This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

sec_acl.cc


Corinna,

This patch implements __{u,g}id32_t in sec_acl.cc and performs a
few optimizations using the new argument of internal_getgroups,
cygpsid and strechr.

is_grp_member is now unused and will disappear in the next installment.

Three remarks:
1) I changed a STANDARD_RIGHTS_ALL to STANDARD_RIGHTS_WRITE in setacl.
   Is that what you meant?
2) Because of the ~DELETE stuff in setacl, the owner may not have DELETE
right, 
   even when the file is writable. unlink calls chmod if needed so it's OK
   (but then what's the point of ~DELETE ?), but a Windows program would 
   have trouble with DeleteFile (in some directories). 
   Should we add DELETE for USER_OBJ when it has write access, or should we 
   remove ~DELETE in setacl and alloc_sd?
3) In security.cc I had to move set_process_privilege back to write_sd
   because setacl may need it.

Pierre

2003-02-05  Pierre Humblet  <pierre.humblet@ieee.org>

	* sec_acl.cc: Change all  __aclent16_t to  __aclent32_t except in
	wrapper function definitions. Replace call to the aclXYZ functions by 
	calls aclXYZ32.
	(searchace): Change type of third argument to __uid32_t and use
	ILLEGAL_UID instead of -1;
	(setacl): Remove some initializations. Only give STANDARD_RIGHTS_WRITE
	for S_IWOTH. Replace -1 by ILLEGAL_UID.
	(getacl): Change type of owner_sid, group_sid and ace_sid to cygpsid.
	In last else clause, suppress second call to ace_sid.get_id and use
	TRUE in first call. Replace EqualSid by ==.
	(acl_access): Call internal_getgroups in USER and GROUP cases.
	(acecmp: Define static.
	(acl32): Create from 16 bit type.
	(facl32): Ditto.
	(lacl32): Ditto.
	(aclcheck32): Ditto.
	(aclsort32): Ditto.
	(acltomode32): Ditto.
	(aclfrommode32): Ditto.
	(acltopbits32): Ditto.
	(aclfrompbits32): Ditto.
	(acltotext32): Ditto.
	(aclfromtext32): Ditto, and use strechr.
	(acl16to32): Create.
	(acl): Make it a wrapper function.
	(facl): Ditto.
	(lacl): Ditto.
	(aclcheck): Ditto.
	(aclsort): Ditto.
	(acltomode): Ditto.
	(aclfrommode): Ditto.
	(acltopbits): Ditto.
	(aclfrompbits): Ditto.
	(acltotext): Ditto.
	(aclfromtext): Ditto.
	* security.cc (write_sd): Call set_process_privilege and check ownership.
	(alloc_sd): Remove call to set_process_privilege and the owner check.
	

Attachment: sec_acl.diff
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]