diff options
author | Edward Thomson <ethomson@edwardthomson.com> | 2022-07-04 16:01:01 -0400 |
---|---|---|
committer | Edward Thomson <ethomson@edwardthomson.com> | 2022-07-06 14:34:06 -0400 |
commit | 258e38b02f2a78e8cb5323a05ac8a4365a7cd532 (patch) | |
tree | f6be6cf0e6a8b2b523110da7dc06e03179266ef6 | |
parent | 3dd9b24ef918429240e5c2ea567401715679bd4a (diff) | |
download | libgit2-258e38b02f2a78e8cb5323a05ac8a4365a7cd532.tar.gz |
fs: allow ownership match if user is in admin group
Allow the user ownership to match if the file is owned by the admin
group and the user is in the admin group, even if the current process is
not running as administrator directly.
-rw-r--r-- | src/fs_path.c | 24 | ||||
-rw-r--r-- | src/fs_path.h | 9 |
2 files changed, 26 insertions, 7 deletions
diff --git a/src/fs_path.c b/src/fs_path.c index 6f5e4a90d..c4cd4f3d6 100644 --- a/src/fs_path.c +++ b/src/fs_path.c @@ -1879,6 +1879,7 @@ int git_fs_path_owner_is( git_fs_path_owner_t owner_type) { PSID owner_sid = NULL, user_sid = NULL; + BOOL is_admin, admin_owned; int error; if (mock_owner) { @@ -1899,12 +1900,22 @@ int git_fs_path_owner_is( } } - if ((owner_type & GIT_FS_PATH_OWNER_ADMINISTRATOR) != 0) { - if (IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) || - IsWellKnownSid(owner_sid, WinLocalSystemSid)) { - *out = true; - goto done; - } + admin_owned = + IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) || + IsWellKnownSid(owner_sid, WinLocalSystemSid); + + if (admin_owned && + (owner_type & GIT_FS_PATH_OWNER_ADMINISTRATOR) != 0) { + *out = true; + goto done; + } + + if (admin_owned && + (owner_type & GIT_FS_PATH_USER_IS_ADMINISTRATOR) != 0 && + CheckTokenMembership(NULL, owner_sid, &is_admin) && + is_admin) { + *out = true; + goto done; } *out = false; @@ -1956,6 +1967,7 @@ int git_fs_path_owner_is( return 0; } + #endif int git_fs_path_owner_is_current_user(bool *out, const char *path) diff --git a/src/fs_path.h b/src/fs_path.h index a270a5590..928644a9d 100644 --- a/src/fs_path.h +++ b/src/fs_path.h @@ -740,8 +740,15 @@ typedef enum { /** The file must be owned by the system account. */ GIT_FS_PATH_OWNER_ADMINISTRATOR = (1 << 1), + /** + * The file may be owned by a system account if the current + * user is in an administrator group. Windows only; this is + * a noop on non-Windows systems. + */ + GIT_FS_PATH_USER_IS_ADMINISTRATOR = (1 << 2), + /** The file may be owned by another user. */ - GIT_FS_PATH_OWNER_OTHER = (1 << 2) + GIT_FS_PATH_OWNER_OTHER = (1 << 3) } git_fs_path_owner_t; /** |