Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
libgit2.28344
0017-fs-allow-ownership-match-if-user-is-in-adm...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0017-fs-allow-ownership-match-if-user-is-in-admin-group.patch of Package libgit2.28344
From decffcf2efd67da717e1d8ff0cc757d076afe861 Mon Sep 17 00:00:00 2001 From: Edward Thomson <ethomson@edwardthomson.com> Date: Thu, 7 Jul 2022 00:02:19 -0400 Subject: [PATCH 17/20] fs: allow ownership match if user is in admin group Allow the user ownership to match if the file is owned by the admin group and the user is in the admin group, even if the current process is not running as administrator directly. --- src/path.c | 24 ++++++++++++++++++------ src/path.h | 9 ++++++++- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/src/path.c b/src/path.c index efd094298..606b2ed5e 100644 --- a/src/path.c +++ b/src/path.c @@ -2124,6 +2124,7 @@ int git_path_owner_is( git_path_owner_t owner_type) { PSID owner_sid = NULL, user_sid = NULL; + BOOL is_admin, admin_owned; int error; if (mock_owner) { @@ -2144,12 +2145,22 @@ int git_path_owner_is( } } - if ((owner_type & GIT_PATH_OWNER_ADMINISTRATOR) != 0) { - if (IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) || - IsWellKnownSid(owner_sid, WinLocalSystemSid)) { - *out = true; - goto done; - } + admin_owned = + IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) || + IsWellKnownSid(owner_sid, WinLocalSystemSid); + + if (admin_owned && + (owner_type & GIT_PATH_OWNER_ADMINISTRATOR) != 0) { + *out = true; + goto done; + } + + if (admin_owned && + (owner_type & GIT_PATH_USER_IS_ADMINISTRATOR) != 0 && + CheckTokenMembership(NULL, owner_sid, &is_admin) && + is_admin) { + *out = true; + goto done; } *out = false; @@ -2201,6 +2212,7 @@ int git_path_owner_is( return 0; } + #endif int git_path_owner_is_current_user(bool *out, const char *path) diff --git a/src/path.h b/src/path.h index 4a23475e3..bb51cff11 100644 --- a/src/path.h +++ b/src/path.h @@ -731,8 +731,15 @@ typedef enum { /** The file must be owned by the system account. */ GIT_PATH_OWNER_ADMINISTRATOR = (1 << 1), + /** + * The file may be owned by a system account if the current + * user is in an administrator group. Windows only; this is + * a noop on non-Windows systems. + */ + GIT_PATH_USER_IS_ADMINISTRATOR = (1 << 2), + /** The file may be owned by another user. */ - GIT_PATH_OWNER_OTHER = (1 << 2) + GIT_PATH_OWNER_OTHER = (1 << 3) } git_path_owner_t; /** -- 2.37.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor