server-Stored_ACLs: Minor cleanup.

We can avoid some variable declarations in the regular code, and only need them for ACL_Compat.
2024-11-21 16:46:54 -08:00 · 2014-08-29 03:37:44 +02:00 · 2014-08-29 03:37:44 +02:00 · 04d674d9b6
commit 04d674d9b6
parent e91e2daca4
5 changed files with 56 additions and 47 deletions
--- a/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch
+++ b/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch
@ -1,15 +1,15 @@
-From cc8ce50fa0194313f2ac9d8f967350fdeb643ad7 Mon Sep 17 00:00:00 2001
+From 3196e1dd12c6814dfb0536ba0f840da81a16b78f Mon Sep 17 00:00:00 2001
 From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
 Date: Fri, 18 Apr 2014 15:21:00 -0600
 Subject: server: Add compatibility code for handling the old method of
 storing ACLs.

 ---
- server/file.c |  158 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 158 insertions(+)
+ server/file.c |  165 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 162 insertions(+), 3 deletions(-)

 diff --git a/server/file.c b/server/file.c
-index bbb9358..309c49d 100644
+index 1940a80..85f4dc8 100644
 --- a/server/file.c
 +++ b/server/file.c
@@ -755,6 +755,163 @@ struct security_descriptor *get_xattr_sd( int fd )
@ -176,14 +176,30 @@ index bbb9358..309c49d 100644
 /* Convert generic rights into standard access rights */
 void convert_generic_sd( struct security_descriptor *sd )
 {
-@@ -795,6 +952,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
-     user = security_unix_uid_to_sid( st.st_uid );
-     group = token_get_primary_group( current->process->token );
+@@ -782,6 +939,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
+     int unix_fd = get_unix_fd( fd );
+     struct stat st;
+     struct security_descriptor *sd;
+    const SID *user, *group;
+ 
+     if (unix_fd == -1 || fstat( unix_fd, &st ) == -1)
+         return obj->sd;
+@@ -791,11 +949,12 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
+         (st.st_uid == *uid))
+         return obj->sd;
+ 
+    user = security_unix_uid_to_sid( st.st_uid );
+    group = token_get_primary_group( current->process->token );
     sd = get_xattr_sd( unix_fd );
 +    if (!sd) sd = get_xattr_acls( unix_fd, user, group );
     if (sd && convert_generic) convert_generic_sd( sd );
-     if (!sd) sd = mode_to_sd( st.st_mode, user, group);
+-    if (!sd) sd = mode_to_sd( st.st_mode,
+-                              security_unix_uid_to_sid( st.st_uid ),
+-                              token_get_primary_group( current->process->token ));
+    if (!sd) sd = mode_to_sd( st.st_mode, user, group );
     if (!sd) return obj->sd;
+ 
+     *mode = st.st_mode;
 -- 
 1.7.9.5

--- a/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch
+++ b/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch
@ -1,4 +1,4 @@
-From 4c0c7fc3e73d39e30be7cba5c2e63f8c6f6c2792 Mon Sep 17 00:00:00 2001
+From ee8d26bb9615934669c81a2bae24fba13d51ed2e Mon Sep 17 00:00:00 2001
 From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
 Date: Fri, 18 Apr 2014 14:08:36 -0600
 Subject: server: Inherit security attributes from parent directories on
@ -86,7 +86,7 @@ index 27dbe25..0a82358 100644
     return sd;
 }
 diff --git a/server/file.c b/server/file.c
-index 3582493..1414ee6 100644
+index 38eda5c..8aec10d 100644
 --- a/server/file.c
 +++ b/server/file.c
@@ -248,11 +248,141 @@ void set_xattr_sd( int fd, const struct security_descriptor *sd, const SID *user
@ -259,16 +259,16 @@ index 3582493..1414ee6 100644
 {
     int unix_fd = get_unix_fd( fd );
     struct stat st;
-@@ -561,7 +696,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
-     user = security_unix_uid_to_sid( st.st_uid );
-     group = token_get_primary_group( current->process->token );
+@@ -558,7 +693,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
+         return obj->sd;
+ 
     sd = get_xattr_sd( unix_fd );
 -    if (sd) convert_generic_sd( sd );
 +    if (sd && convert_generic) convert_generic_sd( sd );
-     if (!sd) sd = mode_to_sd( st.st_mode, user, group);
-     if (!sd) return obj->sd;
- 
-@@ -581,7 +716,7 @@ static struct security_descriptor *file_get_sd( struct object *obj )
+     if (!sd) sd = mode_to_sd( st.st_mode,
+                               security_unix_uid_to_sid( st.st_uid ),
+                               token_get_primary_group( current->process->token ));
+@@ -580,7 +715,7 @@ static struct security_descriptor *file_get_sd( struct object *obj )
     assert( obj->ops == &file_ops );
 
     fd = file_get_fd( obj );
@ -278,10 +278,10 @@ index 3582493..1414ee6 100644
     return sd;
 }
 diff --git a/server/file.h b/server/file.h
-index 43a234f..2f537cf 100644
+index be25fb6..e09e227 100644
 --- a/server/file.h
 +++ b/server/file.h
-@@ -125,7 +125,7 @@ extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner
+@@ -127,7 +127,7 @@ extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner
 extern int set_file_sd( struct object *obj, struct fd *fd, const struct security_descriptor *sd,
                         unsigned int set_info );
 extern struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode,
--- a/patches/server-Stored_ACLs/0004-server-Store-user-and-group-inside-stored-extended-f.patch
+++ b/patches/server-Stored_ACLs/0004-server-Store-user-and-group-inside-stored-extended-f.patch
@ -1,4 +1,4 @@
-From 52669858326cb82bafd0cfbb0afa354f8991fe11 Mon Sep 17 00:00:00 2001
+From cd48ef93da9c34e4757d878403374edd0e616b64 Mon Sep 17 00:00:00 2001
 From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
 Date: Fri, 18 Apr 2014 15:35:24 -0600
 Subject: server: Store user and group inside stored extended file attribute
@ -9,7 +9,7 @@ Subject: server: Store user and group inside stored extended file attribute
 1 file changed, 70 insertions(+), 9 deletions(-)

 diff --git a/server/file.c b/server/file.c
-index 502951c..4f7e5b5 100644
+index 502951c..72d6d95 100644
 --- a/server/file.c
 +++ b/server/file.c
@@ -187,10 +187,11 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_
@ -51,10 +51,10 @@ index 502951c..4f7e5b5 100644
 -    memcpy( &buffer[2], sd, len - 2 );
 +    memcpy( dst_ptr, sd, sizeof(struct security_descriptor) );
 +    dst_sd = (struct security_descriptor *)dst_ptr;
-+    src_ptr += sizeof(struct security_descriptor);
-+    dst_ptr += sizeof(struct security_descriptor);
 +    dst_sd->owner_len = owner_len;
 +    dst_sd->group_len = group_len;
+    src_ptr += sizeof(struct security_descriptor);
+    dst_ptr += sizeof(struct security_descriptor);
 +    /* copy the appropriate ownership information (explicit or inferred) */
 +    if (sd->owner_len)
 +    {
--- a/patches/server-Stored_ACLs/0005-server-Retrieve-file-security-attributes-with-extend.patch
+++ b/patches/server-Stored_ACLs/0005-server-Retrieve-file-security-attributes-with-extend.patch
@ -1,4 +1,4 @@
-From 3a670acdf6684edb9bc050c8cbded452e8fc3139 Mon Sep 17 00:00:00 2001
+From 4d3a040d520cc92e3bfc50132a2868ae1857dd11 Mon Sep 17 00:00:00 2001
 From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
 Date: Fri, 18 Apr 2014 14:01:35 -0600
 Subject: server: Retrieve file security attributes with extended file
@ -6,8 +6,8 @@ Subject: server: Retrieve file security attributes with extended file

 ---
 dlls/advapi32/tests/security.c |   49 ++++++++++++++++++++--------------------
- server/file.c                  |   30 +++++++++++++++++++++---
- 2 files changed, 51 insertions(+), 28 deletions(-)
+ server/file.c                  |   29 +++++++++++++++++++++---
+ 2 files changed, 50 insertions(+), 28 deletions(-)

 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
 index b44496a..02094a4 100644
@ -110,10 +110,10 @@ index b44496a..02094a4 100644
     LocalFree(pSD);
     CloseHandle(obj);
 diff --git a/server/file.c b/server/file.c
-index 4f7e5b5..cf3fe86 100644
+index 72d6d95..ff72273 100644
 --- a/server/file.c
 +++ b/server/file.c
-@@ -499,12 +499,35 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
+@@ -499,6 +499,28 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
     return sd;
 }
 
@ -142,24 +142,17 @@ index 4f7e5b5..cf3fe86 100644
 struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode,
                                          uid_t *uid )
 {
-     int unix_fd = get_unix_fd( fd );
-     struct stat st;
-     struct security_descriptor *sd;
-+    const SID *user, *group;
- 
-     if (unix_fd == -1 || fstat( unix_fd, &st ) == -1)
-         return obj->sd;
-@@ -514,9 +537,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
+@@ -514,9 +536,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
         (st.st_uid == *uid))
         return obj->sd;
 
 -    sd = mode_to_sd( st.st_mode,
 -                     security_unix_uid_to_sid( st.st_uid ),
 -                     token_get_primary_group( current->process->token ));
-+    user = security_unix_uid_to_sid( st.st_uid );
-+    group = token_get_primary_group( current->process->token );
 +    sd = get_xattr_sd( unix_fd );
-+    if (!sd) sd = mode_to_sd( st.st_mode, user, group);
+    if (!sd) sd = mode_to_sd( st.st_mode,
+                              security_unix_uid_to_sid( st.st_uid ),
+                              token_get_primary_group( current->process->token ));
     if (!sd) return obj->sd;
 
     *mode = st.st_mode;
--- a/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch
+++ b/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch
@ -1,4 +1,4 @@
-From 21655f45376f4a0c18d6bd6ae38e59d346b867fc Mon Sep 17 00:00:00 2001
+From 9364028096235e2f64b9fe070170b5e4bb2311ca Mon Sep 17 00:00:00 2001
 From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
 Date: Fri, 18 Apr 2014 14:05:32 -0600
 Subject: server: Convert return of file security masks with generic access
@ -80,7 +80,7 @@ index 02094a4..82c0639 100644
     LocalFree(pSD);
     CloseHandle(obj);
 diff --git a/server/file.c b/server/file.c
-index cf3fe86..3582493 100644
+index ff72273..38eda5c 100644
 --- a/server/file.c
 +++ b/server/file.c
@@ -521,6 +521,27 @@ struct security_descriptor *get_xattr_sd( int fd )
@ -111,14 +111,14 @@ index cf3fe86..3582493 100644
 struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode,
                                          uid_t *uid )
 {
-@@ -540,6 +561,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
-     user = security_unix_uid_to_sid( st.st_uid );
-     group = token_get_primary_group( current->process->token );
+@@ -537,6 +558,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
+         return obj->sd;
+ 
     sd = get_xattr_sd( unix_fd );
 +    if (sd) convert_generic_sd( sd );
-     if (!sd) sd = mode_to_sd( st.st_mode, user, group);
-     if (!sd) return obj->sd;
- 
+     if (!sd) sd = mode_to_sd( st.st_mode,
+                               security_unix_uid_to_sid( st.st_uid ),
+                               token_get_primary_group( current->process->token ));
 -- 
 1.7.9.5