Module: wine Branch: master Commit: e51f8490f2f72b669b0c03f6867714c7232ba08d URL: http://source.winehq.org/git/wine.git/?a=commit;h=e51f8490f2f72b669b0c03f686...

Author: Rob Shearman rob@codeweavers.com Date: Thu Oct 25 16:19:54 2007 +0100

server: Ignore ACEs with the INHERIT_ONLY_ACE flag set during access checks.

---

dlls/advapi32/tests/security.c | 2 -- server/token.c | 8 +++++--- 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 7a5c074..4b75a9d 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -908,10 +908,8 @@ static void test_AccessCheck(void) PrivSet, &PrivSetLen, &Access, &AccessStatus); ok(ret, "AccessCheck failed with error %d\n", GetLastError()); err = GetLastError(); - todo_wine ok(!AccessStatus && err == ERROR_ACCESS_DENIED, "AccessCheck should have failed " "with ERROR_ACCESS_DENIED, instead of %d\n", err); - todo_wine ok(!Access, "Should have failed to grant any access, got 0x%08x\n", Access);

CloseHandle(Token); diff --git a/server/token.c b/server/token.c index b6ba50d..665ed48 100644 --- a/server/token.c +++ b/server/token.c @@ -895,11 +895,15 @@ static unsigned int token_access_check( struct token *token,

/* 4: Grant rights according to the DACL */ ace = (const ACE_HEADER *)(dacl + 1); - for (i = 0; i < dacl->AceCount; i++) + for (i = 0; i < dacl->AceCount; i++, ace = ace_next( ace )) { const ACCESS_ALLOWED_ACE *aa_ace; const ACCESS_DENIED_ACE *ad_ace; const SID *sid; + + if (ace->AceFlags & INHERIT_ONLY_ACE) + continue; + switch (ace->AceType) { case ACCESS_DENIED_ACE_TYPE: @@ -937,8 +941,6 @@ static unsigned int token_access_check( struct token *token, * rights we need */ if (desired_access == *granted_access) break; - - ace = ace_next( ace ); }

done: