mirror of
git://source.winehq.org/git/wine.git
synced 2024-09-28 22:52:27 +00:00
server: Use the token owner instead of the token user for default object owner.
Also, replace the token user with the token owner for the default DACL as well. Wine currently selects domain_users_sid as the token owner, so use that. This is required to pass the advapi32:security test which expects the security descriptor owner SID to be referenced in the DACL as well.
This commit is contained in:
Jinoh Kang
Alexandre Julliard
parent
b735ded8c2
commit
9090229e67
|
|
@ -6420,7 +6420,6 @@ static void test_default_dacl_owner_group_sid(void)
|
|||
ok( ret, "error %lu\n", GetLastError() );
|
||||
ok( owner != (void *)0xdeadbeef, "owner not set\n" );
|
||||
ok( !defaulted, "owner defaulted\n" );
|
||||
todo_wine
|
||||
ok( EqualSid( owner, token_owner->Owner ), "owner shall equal token owner\n" );
|
||||
|
||||
group = (void *)0xdeadbeef;
|
||||
|
|
@ -6460,7 +6459,6 @@ static void test_default_dacl_owner_group_sid(void)
|
|||
"expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
|
||||
if (EqualSid( &ace->SidStart, token_user->User.Sid )) found = TRUE;
|
||||
}
|
||||
todo_wine
|
||||
ok( !found, "DACL shall not reference token user if it is different from token owner\n" );
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -391,7 +391,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
|
|||
else if (obj->sd)
|
||||
owner = sd_get_owner( obj->sd );
|
||||
else
|
||||
owner = token_get_user( current->process->token );
|
||||
owner = token_get_owner( current->process->token );
|
||||
|
||||
if (set_info & DACL_SECURITY_INFORMATION)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -245,7 +245,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
|
|||
{
|
||||
const struct sid *owner = sd_get_owner( sd );
|
||||
if (!owner)
|
||||
owner = token_get_user( current->process->token );
|
||||
owner = token_get_owner( current->process->token );
|
||||
mode = sd_to_mode( sd, owner );
|
||||
}
|
||||
else if (options & FILE_DIRECTORY_FILE)
|
||||
|
|
@ -528,7 +528,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
|
|||
else if (obj->sd)
|
||||
owner = sd_get_owner( obj->sd );
|
||||
else
|
||||
owner = token_get_user( current->process->token );
|
||||
owner = token_get_owner( current->process->token );
|
||||
|
||||
/* group and sacl not supported */
|
||||
|
||||
|
|
|
|||
|
|
@ -574,7 +574,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
|
|||
}
|
||||
else if (token)
|
||||
{
|
||||
owner = token_get_user( token );
|
||||
owner = token_get_owner( token );
|
||||
new_sd.owner_len = sid_len( owner );
|
||||
}
|
||||
else new_sd.owner_len = 0;
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ extern int token_check_privileges( struct token *token, int all_required,
|
|||
const struct luid_attr *reqprivs,
|
||||
unsigned int count, struct luid_attr *usedprivs );
|
||||
extern const struct acl *token_get_default_dacl( struct token *token );
|
||||
extern const struct sid *token_get_user( struct token *token );
|
||||
extern const struct sid *token_get_owner( struct token *token );
|
||||
extern const struct sid *token_get_primary_group( struct token *token );
|
||||
extern unsigned int token_get_session_id( struct token *token );
|
||||
extern int token_sid_present( struct token *token, const struct sid *sid, int deny );
|
||||
|
|
|
|||
|
|
@ -732,7 +732,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
|
|||
/* on Windows, this value changes every time the user logs on */
|
||||
struct sid logon_sid = { SID_REVISION, 3, SECURITY_NT_AUTHORITY, { SECURITY_LOGON_IDS_RID, 0, 0 /* FIXME: should be randomly generated when tokens are inherited by new processes */ }};
|
||||
const struct sid *user_sid = security_unix_uid_to_sid( getuid() );
|
||||
struct acl *default_dacl = create_default_dacl( user_sid );
|
||||
struct acl *default_dacl = create_default_dacl( &domain_users_sid );
|
||||
const struct luid_attr admin_privs[] =
|
||||
{
|
||||
{ SeChangeNotifyPrivilege, SE_PRIVILEGE_ENABLED },
|
||||
|
|
@ -1044,9 +1044,9 @@ const struct acl *token_get_default_dacl( struct token *token )
|
|||
return token->default_dacl;
|
||||
}
|
||||
|
||||
const struct sid *token_get_user( struct token *token )
|
||||
const struct sid *token_get_owner( struct token *token )
|
||||
{
|
||||
return token->user;
|
||||
return token->owner;
|
||||
}
|
||||
|
||||
const struct sid *token_get_primary_group( struct token *token )
|
||||
|
|
|
|||
Loading…
Reference in a new issue