server: Add excute permission when read file access is allowed.
This commit is contained in:
parent
6bbd0b87d5
commit
1b5602e59c
|
@ -881,10 +881,9 @@ cleanup:
|
||||||
SetLastError(0xdeadbeef);
|
SetLastError(0xdeadbeef);
|
||||||
rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
||||||
ok(rc, "AccessCheck error %d\n", GetLastError());
|
ok(rc, "AccessCheck error %d\n", GetLastError());
|
||||||
todo_wine {
|
|
||||||
ok(status == 1, "expected 1, got %d\n", status);
|
ok(status == 1, "expected 1, got %d\n", status);
|
||||||
ok(granted == FILE_EXECUTE, "expected FILE_EXECUTE, got %#x\n", granted);
|
ok(granted == FILE_EXECUTE, "expected FILE_EXECUTE, got %#x\n", granted);
|
||||||
}
|
|
||||||
granted = 0xdeadbeef;
|
granted = 0xdeadbeef;
|
||||||
status = 0xdeadbeef;
|
status = 0xdeadbeef;
|
||||||
SetLastError(0xdeadbeef);
|
SetLastError(0xdeadbeef);
|
||||||
|
@ -906,19 +905,17 @@ todo_wine {
|
||||||
SetLastError(0xdeadbeef);
|
SetLastError(0xdeadbeef);
|
||||||
rc = AccessCheck(sd, token, 0x1ff, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
rc = AccessCheck(sd, token, 0x1ff, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
||||||
ok(rc, "AccessCheck error %d\n", GetLastError());
|
ok(rc, "AccessCheck error %d\n", GetLastError());
|
||||||
todo_wine {
|
|
||||||
ok(status == 1, "expected 1, got %d\n", status);
|
ok(status == 1, "expected 1, got %d\n", status);
|
||||||
ok(granted == 0x1ff, "expected 0x1ff, got %#x\n", granted);
|
ok(granted == 0x1ff, "expected 0x1ff, got %#x\n", granted);
|
||||||
}
|
|
||||||
granted = 0xdeadbeef;
|
granted = 0xdeadbeef;
|
||||||
status = 0xdeadbeef;
|
status = 0xdeadbeef;
|
||||||
SetLastError(0xdeadbeef);
|
SetLastError(0xdeadbeef);
|
||||||
rc = AccessCheck(sd, token, FILE_ALL_ACCESS, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
rc = AccessCheck(sd, token, FILE_ALL_ACCESS, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
||||||
ok(rc, "AccessCheck error %d\n", GetLastError());
|
ok(rc, "AccessCheck error %d\n", GetLastError());
|
||||||
todo_wine {
|
|
||||||
ok(status == 1, "expected 1, got %d\n", status);
|
ok(status == 1, "expected 1, got %d\n", status);
|
||||||
ok(granted == FILE_ALL_ACCESS, "expected FILE_ALL_ACCESS, got %#x\n", granted);
|
ok(granted == FILE_ALL_ACCESS, "expected FILE_ALL_ACCESS, got %#x\n", granted);
|
||||||
}
|
|
||||||
SetLastError(0xdeadbeef);
|
SetLastError(0xdeadbeef);
|
||||||
rc = AccessCheck(sd, token, 0xffffffff, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
rc = AccessCheck(sd, token, 0xffffffff, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
||||||
ok(!rc, "AccessCheck should fail\n");
|
ok(!rc, "AccessCheck should fail\n");
|
||||||
|
@ -995,10 +992,9 @@ todo_wine {
|
||||||
SetLastError(0xdeadbeef);
|
SetLastError(0xdeadbeef);
|
||||||
rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status);
|
||||||
ok(rc, "AccessCheck error %d\n", GetLastError());
|
ok(rc, "AccessCheck error %d\n", GetLastError());
|
||||||
todo_wine {
|
|
||||||
ok(status == 1, "expected 1, got %d\n", status);
|
ok(status == 1, "expected 1, got %d\n", status);
|
||||||
ok(granted == FILE_EXECUTE, "expected FILE_EXECUTE, got %#x\n", granted);
|
ok(granted == FILE_EXECUTE, "expected FILE_EXECUTE, got %#x\n", granted);
|
||||||
}
|
|
||||||
granted = 0xdeadbeef;
|
