fs: allow ownership match if user is in admin group

ethomson · ethomson · commit 5bc01a7ddbb7 · 2022-07-07T10:37:54.000-04:00
Allow the user ownership to match if the file is owned by the admin
group and the user is in the admin group, even if the current process is
not running as administrator directly.
diff --git a/src/util/fs_path.c b/src/util/fs_path.c
@@ -1885,6 +1885,7 @@ int git_fs_path_owner_is(
 	git_fs_path_owner_t owner_type)
 {
 	PSID owner_sid = NULL, user_sid = NULL;
+	BOOL is_admin, admin_owned;
 	int error;
 
 	if (mock_owner) {
@@ -1905,12 +1906,22 @@ int git_fs_path_owner_is(
 		}
 	}
 
-	if ((owner_type & GIT_FS_PATH_OWNER_ADMINISTRATOR) != 0) {
-		if (IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) ||
-		    IsWellKnownSid(owner_sid, WinLocalSystemSid)) {
-			*out = true;
-			goto done;
-		}
+	admin_owned =
+		IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) ||
+		IsWellKnownSid(owner_sid, WinLocalSystemSid);
+
+	if (admin_owned &&
+	    (owner_type & GIT_FS_PATH_OWNER_ADMINISTRATOR) != 0) {
+		*out = true;
+		goto done;
+	}
+
+	if (admin_owned &&
+	    (owner_type & GIT_FS_PATH_USER_IS_ADMINISTRATOR) != 0 &&
+	    CheckTokenMembership(NULL, owner_sid, &is_admin) &&
+	    is_admin) {
+		*out = true;
+		goto done;
 	}
 
 	*out = false;
@@ -1962,6 +1973,7 @@ int git_fs_path_owner_is(
 
 	return 0;
 }
+
 #endif
 
 int git_fs_path_owner_is_current_user(bool *out, const char *path)
diff --git a/src/util/fs_path.h b/src/util/fs_path.h
@@ -740,8 +740,15 @@ typedef enum {
 	/** The file must be owned by the system account. */
 	GIT_FS_PATH_OWNER_ADMINISTRATOR = (1 << 1),
 
+	/**
+	 * The file may be owned by a system account if the current
+	 * user is in an administrator group. Windows only; this is
+	 * a noop on non-Windows systems.
+	 */
+	GIT_FS_PATH_USER_IS_ADMINISTRATOR = (1 << 2),
+
 	/** The file may be owned by another user. */
-	GIT_FS_PATH_OWNER_OTHER = (1 << 2)
+	GIT_FS_PATH_OWNER_OTHER = (1 << 3)
 } git_fs_path_owner_t;
 
 /**
