server: Fix DACL to permissions conversion.

2024-11-28 22:20:26 +00:00 · 2015-03-27 15:17:38 +01:00 · 2015-03-27 15:17:38 +01:00 · 00b3f055be
commit 00b3f055be
parent f2f5cd831b
2 changed files with 16 additions and 9 deletions
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@ -3484,7 +3484,8 @@ static void test_GetNamedSecurityInfoA(void)
    h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
            NULL, OPEN_EXISTING, 0, NULL);
-    todo_wine ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+    ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
    CloseHandle(h);
    bret = InitializeAcl(pDacl, 100, ACL_REVISION);
    ok(bret, "Failed to initialize ACL.\n");
--- a/server/file.c
+++ b/server/file.c
@ -473,7 +473,7 @@ static mode_t file_access_to_mode( unsigned int access )
 mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
 {
    mode_t new_mode = 0;
-    mode_t denied_mode = 0;
+    mode_t bits_to_set = ~0;
    mode_t mode;
    int present;
    const ACL *dacl = sd_get_dacl( sd, &present );
@ -498,16 +498,16 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
                    mode = file_access_to_mode( ad_ace->Mask );
                    if (security_equal_sid( sid, security_world_sid ))
                    {
-                        denied_mode |= (mode << 6) | (mode << 3) | mode; /* all */
+                        bits_to_set &= ~((mode << 6) | (mode << 3) | mode); /* all */
                    }
                    else if ((security_equal_sid( user, owner ) &&
                              token_sid_present( current->process->token, sid, TRUE )))
                    {
-                        denied_mode |= (mode << 6) | (mode << 3);  /* user + group */
+                        bits_to_set &= ~((mode << 6) | (mode << 3));  /* user + group */
                    }
                    else if (security_equal_sid( sid, owner ))
                    {
-                        denied_mode |= (mode << 6);  /* user only */
+                        bits_to_set &= ~(mode << 6);  /* user only */
                    }
                    break;
                case ACCESS_ALLOWED_ACE_TYPE:
@ -516,16 +516,22 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
                    mode = file_access_to_mode( aa_ace->Mask );
                    if (security_equal_sid( sid, security_world_sid ))
                    {
-                        new_mode |= (mode << 6) | (mode << 3) | mode;  /* all */
+                        mode = (mode << 6) | (mode << 3) | mode;  /* all */
                        new_mode |= mode & bits_to_set;
                        bits_to_set &= ~mode;
                    }
                    else if ((security_equal_sid( user, owner ) &&
                              token_sid_present( current->process->token, sid, FALSE )))
                    {
-                        new_mode |= (mode << 6) | (mode << 3);  /* user + group */
+                        mode = (mode << 6) | (mode << 3);  /* user + group */
                        new_mode |= mode & bits_to_set;
                        bits_to_set &= ~mode;
                    }
                    else if (security_equal_sid( sid, owner ))
                    {
-                        new_mode |= (mode << 6);  /* user only */
+                        mode = (mode << 6);  /* user only */
                        new_mode |= mode & bits_to_set;
                        bits_to_set &= ~mode;
                    }
                    break;
            }
@ -535,7 +541,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
        /* no ACL means full access rights to anyone */
        new_mode = S_IRWXU | S_IRWXG | S_IRWXO;
-    return new_mode & ~denied_mode;
+    return new_mode;
 }
 static int file_set_sd( struct object *obj, const struct security_descriptor *sd,