granted = 0xdeadbeef;
|
||||||
status = 0xdeadbeef;
|
status = 0xdeadbeef;
|
||||||
SetLastError(0xdeadbeef);
|
SetLastError(0xdeadbeef);
|
||||||
|
|
|
@ -358,11 +358,9 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
|
||||||
FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]);
|
FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]);
|
||||||
aaa->Mask = WRITE_DAC | WRITE_OWNER;
|
aaa->Mask = WRITE_DAC | WRITE_OWNER;
|
||||||
if (mode & S_IRUSR)
|
if (mode & S_IRUSR)
|
||||||
aaa->Mask |= FILE_GENERIC_READ;
|
aaa->Mask |= FILE_GENERIC_READ | FILE_GENERIC_EXECUTE;
|
||||||
if (mode & S_IWUSR)
|
if (mode & S_IWUSR)
|
||||||
aaa->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
|
aaa->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
|
||||||
if (mode & S_IXUSR)
|
|
||||||
aaa->Mask |= FILE_GENERIC_EXECUTE;
|
|
||||||
sid = (SID *)&aaa->SidStart;
|
sid = (SID *)&aaa->SidStart;
|
||||||
memcpy( sid, user, FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]) );
|
memcpy( sid, user, FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]) );
|
||||||
}
|
}
|
||||||
|
@ -379,11 +377,9 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
|
||||||
FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]);
|
FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]);
|
||||||
ada->Mask = 0;
|
ada->Mask = 0;
|
||||||
if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
|
if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
|
||||||
ada->Mask |= FILE_GENERIC_READ;
|
ada->Mask |= FILE_GENERIC_READ | FILE_GENERIC_EXECUTE;
|
||||||
if (!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IROTH)))
|
if (!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IROTH)))
|
||||||
ada->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
|
ada->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
|
||||||
if (!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH)))
|
|
||||||
ada->Mask |= FILE_GENERIC_EXECUTE;
|
|
||||||
ada->Mask &= ~STANDARD_RIGHTS_ALL; /* never deny standard rights */
|
ada->Mask &= ~STANDARD_RIGHTS_ALL; /* never deny standard rights */
|
||||||
sid = (SID *)&ada->SidStart;
|
sid = (SID *)&ada->SidStart;
|
||||||
memcpy( sid, user, FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]) );
|
memcpy( sid, user, FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]) );
|
||||||
|
@ -399,11 +395,9 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
|
||||||
FIELD_OFFSET(SID, SubAuthority[world_sid->SubAuthorityCount]);
|
FIELD_OFFSET(SID, SubAuthority[world_sid->SubAuthorityCount]);
|
||||||
aaa->Mask = 0;
|
aaa->Mask = 0;
|
||||||
if (mode & S_IROTH)
|
if (mode & S_IROTH)
|
||||||
aaa->Mask |= FILE_GENERIC_READ;
|
aaa->Mask |= FILE_GENERIC_READ | FILE_GENERIC_EXECUTE;
|
||||||
if (mode & S_IWOTH)
|
if (mode & S_IWOTH)
|
||||||
aaa->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
|
aaa->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
|
||||||
if (mode & S_IXOTH)
|
|
||||||
aaa->Mask |= FILE_GENERIC_EXECUTE;
|
|
||||||
sid = (SID *)&aaa->SidStart;
|
sid = (SID *)&aaa->SidStart;
|
||||||
memcpy( sid, world_sid, FIELD_OFFSET(SID, SubAuthority[world_sid->SubAuthorityCount]) );
|
memcpy( sid, world_sid, FIELD_OFFSET(SID, SubAuthority[world_sid->SubAuthorityCount]) );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue