system/wine
system/wine
1
0
Fork 0
mirror of git://source.winehq.org/git/wine.git synced 2024-10-14 15:52:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

server: Simplify computation of file modes from the security descriptor.

Browse source
This commit is contained in:
Alexandre Julliard 2009-12-11 17:32:38 +01:00
parent b419df1de4
commit 80e844f713
1 changed files with 20 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
server/file.c
View file

@ -441,10 +441,22 @@ static struct security_descriptor *file_get_sd( struct object *obj )
return sd; return sd;
} }
static mode_t file_access_to_mode( unsigned int access )
{
mode_t mode = 0;
access = generic_file_map_access( access );
if (access & FILE_READ_DATA) mode |= 4;
if (access & FILE_WRITE_DATA) mode |= 2;
if (access & FILE_EXECUTE) mode |= 1;
return mode;
}
mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
{ {
mode_t new_mode = 0; mode_t new_mode = 0;
mode_t denied_mode = 0; mode_t denied_mode = 0;
mode_t mode;
int present; int present;
const ACL *dacl = sd_get_dacl( sd, &present ); const ACL *dacl = sd_get_dacl( sd, &present );
const SID *user = token_get_user( current->process->token ); const SID *user = token_get_user( current->process->token );
@ -465,71 +477,37 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
case ACCESS_DENIED_ACE_TYPE: case ACCESS_DENIED_ACE_TYPE:
ad_ace = (const ACCESS_DENIED_ACE *)ace; ad_ace = (const ACCESS_DENIED_ACE *)ace;
sid = (const SID *)&ad_ace->SidStart; sid = (const SID *)&ad_ace->SidStart;
mode = file_access_to_mode( ad_ace->Mask );
if (security_equal_sid( sid, security_world_sid )) if (security_equal_sid( sid, security_world_sid ))
{ {
unsigned int access = generic_file_map_access( ad_ace->Mask ); denied_mode |= (mode << 6) | (mode << 3) | mode; /* all */
if (access & FILE_READ_DATA)
denied_mode |= S_IRUSR|S_IRGRP|S_IROTH;
if (access & FILE_WRITE_DATA)
denied_mode |= S_IWUSR|S_IWGRP|S_IWOTH;
if (access & FILE_EXECUTE)
denied_mode |= S_IXUSR|S_IXGRP|S_IXOTH;
} }
else if (security_equal_sid( sid, owner )) else if (security_equal_sid( sid, owner ))
{ {
unsigned int access = generic_file_map_access( ad_ace->Mask ); denied_mode |= (mode << 6); /* user only */
if (access & FILE_READ_DATA)
denied_mode |= S_IRUSR;
if (access & FILE_WRITE_DATA)
denied_mode |= S_IWUSR;
if (access & FILE_EXECUTE)
denied_mode |= S_IXUSR;
} }
else if ((security_equal_sid( user, owner ) && else if ((security_equal_sid( user, owner ) &&
token_sid_present( current->process->token, sid, TRUE ))) token_sid_present( current->process->token, sid, TRUE )))
{ {
unsigned int access = generic_file_map_access( ad_ace->Mask ); denied_mode |= (mode << 6) | (mode << 3); /* user + group */
if (access & FILE_READ_DATA)
denied_mode |= S_IRUSR|S_IRGRP;
if (access & FILE_WRITE_DATA)
denied_mode |= S_IWUSR|S_IWGRP;
if (access & FILE_EXECUTE)
denied_mode |= S_IXUSR|S_IXGRP;
} }
break; break;
case ACCESS_ALLOWED_ACE_TYPE: case ACCESS_ALLOWED_ACE_TYPE:
aa_ace = (const ACCESS_ALLOWED_ACE *)ace; aa_ace = (const ACCESS_ALLOWED_ACE *)ace;
sid = (const SID *)&aa_ace->SidStart; sid = (const SID *)&aa_ace->SidStart;
mode = file_access_to_mode( aa_ace->Mask );
if (security_equal_sid( sid, security_world_sid )) if (security_equal_sid( sid, security_world_sid ))
{ {
unsigned int access = generic_file_map_access( aa_ace->Mask ); new_mode |= (mode << 6) | (mode << 3) | mode; /* all */
if (access & FILE_READ_DATA)
new_mode |= S_IRUSR|S_IRGRP|S_IROTH;
if (access & FILE_WRITE_DATA)
new_mode |= S_IWUSR|S_IWGRP|S_IWOTH;
if (access & FILE_EXECUTE)
new_mode |= S_IXUSR|S_IXGRP|S_IXOTH;
} }
else if (security_equal_sid( sid, owner )) else if (security_equal_sid( sid, owner ))
{ {
unsigned int access = generic_file_map_access( aa_ace->Mask ); new_mode |= (mode << 6); /* user only */
if (access & FILE_READ_DATA)
new_mode |= S_IRUSR;
if (access & FILE_WRITE_DATA)
new_mode |= S_IWUSR;
if (access & FILE_EXECUTE)
new_mode |= S_IXUSR;
} }
else if ((security_equal_sid( user, owner ) && else if ((security_equal_sid( user, owner ) &&
token_sid_present( current->process->token, sid, FALSE ))) token_sid_present( current->process->token, sid, FALSE )))
{ {
unsigned int access = generic_file_map_access( ad_ace->Mask ); new_mode |= (mode << 6) | (mode << 3); /* user + group */
if (access & FILE_READ_DATA)
new_mode |= S_IRUSR|S_IRGRP;
if (access & FILE_WRITE_DATA)
new_mode |= S_IWUSR|S_IWGRP;
if (access & FILE_EXECUTE)
new_mode |= S_IXUSR|S_IXGRP;
} }
break; break;
} }