[PATCH 2/2] server: Include user groups in file mode calculation when user is file owner
Ben Peddell
klightspeed at netspace.net.au
Wed Dec 9 09:31:53 CST 2009
---
server/file.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/server/file.c b/server/file.c
index 5db64cd..beac18c 100644
--- a/server/file.c
+++ b/server/file.c
@@ -447,6 +447,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
mode_t denied_mode = 0;
int present;
const ACL *dacl = sd_get_dacl( sd, &present );
+ const SID *user = token_get_user( current->process->token );
if (present && dacl)
{
const ACE_HEADER *ace = (const ACE_HEADER *)(dacl + 1);
@@ -474,7 +475,9 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
if (access & FILE_EXECUTE)
denied_mode |= S_IXUSR|S_IXGRP|S_IXOTH;
}
- else if (security_equal_sid( sid, owner ))
+ else if (security_equal_sid( sid, owner ) ||
+ (security_equal_sid( user, owner ) &&
+ token_sid_present( current->process->token, sid, TRUE )))
{
unsigned int access = generic_file_map_access( ad_ace->Mask );
if (access & FILE_READ_DATA)
@@ -498,7 +501,9 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
if (access & FILE_EXECUTE)
new_mode |= S_IXUSR|S_IXGRP|S_IXOTH;
}
- else if (security_equal_sid( sid, owner ))
+ else if (security_equal_sid( sid, owner ) ||
+ (security_equal_sid( user, owner ) &&
+ token_sid_present( current->process->token, sid, FALSE )))
{
unsigned int access = generic_file_map_access( aa_ace->Mask );
if (access & FILE_READ_DATA)
--
1.6.4.4
More information about the wine-patches
mailing list