wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-09-13 09:17:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Added patch to improve mapping of DACL to file permissions.

Browse Source
This commit is contained in:
Sebastian Lackner 2017-01-13 01:03:25 +01:00
parent eaff208f0d
commit 73c19719e0
3 changed files with 90 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
patches/patchinstall.sh
View File

@ -4359,8 +4359,11 @@ fi
# Patchset server-File_Permissions
# |
# | This patchset fixes the following Wine bugs:
# | * [#38970] Improve mapping of DACL to file permissions
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c
# | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c, server/file.c
# |
if test "$enable_server_File_Permissions" -eq 1; then
patch_apply server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch
@ -4370,6 +4373,7 @@ if test "$enable_server_File_Permissions" -eq 1; then
patch_apply server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch
patch_apply server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch
patch_apply server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch
patch_apply server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch
(
echo '+ { "Sebastian Lackner", "server: Improve STATUS_CANNOT_DELETE checks for directory case.", 1 },';
echo '+ { "Sebastian Lackner", "server: Allow to open files without any permission bits.", 2 },';
@ -4378,6 +4382,7 @@ if test "$enable_server_File_Permissions" -eq 1; then
echo '+ { "Sebastian Lackner", "advapi32/tests: Add ACL inheritance tests for creating subdirectories with NtCreateFile.", 1 },';
echo '+ { "Qian Hong", "ntdll/tests: Added tests for open behaviour on readonly files.", 1 },';
echo '+ { "Sebastian Lackner", "server: FILE_WRITE_ATTRIBUTES should succeed for readonly files.", 1 },';
echo '+ { "Sebastian Lackner", "server: Improve mapping of DACL to file permissions.", 1 },';
) >> "$patchlist"
fi

83
patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch Normal file
View File

@ -0,0 +1,83 @@
From 130532e758d0cb1d3c5d87d834021edae64fd222 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 13 Jan 2017 00:58:17 +0100
Subject: server: Improve mapping of DACL to file permissions.
---
server/file.c | 34 +++++++++++++++-------------------
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/server/file.c b/server/file.c
index 5648543e739..0164e6b75d2 100644
--- a/server/file.c
+++ b/server/file.c
@@ -722,7 +722,6 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
mode_t mode;
int present;
const ACL *dacl = sd_get_dacl( sd, &present );
- const SID *user = token_get_user( current->process->token );
if (present && dacl)
{
const ACE_HEADER *ace = (const ACE_HEADER *)(dacl + 1);
@@ -743,16 +742,15 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
mode = file_access_to_mode( ad_ace->Mask );
if (security_equal_sid( sid, security_world_sid ))
{
- bits_to_set &= ~((mode << 6) | (mode << 3) | mode); /* all */
+ bits_to_set &= ~(mode << 0); /* all */
}
- else if ((security_equal_sid( user, owner ) &&
- token_sid_present( current->process->token, sid, TRUE )))
+ if (token_sid_present( current->process->token, sid, TRUE ))
{
- bits_to_set &= ~((mode << 6) | (mode << 3)); /* user + group */
+ bits_to_set &= ~(mode << 3); /* group */
}
- else if (security_equal_sid( sid, owner ))
+ if (security_equal_sid( sid, owner ))
{
- bits_to_set &= ~(mode << 6); /* user only */
+ bits_to_set &= ~(mode << 6); /* user */
}
break;
case ACCESS_ALLOWED_ACE_TYPE:
@@ -761,26 +759,24 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
mode = file_access_to_mode( aa_ace->Mask );
if (security_equal_sid( sid, security_world_sid ))
{
- mode = (mode << 6) | (mode << 3) | mode; /* all */
- new_mode |= mode & bits_to_set;
- bits_to_set &= ~mode;
+ new_mode |= (mode << 0) & bits_to_set; /* all */
+ bits_to_set &= ~(mode << 0);
}
- else if ((security_equal_sid( user, owner ) &&
- token_sid_present( current->process->token, sid, FALSE )))
+ if (token_sid_present( current->process->token, sid, FALSE ))
{
- mode = (mode << 6) | (mode << 3); /* user + group */
- new_mode |= mode & bits_to_set;
- bits_to_set &= ~mode;
+ new_mode |= (mode << 3) & bits_to_set; /* group */
+ bits_to_set &= ~(mode << 3);
}
- else if (security_equal_sid( sid, owner ))
+ if (security_equal_sid( sid, owner ))
{
- mode = (mode << 6); /* user only */
- new_mode |= mode & bits_to_set;
- bits_to_set &= ~mode;
+ new_mode |= (mode << 6) & bits_to_set; /* user */
+ bits_to_set &= ~(mode << 6);
}
break;
}
}
+ new_mode |= (new_mode & S_IRWXO) << 3;
+ new_mode |= (new_mode & S_IRWXG) << 3;
}
else
/* no ACL means full access rights to anyone */
--
2.11.0

1
patches/server-File_Permissions/definition
View File

@ -1 +1,2 @@
Fixes: Allow to open files/directories without any access rights in order to query attributes
Fixes: [38970] Improve mapping of DACL to file permissions