Fix comments in sec_acl.cc

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2016-02-22 10:54:13 +01:00
parent 658caa7640
commit b89d317cdc
1 changed files with 7 additions and 7 deletions

View File

@ -27,7 +27,7 @@ details. */
/* How does a correctly constructed new-style Windows ACL claiming to be a
POSIX ACL look like?
- NULL ACE (special bits, CLASS_OBJ).
- NULL deny ACE (special bits, CLASS_OBJ).
- USER_OBJ deny. If the user has less permissions than the sum of CLASS_OBJ
(or GROUP_OBJ if CLASS_OBJ doesn't exist) and OTHER_OBJ, deny the excess
@ -66,12 +66,12 @@ details. */
Rinse and repeat for default ACEs with INHERIT flags set.
- Default NULL ACE (S_ISGID, CLASS_OBJ). */
- Default NULL deny ACE (S_ISGID, CLASS_OBJ). */
/* POSIX <-> Win32 */
/* Historically, these bits are stored in a NULL SID ACE. To distinguish the
new ACL style from the old one, we're using an access denied ACE, plus
/* Historically, these bits are stored in a NULL allow SID ACE. To distinguish
the new ACL style from the old one, we're using an access denied ACE, plus
setting an as yet unused bit in the access mask. The new ACEs can exist
twice in an ACL, the "normal one" containing CLASS_OBJ and special bits
and the one with INHERIT bit set to pass the DEF_CLASS_OBJ bits and the
@ -280,7 +280,7 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
tmp_idx = searchace (aclbufp, nentries, def | OTHER_OBJ);
other_obj = aclbufp[tmp_idx].a_perm;
/* ... class_obj. Create Cygwin ACE. Only the S_ISGID attribute gets
/* ... class_obj. Create NULL deny ACE. Only the S_ISGID attribute gets
inherited. */
access = CYG_ACE_ISBITS_TO_WIN (def ? attr & S_ISGID : attr)
| CYG_ACE_NEW_STYLE;
@ -429,7 +429,7 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
}
}
/* For ptys if the admins group isn't in the ACL, add an ACE to make
sure the group has WRITE_DAC and WRITE_OWNER perms. */
sure the admins group has WRITE_DAC and WRITE_OWNER perms. */
if (S_ISCHR (attr) && !dev_has_admins
&& !add_access_allowed_ace (acl,
STD_RIGHTS_OWNER | FILE_ALLOW_READ
@ -716,7 +716,7 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
{
/* New-style ACL. Note the fact that a mask value is present
since that changes how getace fetches the information. That's
fine, because the Cygwin SID ACE is supposed to precede all
fine, because the NULL deny ACE is supposed to precede all
USER, GROUP and GROUP_OBJ entries. Any ACL not created that
way has been rearranged by the Windows functionality to create
the brain-dead "canonical" ACL order and is broken anyway. */