From 1b5602e59cbd72bceb173e2dba4d214f8ef97ac9 Mon Sep 17 00:00:00 2001 From: Dmitry Timoshkov Date: Thu, 24 Mar 2011 16:57:21 +0800 Subject: [PATCH] server: Add excute permission when read file access is allowed. --- dlls/advapi32/tests/security.c | 12 ++++-------- server/file.c | 12 +++--------- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 5409c356317..7040addb495 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -881,10 +881,9 @@ cleanup: SetLastError(0xdeadbeef); rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status); ok(rc, "AccessCheck error %d\n", GetLastError()); -todo_wine { ok(status == 1, "expected 1, got %d\n", status); ok(granted == FILE_EXECUTE, "expected FILE_EXECUTE, got %#x\n", granted); -} + granted = 0xdeadbeef; status = 0xdeadbeef; SetLastError(0xdeadbeef); @@ -906,19 +905,17 @@ todo_wine { SetLastError(0xdeadbeef); rc = AccessCheck(sd, token, 0x1ff, &mapping, &priv_set, &priv_set_len, &granted, &status); ok(rc, "AccessCheck error %d\n", GetLastError()); -todo_wine { ok(status == 1, "expected 1, got %d\n", status); ok(granted == 0x1ff, "expected 0x1ff, got %#x\n", granted); -} + granted = 0xdeadbeef; status = 0xdeadbeef; SetLastError(0xdeadbeef); rc = AccessCheck(sd, token, FILE_ALL_ACCESS, &mapping, &priv_set, &priv_set_len, &granted, &status); ok(rc, "AccessCheck error %d\n", GetLastError()); -todo_wine { ok(status == 1, "expected 1, got %d\n", status); ok(granted == FILE_ALL_ACCESS, "expected FILE_ALL_ACCESS, got %#x\n", granted); -} + SetLastError(0xdeadbeef); rc = AccessCheck(sd, token, 0xffffffff, &mapping, &priv_set, &priv_set_len, &granted, &status); ok(!rc, "AccessCheck should fail\n"); @@ -995,10 +992,9 @@ todo_wine { SetLastError(0xdeadbeef); rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status); ok(rc, "AccessCheck error %d\n", GetLastError()); -todo_wine { ok(status == 1, "expected 1, got %d\n", status); ok(granted == FILE_EXECUTE, "expected FILE_EXECUTE, got %#x\n", granted); -} + granted = 0xdeadbeef; status = 0xdeadbeef; SetLastError(0xdeadbeef); diff --git a/server/file.c b/server/file.c index cca2633c727..ee7202b990a 100644 --- a/server/file.c +++ b/server/file.c @@ -358,11 +358,9 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]); aaa->Mask = WRITE_DAC | WRITE_OWNER; if (mode & S_IRUSR) - aaa->Mask |= FILE_GENERIC_READ; + aaa->Mask |= FILE_GENERIC_READ | FILE_GENERIC_EXECUTE; if (mode & S_IWUSR) aaa->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD; - if (mode & S_IXUSR) - aaa->Mask |= FILE_GENERIC_EXECUTE; sid = (SID *)&aaa->SidStart; memcpy( sid, user, FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]) ); } @@ -379,11 +377,9 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]); ada->Mask = 0; if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH))) - ada->Mask |= FILE_GENERIC_READ; + ada->Mask |= FILE_GENERIC_READ | FILE_GENERIC_EXECUTE; if (!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IROTH))) ada->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD; - if (!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH))) - ada->Mask |= FILE_GENERIC_EXECUTE; ada->Mask &= ~STANDARD_RIGHTS_ALL; /* never deny standard rights */ sid = (SID *)&ada->SidStart; memcpy( sid, user, FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]) ); @@ -399,11 +395,9 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID FIELD_OFFSET(SID, SubAuthority[world_sid->SubAuthorityCount]); aaa->Mask = 0; if (mode & S_IROTH) - aaa->Mask |= FILE_GENERIC_READ; + aaa->Mask |= FILE_GENERIC_READ | FILE_GENERIC_EXECUTE; if (mode & S_IWOTH) aaa->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD; - if (mode & S_IXOTH) - aaa->Mask |= FILE_GENERIC_EXECUTE; sid = (SID *)&aaa->SidStart; memcpy( sid, world_sid, FIELD_OFFSET(SID, SubAuthority[world_sid->SubAuthorityCount]) ); }