This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[newlib-cygwin] Deleted branch cygwin-acl


The branch 'cygwin-acl' was deleted.
It previously pointed to:

 e9ca3fa... Reapply Cygwin POSIX ACL changes from master

Diff:

!!! WARNING: THE FOLLOWING COMMITS ARE NO LONGER ACCESSIBLE (LOST):
-------------------------------------------------------------------

  e9ca3fa... Reapply Cygwin POSIX ACL changes from master

commit e9ca3fa538186be53c1448ddf671676172c9e54b
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Fri May 29 16:19:55 2015 +0200

    Reapply Cygwin POSIX ACL changes from master
    
    	Reapply POSIX ACL changes.
    	* sec_acl.cc (get_posix_access): Check for Cygwin "standard" ACL.
    	Apply umask, if so.  Align comments.
    	* security.cc (set_created_file_access): Fix permission masking by
    	incoming requested file mode.
    
    	* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
    	for SYSTEM and Admins group.
    
    	* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
    	GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.
    
    	* fhandler.h (fhandler_pty_slave::facl): Add prototype.
    	* fhandler_tty.cc (fhandler_pty_slave::facl): New method.
    	(fhandler_pty_slave::fchown): Fix uid/gid handling.
    	* sec_acl.cc (set_posix_access): Drop superfluous class_idx variable.
    	Simplify and move around code in a few places.  To improve ACL
    	readability, add r/w permissions to Admins ACE appended to pty ACL.
    	Add comment to explain Windows ACE Mask filtering being in the way of
    	creating a real CLASS_OBJ.
    	(get_posix_access): Fake CLASS_OBJ for ptys.  Explain why.
    	* security.cc (get_object_attribute): Add S_IFCHR flag to attributes
    	when calling get_posix_access.
    
    	* sec_acl.cc (set_posix_access): Move merging group perms into owner
    	perms in case of owner == group after mask has been computed.  Take
    	mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.
    
    	* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
    	the ACCESS_ALLOWED_ACE.
    
    	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
    	set GROUP_OBJ and CLASS_OBJ perms to new group perms.  Add comment
    	to explain why.
    	* security.cc (set_created_file_access): Ditto.
    
    	* sec_acl.cc (set_posix_access): Replace previous patch.  Return
    	EINVAL if uid and/or guid is invalid and not backed by an actual
    	Windows account.
    
    	* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.
    
    	* sec_acl.cc (set_posix_access): Handle files with owner == group.
    	Rephrase switch statement checking against unfiltered a_type value.
    	(get_posix_access): Handle files with owner == group.
    
    	* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
    	CLASS_OBJ mask on old-style ACLs.  Fix a comment.
    
    	* sec_acl.cc (set_posix_access): Always make sure Admins have
    	WRITE_DAC and WRITE_OWNER permissions.
    	* security.h (create_object_sd_from_attribute): Drop handle parameter
    	from prototype.
    	* security.cc (create_object_sd_from_attribute): Drop handle parameter.
    	Just create the standard POSIXy security descriptor.
    	(set_object_attribute): Accommodate dropped paramter in call to
    	create_object_sd_from_attribute.
    	* fhandler_tty.cc: Ditto, throughout.
    
    	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Fix typo in
    	mask computation.
    
    	* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
    	not umasked.
    	(fhandler_base::open): Explicitely umask mode on NFS here.  Call new
    	set_created_file_access rather than set_file_attribute.
    	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
    	setting permissions on filesystems supporting ACLs using the new
    	set_posix_access call.
    	(fhandler_disk_file::fchown): Ditto.
    	(fhandler_disk_file::mkdir): Call new set_created_file_access rather
    	than set_file_attribute.
    	* fhandler_socket.cc (fhandler_socket::bind): Don't umask here.  Add
    	WRITE_OWNER access to allow writing group in case of SGID bit set.
    	Call new set_created_file_access rather than set_file_attribute.
    	* path.cc (symlink_worker): Call new set_created_file_access rather
    	than set_file_attribute.
    	* sec_acl.cc (searchace): Un-staticize.
    	(set_posix_access): New, complementary functionality to
    	get_posix_access.
    	(setacl): Implement in terms of get_posix_access/set_posix_access.
    	(get_posix_access): Add handling for just created files requiring
    	their first Cygwin ACL.  Fix new_style recognition.  Handle SGID
    	bit.  For old-style ACLs, ignore SYSTEM and Administrators when
    	computing the {DEF_}CLASS_OBJ perms.
    	* security.cc (get_file_sd): Revamp comment.  Change and (hopefully)
    	speed up inheritance processing for just created files.
    	(alloc_sd): Remove.
    	(set_security_attribute): Call set_posix_access instead of alloc_sd.
    	(get_object_attribute): Fix return value.
    	(create_object_sd_from_attribute): Call set_posix_access instead of
    	alloc_sd.
    	(set_file_attribute): Remove.
    	(set_created_file_access): New function implemented in terms of
    	get_posix_access/set_posix_access.
    	* security.h (set_file_attribute): Remove prototype.
    	(set_created_file_access): Add prototype.
    	(searchace): Ditto.
    	(set_posix_access): Ditto.
    	* syscalls.cc (open): Call open_with_arch with mode not umasked.
    
    	* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
    	Describe how to generate deny ACEs in more detail.  Accommodate the
    	fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
    	a special Cygwin ACE.  Improve further comments.
    	(CYG_ACE_NEW_STYLE): Define.
    	(get_posix_access): Change from Cygwin ACE to NULL deny ACE.  Fix
    	CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
    	NULL deny ACE if the inheritance flags say so.
    	* sec_helper.cc (well_known_cygwin_sid): Remove.
    	* security.h (well_known_cygwin_sid): Drop declaration.
    
    	* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
    	(get_posix_access): Rename index variable from i to idx.  Define only
    	once at top level.
    
    	* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
    	Accommodate throughout.
    	(add_access_denied_ace): Ditto.
    	* sec_acl.cc: Accommodate above change throughout.
    	* security.h (add_access_allowed_ace): Adjust prototype to above change.
    	(add_access_denied_ace): Ditto.
    
    	* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
    	owner and primary group of the file.  Handle the default primary
    	group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
    	set.  Add comments.  Minor code rearrangements.
    
    	Preliminary read side implementation of new permission handling.
    	* acl.h (MAX_ACL_ENTRIES): Raise to 2730.  Add comment to explain.
    	* sec_acl.cc:  Add leading comment to explain new ACL style.
    	Add definitions and macros to use for bits in new Cygwin ACL.
    	(DENY_RWX): New mask value for all temporary deny bits.
    	(getace): Add bool parameter to decide when leaving all bits intact,
    	rather than filtering them per the already set bits.
    	(get_posix_access): New function, taking over functionality to read
    	POSIX ACL from SECURITY_DESCRIPTOR.
    	(getacl): Just call get_posix_access.
    	* sec_helper.cc (well_known_cygwin_sid): Define.
    	* security.cc (get_attribute_from_acl): Remove.
    	(get_info_from_sd): Remove.
    	(get_reg_sd): Call get_posix_access instead of get_info_from_sd.
    	(get_file_attribute): Ditto.
    	(get_object_attribute): Ditto.
    	* security.h (well_known_cygwin_sid): Declare.
    	(get_posix_access): Add prototype.
    
    	* Throughout, use simpler ACE macros from Windows' accctrl.h.
    
    	* getfacl.c (main): Special-case SYSTEM and Admins group.  Add comments.
    
    	* setfacl.c: Align more to Linux tool.
    	(delacl): New function to delete acl entries only.
    	(modacl): Drop delete functionality.  Add handling of recomputing the
    	mask and default mask values.
    	(delallacl): Rename from delacl.
    	(setfacl): Call delacl in Delete case.  Call delallacl in DeleteAll
    	and DeleteDef case.
    	(usage): Accommodate new options.  Rearrange and rephrase slightly.
    	(longopts): Emit 'x' in --delete case.  Add --no-mask and --mask
    	options.
    	(opts): Add -x and -n options.
    	(main): Handle -d and -x the same.  Handle -n and --mask options.
    	Drop handling for -r option.
    
    	* getfacl.c (usage): Align more closely to Linux version.  Add new
    	options -c, -e, -E.  Change formatting to accommodate longer options.
    	(longopts): Rename --noname to --numeric.  Keep --noname for backward
    	compatibility.  Add --omit-header, --all-effective and --no-effective
    	options.
    	(opts): Add -c, -e and -E option.
    	(main): Handle new -c, -e, and -E options.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]