diff --git a/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch b/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch index b0b80d40..3f6821eb 100644 --- a/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch +++ b/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch @@ -1,80 +1,38 @@ -From cdaab625171127248c76eabe2679bbd2a111bfc3 Mon Sep 17 00:00:00 2001 +From ae6b499cc82a4af467274ec1553b96aebdf077b6 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 13 Jan 2017 00:58:17 +0100 -Subject: [PATCH] server: Improve mapping of DACL to file permissions. +Subject: [PATCH] server: Map group SIDs to Unix groups even if the owner + doesn't match the current user. +Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=44691 --- - server/file.c | 25 ++++++++++++------------- - 1 file changed, 12 insertions(+), 13 deletions(-) + server/file.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/server/file.c b/server/file.c -index 2cc4a9d978c..668dc7f0952 100644 +index 32cdec74d5a..3a0893d3b12 100644 --- a/server/file.c +++ b/server/file.c -@@ -487,7 +487,6 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) - mode_t mode; - int present; - const ACL *dacl = sd_get_dacl( sd, &present ); -- const SID *user = token_get_user( current->process->token ); - if (present && dacl) - { - const ACE_HEADER *ace = (const ACE_HEADER *)(dacl + 1); -@@ -508,16 +507,15 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) - mode = file_access_to_mode( ad_ace->Mask ); - if (security_equal_sid( sid, security_world_sid )) +@@ -497,8 +497,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) { -- bits_to_set &= ~((mode << 6) | (mode << 3) | mode); /* all */ -+ bits_to_set &= ~(mode << 0); /* all */ + bits_to_set &= ~((mode << 6) | (mode << 3) | mode); /* all */ } - else if ((security_equal_sid( user, owner ) && - token_sid_present( current->process->token, sid, TRUE ))) -+ if (token_sid_present( current->process->token, sid, TRUE )) ++ else if (token_sid_present( current->process->token, sid, TRUE )) { -- bits_to_set &= ~((mode << 6) | (mode << 3)); /* user + group */ -+ bits_to_set &= ~(mode << 3); /* group */ + bits_to_set &= ~((mode << 6) | (mode << 3)); /* user + group */ } -- else if (security_equal_sid( sid, owner )) -+ if (security_equal_sid( sid, owner )) - { -- bits_to_set &= ~(mode << 6); /* user only */ -+ bits_to_set &= ~(mode << 6); /* user */ - } - break; - case ACCESS_ALLOWED_ACE_TYPE: -@@ -526,26 +524,27 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) - mode = file_access_to_mode( aa_ace->Mask ); - if (security_equal_sid( sid, security_world_sid )) - { -- mode = (mode << 6) | (mode << 3) | mode; /* all */ -+ mode = (mode << 0); /* all */ +@@ -517,8 +516,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) new_mode |= mode & bits_to_set; bits_to_set &= ~mode; } - else if ((security_equal_sid( user, owner ) && - token_sid_present( current->process->token, sid, FALSE ))) -+ if (token_sid_present( current->process->token, sid, FALSE )) ++ else if (token_sid_present( current->process->token, sid, FALSE )) { -- mode = (mode << 6) | (mode << 3); /* user + group */ -+ mode = (mode << 3); /* group */ + mode = (mode << 6) | (mode << 3); /* user + group */ new_mode |= mode & bits_to_set; - bits_to_set &= ~mode; - } -- else if (security_equal_sid( sid, owner )) -+ if (security_equal_sid( sid, owner )) - { -- mode = (mode << 6); /* user only */ -+ mode = (mode << 6); /* user */ - new_mode |= mode & bits_to_set; - bits_to_set &= ~mode; - } - break; - } - } -+ new_mode |= (new_mode & S_IRWXO) << 3; -+ new_mode |= (new_mode & S_IRWXG) << 3; - } - else - /* no ACL means full access rights to anyone */ -- -2.29.2 +2.30.2