niansa-misc/wine
1
0
Fork 0
mirror of synced 2025-03-07 03:53:26 +01:00
Code Issues Projects Releases Packages Wiki Activity

server: Use the token owner instead of the token user for default object owner.

Browse source 
Also, replace the token user with the token owner for the default DACL
as well.  Wine currently selects domain_users_sid as the token owner, so
use that.  This is required to pass the advapi32:security test which
expects the security descriptor owner SID to be referenced in the DACL
as well.
This commit is contained in:
Jinoh Kang 2022-07-19 23:58:21 +09:00 committed by Alexandre Julliard
parent b735ded8c2
commit 9090229e67
6 changed files with 8 additions and 10 deletions

2
dlls/advapi32/tests/security.c
View file

@ -6420,7 +6420,6 @@ static void test_default_dacl_owner_group_sid(void)
ok( ret, "error %lu\n", GetLastError() );
ok( owner != (void *)0xdeadbeef, "owner not set\n" );
ok( !defaulted, "owner defaulted\n" );
todo_wine
ok( EqualSid( owner, token_owner->Owner ), "owner shall equal token owner\n" );
group = (void *)0xdeadbeef;
@ -6460,7 +6459,6 @@ static void test_default_dacl_owner_group_sid(void)
"expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
if (EqualSid( &ace->SidStart, token_user->User.Sid )) found = TRUE;
}
todo_wine
ok( !found, "DACL shall not reference token user if it is different from token owner\n" );
}

2
server/change.c
View file

@ -391,7 +391,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
else if (obj->sd)
owner = sd_get_owner( obj->sd );
else
owner = token_get_user( current->process->token );
owner = token_get_owner( current->process->token );
if (set_info & DACL_SECURITY_INFORMATION)
{

4
server/file.c
View file

@ -245,7 +245,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
{
const struct sid *owner = sd_get_owner( sd );
if (!owner)
owner = token_get_user( current->process->token );
owner = token_get_owner( current->process->token );
mode = sd_to_mode( sd, owner );
}
else if (options & FILE_DIRECTORY_FILE)
@ -528,7 +528,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
else if (obj->sd)
owner = sd_get_owner( obj->sd );
else
owner = token_get_user( current->process->token );
owner = token_get_owner( current->process->token );
/* group and sacl not supported */

2
server/object.c
View file

@ -574,7 +574,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
}
else if (token)
{
owner = token_get_user( token );
owner = token_get_owner( token );
new_sd.owner_len = sid_len( owner );
}
else new_sd.owner_len = 0;

2
server/security.h
View file

@ -73,7 +73,7 @@ extern int token_check_privileges( struct token *token, int all_required,
const struct luid_attr *reqprivs,
unsigned int count, struct luid_attr *usedprivs );
extern const struct acl *token_get_default_dacl( struct token *token );
extern const struct sid *token_get_user( struct token *token );
extern const struct sid *token_get_owner( struct token *token );
extern const struct sid *token_get_primary_group( struct token *token );
extern unsigned int token_get_session_id( struct token *token );
extern int token_sid_present( struct token *token, const struct sid *sid, int deny );

6
server/token.c
View file

@ -732,7 +732,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
/* on Windows, this value changes every time the user logs on */
struct sid logon_sid = { SID_REVISION, 3, SECURITY_NT_AUTHORITY, { SECURITY_LOGON_IDS_RID, 0, 0 /* FIXME: should be randomly generated when tokens are inherited by new processes */ }};
const struct sid *user_sid = security_unix_uid_to_sid( getuid() );
struct acl *default_dacl = create_default_dacl( user_sid );
struct acl *default_dacl = create_default_dacl( &domain_users_sid );
const struct luid_attr admin_privs[] =
{
{ SeChangeNotifyPrivilege, SE_PRIVILEGE_ENABLED },
@ -1044,9 +1044,9 @@ const struct acl *token_get_default_dacl( struct token *token )
return token->default_dacl;
}
const struct sid *token_get_user( struct token *token )
const struct sid *token_get_owner( struct token *token )
{
return token->user;
return token->owner;
}
const struct sid *token_get_primary_group( struct token *token )