Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/advapi32/tests/security.c | 4 ---- server/handle.c | 11 +++++++++++ 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 91c49378e7f..f6a64b316e8 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -7898,15 +7898,11 @@ static void test_regkey_security(void) sd = NULL; dacl = NULL; ret = GetSecurityInfo(hkey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, NULL, &sd); -todo_wine ok(ret == ERROR_SUCCESS, "got %u\n", ret); -todo_wine ok(sd != NULL, "sd should not be NULL\n"); -todo_wine ok(dacl != NULL, "dacl should not be NULL\n");

ret = SetSecurityInfo(hkey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, dacl, NULL); -todo_wine ok(ret == ERROR_SUCCESS, "got %u\n", ret);

LocalFree(sd); diff --git a/server/handle.c b/server/handle.c index 2556a03901e..fd17be3d40c 100644 --- a/server/handle.c +++ b/server/handle.c @@ -479,6 +479,17 @@ struct object *get_handle_obj( struct process *process, obj_handle_t handle, set_error( STATUS_OBJECT_TYPE_MISMATCH ); /* not the right type */ return NULL; } + if (access & (READ_CONTROL | WRITE_DAC)) + { + const struct security_descriptor *sd = obj->ops->get_sd( obj ); + if (sd) + { + struct token *token = current->token ? current->token : current->process->token; + const SID *owner = sd_get_owner( sd ); + if (token_sid_present( token, owner, FALSE )) + access &= ~(READ_CONTROL | WRITE_DAC); + } + } if ((entry->access & access) != access) { set_error( STATUS_ACCESS_DENIED );