server: Retrieve file security attributes with extended file attributes. (try 7)

f60fb766 · Erich E. Hoover · Vitaly Lipatov · e0f0b397 · f60fb766 · f60fb766
Commit f60fb766 authored Apr 18, 2014 by Erich E. Hoover Committed by Vitaly Lipatov Jul 30, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 13 deletions

security.c dlls/advapi32/tests/security.c +9 -10

file.c server/file.c +47 -3

No files found.
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3728,7 +3728,7 @@ static void test_CreateDirectoryA(void)
    }
    ok(!error, "GetNamedSecurityInfo failed with error %ld\n", error);
    test_inherited_dacl(pDacl, admin_sid, user_sid, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE,
-                        0x1f01ff, FALSE, TRUE, FALSE, __LINE__);
+                        0x1f01ff, FALSE, FALSE, FALSE, __LINE__);
    LocalFree(pSD);

    /* Test inheritance of ACLs in CreateFile without security descriptor */
@@ -4182,21 +4182,20 @@ static void test_GetNamedSecurityInfoA(void)
        bret = GetAce(pDacl, 0, (VOID **)&ace);
        ok(bret, "Failed to get Current User ACE.\n");
        bret = EqualSid(&ace->SidStart, user_sid);
-        todo_wine ok(bret, "Current User ACE (%s) != Current User SID (%s).\n",
-                     debugstr_sid(&ace->SidStart), debugstr_sid(user_sid));
+        ok(bret, "Current User ACE (%s) != Current User SID (%s).\n",
+           debugstr_sid(&ace->SidStart), debugstr_sid(user_sid));
        ok(((ACE_HEADER *)ace)->AceFlags == 0,
           "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
-        ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%lx != 0x1f01ff)\n",
-                                  ace->Mask);
+        ok(ace->Mask == 0x1f01ff,
+           "Current User ACE has unexpected mask (0x%lx != 0x1f01ff)\n", ace->Mask);
    }
    if (acl_size.AceCount > 1)
    {
        bret = GetAce(pDacl, 1, (VOID **)&ace);
        ok(bret, "Failed to get Administators Group ACE.\n");
        bret = EqualSid(&ace->SidStart, admin_sid);
-        todo_wine ok(bret || broken(!bret) /* win2k */,
-                     "Administators Group ACE (%s) != Administators Group SID (%s).\n",
-                     debugstr_sid(&ace->SidStart), debugstr_sid(admin_sid));
+        ok(bret || broken(!bret) /* win2k */, "Administators Group ACE (%s) != Administators Group SID (%s).\n",
+           debugstr_sid(&ace->SidStart), debugstr_sid(admin_sid));
        ok(((ACE_HEADER *)ace)->AceFlags == 0,
           "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
        ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */,
@@ -4223,8 +4222,8 @@ static void test_GetNamedSecurityInfoA(void)
    {
        bret = GetAce(pDacl, 0, (VOID **)&ace);
        ok(bret, "Failed to get ACE.\n");
-        todo_wine ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
-                "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
+        ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
+           "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
    }
    LocalFree(pSD);


--- a/server/file.c
+++ b/server/file.c
@@ -44,6 +44,7 @@
 #include <sys/xattr.h>
 #endif
 #ifdef HAVE_SYS_EXTATTR_H
+#undef XATTR_ADDITIONAL_OPTIONS
 #include <sys/extattr.h>
 #endif

@@ -76,6 +77,9 @@ struct type_descr file_type =
 #ifndef XATTR_USER_PREFIX
 #define XATTR_USER_PREFIX "user."
 #endif
+#ifndef XATTR_USER_PREFIX_LEN
+#define XATTR_USER_PREFIX_LEN (sizeof(XATTR_USER_PREFIX) - 1)
+#endif
 #ifndef XATTR_SIZE_MAX
 #define XATTR_SIZE_MAX    65536
 #endif
@@ -252,6 +256,22 @@ static inline int xattr_valid_namespace( const char *name )
 }
 #endif

+static int xattr_fget( int filedes, const char *name, void *value, size_t size )
+{
+#if defined(XATTR_ADDITIONAL_OPTIONS)
+    return fgetxattr( filedes, name, value, size, 0, 0 );
+#elif defined(HAVE_SYS_XATTR_H) || defined(HAVE_ATTR_XATTR_H)
+    return fgetxattr( filedes, name, value, size );
+#elif defined(HAVE_SYS_EXTATTR_H)
+    if (!xattr_valid_namespace( name )) return -1;
+    return extattr_get_fd( filedes, EXTATTR_NAMESPACE_USER, &name[XATTR_USER_PREFIX_LEN],
+                           value, size );
+#else
+    errno = ENOSYS;
+    return -1;
+#endif
+}
+
 static int xattr_fset( int filedes, const char *name, void *value, size_t size )
 {
 #if defined(XATTR_ADDITIONAL_OPTIONS)
@@ -491,6 +511,29 @@ static void convert_generic_sd( struct security_descriptor *sd )
    }
 }

+static struct security_descriptor *get_xattr_sd( int fd )
+{
+    struct security_descriptor *sd;
+    char buffer[XATTR_SIZE_MAX];
+    int n;
+
+    n = xattr_fget( fd, WINE_XATTR_SD, buffer, sizeof(buffer) );
+    if (n == -1 || n < 2 + sizeof(struct security_descriptor)) return NULL;
+
+    /* validate that we can handle the descriptor */
+    if (buffer[0] != SECURITY_DESCRIPTOR_REVISION || buffer[1] != 0 ||
+            !sd_is_valid( (struct security_descriptor *)&buffer[2], n - 2 ))
+        return NULL;
+
+    sd = mem_alloc( n - 2 );
+    if (sd)
+    {
+        memcpy( sd, &buffer[2], n - 2 );
+        convert_generic_sd( sd ); /* for backwards compatibility */
+    }
+    return sd;
+}
+
 struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode,
                                         uid_t *uid )
 {
@@ -506,9 +549,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
        (st.st_uid == *uid))
        return obj->sd;

-    sd = mode_to_sd( st.st_mode,
-                     security_unix_uid_to_sid( st.st_uid ),
-                     token_get_primary_group( current->process->token ));
+    sd = get_xattr_sd( unix_fd );
+    if (!sd) sd = mode_to_sd( st.st_mode,
+                              security_unix_uid_to_sid( st.st_uid ),
+                              token_get_primary_group( current->process->token ));
    if (!sd) return obj->sd;

    *mode = st.st_mode;