[PATCH 4/6] server: Do not set SE_{D, S}ACL_PRESENT if no {D, S}ACL was set.
Matteo Bruni
mbruni at codeweavers.com
Mon Jun 12 13:34:39 CDT 2017
From: Michael Müller <michael at fds-team.de>
Signed-off-by: Matteo Bruni <mbruni at codeweavers.com>
---
dlls/advapi32/tests/security.c | 4 ++--
server/handle.c | 2 --
server/object.c | 15 +++++++++++++--
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 9f30a89546..3d14e4285f 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -6207,8 +6207,8 @@ static void test_AddMandatoryAce(void)
present = TRUE;
ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
- todo_wine ok(!present, "SACL is present\n");
- todo_wine ok(sacl == (void *)0xdeadbeef, "SACL is set\n");
+ ok(!present, "SACL is present\n");
+ ok(sacl == (void *)0xdeadbeef, "SACL is set\n");
HeapFree(GetProcessHeap(), 0, sd2);
CloseHandle(handle);
diff --git a/server/handle.c b/server/handle.c
index 065e5b188a..f260d04848 100644
--- a/server/handle.c
+++ b/server/handle.c
@@ -907,7 +907,6 @@ DECL_HANDLER(get_security_object)
else
req_sd.group_len = 0;
- req_sd.control |= SE_SACL_PRESENT;
sacl = sd_get_sacl( sd, &present );
if (req->security_info & SACL_SECURITY_INFORMATION && present)
req_sd.sacl_len = sd->sacl_len;
@@ -920,7 +919,6 @@ DECL_HANDLER(get_security_object)
else
req_sd.sacl_len = 0;
- req_sd.control |= SE_DACL_PRESENT;
dacl = sd_get_dacl( sd, &present );
if (req->security_info & DACL_SECURITY_INFORMATION && present)
req_sd.dacl_len = sd->dacl_len;
diff --git a/server/object.c b/server/object.c
index e43fe3f217..a7990136d0 100644
--- a/server/object.c
+++ b/server/object.c
@@ -582,33 +582,44 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
}
else new_sd.group_len = 0;
- new_sd.control |= SE_SACL_PRESENT;
sacl = sd_get_sacl( sd, &present );
if (set_info & SACL_SECURITY_INFORMATION && present)
+ {
+ new_sd.control |= SE_SACL_PRESENT;
new_sd.sacl_len = sd->sacl_len;
+ }
else
{
if (obj->sd) sacl = sd_get_sacl( obj->sd, &present );
if (obj->sd && present)
+ {
+ new_sd.control |= SE_SACL_PRESENT;
new_sd.sacl_len = obj->sd->sacl_len;
+ }
else
new_sd.sacl_len = 0;
}
- new_sd.control |= SE_DACL_PRESENT;
dacl = sd_get_dacl( sd, &present );
if (set_info & DACL_SECURITY_INFORMATION && present)
+ {
+ new_sd.control |= SE_DACL_PRESENT;
new_sd.dacl_len = sd->dacl_len;
+ }
else
{
if (obj->sd) dacl = sd_get_dacl( obj->sd, &present );
if (obj->sd && present)
+ {
+ new_sd.control |= SE_DACL_PRESENT;
new_sd.dacl_len = obj->sd->dacl_len;
+ }
else if (token)
{
dacl = token_get_default_dacl( token );
+ new_sd.control |= SE_DACL_PRESENT;
new_sd.dacl_len = dacl->AclSize;
}
else new_sd.dacl_len = 0;
--
2.13.0
More information about the wine-patches
mailing list