wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-01-28 22:04:43 -08:00
Code Issues Packages Projects Releases Wiki Activity

Removed compatibility patchset for deprecated ACL string format.

Browse Source 
The format was changed in version 1.7.25, released about one year ago.
This commit is contained in:
Sebastian Lackner 2015-08-19 09:33:40 +02:00
parent ab06aee23d
commit 092a14a3f6
4 changed files with 50 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@ -30,6 +30,8 @@ wine-staging (1.7.50) UNRELEASED; urgency=low
upstream).
* Removed patch to ensure winhttp raw request headers are terminated with
double \r\n (accepted upstream).
* Removed compatibility patchset for deprecated ACL string format. The format
was changed in version 1.7.25, released about one year ago.
-- Sebastian Lackner <sebastian@fds-team.de> Tue, 11 Aug 2015 06:12:14 +0200
wine-staging (1.7.49) unstable; urgency=low

122
patches/patchinstall.sh
View File

@ -204,7 +204,6 @@ patch_enable_all ()
enable_rpcrt4_Pipe_Transport="$1"
enable_rpcrt4_Use_After_Free="$1"
enable_secur32_ANSI_NTLM_Credentials="$1"
enable_server_ACL_Compat="$1"
enable_server_Address_List_Change="$1"
enable_server_ClipCursor="$1"
enable_server_CreateProcess_ACLs="$1"
@ -701,9 +700,6 @@ patch_enable ()
secur32-ANSI_NTLM_Credentials)
enable_secur32_ANSI_NTLM_Credentials="$2"
;;
server-ACL_Compat)
enable_server_ACL_Compat="$2"
;;
server-Address_List_Change)
enable_server_Address_List_Change="$2"
;;
@ -1712,13 +1708,6 @@ if test "$enable_server_Pipe_ObjectName" -eq 1; then
enable_kernel32_Named_Pipe=1
fi
if test "$enable_server_ACL_Compat" -eq 1; then
if test "$enable_server_Inherited_ACLs" -gt 1; then
abort "Patchset server-Inherited_ACLs disabled, but server-ACL_Compat depends on that."
fi
enable_server_Inherited_ACLs=1
fi
if test "$enable_server_Inherited_ACLs" -eq 1; then
if test "$enable_server_Stored_ACLs" -gt 1; then
abort "Patchset server-Stored_ACLs disabled, but server-Inherited_ACLs depends on that."
@ -4368,6 +4357,54 @@ if test "$enable_secur32_ANSI_NTLM_Credentials" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-Address_List_Change
# |
# | This patchset fixes the following Wine bugs:
# | * [#38062] Support for non-blocking SIO_ADDRESS_LIST_CHANGE requests
# |
# | Modified files:
# | * server/sock.c
# |
if test "$enable_server_Address_List_Change" -eq 1; then
patch_apply server-Address_List_Change/0001-server-Return-STATUS_CANT_WAIT-WSAEWOULDBLOCK-for-no.patch
(
echo '+ { "Erich E. Hoover", "server: Return STATUS_CANT_WAIT/WSAEWOULDBLOCK for non-overlapped SIO_ADDRESS_LIST_CHANGE requests on non-blocking sockets.", 1 },';
) >> "$patchlist"
fi
# Patchset server-ClipCursor
# |
# | This patchset fixes the following Wine bugs:
# | * [#33479] Fix cursor clip regression / broken raw input in multiple games
# | * [#38087] Fix multithreading issues with fullscreen clipping
# |
# | Modified files:
# | * dlls/user32/message.c, dlls/winex11.drv/mouse.c, server/queue.c
# |
if test "$enable_server_ClipCursor" -eq 1; then
patch_apply server-ClipCursor/0001-server-Only-send-WM_WINE_CLIPCURSOR-for-forced-clip-.patch
patch_apply server-ClipCursor/0002-winex11-Forward-all-clipping-requests-to-the-right-t.patch
(
echo '+ { "Sebastian Lackner", "server: Only send WM_WINE_CLIPCURSOR for forced clip resets.", 1 },';
