Module: wine Branch: master Commit: 187b53e5a5b13b85356a3b564565c45a101690ff URL: http://source.winehq.org/git/wine.git/?a=commit;h=187b53e5a5b13b85356a3b5645...
Author: Michael Müller michael@fds-team.de Date: Wed Jun 14 20:20:42 2017 +0200
server: Do not set SE_{D, S}ACL_PRESENT if no {D, S}ACL was set.
Signed-off-by: Matteo Bruni mbruni@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/advapi32/tests/security.c | 4 ++-- server/handle.c | 2 -- server/object.c | 16 ++++++++++++++-- 3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index dfc0a23..7842d0e 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -6207,8 +6207,8 @@ static void test_AddMandatoryAce(void) present = TRUE; ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted); ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError()); - todo_wine ok(!present, "SACL is present\n"); - todo_wine ok(sacl == (void *)0xdeadbeef, "SACL is set\n"); + ok(!present, "SACL is present\n"); + ok(sacl == (void *)0xdeadbeef, "SACL is set\n");
HeapFree(GetProcessHeap(), 0, sd2); CloseHandle(handle); diff --git a/server/handle.c b/server/handle.c index faa3a9f..35ab860 100644 --- a/server/handle.c +++ b/server/handle.c @@ -734,7 +734,6 @@ DECL_HANDLER(get_security_object) else req_sd.group_len = 0;
- req_sd.control |= SE_SACL_PRESENT; sacl = sd_get_sacl( sd, &present ); if (req->security_info & SACL_SECURITY_INFORMATION && present) req_sd.sacl_len = sd->sacl_len; @@ -747,7 +746,6 @@ DECL_HANDLER(get_security_object) else req_sd.sacl_len = 0;
- req_sd.control |= SE_DACL_PRESENT; dacl = sd_get_dacl( sd, &present ); if (req->security_info & DACL_SECURITY_INFORMATION && present) req_sd.dacl_len = sd->dacl_len; diff --git a/server/object.c b/server/object.c index 70872e8..4455718 100644 --- a/server/object.c +++ b/server/object.c @@ -583,15 +583,18 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri } else new_sd.group_len = 0;
- new_sd.control |= SE_SACL_PRESENT; sacl = sd_get_sacl( sd, &present ); if (set_info & SACL_SECURITY_INFORMATION && present) + { + new_sd.control |= SE_SACL_PRESENT; new_sd.sacl_len = sd->sacl_len; + } else if (set_info & LABEL_SECURITY_INFORMATION && present) { const ACL *old_sacl = NULL; if (obj->sd && obj->sd->control & SE_SACL_PRESENT) old_sacl = sd_get_sacl( obj->sd, &present ); if (!(replaced_sacl = replace_security_labels( old_sacl, sacl ))) return 0; + new_sd.control |= SE_SACL_PRESENT; new_sd.sacl_len = replaced_sacl->AclSize; sacl = replaced_sacl; } @@ -600,24 +603,33 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri if (obj->sd) sacl = sd_get_sacl( obj->sd, &present );
if (obj->sd && present) + { + new_sd.control |= SE_SACL_PRESENT; new_sd.sacl_len = obj->sd->sacl_len; + } else new_sd.sacl_len = 0; }
- new_sd.control |= SE_DACL_PRESENT; dacl = sd_get_dacl( sd, &present ); if (set_info & DACL_SECURITY_INFORMATION && present) + { + new_sd.control |= SE_DACL_PRESENT; new_sd.dacl_len = sd->dacl_len; + } else { if (obj->sd) dacl = sd_get_dacl( obj->sd, &present );
if (obj->sd && present) + { + new_sd.control |= SE_DACL_PRESENT; new_sd.dacl_len = obj->sd->dacl_len; + } else if (token) { dacl = token_get_default_dacl( token ); + new_sd.control |= SE_DACL_PRESENT; new_sd.dacl_len = dacl->AclSize; } else new_sd.dacl_len = 0;