* sec_acl.cc (aclcheck32): Check for required default entries as well.

Enable check for missing CLASS_OBJ entries, now that setfacl creates them.
2014-09-03 12:46:19 +00:00 · 2014-09-03 12:46:19 +00:00 · e5110581dc
parent ef1e66cfbf
commit e5110581dc
2 changed files with 14 additions and 8 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,9 @@
+2014-09-03  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (aclcheck32): Check for required default entries as well.
+	Enable check for missing CLASS_OBJ entries, now that setfacl creates
+	them.
+
 2014-09-02  Corinna Vinschen  <corinna@vinschen.de>

 	* sec_acl.cc (aclsort32): Set errno to EINVAL if aclcheck32 failed.
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@ -628,6 +628,7 @@ aclcheck32 (aclent_t *aclbufp, int nentries, int *which)
  bool has_other_obj = false;
  bool has_class_obj = false;
  bool has_ug_objs __attribute__ ((unused)) = false;
+  bool has_def_objs __attribute__ ((unused)) = false;
  bool has_def_user_obj __attribute__ ((unused)) = false;
  bool has_def_group_obj = false;
  bool has_def_other_obj = false;
@ -692,7 +693,7 @@ aclcheck32 (aclent_t *aclbufp, int nentries, int *which)
 	      *which = pos;
 	    return USER_ERROR;
 	  }
-	has_def_user_obj = true;
+	has_def_objs = has_def_user_obj = true;
 	break;
      case DEF_GROUP_OBJ:
 	if (has_def_group_obj)
@ -701,7 +702,7 @@ aclcheck32 (aclent_t *aclbufp, int nentries, int *which)
 	      *which = pos;
 	    return GRP_ERROR;
 	  }
-	has_def_group_obj = true;
+	has_def_objs = has_def_group_obj = true;
 	break;
      case DEF_OTHER_OBJ:
 	if (has_def_other_obj)
@ -710,7 +711,7 @@ aclcheck32 (aclent_t *aclbufp, int nentries, int *which)
 	      *which = pos;
 	    return OTHER_ERROR;
 	  }
-	has_def_other_obj = true;
+	has_def_objs = has_def_other_obj = true;
 	break;
      case DEF_CLASS_OBJ:
 	if (has_def_class_obj)
@ -719,7 +720,7 @@ aclcheck32 (aclent_t *aclbufp, int nentries, int *which)
 	      *which = pos;
 	    return CLASS_ERROR;
 	  }
-	has_def_class_obj = true;
+	has_def_objs = has_def_class_obj = true;
 	break;
      case DEF_USER:
      case DEF_GROUP:
@ -730,7 +731,7 @@ aclcheck32 (aclent_t *aclbufp, int nentries, int *which)
 	      *which = pos2;
 	    return DUPLICATE_ERROR;
 	  }
-	has_def_ug_objs = true;
+	has_def_objs = has_def_ug_objs = true;
 	break;
      default:
 	return ENTRY_ERROR;
@ -738,11 +739,10 @@ aclcheck32 (aclent_t *aclbufp, int nentries, int *which)
  if (!has_user_obj
      || !has_group_obj
      || !has_other_obj
-#if 0
-      /* These checks are not ok yet since CLASS_OBJ isn't fully implemented. */
+      || (has_def_objs
+	  && (!has_def_user_obj || !has_def_group_obj || !has_def_other_obj))
      || (has_ug_objs && !has_class_obj)
      || (has_def_ug_objs && !has_def_class_obj)
-#endif
     )
    {
      if (which)