The call to TranslateNameW in s4uauth can fail and the code
leaves the function indicating an error, if so. It just
misses to set errno in this case, so add that.
Fixes: 0fb497165f85 ("Cygwin: seteuid: use Kerberos/MsV1_0 S4U authentication by default")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The code merging permissions relies on `pos' being set to the number
of current entries in the local aclent_t buffer. Commit 0e6d36766c83
("Cygwin: get_posix_access: move umask masking to the end") moved that
code to run earlier, but neglected to move setting `pos' correctly
as well.
Make sure to set `pos' inside the code block, as well as in the
final array size check, so `pos' is set correctly where it belongs.
Fixes: 0e6d36766c83 ("Cygwin: get_posix_access: move umask masking to the end")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
umask handling for new file gets overriden by subsequent merging of
permissions in Windows-generated ACLs. Fix this by performing
umask masking after all other ACL manipulations.
Fixes: a8716448cecc ("Simplify "Windows-standard-like" permissions")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add a second loop to the code snippet merging permissions in old-style
or Windows-generated ACLs. This loop fixes up default ACL permissions
created from ACEs which are valid for the directory itself, as well as
getting inherited to child objects.
The FULL_ACE bit utilized for this is removed from the ACE at the
end of the function, together with the temporary DENY bits.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This reverts commit 971d2dffea7848270aa9dfb5c14dcd946c8971c0.
This patch was supposed to fix lots of FAILs in our own
testsuite/winsup.api/ltp/umask03.c test. The reason was
that umask masking in get_posix_access when generating new files
was overriden by later code in the same function, merging
permissions in old-style or Windows generated ACLs.
However, the solution to skip merging was not the right thing,
because this breaks handling of Windows-generated ACLs.
Rather, umask masking should be performed pretty late, certainly
after merging permissions. This will be done by a followup patch.
Fixes: 971d2dffea78 ("Cygwin: get_posix_access: do not merge permissions for just created files")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Setting the a_id in the default:user and default:group entries to
the actual uid and gid of the current owner/group doesn't make
sense. Change to ACL_UNDEFINED_ID.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The permissions of entries for SYSTEM and the Administrators group
are not added to the CLASS_OBJ entry, so they don't set the class
perms to rwx all the time.
This shouldn't be done for default perms, otherwise the resulting
permissions when generating new files might be surprisingly restricted
for Admins and SYSTEM.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When generating a default:group (Windows: CREATOR GROUP) ACL entry,
make sure to copy over user perms to the new default group entry.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
After commit a0933cd17d19, access(_, X_OK) returns 0 if the user
holds SE_BACKUP_PRIVILEGE, even if the file's ACL denies execution
to the user. This is triggered by trying to open the file with
FILE_OPEN_FOR_BACKUP_INTENT.
Fix check_file_access() so it checks for X_OK without specifying
the FILE_OPEN_FOR_BACKUP_INTENT flag if the file is not a directory.
Rearrange function slightly and add comments for easier comprehension.
Fixes: a0933cd17d19 ("Cygwin: access: Correction for samba/SMB share")
Reported-by: Bruno Haible <bruno@clisp.org>
Co-authored-by: Takashi Yano <takashi.yano@nifty.ne.jp>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Previously, access() and eaccess() does not determine the permissions
for files on samba/SMB share correctly. Even if the user logs-in as
the owner of the file, access() and eaccess() referes to others'
permissions. With this patch, to determine the permissions correctly,
NtOpenFile() with desired access mask is used.
Fixes: cf762b08cfb0 ("* security.cc (check_file_access): Create.")
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
init_reopen_attr() doesn't guard against a NULL handle. However,
there are scenarios calling functions deliberately with a NULL handle,
for instance, av::setup() calling check_file_access() only if opening
the file did NOT succeed.
So check for a NULL handle in init_reopen_attr() and if so, use the
name based approach filling the OBJECT_ATTRIBUTES struct, just as in
the has_buggy_reopen() case.
Fixes: 4c9d01fdad2a ("* mount.h (class fs_info): Add has_buggy_reopen flag and accessor methods.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add FILE_OPEN_NO_RECALL to NtOpenFile calls trying to fetch
or write file security descriptors so as not to recall them
from offline storage inadvertently.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When creating the POSIX ACL rewrite, the code merging permissions from
everyone/group to group/user ACEs was accidentally called for newly
generated files as well.
This could result in broken permissions, if umask used unusual values
like "0100", granted permissions to everyone/group not granted to
group/user.
Make sure to skip permission merging if the file got just created and
we only want to set correct permissions for the first time.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Reported-by: Jon Turney <jon.turney@dronecode.org.uk>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Avoid the mistake fixed in the preceeding commit by passing
the mode_t argument by reference. This also affects a couple
other functions calling get_posix_access in turn.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Older coreutils created directories with mode bits filtered through
umask. Newer coreutils creates directories with full permissions,
0777 by default.
This new coreutils behaviour uncovered the fact that default ACEs for
newly created directories were not filtered by umask starting with
commit bc444e5aa4ca.
Fix it by applying umask on the default ACEs.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL change.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far we use a single muto to guard three different datastructures
inside class authz_ctx: the authz HANDLE, the user context HANDLE
and the context cache list. Split the single muto into three
independent SRWLOCKs and guard all datastrcutures as necessary to
avoid thread contention.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
