diff --git a/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch b/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch index 1aa12f2c..f92d6cfb 100644 --- a/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch +++ b/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch @@ -1,15 +1,15 @@ -From cc8ce50fa0194313f2ac9d8f967350fdeb643ad7 Mon Sep 17 00:00:00 2001 +From 3196e1dd12c6814dfb0536ba0f840da81a16b78f Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 15:21:00 -0600 Subject: server: Add compatibility code for handling the old method of storing ACLs. --- - server/file.c | 158 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 158 insertions(+) + server/file.c | 165 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 162 insertions(+), 3 deletions(-) diff --git a/server/file.c b/server/file.c -index bbb9358..309c49d 100644 +index 1940a80..85f4dc8 100644 --- a/server/file.c +++ b/server/file.c @@ -755,6 +755,163 @@ struct security_descriptor *get_xattr_sd( int fd ) @@ -176,14 +176,30 @@ index bbb9358..309c49d 100644 /* Convert generic rights into standard access rights */ void convert_generic_sd( struct security_descriptor *sd ) { -@@ -795,6 +952,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode - user = security_unix_uid_to_sid( st.st_uid ); - group = token_get_primary_group( current->process->token ); +@@ -782,6 +939,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode + int unix_fd = get_unix_fd( fd ); + struct stat st; + struct security_descriptor *sd; ++ const SID *user, *group; + + if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) + return obj->sd; +@@ -791,11 +949,12 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode + (st.st_uid == *uid)) + return obj->sd; + ++ user = security_unix_uid_to_sid( st.st_uid ); ++ group = token_get_primary_group( current->process->token ); sd = get_xattr_sd( unix_fd ); + if (!sd) sd = get_xattr_acls( unix_fd, user, group ); if (sd && convert_generic) convert_generic_sd( sd ); - if (!sd) sd = mode_to_sd( st.st_mode, user, group); +- if (!sd) sd = mode_to_sd( st.st_mode, +- security_unix_uid_to_sid( st.st_uid ), +- token_get_primary_group( current->process->token )); ++ if (!sd) sd = mode_to_sd( st.st_mode, user, group ); if (!sd) return obj->sd; + + *mode = st.st_mode; -- 1.7.9.5 diff --git a/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch b/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch index c64a1793..620f9428 100644 --- a/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch +++ b/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch @@ -1,4 +1,4 @@ -From 4c0c7fc3e73d39e30be7cba5c2e63f8c6f6c2792 Mon Sep 17 00:00:00 2001 +From ee8d26bb9615934669c81a2bae24fba13d51ed2e Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 14:08:36 -0600 Subject: server: Inherit security attributes from parent directories on @@ -86,7 +86,7 @@ index 27dbe25..0a82358 100644 return sd; } diff --git a/server/file.c b/server/file.c -index 3582493..1414ee6 100644 +index 38eda5c..8aec10d 100644 --- a/server/file.c +++ b/server/file.c @@ -248,11 +248,141 @@ void set_xattr_sd( int fd, const struct security_descriptor *sd, const SID *user @@ -259,16 +259,16 @@ index 3582493..1414ee6 100644 { int unix_fd = get_unix_fd( fd ); struct stat st; -@@ -561,7 +696,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode - user = security_unix_uid_to_sid( st.st_uid ); - group = token_get_primary_group( current->process->token ); +@@ -558,7 +693,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode + return obj->sd; + sd = get_xattr_sd( unix_fd ); - if (sd) convert_generic_sd( sd ); + if (sd && convert_generic) convert_generic_sd( sd ); - if (!sd) sd = mode_to_sd( st.st_mode, user, group); - if (!sd) return obj->sd; - -@@ -581,7 +716,7 @@ static struct security_descriptor *file_get_sd( struct object *obj ) + if (!sd) sd = mode_to_sd( st.st_mode, + security_unix_uid_to_sid( st.st_uid ), + token_get_primary_group( current->process->token )); +@@ -580,7 +715,7 @@ static struct security_descriptor *file_get_sd( struct object *obj ) assert( obj->ops == &file_ops ); fd = file_get_fd( obj ); @@ -278,10 +278,10 @@ index 3582493..1414ee6 100644 return sd; } diff --git a/server/file.h b/server/file.h -index 43a234f..2f537cf 100644 +index be25fb6..e09e227 100644 --- a/server/file.h +++ b/server/file.h -@@ -125,7 +125,7 @@ extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner +@@ -127,7 +127,7 @@ extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner extern int set_file_sd( struct object *obj, struct fd *fd, const struct security_descriptor *sd, unsigned int set_info ); extern struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode, diff --git a/patches/server-Stored_ACLs/0004-server-Store-user-and-group-inside-stored-extended-f.patch b/patches/server-Stored_ACLs/0004-server-Store-user-and-group-inside-stored-extended-f.patch index 955a7a25..2ce96387 100644 --- a/patches/server-Stored_ACLs/0004-server-Store-user-and-group-inside-stored-extended-f.patch +++ b/patches/server-Stored_ACLs/0004-server-Store-user-and-group-inside-stored-extended-f.patch @@ -1,4 +1,4 @@ -From 52669858326cb82bafd0cfbb0afa354f8991fe11 Mon Sep 17 00:00:00 2001 +From cd48ef93da9c34e4757d878403374edd0e616b64 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 15:35:24 -0600 Subject: server: Store user and group inside stored extended file attribute @@ -9,7 +9,7 @@ Subject: server: Store user and group inside stored extended file attribute 1 file changed, 70 insertions(+), 9 deletions(-) diff --git a/server/file.c b/server/file.c -index 502951c..4f7e5b5 100644 +index 502951c..72d6d95 100644 --- a/server/file.c +++ b/server/file.c @@ -187,10 +187,11 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_ @@ -51,10 +51,10 @@ index 502951c..4f7e5b5 100644 - memcpy( &buffer[2], sd, len - 2 ); + memcpy( dst_ptr, sd, sizeof(struct security_descriptor) ); + dst_sd = (struct security_descriptor *)dst_ptr; -+ src_ptr += sizeof(struct security_descriptor); -+ dst_ptr += sizeof(struct security_descriptor); + dst_sd->owner_len = owner_len; + dst_sd->group_len = group_len; ++ src_ptr += sizeof(struct security_descriptor); ++ dst_ptr += sizeof(struct security_descriptor); + /* copy the appropriate ownership information (explicit or inferred) */ + if (sd->owner_len) + { diff --git a/patches/server-Stored_ACLs/0005-server-Retrieve-file-security-attributes-with-extend.patch b/patches/server-Stored_ACLs/0005-server-Retrieve-file-security-attributes-with-extend.patch index edae1c90..b2c96bff 100644 --- a/patches/server-Stored_ACLs/0005-server-Retrieve-file-security-attributes-with-extend.patch +++ b/patches/server-Stored_ACLs/0005-server-Retrieve-file-security-attributes-with-extend.patch @@ -1,4 +1,4 @@ -From 3a670acdf6684edb9bc050c8cbded452e8fc3139 Mon Sep 17 00:00:00 2001 +From 4d3a040d520cc92e3bfc50132a2868ae1857dd11 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 14:01:35 -0600 Subject: server: Retrieve file security attributes with extended file @@ -6,8 +6,8 @@ Subject: server: Retrieve file security attributes with extended file --- dlls/advapi32/tests/security.c | 49 ++++++++++++++++++++-------------------- - server/file.c | 30 +++++++++++++++++++++--- - 2 files changed, 51 insertions(+), 28 deletions(-) + server/file.c | 29 +++++++++++++++++++++--- + 2 files changed, 50 insertions(+), 28 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index b44496a..02094a4 100644 @@ -110,10 +110,10 @@ index b44496a..02094a4 100644 LocalFree(pSD); CloseHandle(obj); diff --git a/server/file.c b/server/file.c -index 4f7e5b5..cf3fe86 100644 +index 72d6d95..ff72273 100644 --- a/server/file.c +++ b/server/file.c -@@ -499,12 +499,35 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID +@@ -499,6 +499,28 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID return sd; } @@ -142,24 +142,17 @@ index 4f7e5b5..cf3fe86 100644 struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid ) { - int unix_fd = get_unix_fd( fd ); - struct stat st; - struct security_descriptor *sd; -+ const SID *user, *group; - - if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) - return obj->sd; -@@ -514,9 +537,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode +@@ -514,9 +536,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode (st.st_uid == *uid)) return obj->sd; - sd = mode_to_sd( st.st_mode, - security_unix_uid_to_sid( st.st_uid ), - token_get_primary_group( current->process->token )); -+ user = security_unix_uid_to_sid( st.st_uid ); -+ group = token_get_primary_group( current->process->token ); + sd = get_xattr_sd( unix_fd ); -+ if (!sd) sd = mode_to_sd( st.st_mode, user, group); ++ if (!sd) sd = mode_to_sd( st.st_mode, ++ security_unix_uid_to_sid( st.st_uid ), ++ token_get_primary_group( current->process->token )); if (!sd) return obj->sd; *mode = st.st_mode; diff --git a/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch b/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch index 000bb8a2..039d5410 100644 --- a/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch +++ b/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch @@ -1,4 +1,4 @@ -From 21655f45376f4a0c18d6bd6ae38e59d346b867fc Mon Sep 17 00:00:00 2001 +From 9364028096235e2f64b9fe070170b5e4bb2311ca Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 14:05:32 -0600 Subject: server: Convert return of file security masks with generic access @@ -80,7 +80,7 @@ index 02094a4..82c0639 100644 LocalFree(pSD); CloseHandle(obj); diff --git a/server/file.c b/server/file.c -index cf3fe86..3582493 100644 +index ff72273..38eda5c 100644 --- a/server/file.c +++ b/server/file.c @@ -521,6 +521,27 @@ struct security_descriptor *get_xattr_sd( int fd ) @@ -111,14 +111,14 @@ index cf3fe86..3582493 100644 struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid ) { -@@ -540,6 +561,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode - user = security_unix_uid_to_sid( st.st_uid ); - group = token_get_primary_group( current->process->token ); +@@ -537,6 +558,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode + return obj->sd; + sd = get_xattr_sd( unix_fd ); + if (sd) convert_generic_sd( sd ); - if (!sd) sd = mode_to_sd( st.st_mode, user, group); - if (!sd) return obj->sd; - + if (!sd) sd = mode_to_sd( st.st_mode, + security_unix_uid_to_sid( st.st_uid ), + token_get_primary_group( current->process->token )); -- 1.7.9.5