[v6 4/5] server: all objects must have a SD
Jonathan Doron
jond at wizery.com
Thu Sep 21 06:50:42 CDT 2017
Signed-off-by: Jonathan Doron <jond at wizery.com>
---
server/object.c | 19 ++++++++++++++-----
server/object.h | 2 +-
2 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/server/object.c b/server/object.c
index f2487f9..c960f26 100644
--- a/server/object.c
+++ b/server/object.c
@@ -284,8 +284,8 @@ static struct object *create_object( struct object *parent, const struct object_
if (!(name_ptr = alloc_name( name ))) return NULL;
if (!(obj = alloc_object( ops ))) goto failed;
- if (sd && !default_set_sd( obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION ))
+ if (!default_set_sd( obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION ))
goto failed;
if (!obj->ops->link_name( obj, name_ptr, parent )) goto failed;
@@ -312,8 +312,8 @@ void *create_named_object( struct object *parent, const struct object_ops *ops,
if (!name || !name->len)
{
if (!(new_obj = alloc_object( ops ))) return NULL;
- if (sd && !default_set_sd( new_obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION ))
+ if (!default_set_sd( new_obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION ))
{
free_object( new_obj );
return NULL;
@@ -535,7 +535,8 @@ struct security_descriptor *default_get_sd( struct object *obj )
return obj->sd;
}
-int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd,
+static const struct security_descriptor empty_sd = {0};
+int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *in_sd,
unsigned int set_info, struct token *token )
{
struct security_descriptor new_sd, *new_sd_ptr;
@@ -544,9 +545,12 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
const ACL *sacl, *dacl;
ACL *replaced_sacl = NULL;
char *ptr;
+ const struct security_descriptor *sd = &empty_sd;
if (!set_info) return 1;
+ if (in_sd) sd = in_sd;
+
new_sd.control = sd->control & ~SE_SELF_RELATIVE;
if (set_info & OWNER_SECURITY_INFORMATION && sd->owner_len)
@@ -664,6 +668,11 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
int default_set_sd( struct object *obj, const struct security_descriptor *sd,
unsigned int set_info )
{
+ if (!sd &&
+ (!current || !current->process || !current->process->token)) {
+ return 1;
+ }
+
return set_sd_defaults_from_token( obj, sd, set_info, current->process->token );
}
diff --git a/server/object.h b/server/object.h
index b5c50e1..b39ca2e 100644
--- a/server/object.h
+++ b/server/object.h
@@ -156,7 +156,7 @@ extern struct fd *no_get_fd( struct object *obj );
extern unsigned int no_map_access( struct object *obj, unsigned int access );
extern struct security_descriptor *default_get_sd( struct object *obj );
extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info );
-extern int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd,
+extern int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *in_sd,
unsigned int set_info, struct token *token );
extern struct object *no_lookup_name( struct object *obj, struct unicode_str *name, unsigned int attributes );
extern int no_link_name( struct object *obj, struct object_name *name, struct object *parent );
--
2.9.4
More information about the wine-patches
mailing list