From: Christian Inci Subject: [PATCH 2/2 v2] server: Use group "Builtin\Users" instead of "Everyone" Message-Id: <4e245d5f-d466-8f24-0702-5ccb106d531f@broke-the-inter.net> Date: Fri, 31 Mar 2017 06:43:46 +0200 The game cache validation issue of #32515 will now only occur if the access rights for %WINDIR%, %SYSTEMROOT% and Steam's directory aren't at least "o+r". This patch should stay in staging for a while if it's accepted. This will not fix the game crash issue. Signed-off-by: Christian Inci dlls/advapi32/tests/security.c | 2 +- server/file.c | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index bc3060a2..25104d63 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -4678,7 +4678,7 @@ static void test_GetSecurityInfo(void) bret = pGetAce(pDacl, 2, (VOID **)&ace); ok(bret, "Failed to get Users Group ACE.\n"); bret = EqualSid(&ace->SidStart, users_sid); - todo_wine ok(bret, "Users Group ACE (%s) != Users Group SID (%s).\n", debugstr_sid(&ace->SidStart), debugstr_sid(users_sid)); + ok(bret, "Users Group ACE (%s) != Users Group SID (%s).\n", debugstr_sid(&ace->SidStart), debugstr_sid(users_sid)); ok(((ACE_HEADER *)ace)->AceFlags == 0, "Users Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); ok(ace->Mask == 0x1200a9, "Users Group ACE has unexpected mask (0x%x != 0x1200a9)\n", diff --git a/server/file.c b/server/file.c index 85bd9501..8e98e03b 100644 --- a/server/file.c +++ b/server/file.c @@ -336,7 +336,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID ACL *dacl; SID *sid; char *ptr; - const SID *world_sid = security_world_sid; + const SID *builtin_users_sid = security_builtin_users_sid; const SID *local_system_sid = security_local_system_sid; dacl_size = sizeof(ACL) + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + @@ -348,7 +348,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID (!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH)))) dacl_size += FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + security_sid_len( user ); if (mode & S_IRWXO) - dacl_size += FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( world_sid ); + dacl_size += FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( builtin_users_sid ); sd = mem_alloc( sizeof(struct security_descriptor) + security_sid_len( user ) + security_sid_len( group ) + @@ -430,14 +430,14 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID current_ace = &aaa->Header; aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0; - aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( world_sid ); + aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( builtin_users_sid ); aaa->Mask = 0; if (mode & S_IROTH) aaa->Mask |= FILE_GENERIC_READ | FILE_GENERIC_EXECUTE; if (mode & S_IWOTH) aaa->Mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD; sid = (SID *)&aaa->SidStart; - memcpy( sid, world_sid, security_sid_len( world_sid )); + memcpy( sid, builtin_users_sid, security_sid_len( builtin_users_sid )); } return sd; @@ -511,7 +511,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) ad_ace = (const ACCESS_DENIED_ACE *)ace; sid = (const SID *)&ad_ace->SidStart; mode = file_access_to_mode( ad_ace->Mask ); - if (security_equal_sid( sid, security_world_sid )) + if (security_equal_sid( sid, security_builtin_users_sid )) { bits_to_set &= ~((mode << 6) | (mode << 3) | mode); /* all */ } @@ -529,7 +529,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) aa_ace = (const ACCESS_ALLOWED_ACE *)ace; sid = (const SID *)&aa_ace->SidStart; mode = file_access_to_mode( aa_ace->Mask ); - if (security_equal_sid( sid, security_world_sid )) + if (security_equal_sid( sid, security_builtin_users_sid )) { mode = (mode << 6) | (mode << 3) | mode; /* all */ new_mode |= mode & bits_to_set;