mirror of
git://source.winehq.org/git/wine.git
synced 2024-10-14 15:52:11 +00:00
server: Simplify computation of file modes from the security descriptor.
This commit is contained in:
parent
b419df1de4
commit
80e844f713
|
@ -441,10 +441,22 @@ static struct security_descriptor *file_get_sd( struct object *obj )
|
||||||
return sd;
|
return sd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static mode_t file_access_to_mode( unsigned int access )
|
||||||
|
{
|
||||||
|
mode_t mode = 0;
|
||||||
|
|
||||||
|
access = generic_file_map_access( access );
|
||||||
|
if (access & FILE_READ_DATA) mode |= 4;
|
||||||
|
if (access & FILE_WRITE_DATA) mode |= 2;
|
||||||
|
if (access & FILE_EXECUTE) mode |= 1;
|
||||||
|
return mode;
|
||||||
|
}
|
||||||
|
|
||||||
mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
|
mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
|
||||||
{
|
{
|
||||||
mode_t new_mode = 0;
|
mode_t new_mode = 0;
|
||||||
mode_t denied_mode = 0;
|
mode_t denied_mode = 0;
|
||||||
|
mode_t mode;
|
||||||
int present;
|
int present;
|
||||||
const ACL *dacl = sd_get_dacl( sd, &present );
|
const ACL *dacl = sd_get_dacl( sd, &present );
|
||||||
const SID *user = token_get_user( current->process->token );
|
const SID *user = token_get_user( current->process->token );
|
||||||
|
@ -465,71 +477,37 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
|
||||||
case ACCESS_DENIED_ACE_TYPE:
|
case ACCESS_DENIED_ACE_TYPE:
|
||||||
ad_ace = (const ACCESS_DENIED_ACE *)ace;
|
ad_ace = (const ACCESS_DENIED_ACE *)ace;
|
||||||
sid = (const SID *)&ad_ace->SidStart;
|
sid = (const SID *)&ad_ace->SidStart;
|
||||||
|
mode = file_access_to_mode( ad_ace->Mask );
|
||||||
if (security_equal_sid( sid, security_world_sid ))
|
if (security_equal_sid( sid, security_world_sid ))
|
||||||
{
|
{
|
||||||
unsigned int access = generic_file_map_access( ad_ace->Mask );
|
denied_mode |= (mode << 6) | (mode << 3) | mode; /* all */
|
||||||
if (access & FILE_READ_DATA)
|
|
||||||
denied_mode |= S_IRUSR|S_IRGRP|S_IROTH;
|
|
||||||
if (access & FILE_WRITE_DATA)
|
|
||||||
denied_mode |= S_IWUSR|S_IWGRP|S_IWOTH;
|
|
||||||
if (access & FILE_EXECUTE)
|
|
||||||
denied_mode |= S_IXUSR|S_IXGRP|S_IXOTH;
|
|
||||||
}
|
}
|
||||||
else if (security_equal_sid( sid, owner ))
|
else if (security_equal_sid( sid, owner ))
|
||||||
{
|
{
|
||||||
unsigned int access = generic_file_map_access( ad_ace->Mask );
|
denied_mode |= (mode << 6); /* user only */
|
||||||
if (access & FILE_READ_DATA)
|
|
||||||
denied_mode |= S_IRUSR;
|
|
||||||
if (access & FILE_WRITE_DATA)
|
|
||||||
denied_mode |= S_IWUSR;
|
|
||||||
if (access & FILE_EXECUTE)
|
|
||||||
denied_mode |= S_IXUSR;
|
|
||||||
}
|
}
|
||||||
else if ((security_equal_sid( user, owner ) &&
|
else if ((security_equal_sid( user, owner ) &&
|
||||||
token_sid_present( current->process->token, sid, TRUE )))
|
token_sid_present( current->process->token, sid, TRUE )))
|
||||||
{
|
{
|
||||||
unsigned int access = generic_file_map_access( ad_ace->Mask );
|
denied_mode |= (mode << 6) | (mode << 3); /* user + group */
|
||||||
if (access & FILE_READ_DATA)
|
|
||||||
denied_mode |= S_IRUSR|S_IRGRP;
|
|
||||||
if (access & FILE_WRITE_DATA)
|
|
||||||
denied_mode |= S_IWUSR|S_IWGRP;
|
|
||||||
if (access & FILE_EXECUTE)
|
|
||||||
denied_mode |= S_IXUSR|S_IXGRP;
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case ACCESS_ALLOWED_ACE_TYPE:
|
case ACCESS_ALLOWED_ACE_TYPE:
|
||||||
aa_ace = (const ACCESS_ALLOWED_ACE *)ace;
|
aa_ace = (const ACCESS_ALLOWED_ACE *)ace;
|
||||||
sid = (const SID *)&aa_ace->SidStart;
|
sid = (const SID *)&aa_ace->SidStart;
|
||||||
|
mode = file_access_to_mode( aa_ace->Mask );
|
||||||
if (security_equal_sid( sid, security_world_sid ))
|
if (security_equal_sid( sid, security_world_sid ))
|
||||||
{
|
{
|
||||||
unsigned int access = generic_file_map_access( aa_ace->Mask );
|
new_mode |= (mode << 6) | (mode << 3) | mode; /* all */
|
||||||
if (access & FILE_READ_DATA)
|
|
||||||
new_mode |= S_IRUSR|S_IRGRP|S_IROTH;
|
|
||||||
if (access & FILE_WRITE_DATA)
|
|
||||||
new_mode |= S_IWUSR|S_IWGRP|S_IWOTH;
|
|
||||||
if (access & FILE_EXECUTE)
|
|
||||||
new_mode |= S_IXUSR|S_IXGRP|S_IXOTH;
|
|
||||||
}
|
}
|
||||||
else if (security_equal_sid( sid, owner ))
|
else if (security_equal_sid( sid, owner ))
|
||||||
{
|
{
|
||||||
unsigned int access = generic_file_map_access( aa_ace->Mask );
|
new_mode |= (mode << 6); /* user only */
|
||||||
if (access & FILE_READ_DATA)
|
|
||||||
new_mode |= S_IRUSR;
|
|
||||||
if (access & FILE_WRITE_DATA)
|
|
||||||
new_mode |= S_IWUSR;
|
|
||||||
if (access & FILE_EXECUTE)
|
|
||||||
new_mode |= S_IXUSR;
|
|
||||||
}
|
}
|
||||||
else if ((security_equal_sid( user, owner ) &&
|
else if ((security_equal_sid( user, owner ) &&
|
||||||
token_sid_present( current->process->token, sid, FALSE )))
|
token_sid_present( current->process->token, sid, FALSE )))
|
||||||
{
|
{
|
||||||
unsigned int access = generic_file_map_access( ad_ace->Mask );
|
new_mode |= (mode << 6) | (mode << 3); /* user + group */
|
||||||
if (access & FILE_READ_DATA)
|
|
||||||
new_mode |= S_IRUSR|S_IRGRP;
|
|
||||||
if (access & FILE_WRITE_DATA)
|
|
||||||
new_mode |= S_IWUSR|S_IWGRP;
|
|
||||||
if (access & FILE_EXECUTE)
|
|
||||||
new_mode |= S_IXUSR|S_IXGRP;
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue