diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index f3136054..bab95886 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -4359,8 +4359,11 @@ fi # Patchset server-File_Permissions # | +# | This patchset fixes the following Wine bugs: +# | * [#38970] Improve mapping of DACL to file permissions +# | # | Modified files: -# | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c +# | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c, server/file.c # | if test "$enable_server_File_Permissions" -eq 1; then patch_apply server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch @@ -4370,6 +4373,7 @@ if test "$enable_server_File_Permissions" -eq 1; then patch_apply server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch patch_apply server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch patch_apply server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch + patch_apply server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch ( echo '+ { "Sebastian Lackner", "server: Improve STATUS_CANNOT_DELETE checks for directory case.", 1 },'; echo '+ { "Sebastian Lackner", "server: Allow to open files without any permission bits.", 2 },'; @@ -4378,6 +4382,7 @@ if test "$enable_server_File_Permissions" -eq 1; then echo '+ { "Sebastian Lackner", "advapi32/tests: Add ACL inheritance tests for creating subdirectories with NtCreateFile.", 1 },'; echo '+ { "Qian Hong", "ntdll/tests: Added tests for open behaviour on readonly files.", 1 },'; echo '+ { "Sebastian Lackner", "server: FILE_WRITE_ATTRIBUTES should succeed for readonly files.", 1 },'; + echo '+ { "Sebastian Lackner", "server: Improve mapping of DACL to file permissions.", 1 },'; ) >> "$patchlist" fi diff --git a/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch b/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch new file mode 100644 index 00000000..311aea19 --- /dev/null +++ b/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch @@ -0,0 +1,83 @@ +From 130532e758d0cb1d3c5d87d834021edae64fd222 Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Fri, 13 Jan 2017 00:58:17 +0100 +Subject: server: Improve mapping of DACL to file permissions. + +--- + server/file.c | 34 +++++++++++++++------------------- + 1 file changed, 15 insertions(+), 19 deletions(-) + +diff --git a/server/file.c b/server/file.c +index 5648543e739..0164e6b75d2 100644 +--- a/server/file.c ++++ b/server/file.c +@@ -722,7 +722,6 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) + mode_t mode; + int present; + const ACL *dacl = sd_get_dacl( sd, &present ); +- const SID *user = token_get_user( current->process->token ); + if (present && dacl) + { + const ACE_HEADER *ace = (const ACE_HEADER *)(dacl + 1); +@@ -743,16 +742,15 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) + mode = file_access_to_mode( ad_ace->Mask ); + if (security_equal_sid( sid, security_world_sid )) + { +- bits_to_set &= ~((mode << 6) | (mode << 3) | mode); /* all */ ++ bits_to_set &= ~(mode << 0); /* all */ + } +- else if ((security_equal_sid( user, owner ) && +- token_sid_present( current->process->token, sid, TRUE ))) ++ if (token_sid_present( current->process->token, sid, TRUE )) + { +- bits_to_set &= ~((mode << 6) | (mode << 3)); /* user + group */ ++ bits_to_set &= ~(mode << 3); /* group */ + } +- else if (security_equal_sid( sid, owner )) ++ if (security_equal_sid( sid, owner )) + { +- bits_to_set &= ~(mode << 6); /* user only */ ++ bits_to_set &= ~(mode << 6); /* user */ + } + break; + case ACCESS_ALLOWED_ACE_TYPE: +@@ -761,26 +759,24 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) + mode = file_access_to_mode( aa_ace->Mask ); + if (security_equal_sid( sid, security_world_sid )) + { +- mode = (mode << 6) | (mode << 3) | mode; /* all */ +- new_mode |= mode & bits_to_set; +- bits_to_set &= ~mode; ++ new_mode |= (mode << 0) & bits_to_set; /* all */ ++ bits_to_set &= ~(mode << 0); + } +- else if ((security_equal_sid( user, owner ) && +- token_sid_present( current->process->token, sid, FALSE ))) ++ if (token_sid_present( current->process->token, sid, FALSE )) + { +- mode = (mode << 6) | (mode << 3); /* user + group */ +- new_mode |= mode & bits_to_set; +- bits_to_set &= ~mode; ++ new_mode |= (mode << 3) & bits_to_set; /* group */ ++ bits_to_set &= ~(mode << 3); + } +- else if (security_equal_sid( sid, owner )) ++ if (security_equal_sid( sid, owner )) + { +- mode = (mode << 6); /* user only */ +- new_mode |= mode & bits_to_set; +- bits_to_set &= ~mode; ++ new_mode |= (mode << 6) & bits_to_set; /* user */ ++ bits_to_set &= ~(mode << 6); + } + break; + } + } ++ new_mode |= (new_mode & S_IRWXO) << 3; ++ new_mode |= (new_mode & S_IRWXG) << 3; + } + else + /* no ACL means full access rights to anyone */ +-- +2.11.0 + diff --git a/patches/server-File_Permissions/definition b/patches/server-File_Permissions/definition index 1c6832a4..d5203bbc 100644 --- a/patches/server-File_Permissions/definition +++ b/patches/server-File_Permissions/definition @@ -1 +1,2 @@ Fixes: Allow to open files/directories without any access rights in order to query attributes +Fixes: [38970] Improve mapping of DACL to file permissions