Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
b419df1d
Commit
b419df1d
authored
Dec 10, 2009
by
Ben Peddell
Committed by
Alexandre Julliard
Dec 11, 2009
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
server: Include user groups in file mode calculation when user is file owner.
parent
dec7dda4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
28 additions
and
4 deletions
+28
-4
change.c
server/change.c
+1
-1
file.c
server/file.c
+25
-2
security.h
server/security.h
+1
-0
token.c
server/token.c
+1
-1
No files found.
server/change.c
View file @
b419df1d
...
@@ -373,7 +373,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
...
@@ -373,7 +373,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
if
(
set_info
&
DACL_SECURITY_INFORMATION
)
if
(
set_info
&
DACL_SECURITY_INFORMATION
)
{
{
/* keep the bits that we don't map to access rights in the ACL */
/* keep the bits that we don't map to access rights in the ACL */
mode
=
st
.
st_mode
&
(
S_ISUID
|
S_ISGID
|
S_ISVTX
|
S_IRWXG
);
mode
=
st
.
st_mode
&
(
S_ISUID
|
S_ISGID
|
S_ISVTX
);
mode
|=
sd_to_mode
(
sd
,
owner
);
mode
|=
sd_to_mode
(
sd
,
owner
);
if
(((
st
.
st_mode
^
mode
)
&
(
S_IRWXU
|
S_IRWXG
|
S_IRWXO
))
&&
fchmod
(
unix_fd
,
mode
)
==
-
1
)
if
(((
st
.
st_mode
^
mode
)
&
(
S_IRWXU
|
S_IRWXG
|
S_IRWXO
))
&&
fchmod
(
unix_fd
,
mode
)
==
-
1
)
...
...
server/file.c
View file @
b419df1d
...
@@ -447,6 +447,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
...
@@ -447,6 +447,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
mode_t
denied_mode
=
0
;
mode_t
denied_mode
=
0
;
int
present
;
int
present
;
const
ACL
*
dacl
=
sd_get_dacl
(
sd
,
&
present
);
const
ACL
*
dacl
=
sd_get_dacl
(
sd
,
&
present
);
const
SID
*
user
=
token_get_user
(
current
->
process
->
token
);
if
(
present
&&
dacl
)
if
(
present
&&
dacl
)
{
{
const
ACE_HEADER
*
ace
=
(
const
ACE_HEADER
*
)(
dacl
+
1
);
const
ACE_HEADER
*
ace
=
(
const
ACE_HEADER
*
)(
dacl
+
1
);
...
@@ -484,6 +485,17 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
...
@@ -484,6 +485,17 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
if
(
access
&
FILE_EXECUTE
)
if
(
access
&
FILE_EXECUTE
)
denied_mode
|=
S_IXUSR
;
denied_mode
|=
S_IXUSR
;
}
}
else
if
((
security_equal_sid
(
user
,
owner
)
&&
token_sid_present
(
current
->
process
->
token
,
sid
,
TRUE
)))
{
unsigned
int
access
=
generic_file_map_access
(
ad_ace
->
Mask
);
if
(
access
&
FILE_READ_DATA
)
denied_mode
|=
S_IRUSR
|
S_IRGRP
;
if
(
access
&
FILE_WRITE_DATA
)
denied_mode
|=
S_IWUSR
|
S_IWGRP
;
if
(
access
&
FILE_EXECUTE
)
denied_mode
|=
S_IXUSR
|
S_IXGRP
;
}
break
;
break
;
case
ACCESS_ALLOWED_ACE_TYPE
:
case
ACCESS_ALLOWED_ACE_TYPE
:
aa_ace
=
(
const
ACCESS_ALLOWED_ACE
*
)
ace
;
aa_ace
=
(
const
ACCESS_ALLOWED_ACE
*
)
ace
;
...
@@ -508,13 +520,24 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
...
@@ -508,13 +520,24 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
if
(
access
&
FILE_EXECUTE
)
if
(
access
&
FILE_EXECUTE
)
new_mode
|=
S_IXUSR
;
new_mode
|=
S_IXUSR
;
}
}
else
if
((
security_equal_sid
(
user
,
owner
)
&&
token_sid_present
(
current
->
process
->
token
,
sid
,
FALSE
)))
{
unsigned
int
access
=
generic_file_map_access
(
ad_ace
->
Mask
);
if
(
access
&
FILE_READ_DATA
)
new_mode
|=
S_IRUSR
|
S_IRGRP
;
if
(
access
&
FILE_WRITE_DATA
)
new_mode
|=
S_IWUSR
|
S_IWGRP
;
if
(
access
&
FILE_EXECUTE
)
new_mode
|=
S_IXUSR
|
S_IXGRP
;
}
break
;
break
;
}
}
}
}
}
}
else
else
/* no ACL means full access rights to anyone */
/* no ACL means full access rights to anyone */
new_mode
=
S_IRWXU
|
S_IRWXO
;
new_mode
=
S_IRWXU
|
S_IRWX
G
|
S_IRWX
O
;
return
new_mode
&
~
denied_mode
;
return
new_mode
&
~
denied_mode
;
}
}
...
@@ -557,7 +580,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
...
@@ -557,7 +580,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
if
(
set_info
&
DACL_SECURITY_INFORMATION
)
if
(
set_info
&
DACL_SECURITY_INFORMATION
)
{
{
/* keep the bits that we don't map to access rights in the ACL */
/* keep the bits that we don't map to access rights in the ACL */
mode
=
st
.
st_mode
&
(
S_ISUID
|
S_ISGID
|
S_ISVTX
|
S_IRWXG
);
mode
=
st
.
st_mode
&
(
S_ISUID
|
S_ISGID
|
S_ISVTX
);
mode
|=
sd_to_mode
(
sd
,
owner
);
mode
|=
sd_to_mode
(
sd
,
owner
);
if
(((
st
.
st_mode
^
mode
)
&
(
S_IRWXU
|
S_IRWXG
|
S_IRWXO
))
&&
fchmod
(
unix_fd
,
mode
)
==
-
1
)
if
(((
st
.
st_mode
^
mode
)
&
(
S_IRWXU
|
S_IRWXG
|
S_IRWXO
))
&&
fchmod
(
unix_fd
,
mode
)
==
-
1
)
...
...
server/security.h
View file @
b419df1d
...
@@ -55,6 +55,7 @@ extern int token_check_privileges( struct token *token, int all_required,
...
@@ -55,6 +55,7 @@ extern int token_check_privileges( struct token *token, int all_required,
extern
const
ACL
*
token_get_default_dacl
(
struct
token
*
token
);
extern
const
ACL
*
token_get_default_dacl
(
struct
token
*
token
);
extern
const
SID
*
token_get_user
(
struct
token
*
token
);
extern
const
SID
*
token_get_user
(
struct
token
*
token
);
extern
const
SID
*
token_get_primary_group
(
struct
token
*
token
);
extern
const
SID
*
token_get_primary_group
(
struct
token
*
token
);
extern
int
token_sid_present
(
struct
token
*
token
,
const
SID
*
sid
,
int
deny
);
static
inline
const
ACE_HEADER
*
ace_next
(
const
ACE_HEADER
*
ace
)
static
inline
const
ACE_HEADER
*
ace_next
(
const
ACE_HEADER
*
ace
)
{
{
...
...
server/token.c
View file @
b419df1d
...
@@ -776,7 +776,7 @@ int token_check_privileges( struct token *token, int all_required,
...
@@ -776,7 +776,7 @@ int token_check_privileges( struct token *token, int all_required,
return
(
enabled_count
>
0
);
return
(
enabled_count
>
0
);
}
}
static
int
token_sid_present
(
struct
token
*
token
,
const
SID
*
sid
,
int
deny
)
int
token_sid_present
(
struct
token
*
token
,
const
SID
*
sid
,
int
deny
)
{
{
struct
group
*
group
;
struct
group
*
group
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment