diff options
author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2022-08-08 16:27:50 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2022-08-08 19:33:13 +0300 |
commit | 3f7207e2ea967fd2b46d9e0ae85246e93b38ed58 (patch) | |
tree | c689415b2e2df5cf9913daee61577d02bd5b2d09 /compat | |
parent | 7c83470e64eadab74689427fcd95e72f0a772ab5 (diff) |
mingw: handle a file owned by the Administrators group correctly
When an Administrator creates a file or directory, the created
file/directory is owned not by the Administrator SID, but by the
_Administrators Group_ SID. The reason is that users with administrator
privileges usually run in unprivileged ("non-elevated") mode, and their
user SID does not change when running in elevated mode.
This is is relevant e.g. when running a GitHub workflow on a build
agent, which runs in elevated mode: cloning a Git repository in a script
step will cause the worktree to be owned by the Administrators Group
SID, for example.
Let's handle this case as following: if the current user is an
administrator, Git should consider a worktree owned by the
Administrators Group as if it were owned by said user.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'compat')
-rw-r--r-- | compat/mingw.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/compat/mingw.c b/compat/mingw.c index 22f960c7e3..7aa9318db7 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -2728,6 +2728,7 @@ int is_path_owned_by_current_sid(const char *path, struct strbuf *report) else if (sid && IsValidSid(sid)) { /* Now, verify that the SID matches the current user's */ static PSID current_user_sid; + BOOL is_member; if (!current_user_sid) current_user_sid = get_current_user_sid(); @@ -2736,6 +2737,15 @@ int is_path_owned_by_current_sid(const char *path, struct strbuf *report) IsValidSid(current_user_sid) && EqualSid(sid, current_user_sid)) result = 1; + else if (IsWellKnownSid(sid, WinBuiltinAdministratorsSid) && + CheckTokenMembership(NULL, sid, &is_member) && + is_member) + /* + * If owned by the Administrators group, and the + * current user is an administrator, we consider that + * okay, too. + */ + result = 1; else if (report && IsWellKnownSid(sid, WinWorldSid) && !acls_supported(path)) { |