This is the mail archive of the
cygwin-cvs@cygwin.com
mailing list for the Cygwin project.
[newlib-cygwin/cygwin-acl] get_posix_access: Skip merging permissions if user can't get more permissions
- From: Corinna Vinschen <corinna at sourceware dot org>
- To: cygwin-cvs at sourceware dot org
- Date: 10 Nov 2015 09:09:15 -0000
- Subject: [newlib-cygwin/cygwin-acl] get_posix_access: Skip merging permissions if user can't get more permissions
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=b75ad36741900449fd7564f2aab1ad8cb29cbba1
commit b75ad36741900449fd7564f2aab1ad8cb29cbba1
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Tue Nov 10 10:00:33 2015 +0100
get_posix_access: Skip merging permissions if user can't get more permissions
* sec_acl.cc (get_posix_access): Skip merging permissions if current
user has rwx permissions anywa, or if the sum of all group and other
permissions is less than or equal to the user's permissions.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/ChangeLog | 6 ++++++
winsup/cygwin/sec_acl.cc | 13 +++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 2f09ad4..2f12f32 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,11 @@
2015-11-10 Corinna Vinschen <corinna@vinschen.de>
+ * sec_acl.cc (get_posix_access): Skip merging permissions if current
+ user has rwx permissions anywa, or if the sum of all group and other
+ permissions is less than or equal to the user's permissions.
+
+2015-11-10 Corinna Vinschen <corinna@vinschen.de>
+
* sec_acl.cc (get_posix_access): Call authz_get_user_attribute on
current users, not on owner.
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index a9e1dea..f632410 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -1019,8 +1019,17 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
{
mode_t perm;
- /* If we use the Windows user DB, utilize Authz to make sure all
- user permissions are correctly reflecting the Windows
+ /* Don't merge if the user already has all permissions, or... */
+ if (lacl[idx].a_perm == S_IRWXO)
+ continue;
+ /* ...if the sum of perms is less than or equal the user's perms. */
+ perm = lacl[idx].a_perm
+ | (has_class_perm ? class_perm : lacl[1].a_perm)
+ | lacl[2].a_perm;
+ if (perm == lacl[idx].a_perm)
+ continue;
+ /* Otherwise, if we use the Windows user DB, utilize Authz to make
+ sure all user permissions are correctly reflecting the Windows
permissions. */
if (cygheap->pg.nss_pwd_db ()
&& authz_get_user_attribute (&perm, psd, aclsid[idx]))