Rob Shearman : server: Ignore ACEs with the INHERIT_ONLY_ACE flag set during access checks.
Alexandre Julliard
julliard at winehq.org
Fri Oct 26 08:34:41 CDT 2007
Module: wine
Branch: master
Commit: e51f8490f2f72b669b0c03f6867714c7232ba08d
URL: http://source.winehq.org/git/wine.git/?a=commit;h=e51f8490f2f72b669b0c03f6867714c7232ba08d
Author: Rob Shearman <rob at codeweavers.com>
Date: Thu Oct 25 16:19:54 2007 +0100
server: Ignore ACEs with the INHERIT_ONLY_ACE flag set during access checks.
---
dlls/advapi32/tests/security.c | 2 --
server/token.c | 8 +++++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 7a5c074..4b75a9d 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -908,10 +908,8 @@ static void test_AccessCheck(void)
PrivSet, &PrivSetLen, &Access, &AccessStatus);
ok(ret, "AccessCheck failed with error %d\n", GetLastError());
err = GetLastError();
- todo_wine
ok(!AccessStatus && err == ERROR_ACCESS_DENIED, "AccessCheck should have failed "
"with ERROR_ACCESS_DENIED, instead of %d\n", err);
- todo_wine
ok(!Access, "Should have failed to grant any access, got 0x%08x\n", Access);
CloseHandle(Token);
diff --git a/server/token.c b/server/token.c
index b6ba50d..665ed48 100644
--- a/server/token.c
+++ b/server/token.c
@@ -895,11 +895,15 @@ static unsigned int token_access_check( struct token *token,
/* 4: Grant rights according to the DACL */
ace = (const ACE_HEADER *)(dacl + 1);
- for (i = 0; i < dacl->AceCount; i++)
+ for (i = 0; i < dacl->AceCount; i++, ace = ace_next( ace ))
{
const ACCESS_ALLOWED_ACE *aa_ace;
const ACCESS_DENIED_ACE *ad_ace;
const SID *sid;
+
+ if (ace->AceFlags & INHERIT_ONLY_ACE)
+ continue;
+
switch (ace->AceType)
{
case ACCESS_DENIED_ACE_TYPE:
@@ -937,8 +941,6 @@ static unsigned int token_access_check( struct token *token,
* rights we need */
if (desired_access == *granted_access)
break;
-
- ace = ace_next( ace );
}
done:
More information about the wine-cvs
mailing list