From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-apps-cvs-return-1836-listarch-cygwin-apps-cvs=sourceware.org@sourceware.org>
Received: (qmail 31350 invoked by alias); 1 Sep 2016 18:47:38 -0000
Mailing-List: contact cygwin-apps-cvs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <cygwin-apps-cvs.sourceware.org>
List-Subscribe: <mailto:cygwin-apps-cvs-subscribe@sourceware.org>
List-Post: <mailto:cygwin-apps-cvs@sourceware.org>
List-Help: <mailto:cygwin-apps-cvs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: cygwin-apps-cvs-owner@sourceware.org
Received: (qmail 31325 invoked by uid 9078); 1 Sep 2016 18:47:37 -0000
Date: Thu, 01 Sep 2016 18:47:00 -0000
Message-ID: <20160901184737.31299.qmail@sourceware.org>
From: corinna@sourceware.org
To: cygwin-apps-cvs@sourceware.org
Subject: [setup - the official Cygwin setup program used to install Cygwin and keep it up to date] branch master, updated. release_2.874-30-g7d0ffe1
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: fd57354633595ef40d2a46841ed7666837b13a15
X-Git-Newrev: 7d0ffe178db1fa4e9bdde4c4def3f05d9fef0bbc
X-SW-Source: 2016-q3/txt/msg00023.txt.bz2




https://sourceware.org/git/gitweb.cgi?p=cygwin-apps/setup.git;h=7d0ffe178db1fa4e9bdde4c4def3f05d9fef0bbc

commit 7d0ffe178db1fa4e9bdde4c4def3f05d9fef0bbc
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Thu Sep 1 20:47:29 2016 +0200

    NTSecurity::GetPosixPerms: Simplify creation of ACEs
    
    Use AddAccessAllowedAceEx to avoid having to change the
    inheritance flags afterwards.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>


Diff:
---
 win32.cc |   75 ++++++++++++++++++++++++++-----------------------------------
 1 files changed, 32 insertions(+), 43 deletions(-)

diff --git a/win32.cc b/win32.cc
index 6531cb2..488892b 100644
--- a/win32.cc
+++ b/win32.cc
@@ -29,6 +29,11 @@ static const char *cvsid =
 
 NTSecurity nt_sec;
 
+#define ALL_INHERIT_ACE	(CONTAINER_INHERIT_ACE \
+			 | OBJECT_INHERIT_ACE \
+			 | INHERIT_ONLY_ACE)
+#define NO_INHERIT_ACE  (0)
+
 PSECURITY_DESCRIPTOR
 NTSecurity::GetPosixPerms (const char *fname, PSID owner_sid, PSID group_sid,
 			   mode_t mode, SECURITY_DESCRIPTOR &out_sd, acl_t &acl)
@@ -57,8 +62,9 @@ NTSecurity::GetPosixPerms (const char *fname, PSID owner_sid, PSID group_sid,
     u_attribute |= FILE_GENERIC_EXECUTE;
   if ((mode & 0300) == 0300) // S_IWUSR | S_IXUSR
     u_attribute |= FILE_DELETE_CHILD;
-  if (!AddAccessAllowedAce (&acl.acl, ACL_REVISION, u_attribute, owner_sid))
-    Log (LOG_TIMESTAMP) << "AddAccessAllowedAce(" << fname
+  if (!AddAccessAllowedAceEx (&acl.acl, ACL_REVISION, NO_INHERIT_ACE,
+			      u_attribute, owner_sid))
+    Log (LOG_TIMESTAMP) << "AddAccessAllowedAceEx(" << fname
     			<< ", owner) failed: " << GetLastError () << endLog;
   else
     offset++;
@@ -75,8 +81,9 @@ NTSecurity::GetPosixPerms (const char *fname, PSID owner_sid, PSID group_sid,
     g_attribute |= FILE_GENERIC_EXECUTE;
   if ((mode & 01030) == 00030) // S_IWGRP | S_IXGRP, !S_ISVTX
     g_attribute |= FILE_DELETE_CHILD;
-  if (!AddAccessAllowedAce (&acl.acl, ACL_REVISION, g_attribute, group_sid))
-    Log (LOG_TIMESTAMP) << "AddAccessAllowedAce(" << fname
+  if (!AddAccessAllowedAceEx (&acl.acl, ACL_REVISION, NO_INHERIT_ACE,
+			      g_attribute, group_sid))
+    Log (LOG_TIMESTAMP) << "AddAccessAllowedAceEx(" << fname
     			<< ", group) failed: " << GetLastError () << endLog;
   else
     offset++;
@@ -90,9 +97,9 @@ NTSecurity::GetPosixPerms (const char *fname, PSID owner_sid, PSID group_sid,
     o_attribute |= FILE_GENERIC_EXECUTE;
   if ((mode & 01003) == 00003) // S_IWOTH | S_IXOTH, !S_ISVTX
     o_attribute |= FILE_DELETE_CHILD;
-  if (!AddAccessAllowedAce (&acl.acl, ACL_REVISION, o_attribute,
-			    everyOneSID.theSID ()))
-    Log (LOG_TIMESTAMP) << "AddAccessAllowedAce(" << fname
+  if (!AddAccessAllowedAceEx (&acl.acl, ACL_REVISION, NO_INHERIT_ACE,
+			      o_attribute, everyOneSID.theSID ()))
+    Log (LOG_TIMESTAMP) << "AddAccessAllowedAceEx(" << fname
     			<< ", everyone) failed: " << GetLastError () << endLog;
   else
     offset++;
@@ -105,9 +112,9 @@ NTSecurity::GetPosixPerms (const char *fname, PSID owner_sid, PSID group_sid,
       	attribute |= FILE_WRITE_DATA;
       if (mode & 01000) // S_ISVTX
       	attribute |= FILE_READ_DATA;
-      if (!AddAccessAllowedAce (&acl.acl, ACL_REVISION, attribute,
-				nullSID.theSID ()))
-	Log (LOG_TIMESTAMP) << "AddAccessAllowedAce(" << fname
+      if (!AddAccessAllowedAceEx (&acl.acl, ACL_REVISION, NO_INHERIT_ACE,
+				  attribute, nullSID.theSID ()))
+	Log (LOG_TIMESTAMP) << "AddAccessAllowedAceEx(" << fname
 			    << ", null) failed: " << GetLastError () << endLog;
       else
 	offset++;
@@ -133,45 +140,27 @@ NTSecurity::GetPosixPerms (const char *fname, PSID owner_sid, PSID group_sid,
 	  if (mode & 0001) // S_IXOTH
 	    o_attribute |= FILE_GENERIC_EXECUTE;
 	}
-      if (!AddAccessAllowedAce (&acl.acl, ACL_REVISION, u_attribute,
-				cr_ownerSID.theSID ()))
-	Log (LOG_TIMESTAMP) << "AddAccessAllowedAce(" << fname
+      if (!AddAccessAllowedAceEx (&acl.acl, ACL_REVISION, ALL_INHERIT_ACE,
+				  u_attribute, cr_ownerSID.theSID ()))
+	Log (LOG_TIMESTAMP) << "AddAccessAllowedAceEx(" << fname
 			    << ", creator owner) failed: "
 			    << GetLastError () << endLog;
       else
-	{
-	  ACCESS_ALLOWED_ACE *ace;
-	  if (GetAce (&acl.acl, offset, (PVOID *) &ace))
-	    ace->Header.AceFlags |= CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
-				    | INHERIT_ONLY_ACE;
-	  offset++;
-	}
-      if (!AddAccessAllowedAce (&acl.acl, ACL_REVISION, g_attribute,
-				cr_groupSID.theSID ()))
-	Log (LOG_TIMESTAMP) << "AddAccessAllowedAce(" << fname
+	offset++;
+      if (!AddAccessAllowedAceEx (&acl.acl, ACL_REVISION, ALL_INHERIT_ACE,
+				  g_attribute, cr_groupSID.theSID ()))
+	Log (LOG_TIMESTAMP) << "AddAccessAllowedAceEx(" << fname
 			    << ", creator group) failed: "
 			    << GetLastError () << endLog;
       else
-	{
-	  ACCESS_ALLOWED_ACE *ace;
-	  if (GetAce (&acl.acl, offset, (PVOID *) &ace))
-	    ace->Header.AceFlags |= CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
-				    | INHERIT_ONLY_ACE;
-	  offset++;
-	}
-      if (!AddAccessAllowedAce (&acl.acl, ACL_REVISION, o_attribute,
-				everyOneSID.theSID ()))
-	Log (LOG_TIMESTAMP) << "AddAccessAllowedAce(" << fname
+	offset++;
+      if (!AddAccessAllowedAceEx (&acl.acl, ACL_REVISION, ALL_INHERIT_ACE,
+				  o_attribute, everyOneSID.theSID ()))
+	Log (LOG_TIMESTAMP) << "AddAccessAllowedAceEx(" << fname
 			    << ", everyone inherit) failed: "
 			    << GetLastError () << endLog;
       else
-	{
-	  ACCESS_ALLOWED_ACE *ace;
-	  if (GetAce (&acl.acl, offset, (PVOID *) &ace))
-	    ace->Header.AceFlags |= CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
-				    | INHERIT_ONLY_ACE;
-	  offset++;
-	}
+	offset++;
     }
 
   /* Set SD's DACL to just created ACL. */
@@ -255,10 +244,10 @@ NTSecurity::setDefaultDACL ()
 
   /* Create the ACE which grants full access to "Everyone" and store it
      in dacl.  */
-  if (!AddAccessAllowedAce
-      (dacl, ACL_REVISION, GENERIC_ALL, everyOneSID.theSID ()))
+  if (!AddAccessAllowedAceEx (dacl, ACL_REVISION, NO_INHERIT_ACE,
+			      GENERIC_ALL, everyOneSID.theSID ()))
     {
-      NoteFailedAPI ("AddAccessAllowedAce");
+      NoteFailedAPI ("AddAccessAllowedAceEx");
       return;
     }