Commit da1784bb authored by Alexandre Julliard's avatar Alexandre Julliard

server: Don't use the cached file mode when setting the security descriptor.

parent 74a63029
...@@ -342,6 +342,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd, ...@@ -342,6 +342,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
{ {
struct dir *dir = (struct dir *)obj; struct dir *dir = (struct dir *)obj;
const SID *owner; const SID *owner;
struct stat st;
mode_t mode; mode_t mode;
int unix_fd; int unix_fd;
...@@ -349,7 +350,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd, ...@@ -349,7 +350,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
unix_fd = get_dir_unix_fd( dir ); unix_fd = get_dir_unix_fd( dir );
if (unix_fd == -1) return 1; if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) return 1;
if (set_info & OWNER_SECURITY_INFORMATION) if (set_info & OWNER_SECURITY_INFORMATION)
{ {
...@@ -372,18 +373,13 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd, ...@@ -372,18 +373,13 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
if (set_info & DACL_SECURITY_INFORMATION) if (set_info & DACL_SECURITY_INFORMATION)
{ {
/* keep the bits that we don't map to access rights in the ACL */ /* keep the bits that we don't map to access rights in the ACL */
mode = dir->mode & (S_ISUID|S_ISGID|S_ISVTX|S_IRWXG); mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX|S_IRWXG);
mode |= sd_to_mode( sd, owner ); mode |= sd_to_mode( sd, owner );
if (dir->mode != mode) if (st.st_mode != mode && fchmod( unix_fd, mode ) == -1)
{ {
if (fchmod( unix_fd, mode ) == -1) file_set_error();
{ return 0;
file_set_error();
return 0;
}
dir->mode = mode;
} }
} }
return 1; return 1;
......
...@@ -535,6 +535,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd ...@@ -535,6 +535,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
{ {
struct file *file = (struct file *)obj; struct file *file = (struct file *)obj;
const SID *owner; const SID *owner;
struct stat st;
mode_t mode; mode_t mode;
int unix_fd; int unix_fd;
...@@ -542,7 +543,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd ...@@ -542,7 +543,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
unix_fd = get_file_unix_fd( file ); unix_fd = get_file_unix_fd( file );
if (unix_fd == -1) return 1; if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) return 1;
if (set_info & OWNER_SECURITY_INFORMATION) if (set_info & OWNER_SECURITY_INFORMATION)
{ {
...@@ -567,18 +568,13 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd ...@@ -567,18 +568,13 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
if (set_info & DACL_SECURITY_INFORMATION) if (set_info & DACL_SECURITY_INFORMATION)
{ {
/* keep the bits that we don't map to access rights in the ACL */ /* keep the bits that we don't map to access rights in the ACL */
mode = file->mode & (S_ISUID|S_ISGID|S_ISVTX|S_IRWXG); mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX|S_IRWXG);
mode |= sd_to_mode( sd, owner ); mode |= sd_to_mode( sd, owner );
if (file->mode != mode) if (st.st_mode != mode && fchmod( unix_fd, mode ) == -1)
{ {
if (fchmod( unix_fd, mode ) == -1) file_set_error();
{ return 0;
file_set_error();
return 0;
}
file->mode = mode;
} }
} }
return 1; return 1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment