diff options
author | midipix <writeonce@midipix.org> | 2019-12-07 19:12:32 +0000 |
---|---|---|
committer | midipix <writeonce@midipix.org> | 2019-12-07 19:18:15 +0000 |
commit | 0a741d98c3f1f841bca8c94dbbb73fea2c464102 (patch) | |
tree | db06f134642366c40a60e0a5133ed60a997b3ec3 /src | |
parent | cf1006af986d834c1385ac054b82dc15ac7e97a4 (diff) | |
download | ntux-0a741d98c3f1f841bca8c94dbbb73fea2c464102.tar.bz2 ntux-0a741d98c3f1f841bca8c94dbbb73fea2c464102.tar.xz |
ntux_cmd_chmod(): remove m+p (not needed), support ace propagation (+p, -p).
Diffstat (limited to 'src')
-rw-r--r-- | src/cmds/ntux_cmd_chmod.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/src/cmds/ntux_cmd_chmod.c b/src/cmds/ntux_cmd_chmod.c index 55b517d..a8d25cb 100644 --- a/src/cmds/ntux_cmd_chmod.c +++ b/src/cmds/ntux_cmd_chmod.c @@ -50,14 +50,29 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) uint32_t access_group; uint32_t access_other; uint32_t access_admin; + uint32_t ace_flags; size_t size; int fd = -1; struct __ofd * ofd = 0; void * hasync = 0; uint32_t buf[0x300]; - /* initial version: only support m+p */ - if (!dctx->cctx->strmode || strcmp(dctx->cctx->strmode,"m+p")) + /* initial version: --strmode only */ + if (!dctx->cctx->strmode) + return ntux_cmd_chmod_ret( + 0,0,0, + NTUX_CUSTOM_ERROR( + dctx, + NTUX_ERR_FLEE_ERROR)); + + /* ACE propagation: +p, -p */ + if (!strcmp(dctx->cctx->strmode,"+p")) + ace_flags = NT_ACE_CONTAINER_INHERIT | NT_ACE_OBJECT_INHERIT; + + else if (!strcmp(dctx->cctx->strmode,"-p")) + ace_flags = 0; + + else return ntux_cmd_chmod_ret( 0,0,0, NTUX_CUSTOM_ERROR( @@ -128,16 +143,15 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) access_owner = meta.owner_ace ? meta.owner_ace->mask : 0; access_group = meta.group_ace ? meta.group_ace->mask : 0; access_other = meta.other_ace ? meta.other_ace->mask : 0; - - /* initial version: only support m+p */ - access_admin = access_owner | NT_SEC_WRITE_DAC; + access_admin = meta.admin_ace ? meta.admin_ace->mask : 0; /* updated dacl */ __xfi_acl_init_common_descriptor( &dstsd, meta.owner,meta.group,0,0, access_owner,access_group,access_other, - access_admin,meta.system_acc); + access_admin,meta.system_acc, + ace_flags); if ((status = __xfi_set_security_object( hasync, |