echo '+ { "Sebastian Lackner", "winex11: Forward all clipping requests to the right thread (including fullscreen clipping).", 1 },';
) >> "$patchlist"
fi
# Patchset server-Delete_On_Close
# |
# | This patchset fixes the following Wine bugs:
# | * [#38417] Fix handling of opening read-only files for FILE_DELETE_ON_CLOSE
# |
# | Modified files:
# | * dlls/kernel32/file.c, dlls/kernel32/tests/file.c, server/fd.c
# |
if test "$enable_server_Delete_On_Close" -eq 1; then
patch_apply server-Delete_On_Close/0001-server-Fix-handling-of-opening-read-only-files-with-.patch
(
echo '+ { "Sebastian Lackner", "server: Fix handling of opening read-only files with FILE_DELETE_ON_CLOSE.", 1 },';
) >> "$patchlist"
fi
# Patchset server-RootDirectory_File
# |
# | This patchset has the following dependencies:
@ -4429,69 +4466,6 @@ if test "$enable_server_Inherited_ACLs" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-ACL_Compat
# |
# | This patchset has the following dependencies:
# | * server-Inherited_ACLs
# |
# | Modified files:
# | * server/file.c
# |
if test "$enable_server_ACL_Compat" -eq 1; then
patch_apply server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch
(
echo '+ { "Erich E. Hoover", "server: Add compatibility code for handling the old method of storing ACLs.", 6 },';
) >> "$patchlist"
fi
# Patchset server-Address_List_Change
# |
# | This patchset fixes the following Wine bugs:
# | * [#38062] Support for non-blocking SIO_ADDRESS_LIST_CHANGE requests
# |
# | Modified files:
# | * server/sock.c
# |
if test "$enable_server_Address_List_Change" -eq 1; then
patch_apply server-Address_List_Change/0001-server-Return-STATUS_CANT_WAIT-WSAEWOULDBLOCK-for-no.patch
(
echo '+ { "Erich E. Hoover", "server: Return STATUS_CANT_WAIT/WSAEWOULDBLOCK for non-overlapped SIO_ADDRESS_LIST_CHANGE requests on non-blocking sockets.", 1 },';
) >> "$patchlist"
fi
# Patchset server-ClipCursor
# |
# | This patchset fixes the following Wine bugs:
# | * [#33479] Fix cursor clip regression / broken raw input in multiple games
# | * [#38087] Fix multithreading issues with fullscreen clipping
# |
# | Modified files:
# | * dlls/user32/message.c, dlls/winex11.drv/mouse.c, server/queue.c
# |
if test "$enable_server_ClipCursor" -eq 1; then
patch_apply server-ClipCursor/0001-server-Only-send-WM_WINE_CLIPCURSOR-for-forced-clip-.patch
patch_apply server-ClipCursor/0002-winex11-Forward-all-clipping-requests-to-the-right-t.patch
(
echo '+ { "Sebastian Lackner", "server: Only send WM_WINE_CLIPCURSOR for forced clip resets.", 1 },';
echo '+ { "Sebastian Lackner", "winex11: Forward all clipping requests to the right thread (including fullscreen clipping).", 1 },';
) >> "$patchlist"
fi
# Patchset server-Delete_On_Close
# |
# | This patchset fixes the following Wine bugs:
# | * [#38417] Fix handling of opening read-only files for FILE_DELETE_ON_CLOSE
# |
# | Modified files:
# | * dlls/kernel32/file.c, dlls/kernel32/tests/file.c, server/fd.c
# |
if test "$enable_server_Delete_On_Close" -eq 1; then
patch_apply server-Delete_On_Close/0001-server-Fix-handling-of-opening-read-only-files-with-.patch
(
echo '+ { "Sebastian Lackner", "server: Fix handling of opening read-only files with FILE_DELETE_ON_CLOSE.", 1 },';
) >> "$patchlist"
fi
# Patchset server-Key_State
# |
# | This patchset fixes the following Wine bugs:

