Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-22 16:33:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

shared: posix: DistinctPermsForSameOwnerGroup

Browse Source
This commit is contained in:
Bill Zissimopoulos 2021-04-06 15:00:31 -07:00
parent 9d76495340
commit 50892bfa19
No known key found for this signature in database
GPG Key ID: 3D4F95D52C7B3EA3
1 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/shared/ku/posix.c
View File

@ -123,9 +123,12 @@ static struct
PWSTR DnsDomainName; PWSTR DnsDomainName;
ULONG TrustPosixOffset; ULONG TrustPosixOffset;
} *FspTrustedDomains; } *FspTrustedDomains;
ULONG FspTrustedDomainCount; static ULONG FspTrustedDomainCount;
static BOOLEAN FspDistinctPermsForSameOwnerGroup;
static INIT_ONCE FspPosixInitOnce = INIT_ONCE_STATIC_INIT; static INIT_ONCE FspPosixInitOnce = INIT_ONCE_STATIC_INIT;
#if !defined(_KERNEL_MODE) #if !defined(_KERNEL_MODE)
static ULONG FspPosixInitializeTrustPosixOffsets(VOID) static ULONG FspPosixInitializeTrustPosixOffsets(VOID)
{ {
PVOID Ldap = 0; PVOID Ldap = 0;
@ -169,6 +172,28 @@ exit:
return LdapResult; return LdapResult;
} }
static VOID FspPosixInitializeFromRegistry(VOID)
{
HKEY RegKey;
LONG Result;
DWORD Size;
DWORD DistinctPermsForSameOwnerGroup;
DistinctPermsForSameOwnerGroup = 0;
Result = RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"Software\\WinFsp",
0, KEY_READ | KEY_WOW64_32KEY, &RegKey);
if (ERROR_SUCCESS == Result)
{
Size = sizeof DistinctPermsForSameOwnerGroup;
Result = RegGetValueW(RegKey, 0, L"DistinctPermsForSameOwnerGroup",
RRF_RT_REG_DWORD, 0, &DistinctPermsForSameOwnerGroup, &Size);
RegCloseKey(RegKey);
}
FspDistinctPermsForSameOwnerGroup = !!DistinctPermsForSameOwnerGroup;
}
static BOOL WINAPI FspPosixInitialize( static BOOL WINAPI FspPosixInitialize(
PINIT_ONCE InitOnce, PVOID Parameter, PVOID *Context) PINIT_ONCE InitOnce, PVOID Parameter, PVOID *Context)
{ {
@ -300,6 +325,8 @@ static BOOL WINAPI FspPosixInitialize(
if (0 < FspTrustedDomainCount) if (0 < FspTrustedDomainCount)
FspPosixInitializeTrustPosixOffsets(); FspPosixInitializeTrustPosixOffsets();
FspPosixInitializeFromRegistry();
exit: exit:
if (0 != TrustedDomains) if (0 != TrustedDomains)
NetApiBufferFree(TrustedDomains); NetApiBufferFree(TrustedDomains);
@ -330,7 +357,9 @@ VOID FspPosixFinalize(BOOLEAN Dynamic)
MemFree(FspPrimaryDomainSid); MemFree(FspPrimaryDomainSid);
} }
} }
#else #else
ULONG NTAPI FspPosixInitialize( ULONG NTAPI FspPosixInitialize(
PRTL_RUN_ONCE RunOnce, PVOID Parameter, PVOID *Context) PRTL_RUN_ONCE RunOnce, PVOID Parameter, PVOID *Context)
{ {
@ -376,8 +405,12 @@ ULONG NTAPI FspPosixInitialize(
FspPrimaryDomainSid = &FspPrimaryDomainSidBuf.V; FspPrimaryDomainSid = &FspPrimaryDomainSidBuf.V;
} }
/* always enable permissive permissions for same owner group in kernel mode */
FspDistinctPermsForSameOwnerGroup = TRUE;
return TRUE; return TRUE;
} }
#endif #endif
static inline BOOLEAN FspPosixIsRelativeSid(PISID Sid1, PISID Sid2) static inline BOOLEAN FspPosixIsRelativeSid(PISID Sid1, PISID Sid2)
@ -778,7 +811,7 @@ FSP_API NTSTATUS FspPosixMapPermissionsToSecurityDescriptor(
* bits are different?. In this case, the most restrictive permissions * bits are different?. In this case, the most restrictive permissions
* are chosen and assigned to both ACEs. * are chosen and assigned to both ACEs.
*/ */
if (EqualSid(OwnerSid, GroupSid)) if (!FspDistinctPermsForSameOwnerGroup && EqualSid(OwnerSid, GroupSid))
OwnerPerm = GroupPerm = OwnerPerm & GroupPerm; OwnerPerm = GroupPerm = OwnerPerm & GroupPerm;
/* [PERMS] /* [PERMS]