Skip to content

Commit 0fd40c8

Browse files
staticfloatstaticfloat
committed
Apply "other" permissions to all groups we are not a part of
Previously, we would apply permissions only to groups that we were a part of, but we should apply our "other" permissions to groups that we are not a part of.
1 parent 9759885 commit 0fd40c8

File tree

1 file changed

+13
-16
lines changed

1 file changed

+13
-16
lines changed

src/win/fs.c

+13-16
Original file line numberDiff line numberDiff line change
@@ -2422,16 +2422,8 @@ static void fs__chmod(uv_fs_t* req) {
24222422
continue;
24232423
}
24242424

2425-
/* Check to see if our user is a member of this group */
2426-
if (!CheckTokenMembership(hImpersonatedToken, pEASid, &isMember)) {
2427-
SET_REQ_WIN32_ERROR(req, GetLastError());
2428-
goto chmod_cleanup;
2429-
}
2430-
2431-
/* If we're a member, then count it */
2432-
if (isMember) {
2433-
numOtherGroups++;
2434-
}
2425+
/* Count these as "other" groups */
2426+
numOtherGroups++;
24352427
}
24362428

24372429
/* Create an ACE for each triplet (user, group, other) */
@@ -2491,16 +2483,21 @@ static void fs__chmod(uv_fs_t* req) {
24912483
}
24922484

24932485
/*
2494-
* If we're a member, then count it. We limit our `ea_write_idx` to avoid
2495-
* the unlikely event that we have been added to a group since we first
2496-
* calculated `numOtherGroups`.
2486+
* We limit our `ea_write_idx` to avoid the unlikely event that we
2487+
* have been added to a group since we first calculated `numOtherGroups`.
24972488
*/
2498-
if (isMember && ea_write_idx < numNewEAs) {
2499-
build_access_struct(&ea[ea_write_idx], pEASid, TRUSTEE_IS_GROUP, 0, REVOKE_ACCESS);
2489+
assert(ea_write_idx <= numNewEAs - 3);
2490+
if (isMember) {
2491+
build_access_struct(&ea[ea_write_idx + 0], pEASid, TRUSTEE_IS_GROUP, 0, REVOKE_ACCESS);
25002492
build_access_struct(&ea[ea_write_idx + 1], pEASid, TRUSTEE_IS_GROUP, g_deny_mode, DENY_ACCESS);
25012493
build_access_struct(&ea[ea_write_idx + 2], pEASid, TRUSTEE_IS_GROUP, g_mode, SET_ACCESS);
2502-
ea_write_idx += 3;
2494+
} else {
2495+
/* We revoke a second time here to keep offset management simple in groups of three. */
2496+
build_access_struct(&ea[ea_write_idx + 0], pEASid, TRUSTEE_IS_GROUP, 0, REVOKE_ACCESS);
2497+
build_access_struct(&ea[ea_write_idx + 1], pEASid, TRUSTEE_IS_GROUP, 0, REVOKE_ACCESS);
2498+
build_access_struct(&ea[ea_write_idx + 2], pEASid, TRUSTEE_IS_GROUP, o_mode, SET_ACCESS);
25032499
}
2500+
ea_write_idx += 3;
25042501
}
25052502

25062503
/* Set entries in the ACL object */

0 commit comments

Comments
 (0)