From 7ad10427bee0609304870325c48d66e9c616ac20 Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Mon, 21 Dec 2020 22:04:15 -0600 Subject: [PATCH] server-File_Permissions: Clarify patch 0008 (DACL mapping) a bit. This code should be effectively identical, but it makes the diff against upstream a bit clearer. --- ...-mapping-of-DACL-to-file-permissions.patch | 39 +++++++++---------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch b/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch index 311aea19..b0b80d40 100644 --- a/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch +++ b/patches/server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch @@ -1,17 +1,17 @@ -From 130532e758d0cb1d3c5d87d834021edae64fd222 Mon Sep 17 00:00:00 2001 +From cdaab625171127248c76eabe2679bbd2a111bfc3 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 13 Jan 2017 00:58:17 +0100 -Subject: server: Improve mapping of DACL to file permissions. +Subject: [PATCH] server: Improve mapping of DACL to file permissions. --- - server/file.c | 34 +++++++++++++++------------------- - 1 file changed, 15 insertions(+), 19 deletions(-) + server/file.c | 25 ++++++++++++------------- + 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/server/file.c b/server/file.c -index 5648543e739..0164e6b75d2 100644 +index 2cc4a9d978c..668dc7f0952 100644 --- a/server/file.c +++ b/server/file.c -@@ -722,7 +722,6 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) +@@ -487,7 +487,6 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) mode_t mode; int present; const ACL *dacl = sd_get_dacl( sd, &present ); @@ -19,7 +19,7 @@ index 5648543e739..0164e6b75d2 100644 if (present && dacl) { const ACE_HEADER *ace = (const ACE_HEADER *)(dacl + 1); -@@ -743,16 +742,15 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) +@@ -508,16 +507,15 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) mode = file_access_to_mode( ad_ace->Mask ); if (security_equal_sid( sid, security_world_sid )) { @@ -41,34 +41,31 @@ index 5648543e739..0164e6b75d2 100644 } break; case ACCESS_ALLOWED_ACE_TYPE: -@@ -761,26 +759,24 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) +@@ -526,26 +524,27 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) mode = file_access_to_mode( aa_ace->Mask ); if (security_equal_sid( sid, security_world_sid )) { - mode = (mode << 6) | (mode << 3) | mode; /* all */ -- new_mode |= mode & bits_to_set; -- bits_to_set &= ~mode; -+ new_mode |= (mode << 0) & bits_to_set; /* all */ -+ bits_to_set &= ~(mode << 0); ++ mode = (mode << 0); /* all */ + new_mode |= mode & bits_to_set; + bits_to_set &= ~mode; } - else if ((security_equal_sid( user, owner ) && - token_sid_present( current->process->token, sid, FALSE ))) + if (token_sid_present( current->process->token, sid, FALSE )) { - mode = (mode << 6) | (mode << 3); /* user + group */ -- new_mode |= mode & bits_to_set; -- bits_to_set &= ~mode; -+ new_mode |= (mode << 3) & bits_to_set; /* group */ -+ bits_to_set &= ~(mode << 3); ++ mode = (mode << 3); /* group */ + new_mode |= mode & bits_to_set; + bits_to_set &= ~mode; } - else if (security_equal_sid( sid, owner )) + if (security_equal_sid( sid, owner )) { - mode = (mode << 6); /* user only */ -- new_mode |= mode & bits_to_set; -- bits_to_set &= ~mode; -+ new_mode |= (mode << 6) & bits_to_set; /* user */ -+ bits_to_set &= ~(mode << 6); ++ mode = (mode << 6); /* user */ + new_mode |= mode & bits_to_set; + bits_to_set &= ~mode; } break; } @@ -79,5 +76,5 @@ index 5648543e739..0164e6b75d2 100644 else /* no ACL means full access rights to anyone */ -- -2.11.0 +2.29.2