This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[newlib-cygwin/cygwin-acl] get_posix_access: Skip merging permissions if user can't get more permissions


https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=b75ad36741900449fd7564f2aab1ad8cb29cbba1

commit b75ad36741900449fd7564f2aab1ad8cb29cbba1
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Tue Nov 10 10:00:33 2015 +0100

    get_posix_access: Skip merging permissions if user can't get more permissions
    
            * sec_acl.cc (get_posix_access): Skip merging permissions if current
            user has rwx permissions anywa, or if the sum of all group and other
            permissions is less than or equal to the user's permissions.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/ChangeLog  |  6 ++++++
 winsup/cygwin/sec_acl.cc | 13 +++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 2f09ad4..2f12f32 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,11 @@
 2015-11-10  Corinna Vinschen  <corinna@vinschen.de>
 
+	* sec_acl.cc (get_posix_access): Skip merging permissions if current
+	user has rwx permissions anywa, or if the sum of all group and other
+	permissions is less than or equal to the user's permissions.
+
+2015-11-10  Corinna Vinschen  <corinna@vinschen.de>
+
 	* sec_acl.cc (get_posix_access): Call authz_get_user_attribute on
 	current users, not on owner.
 
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index a9e1dea..f632410 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -1019,8 +1019,17 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 	  {
 	    mode_t perm;
 
-	    /* If we use the Windows user DB, utilize Authz to make sure all
-	       user permissions are correctly reflecting the Windows
+	    /* Don't merge if the user already has all permissions, or... */
+	    if (lacl[idx].a_perm == S_IRWXO)
+	      continue;
+	    /* ...if the sum of perms is less than or equal the user's perms. */
+	    perm = lacl[idx].a_perm
+		   | (has_class_perm ? class_perm : lacl[1].a_perm)
+		   | lacl[2].a_perm;
+	    if (perm == lacl[idx].a_perm)
+	      continue;
+	    /* Otherwise, if we use the Windows user DB, utilize Authz to make
+	       sure all user permissions are correctly reflecting the Windows
 	       permissions. */
 	    if (cygheap->pg.nss_pwd_db ()
 		&& authz_get_user_attribute (&perm, psd, aclsid[idx]))


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]