From 5b0e78d2c0cb20496508af281aba836505ba5198 Mon Sep 17 00:00:00 2001 From: Alistair Leslie-Hughes Date: Wed, 26 Jan 2022 09:16:36 +1100 Subject: [PATCH] Rebase against 1d178982ae5a73b18f367026c8689b56789c39fd. --- ...entfd-file-descriptors-for-process-o.patch | 6 +- ...a-COM-interface-to-retrieve-the-wine.patch | 28 ++-- patches/patchinstall.sh | 2 +- ...-storage-of-security-attributes-for-.patch | 30 ++-- ...-retrieval-of-security-attributes-fo.patch | 18 +-- ...per-function-set_sd_from_token_inter.patch | 16 +-- ...ly-store-the-full-security-descripto.patch | 132 +++++++++--------- ...e-security-attributes-with-extended-.patch | 10 +- ...eturn-of-file-security-masks-with-ge.patch | 20 +-- ...file-security-attributes-with-extend.patch | 24 ++-- staging/upstream-commit | 2 +- 11 files changed, 148 insertions(+), 140 deletions(-) diff --git a/patches/eventfd_synchronization/0013-server-Create-eventfd-file-descriptors-for-process-o.patch b/patches/eventfd_synchronization/0013-server-Create-eventfd-file-descriptors-for-process-o.patch index a996157a..57e376d2 100644 --- a/patches/eventfd_synchronization/0013-server-Create-eventfd-file-descriptors-for-process-o.patch +++ b/patches/eventfd_synchronization/0013-server-Create-eventfd-file-descriptors-for-process-o.patch @@ -1,4 +1,4 @@ -From 24fa0367db3de31fdc2da7bd61c27699c091cdaa Mon Sep 17 00:00:00 2001 +From 3e714e2eb10fe17f12b747731c0ce7e18fd4b7a0 Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Mon, 6 Jul 2020 15:11:12 -0500 Subject: [PATCH] server: Create eventfd file descriptors for process objects. @@ -49,7 +49,7 @@ index 7ca4ca89394..6a0a367124d 100644 void esync_init(void); +int esync_create_fd( int initval, int flags ); diff --git a/server/process.c b/server/process.c -index ca9844c5c90..eca2f8f4bca 100644 +index da972a41955..91b26d00ec0 100644 --- a/server/process.c +++ b/server/process.c @@ -63,6 +63,7 @@ @@ -86,7 +86,7 @@ index ca9844c5c90..eca2f8f4bca 100644 list_init( &process->thread_list ); list_init( &process->locks ); @@ -741,6 +744,9 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla - if (!token_assign_label( process->token, security_high_label_sid )) + if (!token_assign_label( process->token, &high_label_sid )) goto error; + if (do_esync()) diff --git a/patches/nvapi-Stub_DLL/0020-d3d11-Introduce-a-COM-interface-to-retrieve-the-wine.patch b/patches/nvapi-Stub_DLL/0020-d3d11-Introduce-a-COM-interface-to-retrieve-the-wine.patch index ba3fbe3c..672c2ecd 100644 --- a/patches/nvapi-Stub_DLL/0020-d3d11-Introduce-a-COM-interface-to-retrieve-the-wine.patch +++ b/patches/nvapi-Stub_DLL/0020-d3d11-Introduce-a-COM-interface-to-retrieve-the-wine.patch @@ -1,4 +1,4 @@ -From 2a1f587297f97e8c8f3d1327f2dfd3f5f1fd2300 Mon Sep 17 00:00:00 2001 +From 0b292f9ebd14638de48420184e065ce7ec9c4126 Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Sat, 22 May 2021 18:05:40 -0500 Subject: [PATCH] d3d11: Introduce a COM interface to retrieve the @@ -11,18 +11,18 @@ Subject: [PATCH] d3d11: Introduce a COM interface to retrieve the 3 files changed, 112 insertions(+) diff --git a/dlls/d3d11/d3d11_private.h b/dlls/d3d11/d3d11_private.h -index f4c66ca4ce9..8dc8ecc88db 100644 +index efe26551258..6079a8ad2db 100644 --- a/dlls/d3d11/d3d11_private.h +++ b/dlls/d3d11/d3d11_private.h -@@ -545,6 +545,7 @@ struct d3d11_device_context - { +@@ -546,6 +546,7 @@ struct d3d11_device_context ID3D11DeviceContext1 ID3D11DeviceContext1_iface; ID3D11Multithread ID3D11Multithread_iface; + ID3DUserDefinedAnnotation ID3DUserDefinedAnnotation_iface; + IWineD3DDeviceContext IWineD3DDeviceContext_iface; LONG refcount; D3D11_DEVICE_CONTEXT_TYPE type; -@@ -561,6 +562,7 @@ struct d3d_device +@@ -562,6 +563,7 @@ struct d3d_device ID3D11Device2 ID3D11Device2_iface; ID3D10Device1 ID3D10Device1_iface; ID3D10Multithread ID3D10Multithread_iface; @@ -31,10 +31,10 @@ index f4c66ca4ce9..8dc8ecc88db 100644 IUnknown *outer_unk; LONG refcount; diff --git a/dlls/d3d11/device.c b/dlls/d3d11/device.c -index b5b97c83aba..626e9d47e81 100644 +index f0cbb1741ab..82419b2a5bc 100644 --- a/dlls/d3d11/device.c +++ b/dlls/d3d11/device.c -@@ -3223,11 +3223,67 @@ static const struct ID3D11MultithreadVtbl d3d11_multithread_vtbl = +@@ -3191,6 +3191,61 @@ static const struct ID3D11MultithreadVtbl d3d11_multithread_vtbl = d3d11_multithread_GetMultithreadProtected, }; @@ -93,16 +93,18 @@ index b5b97c83aba..626e9d47e81 100644 + context_d3d_device_context_get_wined3d_device_context, +}; + - static void d3d11_device_context_init(struct d3d11_device_context *context, struct d3d_device *device, - D3D11_DEVICE_CONTEXT_TYPE type) - { + /* ID3DUserDefinedAnnotation methods */ + + static inline struct d3d11_device_context *impl_from_ID3DUserDefinedAnnotation(ID3DUserDefinedAnnotation *iface) +@@ -3271,6 +3326,7 @@ static void d3d11_device_context_init(struct d3d11_device_context *context, stru context->ID3D11DeviceContext1_iface.lpVtbl = &d3d11_device_context_vtbl; context->ID3D11Multithread_iface.lpVtbl = &d3d11_multithread_vtbl; + context->ID3DUserDefinedAnnotation_iface.lpVtbl = &d3d11_user_defined_annotation_vtbl; + context->IWineD3DDeviceContext_iface.lpVtbl = &context_d3d_device_context_vtbl; context->refcount = 1; context->type = type; -@@ -6631,6 +6687,49 @@ static const struct ID3D10MultithreadVtbl d3d10_multithread_vtbl = +@@ -6695,6 +6751,49 @@ static const struct ID3D10MultithreadVtbl d3d10_multithread_vtbl = d3d10_multithread_GetMultithreadProtected, }; @@ -152,7 +154,7 @@ index b5b97c83aba..626e9d47e81 100644 /* IWineDXGIDeviceParent IUnknown methods */ static inline struct d3d_device *device_from_dxgi_device_parent(IWineDXGIDeviceParent *iface) -@@ -6834,6 +6933,7 @@ void d3d_device_init(struct d3d_device *device, void *outer_unknown) +@@ -6898,6 +6997,7 @@ void d3d_device_init(struct d3d_device *device, void *outer_unknown) device->ID3D11Device2_iface.lpVtbl = &d3d11_device_vtbl; device->ID3D10Device1_iface.lpVtbl = &d3d10_device1_vtbl; device->ID3D10Multithread_iface.lpVtbl = &d3d10_multithread_vtbl; @@ -179,5 +181,5 @@ index 83012047ea7..3c910376cc7 100644 + struct wined3d_device_context *get_wined3d_device_context(); +} -- -2.30.2 +2.34.1 diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index c4127b95..a322dd39 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -51,7 +51,7 @@ usage() # Get the upstream commit sha upstream_commit() { - echo "513feedff77bf1474d7a8ab49d4053ef8e5181c7" + echo "1d178982ae5a73b18f367026c8689b56789c39fd" } # Show version information diff --git a/patches/server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch b/patches/server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch index b90e18d4..14dc55f1 100644 --- a/patches/server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch +++ b/patches/server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch @@ -1,4 +1,4 @@ -From 3bafbe9d52d8189439b4969c091324d56c2462ed Mon Sep 17 00:00:00 2001 +From 1a3f9029f375e5934ff2e87f83bd2cd5d546dd80 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 17 Apr 2014 16:07:46 -0600 Subject: [PATCH] server: Unify the storage of security attributes for files @@ -11,14 +11,14 @@ Subject: [PATCH] server: Unify the storage of security attributes for files 3 files changed, 30 insertions(+), 51 deletions(-) diff --git a/server/change.c b/server/change.c -index 1c384310d59..1e27e266fc1 100644 +index dd9e0bfee31..fc030159101 100644 --- a/server/change.c +++ b/server/change.c -@@ -373,48 +373,15 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd, +@@ -365,48 +365,15 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info ) { struct dir *dir = (struct dir *)obj; -- const SID *owner; +- const struct sid *owner; - struct stat st; - mode_t mode; - int unix_fd; @@ -39,7 +39,7 @@ index 1c384310d59..1e27e266fc1 100644 - set_error( STATUS_INVALID_SECURITY_DESCR ); - return 0; - } -- if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) )) +- if (!obj->sd || !equal_sid( owner, sd_get_owner( obj->sd ) )) - { - /* FIXME: get Unix uid and call fchown */ - } @@ -70,10 +70,10 @@ index 1c384310d59..1e27e266fc1 100644 static struct change_record *get_first_change_record( struct dir *dir ) diff --git a/server/file.c b/server/file.c -index af080ffc5fb..34da2168643 100644 +index 1fd0ac37df5..6032e228a9f 100644 --- a/server/file.c +++ b/server/file.c -@@ -562,18 +562,13 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) +@@ -499,18 +499,13 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const struct sid *owner return new_mode; } @@ -84,7 +84,7 @@ index af080ffc5fb..34da2168643 100644 { - struct file *file = (struct file *)obj; + int unix_fd = get_unix_fd( fd ); - const SID *owner; + const struct sid *owner; struct stat st; - mode_t mode; - int unix_fd; @@ -96,7 +96,7 @@ index af080ffc5fb..34da2168643 100644 if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) return 1; -@@ -600,10 +595,10 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd +@@ -537,10 +532,10 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd if (set_info & DACL_SECURITY_INFORMATION) { /* keep the bits that we don't map to access rights in the ACL */ @@ -110,7 +110,7 @@ index af080ffc5fb..34da2168643 100644 { file_set_error(); return 0; -@@ -645,6 +640,21 @@ static struct list *file_get_kernel_obj_list( struct object *obj ) +@@ -585,6 +580,21 @@ static struct list *file_get_kernel_obj_list( struct object *obj ) return &file->kernel_object; } @@ -133,12 +133,12 @@ index af080ffc5fb..34da2168643 100644 { struct file *file = (struct file *)obj; diff --git a/server/file.h b/server/file.h -index 69b2b368aed..d241927ebbd 100644 +index 358788096a0..38bcea802d6 100644 --- a/server/file.h +++ b/server/file.h -@@ -151,6 +151,8 @@ extern struct object_type *file_get_type( struct object *obj ); - extern struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID *group ); - extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ); +@@ -168,6 +168,8 @@ extern void file_set_error(void); + extern struct security_descriptor *mode_to_sd( mode_t mode, const struct sid *user, const struct sid *group ); + extern mode_t sd_to_mode( const struct security_descriptor *sd, const struct sid *owner ); extern int is_file_executable( const char *name ); +extern int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid, + const struct security_descriptor *sd, unsigned int set_info ); @@ -146,5 +146,5 @@ index 69b2b368aed..d241927ebbd 100644 /* file mapping functions */ -- -2.17.1 +2.34.1 diff --git a/patches/server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch b/patches/server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch index 11b21e81..dcc07f03 100644 --- a/patches/server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch +++ b/patches/server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch @@ -1,4 +1,4 @@ -From a258817a0a1caaa20d552447e1db0f3c55ebf246 Mon Sep 17 00:00:00 2001 +From d00da337d96200866ae73008844455c29e4d3291 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 17 Apr 2014 16:07:50 -0600 Subject: [PATCH] server: Unify the retrieval of security attributes for files @@ -11,10 +11,10 @@ Subject: [PATCH] server: Unify the retrieval of security attributes for files 3 files changed, 28 insertions(+), 38 deletions(-) diff --git a/server/change.c b/server/change.c -index 1e27e266fc1..77c9ff8bc2d 100644 +index fc030159101..5beedef4714 100644 --- a/server/change.c +++ b/server/change.c -@@ -333,39 +333,17 @@ static struct fd *dir_get_fd( struct object *obj ) +@@ -325,39 +325,17 @@ static struct fd *dir_get_fd( struct object *obj ) return (struct fd *)grab_object( dir->fd ); } @@ -60,10 +60,10 @@ index 1e27e266fc1..77c9ff8bc2d 100644 } diff --git a/server/file.c b/server/file.c -index 34da2168643..60a47106da4 100644 +index 6032e228a9f..d476f4b796e 100644 --- a/server/file.c +++ b/server/file.c -@@ -450,23 +450,19 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID +@@ -389,23 +389,19 @@ struct security_descriptor *mode_to_sd( mode_t mode, const struct sid *user, con return sd; } @@ -92,7 +92,7 @@ index 34da2168643..60a47106da4 100644 return obj->sd; sd = mode_to_sd( st.st_mode, -@@ -474,13 +470,27 @@ static struct security_descriptor *file_get_sd( struct object *obj ) +@@ -413,13 +409,27 @@ static struct security_descriptor *file_get_sd( struct object *obj ) token_get_primary_group( current->process->token )); if (!sd) return obj->sd; @@ -123,10 +123,10 @@ index 34da2168643..60a47106da4 100644 { mode_t mode = 0; diff --git a/server/file.h b/server/file.h -index d241927ebbd..acabcc875b7 100644 +index 38bcea802d6..abea05d33fd 100644 --- a/server/file.h +++ b/server/file.h -@@ -153,6 +153,8 @@ extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner +@@ -170,6 +170,8 @@ extern mode_t sd_to_mode( const struct security_descriptor *sd, const struct sid extern int is_file_executable( const char *name ); extern int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid, const struct security_descriptor *sd, unsigned int set_info ); @@ -136,5 +136,5 @@ index d241927ebbd..acabcc875b7 100644 /* file mapping functions */ -- -2.17.1 +2.34.1 diff --git a/patches/server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch b/patches/server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch index 425c03f2..9df57b1c 100644 --- a/patches/server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch +++ b/patches/server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch @@ -1,4 +1,4 @@ -From c1c4b5f185231e12dfb488d9b4530c4b10c2765d Mon Sep 17 00:00:00 2001 +From 94f5ff2ca72ce78d339f1247adc58a10b1690af4 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Mon, 30 Mar 2015 12:32:34 +0200 Subject: [PATCH] server: Add a helper function set_sd_from_token_internal to @@ -10,7 +10,7 @@ Subject: [PATCH] server: Add a helper function set_sd_from_token_internal to 2 files changed, 40 insertions(+), 22 deletions(-) diff --git a/server/object.c b/server/object.c -index b2779fd61fe..9b1cca62af6 100644 +index 907bc087444..494d6e94569 100644 --- a/server/object.c +++ b/server/object.c @@ -538,8 +538,9 @@ struct security_descriptor *default_get_sd( struct object *obj ) @@ -26,7 +26,7 @@ index b2779fd61fe..9b1cca62af6 100644 struct security_descriptor new_sd, *new_sd_ptr; int present; @@ -548,8 +549,6 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri - ACL *replaced_sacl = NULL; + struct acl *replaced_sacl = NULL; char *ptr; - if (!set_info) return 1; @@ -65,13 +65,13 @@ index b2779fd61fe..9b1cca62af6 100644 @@ -595,20 +594,20 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri else if (set_info & LABEL_SECURITY_INFORMATION && present) { - const ACL *old_sacl = NULL; + const struct acl *old_sacl = NULL; - if (obj->sd && obj->sd->control & SE_SACL_PRESENT) old_sacl = sd_get_sacl( obj->sd, &present ); - if (!(replaced_sacl = replace_security_labels( old_sacl, sacl ))) return 0; + if (old_sd && old_sd->control & SE_SACL_PRESENT) old_sacl = sd_get_sacl( old_sd, &present ); + if (!(replaced_sacl = replace_security_labels( old_sacl, sacl ))) return NULL; new_sd.control |= SE_SACL_PRESENT; - new_sd.sacl_len = replaced_sacl->AclSize; + new_sd.sacl_len = replaced_sacl->size; sacl = replaced_sacl; } else @@ -143,10 +143,10 @@ index b2779fd61fe..9b1cca62af6 100644 /** Set the security descriptor using the current primary token for defaults. */ diff --git a/server/object.h b/server/object.h -index 5b2c309f0b2..4f354cca177 100644 +index c98e45125a0..f4261d0d585 100644 --- a/server/object.h +++ b/server/object.h -@@ -174,6 +174,9 @@ extern struct fd *no_get_fd( struct object *obj ); +@@ -173,6 +173,9 @@ extern struct fd *no_get_fd( struct object *obj ); extern unsigned int default_map_access( struct object *obj, unsigned int access ); extern struct security_descriptor *default_get_sd( struct object *obj ); extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info ); @@ -157,5 +157,5 @@ index 5b2c309f0b2..4f354cca177 100644 unsigned int set_info, struct token *token ); extern WCHAR *no_get_full_name( struct object *obj, data_size_t *ret_len ); -- -2.20.1 +2.34.1 diff --git a/patches/server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch b/patches/server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch index 1ebe5697..dce9e3b6 100644 --- a/patches/server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch +++ b/patches/server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch @@ -1,21 +1,21 @@ -From c048391956675382e7cd22ad3d28e34ab011c542 Mon Sep 17 00:00:00 2001 +From 8ef1df41f726dc8ceb520c46974c64f628d9f831 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Mon, 30 Mar 2015 12:50:21 +0200 Subject: [PATCH] server: Temporarily store the full security descriptor for file objects. --- - dlls/advapi32/tests/security.c | 16 +++---- - server/change.c | 8 +++- - server/file.c | 88 +++++++++++++++++++++++----------- - server/file.h | 3 +- - 4 files changed, 74 insertions(+), 41 deletions(-) + dlls/advapi32/tests/security.c | 16 ++---- + server/change.c | 8 ++- + server/file.c | 100 +++++++++++++++++++++------------ + server/file.h | 3 +- + 4 files changed, 80 insertions(+), 47 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index b4b5a1cd02b..4a414d0019a 100644 +index dadec9be388..37a81ec778d 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -3677,7 +3677,6 @@ static void test_CreateDirectoryA(void) +@@ -3702,7 +3702,6 @@ static void test_CreateDirectoryA(void) ok(error == ERROR_SUCCESS, "GetNamedSecurityInfo failed with error %d\n", error); bret = GetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); ok(bret, "GetAclInformation failed\n"); @@ -23,7 +23,7 @@ index b4b5a1cd02b..4a414d0019a 100644 ok(acl_size.AceCount == 0, "GetAclInformation returned unexpected entry count (%d != 0).\n", acl_size.AceCount); LocalFree(pSD); -@@ -3688,7 +3687,6 @@ static void test_CreateDirectoryA(void) +@@ -3713,7 +3712,6 @@ static void test_CreateDirectoryA(void) ok(error == ERROR_SUCCESS, "GetNamedSecurityInfo failed with error %d\n", error); bret = GetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); ok(bret, "GetAclInformation failed\n"); @@ -31,7 +31,7 @@ index b4b5a1cd02b..4a414d0019a 100644 ok(acl_size.AceCount == 0, "GetAclInformation returned unexpected entry count (%d != 0).\n", acl_size.AceCount); LocalFree(pSD); -@@ -3811,7 +3809,6 @@ static void test_CreateDirectoryA(void) +@@ -3836,7 +3834,6 @@ static void test_CreateDirectoryA(void) ok(error == ERROR_SUCCESS, "GetNamedSecurityInfo failed with error %d\n", error); bret = GetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); ok(bret, "GetAclInformation failed\n"); @@ -39,7 +39,7 @@ index b4b5a1cd02b..4a414d0019a 100644 ok(acl_size.AceCount == 0, "GetAclInformation returned unexpected entry count (%d != 0).\n", acl_size.AceCount); LocalFree(pSD); -@@ -4905,23 +4902,22 @@ static void test_GetSecurityInfo(void) +@@ -4935,23 +4932,22 @@ static void test_GetSecurityInfo(void) bret = GetAce(pDacl, 0, (VOID **)&ace); ok(bret, "Failed to get Current User ACE.\n"); bret = EqualSid(&ace->SidStart, user_sid); @@ -70,10 +70,10 @@ index b4b5a1cd02b..4a414d0019a 100644 LocalFree(pSD); CloseHandle(obj); diff --git a/server/change.c b/server/change.c -index 5e085350f3b..909225a03b3 100644 +index 5beedef4714..1ebda152ef9 100644 --- a/server/change.c +++ b/server/change.c -@@ -1069,7 +1069,8 @@ static int dir_add_to_existing_notify( struct dir *dir ) +@@ -1068,7 +1068,8 @@ static int dir_add_to_existing_notify( struct dir *dir ) #endif /* HAVE_SYS_INOTIFY_H */ @@ -83,7 +83,7 @@ index 5e085350f3b..909225a03b3 100644 { struct dir *dir; -@@ -1089,6 +1090,11 @@ struct object *create_dir_obj( struct fd *fd, unsigned int access, mode_t mode ) +@@ -1088,6 +1089,11 @@ struct object *create_dir_obj( struct fd *fd, unsigned int access, mode_t mode ) dir->client_process = NULL; set_fd_user( fd, &dir_fd_ops, &dir->obj ); @@ -96,10 +96,10 @@ index 5e085350f3b..909225a03b3 100644 return &dir->obj; diff --git a/server/file.c b/server/file.c -index ebd6f58939f..32f64282c96 100644 +index d476f4b796e..e61de8283b8 100644 --- a/server/file.c +++ b/server/file.c -@@ -188,7 +188,8 @@ struct file *create_file_for_fd_obj( struct fd *fd, unsigned int access, unsigne +@@ -187,7 +187,8 @@ struct file *create_file_for_fd_obj( struct fd *fd, unsigned int access, unsigne return file; } @@ -109,7 +109,7 @@ index ebd6f58939f..32f64282c96 100644 { struct file *file = alloc_object( &file_ops ); -@@ -200,6 +201,12 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_ +@@ -199,6 +200,12 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_ list_init( &file->kernel_object ); grab_object( fd ); set_fd_user( fd, &file_fd_ops, &file->obj ); @@ -122,7 +122,7 @@ index ebd6f58939f..32f64282c96 100644 return &file->obj; } -@@ -272,11 +279,11 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si +@@ -271,11 +278,11 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si if (!fd) goto done; if (S_ISDIR(mode)) @@ -136,14 +136,14 @@ index ebd6f58939f..32f64282c96 100644 release_object( fd ); -@@ -553,46 +560,66 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) +@@ -512,46 +519,66 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const struct sid *owner int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid, const struct security_descriptor *sd, unsigned int set_info ) { + struct security_descriptor *new_sd; int unix_fd = get_unix_fd( fd ); -- const SID *owner; -+ const SID *owner, *group; +- const struct sid *owner; ++ const struct sid *owner, *group; struct stat st; mode_t new_mode; @@ -152,62 +152,69 @@ index ebd6f58939f..32f64282c96 100644 + if (!obj->sd) get_file_sd( obj, fd, mode, uid ); - if (set_info & OWNER_SECURITY_INFORMATION) -+ /* calculate the new sd, save to a temporary variable before assigning */ -+ new_sd = set_sd_from_token_internal( sd, obj->sd, set_info, current->process->token ); -+ if (new_sd) - { +- { - owner = sd_get_owner( sd ); - if (!owner) -+ if (set_info & OWNER_SECURITY_INFORMATION) - { +- { - set_error( STATUS_INVALID_SECURITY_DESCR ); - return 0; -+ owner = sd_get_owner( new_sd ); -+ assert( owner ); -+ -+ if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) )) -+ { -+ /* FIXME: get Unix uid and call fchown */ -+ } - } -- if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) )) -+ -+ if (set_info & GROUP_SECURITY_INFORMATION) - { +- } +- if (!obj->sd || !equal_sid( owner, sd_get_owner( obj->sd ) )) +- { - /* FIXME: get Unix uid and call fchown */ -+ group = sd_get_group( new_sd ); -+ assert( group ); -+ -+ if (!obj->sd || !security_equal_sid( group, sd_get_group( obj->sd ) )) -+ { -+ /* FIXME: get Unix uid and call fchown */ -+ } - } +- } - } - else if (obj->sd) - owner = sd_get_owner( obj->sd ); - else - owner = token_get_user( current->process->token ); - -- /* group and sacl not supported */ -+ if (set_info & DACL_SECURITY_INFORMATION) -+ { ++ /* calculate the new sd, save to a temporary variable before assigning */ ++ new_sd = set_sd_from_token_internal( sd, obj->sd, set_info, current->process->token ); ++ if (new_sd) ++ { ++ if (set_info & OWNER_SECURITY_INFORMATION) ++ { + owner = sd_get_owner( new_sd ); + assert( owner ); +- /* group and sacl not supported */ ++ if (!obj->sd || !equal_sid( owner, sd_get_owner( obj->sd ) )) ++ { ++ /* FIXME: get Unix uid and call fchown */ ++ } ++ } + - if (set_info & DACL_SECURITY_INFORMATION) - { - /* keep the bits that we don't map to access rights in the ACL */ - new_mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX); - new_mode |= sd_to_mode( sd, owner ); ++ if (set_info & GROUP_SECURITY_INFORMATION) ++ { ++ group = sd_get_group( new_sd ); ++ assert( group ); + +- if (((st.st_mode ^ new_mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, new_mode ) == -1) ++ if (!obj->sd || !equal_sid( group, sd_get_group( obj->sd ) )) ++ { ++ /* FIXME: get Unix uid and call fchown */ ++ } ++ } ++ ++ if (set_info & DACL_SECURITY_INFORMATION) + { +- file_set_error(); +- return 0; +- } +- } +- return 1; ++ owner = sd_get_owner( new_sd ); ++ assert( owner ); ++ + /* keep the bits that we don't map to access rights in the ACL */ + new_mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX); + new_mode |= sd_to_mode( new_sd, owner ); - -- if (((st.st_mode ^ new_mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, new_mode ) == -1) -- { -- file_set_error(); -- return 0; ++ + if (((st.st_mode ^ new_mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, new_mode ) == -1) + { + free( new_sd ); @@ -216,19 +223,18 @@ index ebd6f58939f..32f64282c96 100644 + } + + *mode = (*mode & S_IFMT) | new_mode; - } ++ } + + free( obj->sd ); + obj->sd = new_sd; + return 1; - } -- return 1; ++ } + + return 0; } static struct object *file_lookup_name( struct object *obj, struct unicode_str *name, -@@ -732,7 +759,10 @@ DECL_HANDLER(create_file) +@@ -691,7 +718,10 @@ DECL_HANDLER(create_file) if ((file = create_file( root_fd, name, name_len, nt_name, req->access, req->sharing, req->create, req->options, req->attrs, sd ))) { @@ -241,10 +247,10 @@ index ebd6f58939f..32f64282c96 100644 } if (root_fd) release_object( root_fd ); diff --git a/server/file.h b/server/file.h -index f43b535c125..e4d99e786c1 100644 +index abea05d33fd..81bcdc1c913 100644 --- a/server/file.h +++ b/server/file.h -@@ -201,7 +201,8 @@ extern struct object *create_unix_device( struct object *root, const struct unic +@@ -207,7 +207,8 @@ extern struct object *create_unix_device( struct object *root, const struct unic extern void do_change_notify( int unix_fd ); extern void sigio_callback(void); @@ -255,5 +261,5 @@ index f43b535c125..e4d99e786c1 100644 /* completion */ -- -2.20.1 +2.34.1 diff --git a/patches/server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch b/patches/server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch index 69776c58..2af63128 100644 --- a/patches/server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch +++ b/patches/server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch @@ -1,4 +1,4 @@ -From 64a1a23ec691d3e5f732b47c120e2d801cdfad90 Mon Sep 17 00:00:00 2001 +From d94d6bfce4c863496d848cbb3f7b59051b3fbe36 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Mon, 30 Mar 2015 13:04:23 +0200 Subject: [PATCH] server: Store file security attributes with extended file @@ -9,7 +9,7 @@ Subject: [PATCH] server: Store file security attributes with extended file 1 file changed, 78 insertions(+) diff --git a/server/file.c b/server/file.c -index 850b33bd3dd..054c15ff879 100644 +index e61de8283b8..01e187b8c00 100644 --- a/server/file.c +++ b/server/file.c @@ -31,11 +31,21 @@ @@ -113,9 +113,9 @@ index 850b33bd3dd..054c15ff879 100644 static struct object *create_file( struct fd *root, const char *nameptr, data_size_t len, struct unicode_str nt_name, unsigned int access, unsigned int sharing, int create, -@@ -613,6 +688,9 @@ int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid, +@@ -573,6 +648,9 @@ int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid, *mode = (*mode & S_IFMT) | new_mode; - } + } + /* extended attributes are set after the file mode, to ensure it stays in sync */ + set_xattr_sd( unix_fd, new_sd ); @@ -124,5 +124,5 @@ index 850b33bd3dd..054c15ff879 100644 obj->sd = new_sd; return 1; -- -2.33.0 +2.34.1 diff --git a/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch b/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch index 13c3f3ad..caffa745 100644 --- a/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch +++ b/patches/server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch @@ -1,4 +1,4 @@ -From 950b2b3feea2040879c6a0ec69a8aecc92b49d9d Mon Sep 17 00:00:00 2001 +From eb893d7f6a16af59e95c3b0bd17075f47ddca9cf Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 14:05:32 -0600 Subject: [PATCH] server: Convert return of file security masks with generic @@ -10,10 +10,10 @@ Subject: [PATCH] server: Convert return of file security masks with generic 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index fe88964f53f..957b407061d 100644 +index 37a81ec778d..f154e5b9346 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -4919,8 +4919,8 @@ static void test_GetSecurityInfo(void) +@@ -4935,8 +4935,8 @@ static void test_GetSecurityInfo(void) ok(bret, "Current User ACE (%s) != Current User SID (%s).\n", debugstr_sid(&ace->SidStart), debugstr_sid(user_sid)); ok(((ACE_HEADER *)ace)->AceFlags == 0, "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); @@ -24,7 +24,7 @@ index fe88964f53f..957b407061d 100644 } if (acl_size.AceCount > 1) { -@@ -4930,7 +4930,7 @@ static void test_GetSecurityInfo(void) +@@ -4946,7 +4946,7 @@ static void test_GetSecurityInfo(void) ok(bret, "Administators Group ACE (%s) != Administators Group SID (%s).\n", debugstr_sid(&ace->SidStart), debugstr_sid(admin_sid)); ok(((ACE_HEADER *)ace)->AceFlags == 0, "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); @@ -34,10 +34,10 @@ index fe88964f53f..957b407061d 100644 } LocalFree(pSD); diff --git a/server/file.c b/server/file.c -index cde04a594a9..3055e6ff5b1 100644 +index 01e187b8c00..91900429a49 100644 --- a/server/file.c +++ b/server/file.c -@@ -506,6 +506,26 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID +@@ -471,6 +471,26 @@ struct security_descriptor *mode_to_sd( mode_t mode, const struct sid *user, con return sd; } @@ -64,16 +64,16 @@ index cde04a594a9..3055e6ff5b1 100644 struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid ) { -@@ -647,6 +667,9 @@ int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid, +@@ -607,6 +627,9 @@ int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid, new_sd = set_sd_from_token_internal( sd, obj->sd, set_info, current->process->token ); if (new_sd) - { + { + /* convert generic rights into standard access rights */ + convert_generic_sd( new_sd ); + if (set_info & OWNER_SECURITY_INFORMATION) - { + { owner = sd_get_owner( new_sd ); -- -2.20.1 +2.34.1 diff --git a/patches/server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch b/patches/server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch index 7fda8cda..dc8a4f45 100644 --- a/patches/server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch +++ b/patches/server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch @@ -1,4 +1,4 @@ -From 2e1ccaecb562ddcbd9cd305927f800810fa735e9 Mon Sep 17 00:00:00 2001 +From b6eee87b6b0b97d351b0eabaacdf3f5febbd1502 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 14:01:35 -0600 Subject: [PATCH] server: Retrieve file security attributes with extended file @@ -10,10 +10,10 @@ Subject: [PATCH] server: Retrieve file security attributes with extended file 2 files changed, 56 insertions(+), 13 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index 29d6d86524e..df5ce2a5463 100644 +index f154e5b9346..f2a29e9f1a1 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -3645,7 +3645,7 @@ static void test_CreateDirectoryA(void) +@@ -3656,7 +3656,7 @@ static void test_CreateDirectoryA(void) } ok(!error, "GetNamedSecurityInfo failed with error %d\n", error); test_inherited_dacl(pDacl, admin_sid, user_sid, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE, @@ -22,7 +22,7 @@ index 29d6d86524e..df5ce2a5463 100644 LocalFree(pSD); /* Test inheritance of ACLs in CreateFile without security descriptor */ -@@ -4099,21 +4099,20 @@ static void test_GetNamedSecurityInfoA(void) +@@ -4110,21 +4110,20 @@ static void test_GetNamedSecurityInfoA(void) bret = GetAce(pDacl, 0, (VOID **)&ace); ok(bret, "Failed to get Current User ACE.\n"); bret = EqualSid(&ace->SidStart, user_sid); @@ -50,7 +50,7 @@ index 29d6d86524e..df5ce2a5463 100644 ok(((ACE_HEADER *)ace)->AceFlags == 0, "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */, -@@ -4140,8 +4139,8 @@ static void test_GetNamedSecurityInfoA(void) +@@ -4151,8 +4150,8 @@ static void test_GetNamedSecurityInfoA(void) { bret = GetAce(pDacl, 0, (VOID **)&ace); ok(bret, "Failed to get ACE.\n"); @@ -62,10 +62,10 @@ index 29d6d86524e..df5ce2a5463 100644 LocalFree(pSD); diff --git a/server/file.c b/server/file.c -index fe98068c6cd..590f2e6ac14 100644 +index 91900429a49..7edf612de73 100644 --- a/server/file.c +++ b/server/file.c -@@ -47,6 +47,7 @@ +@@ -44,6 +44,7 @@ #include #endif #ifdef HAVE_SYS_EXTATTR_H @@ -73,7 +73,7 @@ index fe98068c6cd..590f2e6ac14 100644 #include #endif -@@ -65,6 +66,9 @@ +@@ -76,6 +77,9 @@ struct type_descr file_type = #ifndef XATTR_USER_PREFIX #define XATTR_USER_PREFIX "user." #endif @@ -83,7 +83,7 @@ index fe98068c6cd..590f2e6ac14 100644 #ifndef XATTR_SIZE_MAX #define XATTR_SIZE_MAX 65536 #endif -@@ -242,6 +246,22 @@ static inline int xattr_valid_namespace( const char *name ) +@@ -252,6 +256,22 @@ static inline int xattr_valid_namespace( const char *name ) } #endif @@ -106,7 +106,7 @@ index fe98068c6cd..590f2e6ac14 100644 static int xattr_fset( int filedes, const char *name, void *value, size_t size ) { #if defined(XATTR_ADDITIONAL_OPTIONS) -@@ -541,6 +561,29 @@ static void convert_generic_sd( struct security_descriptor *sd ) +@@ -491,6 +511,29 @@ static void convert_generic_sd( struct security_descriptor *sd ) } } @@ -136,7 +136,7 @@ index fe98068c6cd..590f2e6ac14 100644 struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid ) { -@@ -556,9 +599,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode +@@ -506,9 +549,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode (st.st_uid == *uid)) return obj->sd; @@ -151,5 +151,5 @@ index fe98068c6cd..590f2e6ac14 100644 *mode = st.st_mode; -- -2.29.2 +2.34.1 diff --git a/staging/upstream-commit b/staging/upstream-commit index 51f94f68..5c06b881 100644 --- a/staging/upstream-commit +++ b/staging/upstream-commit @@ -1 +1 @@ -6fe37b465649bfff2085ea871ffad0fff7ee7d61 +1d178982ae5a73b18f367026c8689b56789c39fd