winfsp-tests: posix_map_sd_test

2025-06-08 04:52:10 -05:00 · 2016-06-06 22:57:28 -07:00 · 2016-06-06 22:57:28 -07:00 · c46d8b2e0a
commit c46d8b2e0a
parent bcfa4a326b
2 changed files with 59 additions and 16 deletions
--- a/src/dll/posix.c
+++ b/src/dll/posix.c
@ -432,15 +432,15 @@ FSP_API NTSTATUS FspPosixMapPermissionsToSecurityDescriptor(

    *PSecurityDescriptor = 0;

-    Result = FspPosixMapUidToSid(Uid, OwnerSid);
+    Result = FspPosixMapUidToSid(Uid, &OwnerSid);
    if (!NT_SUCCESS(Result))
        goto exit;

-    Result = FspPosixMapUidToSid(Gid, GroupSid);
+    Result = FspPosixMapUidToSid(Gid, &GroupSid);
    if (!NT_SUCCESS(Result))
        goto exit;

-    Result = FspPosixMapUidToSid(0x10100, WorldSid);
+    Result = FspPosixMapUidToSid(0x10100, &WorldSid);
    if (!NT_SUCCESS(Result))
        goto exit;

@ -488,7 +488,7 @@ FSP_API NTSTATUS FspPosixMapPermissionsToSecurityDescriptor(
    if (GroupDeny)
        Size += GetLengthSid(GroupSid) - sizeof(DWORD);
    Size += sizeof(DWORD) - 1;
-    Size &= ~sizeof(DWORD);
+    Size &= ~(sizeof(DWORD) - 1);

    Acl = MemAlloc(Size);
    if (0 == Acl)
@ -636,11 +636,11 @@ FSP_API NTSTATUS FspPosixMapSecurityDescriptorToPermissions(

    if (0 != Acl)
    {
-        Result = FspPosixMapUidToSid(0x10100, WorldSid);
+        Result = FspPosixMapUidToSid(0x10100, &WorldSid);
        if (!NT_SUCCESS(Result))
            goto exit;

-        Result = FspPosixMapUidToSid(11, AuthUsersSid);
+        Result = FspPosixMapUidToSid(11, &AuthUsersSid);
        if (!NT_SUCCESS(Result))
            goto exit;

@ -690,15 +690,15 @@ FSP_API NTSTATUS FspPosixMapSecurityDescriptorToPermissions(
                 */
                if (ACCESS_ALLOWED_ACE_TYPE == Ace->AceType)
                {
-                    WorldAllow |= AceAccessMask & WorldDeny;
-                    GroupAllow |= AceAccessMask & GroupDeny;
-                    OwnerAllow |= AceAccessMask & OwnerDeny;
+                    WorldAllow |= AceAccessMask & ~WorldDeny;
+                    GroupAllow |= AceAccessMask & ~GroupDeny;
+                    OwnerAllow |= AceAccessMask & ~OwnerDeny;
                }
                else //if (ACCESS_DENIED_ACE_TYPE == Ace->AceType)
                {
-                    WorldDeny |= AceAccessMask & WorldAllow;
-                    GroupDeny |= AceAccessMask & GroupAllow;
-                    OwnerDeny |= AceAccessMask & OwnerAllow;
+                    WorldDeny |= AceAccessMask & ~WorldAllow;
+                    GroupDeny |= AceAccessMask & ~GroupAllow;
+                    OwnerDeny |= AceAccessMask & ~OwnerAllow;
                }
            }
            else
@ -717,9 +717,9 @@ FSP_API NTSTATUS FspPosixMapSecurityDescriptorToPermissions(
                if (EqualSid(GroupSid, AceSid))
                {
                    if (ACCESS_ALLOWED_ACE_TYPE == Ace->AceType)
-                        GroupAllow |= AceAccessMask & GroupDeny;
+                        GroupAllow |= AceAccessMask & ~GroupDeny;
                    else //if (ACCESS_DENIED_ACE_TYPE == Ace->AceType)
-                        GroupDeny |= AceAccessMask & GroupAllow;
+                        GroupDeny |= AceAccessMask & ~GroupAllow;
                }

                /* [PERMS]
@ -730,9 +730,9 @@ FSP_API NTSTATUS FspPosixMapSecurityDescriptorToPermissions(
                if (EqualSid(OwnerSid, AceSid))
                {
                    if (ACCESS_ALLOWED_ACE_TYPE == Ace->AceType)
-                        OwnerAllow |= AceAccessMask & OwnerDeny;
+                        OwnerAllow |= AceAccessMask & ~OwnerDeny;
                    else //if (ACCESS_DENIED_ACE_TYPE == Ace->AceType)
-                        OwnerDeny |= AceAccessMask & OwnerAllow;
+                        OwnerDeny |= AceAccessMask & ~OwnerAllow;
                }
            }
        }
--- a/tst/winfsp-tests/posix-test.c
+++ b/tst/winfsp-tests/posix-test.c
@ -147,7 +147,50 @@ void posix_map_sid_test(void)
    LocalFree(map[sizeof map / sizeof map[0] - 1].SidStr);
 }

+void posix_map_sd_test(void)
+{
+    struct
+    {
+        PWSTR Sddl;
+        UINT32 Uid, Gid, Mode;
+    } map[] =
+    {
+        { L"O:SYG:BAD:P(A;;0x1f0199;;;SY)(A;;0x120088;;;BA)(A;;0x120088;;;WD)", 18, 544, 00400 },
+    };
+    NTSTATUS Result;
+    BOOL Success;
+    PSECURITY_DESCRIPTOR SecurityDescriptor;
+    PWSTR Sddl;
+    UINT32 Uid, Gid, Mode;
+
+    for (size_t i = 0; sizeof map / sizeof map[0] > i; i++)
+    {
+        Result = FspPosixMapPermissionsToSecurityDescriptor(
+            map[i].Uid, map[i].Gid, map[i].Mode, &SecurityDescriptor);
+        ASSERT(NT_SUCCESS(Result));
+
+        Success = ConvertSecurityDescriptorToStringSecurityDescriptorW(
+            SecurityDescriptor, SDDL_REVISION_1,
+            OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
+            &Sddl, 0);
+        ASSERT(Success);
+        ASSERT(0 == wcscmp(map[i].Sddl, Sddl));
+        LocalFree(Sddl);
+
+        Result = FspPosixMapSecurityDescriptorToPermissions(
+            SecurityDescriptor, &Uid, &Gid, &Mode);
+        ASSERT(NT_SUCCESS(Result));
+        ASSERT(map[i].Uid == Uid);
+        ASSERT(map[i].Gid == Gid);
+        ASSERT((map[i].Mode & 01777) == Mode);
+
+        FspDeleteSecurityDescriptor(SecurityDescriptor,
+            FspPosixMapPermissionsToSecurityDescriptor);
+    }
+}
+
 void posix_tests(void)
 {
    TEST(posix_map_sid_test);
+    TEST(posix_map_sd_test);
 }