Partially remove advapi32-Revert_DACL patches.

2025-09-12 18:50:20 -07:00 · 2015-04-05 06:02:38 +02:00
parent 9e0bb28fcb
commit c931ff9dad
8 changed files with 67 additions and 175 deletions
--- a/patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch
+++ b/patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch
@@ -1,67 +0,0 @@
-From 41ffec5994a45a7f18cd77e98d8cf7bedecfd9a4 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Fri, 27 Mar 2015 15:32:44 +0100
-Subject: Revert "server: Make directory DACL entries inheritable."
-
-This reverts commit 3eb448cf33b6b6635bac4e06ea7fddd190e26450.
---
- dlls/advapi32/tests/security.c | 2 +-
- server/file.c                  | 8 ++++----
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index b19dbe8..a757c22 100644
--- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -3262,7 +3262,7 @@ static void test_CreateDirectoryA(void)
-     }
-     ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
-     test_inherited_dacl(pDacl, admin_sid, user_sid, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE,
-                        0x1f01ff, FALSE, TRUE, FALSE, __LINE__);
-+                        0x1f01ff, FALSE, TRUE, TRUE, __LINE__);
-     LocalFree(pSD);
- 
-     /* Test inheritance of ACLs in CreateFile without security descriptor */
-diff --git a/server/file.c b/server/file.c
-index aa5ff01..c8c880b 100644
--- a/server/file.c
-+++ b/server/file.c
-@@ -367,7 +367,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
-     aaa = (ACCESS_ALLOWED_ACE *)(dacl + 1);
-     current_ace = &aaa->Header;
-     aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
-    aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
-+    aaa->Header.AceFlags = 0;
-     aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( local_system_sid );
-     aaa->Mask = FILE_ALL_ACCESS;
-     sid = (SID *)&aaa->SidStart;
-@@ -379,7 +379,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
-         aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace );
-         current_ace = &aaa->Header;
-         aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
-        aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
-+        aaa->Header.AceFlags = 0;
-         aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( user );
-         aaa->Mask = WRITE_DAC | WRITE_OWNER;
-         if (mode & S_IRUSR)
-@@ -397,7 +397,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
-         ACCESS_DENIED_ACE *ada = (ACCESS_DENIED_ACE *)ace_next( current_ace );
-         current_ace = &ada->Header;
-         ada->Header.AceType = ACCESS_DENIED_ACE_TYPE;
-        ada->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
-+        ada->Header.AceFlags = 0;
-         ada->Header.AceSize = FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + security_sid_len( user );
-         ada->Mask = 0;
-         if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
-@@ -414,7 +414,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
-         aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace );
-         current_ace = &aaa->Header;
-         aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
-        aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
-+        aaa->Header.AceFlags = 0;
-         aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( world_sid );
-         aaa->Mask = 0;
-         if (mode & S_IROTH)
-- 
-2.3.3
-
--- a/patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch
+++ b/patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch
@@ -1,77 +0,0 @@
-From 59067deb0ad4afb77deca29300133bff9d49f9f7 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Fri, 27 Mar 2015 15:32:56 +0100
-Subject: Revert "advapi: Don't use CreateFile when opening file with possibly
- empty DACL."
-
-This reverts commit f956bb4caa442ccde1ddaf483c5cb619bbf4049a.
---
- dlls/advapi32/security.c | 22 +++++++++-------------
- 1 file changed, 9 insertions(+), 13 deletions(-)
-
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index e8cdcc5..097b0da 100644
--- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -397,7 +397,7 @@ static inline BOOL set_ntstatus( NTSTATUS status )
- }
- 
- /* helper function for SE_FILE_OBJECT objects in [Get|Set]NamedSecurityInfo */
-static inline DWORD get_security_file( LPCWSTR full_file_name, DWORD access, HANDLE *file )
-+static inline DWORD get_security_file( LPWSTR full_file_name, DWORD access, HANDLE *file )
- {
-     UNICODE_STRING file_nameW;
-     OBJECT_ATTRIBUTES attr;
-@@ -2029,7 +2029,7 @@ GetFileSecurityW( LPCWSTR lpFileName,
- {
-     HANDLE hfile;
-     NTSTATUS status;
-    DWORD access = 0, err;
-+    DWORD access = 0;
- 
-     TRACE("(%s,%d,%p,%d,%p)\n", debugstr_w(lpFileName),
-           RequestedInformation, pSecurityDescriptor,
-@@ -2041,12 +2041,10 @@ GetFileSecurityW( LPCWSTR lpFileName,
-     if (RequestedInformation & SACL_SECURITY_INFORMATION)
-         access |= ACCESS_SYSTEM_SECURITY;
- 
-    err = get_security_file( lpFileName, access, &hfile);
-    if (err)
-    {
-        SetLastError(err);
-+    hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-+                         NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 );
-+    if ( hfile == INVALID_HANDLE_VALUE )
-         return FALSE;
-    }
- 
-     status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor,
-                                     nLength, lpnLengthNeeded );
-@@ -2327,7 +2325,7 @@ SetFileSecurityW( LPCWSTR lpFileName,
-                     PSECURITY_DESCRIPTOR pSecurityDescriptor )
- {
-     HANDLE file;
-    DWORD access = 0, err;
-+    DWORD access = 0;
-     NTSTATUS status;
- 
-     TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation,
-@@ -2341,12 +2339,10 @@ SetFileSecurityW( LPCWSTR lpFileName,
-     if (RequestedInformation & DACL_SECURITY_INFORMATION)
-         access |= WRITE_DAC;
- 
-    err = get_security_file( lpFileName, access, &file);
-    if (err)
-    {
-        SetLastError(err);
-+    file = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-+                        NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL );
-+    if (file == INVALID_HANDLE_VALUE)
-         return FALSE;
-    }
- 
-     status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor );
-     CloseHandle( file );
-- 
-2.3.3
-