wineserver: Include owner groups in owner mode in server/file.c::sd_to_mode()
Ben Peddell
klightspeed at netspace.net.au
Wed Nov 18 09:14:19 CST 2009
Sorry - the previous patch was damaged by gpg
Expose server/token.c::token_sid_present() to allow checking group
permissions.
Check owner groups when contructing the owner mode in
server/file.c::sd_to_mode()
---
server/file.c | 7 +++++--
server/security.h | 1 +
server/token.c | 2 +-
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/server/file.c b/server/file.c
index a74de14..db9dd5f 100644
--- a/server/file.c
+++ b/server/file.c
@@ -461,6 +461,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
if (present && dacl)
{
const ACE_HEADER *ace = (const ACE_HEADER *)(dacl + 1);
+ int user_is_owner = security_equal_sid( owner, token_get_user( current->process->token) );
ULONG i;
for (i = 0; i < dacl->AceCount; i++, ace = ace_next( ace ))
{
@@ -485,7 +486,8 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
if (access & FILE_EXECUTE)
denied_mode |= S_IXUSR|S_IXGRP|S_IXOTH;
}
- else if (security_equal_sid( sid, owner ))
+ else if (security_equal_sid( sid, owner ) ||
+ (user_is_owner && token_sid_present( current->process->token, sid, 1 )))
{
unsigned int access = generic_file_map_access( ad_ace->Mask );
if (access & FILE_READ_DATA)
@@ -509,7 +511,8 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
if (access & FILE_EXECUTE)
new_mode |= S_IXUSR|S_IXGRP|S_IXOTH;
}
- else if (security_equal_sid( sid, owner ))
+ else if (security_equal_sid( sid, owner ) ||
+ (user_is_owner && token_sid_present( current->process->token, sid, 0 )))
{
unsigned int access = generic_file_map_access( aa_ace->Mask );
if (access & FILE_READ_DATA)
diff --git a/server/security.h b/server/security.h
index 39b1d2f..33cf5da 100644
--- a/server/security.h
+++ b/server/security.h
@@ -55,6 +55,7 @@ extern int token_check_privileges( struct token *token, int all_required,
extern const ACL *token_get_default_dacl( struct token *token );
extern const SID *token_get_user( struct token *token );
extern const SID *token_get_primary_group( struct token *token );
+extern int token_sid_present( struct token *token, const SID *sid, int deny);
static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
{
diff --git a/server/token.c b/server/token.c
index 4c45d50..69ffab7 100644
--- a/server/token.c
+++ b/server/token.c
@@ -776,7 +776,7 @@ int token_check_privileges( struct token *token, int all_required,
return (enabled_count > 0);
}
-static int token_sid_present( struct token *token, const SID *sid, int deny )
+int token_sid_present( struct token *token, const SID *sid, int deny )
{
struct group *group;
--
1.6.4.4
More information about the wine-patches
mailing list