From 54cc9a694caeb45dcfef4e06722594ed45c3ff56 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sun, 16 Oct 2016 06:22:08 +0200 Subject: [PATCH] server-File_Permissions: Improve STATUS_CANNOT_DELETE checks for directory case. --- patches/patchinstall.sh | 14 ++++--- ...TATUS_CANNOT_DELETE-checks-for-direc.patch | 41 +++++++++++++++++++ ...pen-files-without-any-permission-bi.patch} | 20 ++++----- ...ing-new-directories-temporarily-giv.patch} | 0 ...d-tests-for-ACL-inheritance-in-Crea.patch} | 0 ...d-ACL-inheritance-tests-for-creatin.patch} | 0 ...-tests-for-open-behaviour-on-readon.patch} | 0 ..._ATTRIBUTES-should-succeed-for-read.patch} | 0 8 files changed, 59 insertions(+), 16 deletions(-) create mode 100644 patches/server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch rename patches/server-File_Permissions/{0001-server-Allow-to-open-files-without-any-permission-bi.patch => 0002-server-Allow-to-open-files-without-any-permission-bi.patch} (89%) rename patches/server-File_Permissions/{0002-server-When-creating-new-directories-temporarily-giv.patch => 0003-server-When-creating-new-directories-temporarily-giv.patch} (100%) rename patches/server-File_Permissions/{0003-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch => 0004-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch} (100%) rename patches/server-File_Permissions/{0004-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch => 0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch} (100%) rename patches/server-File_Permissions/{0005-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch => 0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch} (100%) rename patches/server-File_Permissions/{0006-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch => 0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch} (100%) diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 583ec66c..67a1ef29 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -4080,13 +4080,15 @@ fi # | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c # | if test "$enable_server_File_Permissions" -eq 1; then - patch_apply server-File_Permissions/0001-server-Allow-to-open-files-without-any-permission-bi.patch - patch_apply server-File_Permissions/0002-server-When-creating-new-directories-temporarily-giv.patch - patch_apply server-File_Permissions/0003-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch - patch_apply server-File_Permissions/0004-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch - patch_apply server-File_Permissions/0005-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch - patch_apply server-File_Permissions/0006-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch + patch_apply server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch + patch_apply server-File_Permissions/0002-server-Allow-to-open-files-without-any-permission-bi.patch + patch_apply server-File_Permissions/0003-server-When-creating-new-directories-temporarily-giv.patch + patch_apply server-File_Permissions/0004-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch + patch_apply server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch + patch_apply server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch + patch_apply server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch ( + echo '+ { "Sebastian Lackner", "server: Improve STATUS_CANNOT_DELETE checks for directory case.", 1 },'; echo '+ { "Sebastian Lackner", "server: Allow to open files without any permission bits.", 2 },'; echo '+ { "Sebastian Lackner", "server: When creating new directories temporarily give read-permissions until they are opened.", 1 },'; echo '+ { "Sebastian Lackner", "advapi32/tests: Add tests for ACL inheritance in CreateDirectoryA.", 1 },'; diff --git a/patches/server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch b/patches/server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch new file mode 100644 index 00000000..d28e792e --- /dev/null +++ b/patches/server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch @@ -0,0 +1,41 @@ +From fb234cc16f1101ed2189ceb578b7d5f1f79ebe72 Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Sun, 16 Oct 2016 03:21:42 +0200 +Subject: server: Improve STATUS_CANNOT_DELETE checks for directory case. + +--- + server/fd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/server/fd.c b/server/fd.c +index 17b1b66..77c7026 100644 +--- a/server/fd.c ++++ b/server/fd.c +@@ -1755,6 +1755,7 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, + struct fd *fd; + int root_fd = -1; + int rw_mode; ++ int created = (flags & O_CREAT); + + if (((options & FILE_DELETE_ON_CLOSE) && !(access & DELETE)) || + ((options & FILE_DIRECTORY_FILE) && (flags & O_TRUNC))) +@@ -1793,6 +1794,7 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, + file_set_error(); + goto error; + } ++ created = 0; + } + flags &= ~(O_CREAT | O_EXCL | O_TRUNC); + } +@@ -1865,7 +1867,7 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, + } + + /* can't unlink files if we don't have permission to access */ +- if ((options & FILE_DELETE_ON_CLOSE) && !(flags & O_CREAT) && ++ if ((options & FILE_DELETE_ON_CLOSE) && !created && + !(st.st_mode & (S_IWUSR | S_IWGRP | S_IWOTH))) + { + set_error( STATUS_CANNOT_DELETE ); +-- +2.9.0 + diff --git a/patches/server-File_Permissions/0001-server-Allow-to-open-files-without-any-permission-bi.patch b/patches/server-File_Permissions/0002-server-Allow-to-open-files-without-any-permission-bi.patch similarity index 89% rename from patches/server-File_Permissions/0001-server-Allow-to-open-files-without-any-permission-bi.patch rename to patches/server-File_Permissions/0002-server-Allow-to-open-files-without-any-permission-bi.patch index d6eaf1fc..4c667e70 100644 --- a/patches/server-File_Permissions/0001-server-Allow-to-open-files-without-any-permission-bi.patch +++ b/patches/server-File_Permissions/0002-server-Allow-to-open-files-without-any-permission-bi.patch @@ -1,4 +1,4 @@ -From 7571a6f9f7933133862d13e4ab25814b554d002e Mon Sep 17 00:00:00 2001 +From d51c91b6f63c6ee874964726439285be8085ac7b Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 3 Apr 2015 03:58:47 +0200 Subject: server: Allow to open files without any permission bits. (try 2) @@ -12,10 +12,10 @@ Changes in v2: 2 files changed, 33 insertions(+), 20 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index 70aa949..799e306 100644 +index cf104ab..c517f85 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -3326,17 +3326,13 @@ static void test_CreateDirectoryA(void) +@@ -3548,17 +3548,13 @@ static void test_CreateDirectoryA(void) error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, (PSID *)&owner, NULL, &pDacl, NULL, &pSD); @@ -39,7 +39,7 @@ index 70aa949..799e306 100644 CloseHandle(hTemp); /* Test inheritance of ACLs in NtCreateFile without security descriptor */ -@@ -3406,17 +3402,13 @@ static void test_CreateDirectoryA(void) +@@ -3628,17 +3624,13 @@ static void test_CreateDirectoryA(void) error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, (PSID *)&owner, NULL, &pDacl, NULL, &pSD); @@ -64,18 +64,18 @@ index 70aa949..799e306 100644 done: diff --git a/server/fd.c b/server/fd.c -index 0bac57d..e8839c2 100644 +index 77c7026..f331606 100644 --- a/server/fd.c +++ b/server/fd.c -@@ -1745,6 +1745,7 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, +@@ -1755,6 +1755,7 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, struct fd *fd; int root_fd = -1; int rw_mode; + int do_chmod = 0; + int created = (flags & O_CREAT); if (((options & FILE_DELETE_ON_CLOSE) && !(access & DELETE)) || - ((options & FILE_DIRECTORY_FILE) && (flags & O_TRUNC))) -@@ -1804,10 +1805,28 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, +@@ -1816,10 +1817,28 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, if ((access & FILE_UNIX_WRITE_ACCESS) || (flags & O_CREAT)) fd->unix_fd = open( name, O_RDONLY | (flags & ~(O_TRUNC | O_CREAT | O_EXCL)), *mode ); } @@ -104,7 +104,7 @@ index 0bac57d..e8839c2 100644 goto error; } } -@@ -1815,6 +1834,8 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, +@@ -1827,6 +1846,8 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode, closed_fd->unix_fd = fd->unix_fd; closed_fd->unlink = 0; closed_fd->unix_name = fd->unix_name; @@ -114,5 +114,5 @@ index 0bac57d..e8839c2 100644 *mode = st.st_mode; -- -2.5.0 +2.9.0 diff --git a/patches/server-File_Permissions/0002-server-When-creating-new-directories-temporarily-giv.patch b/patches/server-File_Permissions/0003-server-When-creating-new-directories-temporarily-giv.patch similarity index 100% rename from patches/server-File_Permissions/0002-server-When-creating-new-directories-temporarily-giv.patch rename to patches/server-File_Permissions/0003-server-When-creating-new-directories-temporarily-giv.patch diff --git a/patches/server-File_Permissions/0003-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch b/patches/server-File_Permissions/0004-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch similarity index 100% rename from patches/server-File_Permissions/0003-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch rename to patches/server-File_Permissions/0004-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch diff --git a/patches/server-File_Permissions/0004-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch b/patches/server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch similarity index 100% rename from patches/server-File_Permissions/0004-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch rename to patches/server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch diff --git a/patches/server-File_Permissions/0005-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch b/patches/server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch similarity index 100% rename from patches/server-File_Permissions/0005-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch rename to patches/server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch diff --git a/patches/server-File_Permissions/0006-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch b/patches/server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch similarity index 100% rename from patches/server-File_Permissions/0006-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch rename to patches/server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch