Commit 5bc01a7d by Edward Thomson

fs: allow ownership match if user is in admin group

Allow the user ownership to match if the file is owned by the admin
group and the user is in the admin group, even if the current process is
not running as administrator directly.
parent 433f0166
...@@ -1885,6 +1885,7 @@ int git_fs_path_owner_is( ...@@ -1885,6 +1885,7 @@ int git_fs_path_owner_is(
git_fs_path_owner_t owner_type) git_fs_path_owner_t owner_type)
{ {
PSID owner_sid = NULL, user_sid = NULL; PSID owner_sid = NULL, user_sid = NULL;
BOOL is_admin, admin_owned;
int error; int error;
if (mock_owner) { if (mock_owner) {
...@@ -1905,12 +1906,22 @@ int git_fs_path_owner_is( ...@@ -1905,12 +1906,22 @@ int git_fs_path_owner_is(
} }
} }
if ((owner_type & GIT_FS_PATH_OWNER_ADMINISTRATOR) != 0) { admin_owned =
if (IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) || IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) ||
IsWellKnownSid(owner_sid, WinLocalSystemSid)) { IsWellKnownSid(owner_sid, WinLocalSystemSid);
*out = true;
goto done; if (admin_owned &&
} (owner_type & GIT_FS_PATH_OWNER_ADMINISTRATOR) != 0) {
*out = true;
goto done;
}
if (admin_owned &&
(owner_type & GIT_FS_PATH_USER_IS_ADMINISTRATOR) != 0 &&
CheckTokenMembership(NULL, owner_sid, &is_admin) &&
is_admin) {
*out = true;
goto done;
} }
*out = false; *out = false;
...@@ -1962,6 +1973,7 @@ int git_fs_path_owner_is( ...@@ -1962,6 +1973,7 @@ int git_fs_path_owner_is(
return 0; return 0;
} }
#endif #endif
int git_fs_path_owner_is_current_user(bool *out, const char *path) int git_fs_path_owner_is_current_user(bool *out, const char *path)
......
...@@ -740,8 +740,15 @@ typedef enum { ...@@ -740,8 +740,15 @@ typedef enum {
/** The file must be owned by the system account. */ /** The file must be owned by the system account. */
GIT_FS_PATH_OWNER_ADMINISTRATOR = (1 << 1), GIT_FS_PATH_OWNER_ADMINISTRATOR = (1 << 1),
/**
* The file may be owned by a system account if the current
* user is in an administrator group. Windows only; this is
* a noop on non-Windows systems.
*/
GIT_FS_PATH_USER_IS_ADMINISTRATOR = (1 << 2),
/** The file may be owned by another user. */ /** The file may be owned by another user. */
GIT_FS_PATH_OWNER_OTHER = (1 << 2) GIT_FS_PATH_OWNER_OTHER = (1 << 3)
} git_fs_path_owner_t; } git_fs_path_owner_t;
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment