-
-  return get_nt_attribute (file, attribute);
+  if (res > 0)
+    return 0;
+  set_errno (ENOSYS);
+  return -1;
 }
 
 PSECURITY_DESCRIPTOR
@@ -678,12 +681,22 @@ alloc_sd (uid_t uid, gid_t gid, int attr
 
       DWORD access = STANDARD_RIGHTS_ALL;
 
+      /*
+       * VTX bit may only be set if executable for `other' is set.
+       * For correct handling under WinNT, FILE_DELETE_CHILD has to
+       * be (un)set in each ACE.
+      */
+      if (! (attribute & S_IXOTH))
+        attribute &= ~S_ISVTX;
+
       if (attribute & S_IRUSR)
         access |= FILE_GENERIC_READ | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA;
       if (attribute & S_IWUSR)
-        access |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
+        access |= FILE_GENERIC_WRITE | DELETE;
       if (attribute & S_IXUSR)
         access |= FILE_GENERIC_EXECUTE;
+      if (! (attribute & S_ISVTX))
+        access |= FILE_DELETE_CHILD;
       if (! AddAccessAllowedAce (acl, ACL_REVISION, access, owner_sid))
         debug_printf ("AddAccessAllowedAce(owner) %E");
       if (GetAce(acl, 0, (PVOID *) &ace))
@@ -710,10 +723,11 @@ alloc_sd (uid_t uid, gid_t gid, int attr
 	  if (attribute & S_IRGRP)
 	    access |= FILE_GENERIC_READ;
 	  if (attribute & S_IWGRP)
-	    access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE
-		      | DELETE | FILE_DELETE_CHILD;
+	    access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE;
 	  if (attribute & S_IXGRP)
 	    access |= FILE_GENERIC_EXECUTE;
+          if (! (attribute & S_ISVTX))
+            access |= FILE_DELETE_CHILD;
 	  if (! AddAccessAllowedAce (acl, ACL_REVISION, access, group_sid))
 	    debug_printf ("AddAccessAllowedAce(group) %E");
 	  if (GetAce(acl, 1 + ace_off, (PVOID *) &ace))
@@ -726,15 +740,11 @@ alloc_sd (uid_t uid, gid_t gid, int attr
           if (attribute & S_IROTH)
             access |= FILE_GENERIC_READ;
           if (attribute & S_IWOTH)
-            {
-              access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE;
-              // sticky bit for directories according to linux rules
-              // no sense for files but who cares?
-              if (! (attribute & S_ISVTX))
-                access |= FILE_DELETE_CHILD;
-            }
+            access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE;
           if (attribute & S_IXOTH)
             access |= FILE_GENERIC_EXECUTE;
+          if (! (attribute & S_ISVTX))
+            access |= FILE_DELETE_CHILD;
 
           if (! AddAccessAllowedAce (acl, ACL_REVISION, access, get_world_sid ()))
             debug_printf ("AddAccessAllowedAce(world) %E");
Index: syscalls.cc
===================================================================
RCS file: /src/cvsroot/winsup-990916/syscalls.cc,v
retrieving revision 1.2
diff -u -p -r1.2 syscalls.cc
--- syscalls.cc	1999/09/30 14:10:44	1.2
+++ syscalls.cc	1999/10/01 08:25:31
@@ -90,8 +90,7 @@ _unlink (const char *ourname)
 
       /* If we get ERROR_SHARING_VIOLATION, the file may still be open -
 	 Windows NT doesn't support deleting a file while it's open.  */
-      if (res == ERROR_SHARING_VIOLATION
-	  || res == ERROR_ACCESS_DENIED)
+      if (res == ERROR_SHARING_VIOLATION)
 	{
 	  cygwin_shared->delqueue.queue_file (win32_name.get_win32 ());
 	  res = 0;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]