Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/advapi32/tests/security.c | 4 ---- server/handle.c | 11 +++++++++++ 2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index ff180ae4da4..73e19bd69f6 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -7963,15 +7963,11 @@ static void test_regkey_security(void) sd = NULL; dacl = NULL; ret = GetSecurityInfo(hkey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, NULL, &sd); -todo_wine ok(ret == ERROR_SUCCESS, "got %u\n", ret); -todo_wine ok(sd != NULL, "sd should not be NULL\n"); -todo_wine ok(dacl != NULL, "dacl should not be NULL\n");
ret = SetSecurityInfo(hkey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, dacl, NULL); -todo_wine ok(ret == ERROR_SUCCESS, "got %u\n", ret);
LocalFree(sd); diff --git a/server/handle.c b/server/handle.c index a6fcb871e2d..7a11e30017e 100644 --- a/server/handle.c +++ b/server/handle.c @@ -482,6 +482,17 @@ struct object *get_handle_obj( struct process *process, obj_handle_t handle, set_error( STATUS_OBJECT_TYPE_MISMATCH ); /* not the right type */ return NULL; } + if (access & (READ_CONTROL | WRITE_DAC)) + { + const struct security_descriptor *sd = obj->ops->get_sd( obj ); + if (sd) + { + struct token *token = current->token ? current->token : current->process->token; + const SID *owner = sd_get_owner( sd ); + if (token_sid_present( token, owner, FALSE )) + access &= ~(READ_CONTROL | WRITE_DAC); + } + } if ((entry->access & access) != access) { set_error( STATUS_ACCESS_DENIED );