230
patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch
View File

@ -1,230 +0,0 @@
From ded8679bb992d9d82bdeeb5a78b38100586906a0 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 15:21:00 -0600
Subject: server: Add compatibility code for handling the old method of storing
ACLs. (try 6)
---
server/file.c | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 167 insertions(+), 3 deletions(-)
diff --git a/server/file.c b/server/file.c
index 6fbb71c..3b56a9b 100644
--- a/server/file.c
+++ b/server/file.c
@@ -72,6 +72,7 @@ struct file
static unsigned int generic_file_map_access( unsigned int access );
static struct security_descriptor *get_xattr_sd( int fd );
+static struct security_descriptor *get_xattr_acls( int fd, const SID *user, const SID *group );
static void file_dump( struct object *obj, int verbose );
static struct object_type *file_get_type( struct object *obj );
@@ -313,6 +314,7 @@ static struct security_descriptor *file_get_parent_sd( struct fd *root, const ch
mode_t parent_mode = 0555;
char *p, *parent_name;
struct fd *parent_fd;
+ struct stat st;
int unix_fd;
if (!(parent_name = mem_alloc( child_len + 1 ))) return NULL;
@@ -345,6 +347,9 @@ static struct security_descriptor *file_get_parent_sd( struct fd *root, const ch
if (unix_fd != -1)
{
parent_sd = get_xattr_sd( unix_fd );
+ if (!parent_sd && fstat( unix_fd, &st ) != -1)
+ parent_sd = get_xattr_acls( unix_fd, security_unix_uid_to_sid( st.st_uid ),
+ token_get_primary_group( current->process->token ) );
if (parent_sd)
{
sd = inherit_sd( parent_sd, is_dir );
@@ -636,6 +641,163 @@ static void convert_generic_sd( struct security_descriptor *sd )
}
}
+static struct security_descriptor *get_xattr_acls( int fd, const SID *user, const SID *group )
+{
+ int dacl_size = sizeof(ACL), n;
+ int offset, type, flags, mask, rev, ia, sa;
+ char buffer[XATTR_SIZE_MAX + 1], *p, *ptr;
+ struct security_descriptor *sd;
+ ACL *dacl;
+
+ n = xattr_fget( fd, XATTR_USER_PREFIX "wine.acl", buffer, sizeof(buffer) - 1 );
+ if (n == -1) return NULL;
+ buffer[n] = 0; /* ensure NULL terminated buffer for string functions */
+
+ p = buffer;
+ do
+ {
+ int sub_authority_count = 0;
+
+ if (sscanf(p, "%x,%x,%x,S-%u-%d%n", &type, &flags, &mask, &rev, &ia, &offset) != 5)
+ return NULL;
+ p += offset;
+
+ while (sscanf(p, "-%u%n", &sa, &offset) == 1)
+ {
+ p += offset;
+ sub_authority_count++;
+ }
+
+ if (*p == ';') p++;
+ else if (*p) return NULL;
+
+ /* verify that the SubAuthorityCount does not exceed the maximum permitted value */
+ if (sub_authority_count > SID_MAX_SUB_AUTHORITIES)
+ continue;
+
+ switch (type)
+ {
+ case ACCESS_DENIED_ACE_TYPE:
+ dacl_size += FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) +
+ FIELD_OFFSET(SID, SubAuthority[sub_authority_count]);
+ break;
+ case ACCESS_ALLOWED_ACE_TYPE:
+ dacl_size += FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) +
+ FIELD_OFFSET(SID, SubAuthority[sub_authority_count]);
+ break;
+ default:
+ continue;
+ }
+ }
+ while (*p);
+
+ n = sizeof(struct security_descriptor) +
+ FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]) +
+ FIELD_OFFSET(SID, SubAuthority[group->SubAuthorityCount]) +
+ dacl_size;
+
+ sd = mem_alloc( n );
+ if (!sd) return NULL;
+
+ sd->control = SE_DACL_PRESENT;
+ sd->owner_len = FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]);
+ sd->group_len = FIELD_OFFSET(SID, SubAuthority[group->SubAuthorityCount]);
+ sd->sacl_len = 0;
+ sd->dacl_len = dacl_size;
+
+ ptr = (char *)(sd + 1);
+ memcpy( ptr, user, sd->owner_len );
+ ptr += sd->owner_len;
+ memcpy( ptr, group, sd->group_len );
+ ptr += sd->group_len;
+
+ dacl = (ACL *)ptr;
+ dacl->AclRevision = ACL_REVISION;
+ dacl->Sbz1 = 0;
+ dacl->AclSize = dacl_size;
+ dacl->AceCount = 0;
+ dacl->Sbz2 = 0;
+
+ ptr = (char *)(dacl + 1);
+ p = buffer;
+ do
+ {
+ char sid_buffer[sizeof(SID) + sizeof(ULONG) * SID_MAX_SUB_AUTHORITIES];
+ SID *sid = (SID *)sid_buffer;
+ int sub_authority_count = 0;
+
+ if (sscanf(p, "%x,%x,%x,S-%u-%d%n", &type, &flags, &mask, &rev, &ia, &offset) != 5)
+ goto err;
+ p += offset;
+
+ while (sscanf(p, "-%u%n", &sa, &offset) == 1)
+ {
+ p += offset;
+ if (sub_authority_count < SID_MAX_SUB_AUTHORITIES)
+ sid->SubAuthority[sub_authority_count] = sa;
+ sub_authority_count++;
+ }
+
+ if (*p == ';') p++;
+ else if (*p) goto err;
+
+ if (sub_authority_count > SID_MAX_SUB_AUTHORITIES)
+ continue;
+
+ sid->Revision = rev;
+ sid->IdentifierAuthority.Value[0] = 0;
+ sid->IdentifierAuthority.Value[1] = 0;
+ sid->IdentifierAuthority.Value[2] = HIBYTE(HIWORD(ia));
+ sid->IdentifierAuthority.Value[3] = LOBYTE(HIWORD(ia));
+ sid->IdentifierAuthority.Value[4] = HIBYTE(LOWORD(ia));
+ sid->IdentifierAuthority.Value[5] = LOBYTE(LOWORD(ia));
+ sid->SubAuthorityCount = sub_authority_count;
+
+ /* Handle the specific ACE */
+ switch (type)
+ {
+ case ACCESS_DENIED_ACE_TYPE:
+ {
+ ACCESS_DENIED_ACE *ada = (ACCESS_DENIED_ACE *)ptr;
+ ada->Header.AceType = type;
+ ada->Header.AceFlags = flags;
+ ada->Header.AceSize = FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) +
+ FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]);
+ ada->Mask = mask;
+ memcpy( &ada->SidStart, sid, FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) );
+ }
+ break;
+ case ACCESS_ALLOWED_ACE_TYPE:
+ {
+ ACCESS_ALLOWED_ACE *aaa = (ACCESS_ALLOWED_ACE *)ptr;
+ aaa->Header.AceType = type;
+ aaa->Header.AceFlags = flags;
+ aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) +
+ FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]);
+ aaa->Mask = mask;
+ memcpy( &aaa->SidStart, sid, FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) );
+ }
+ break;
+ default:
+ continue;
+ }
+
+ ptr = (char *)ace_next( (ACE_HEADER *)ptr );
+ dacl->AceCount++;
+ }
+ while (*p);
+
+ if (sd_is_valid( sd, n ))
+ {
+ convert_generic_sd( sd );
+ return sd;
+ }
+
+err:
+ free( sd );
+ return NULL;
+}
+
static struct security_descriptor *get_xattr_sd( int fd )
{
struct security_descriptor *sd;
@@ -665,6 +827,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
int unix_fd = get_unix_fd( fd );
struct stat st;
struct security_descriptor *sd;
+ const SID *user, *group;
if (unix_fd == -1 || fstat( unix_fd, &st ) == -1)
return obj->sd;
@@ -674,10 +837,11 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
(st.st_uid == *uid))
return obj->sd;
+ user = security_unix_uid_to_sid( st.st_uid );
+ group = token_get_primary_group( current->process->token );
sd = get_xattr_sd( unix_fd );
- if (!sd) sd = mode_to_sd( st.st_mode,
- security_unix_uid_to_sid( st.st_uid ),
- token_get_primary_group( current->process->token ));
+ if (!sd) sd = get_xattr_acls( unix_fd, user, group );
+ if (!sd) sd = mode_to_sd( st.st_mode, user, group );
if (!sd) return obj->sd;
*mode = st.st_mode;
--
2.4.2

1
patches/server-ACL_Compat/definition
View File

@ -1 +0,0 @@
Depends: server-Inherited_ACLs