Rob Shearman : server: Don' t do access checks on the security descriptors of newly created objects.

Alexandre Julliard julliard at winehq.org
Tue Nov 6 08:24:46 CST 2007 

Module: wine
Branch: master
Commit: 92db6d2c2f94c2c90ce947b3c33269d5e7e05d55
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=92db6d2c2f94c2c90ce947b3c33269d5e7e05d55

Author: Rob Shearman <rob at codeweavers.com>
Date:   Mon Nov  5 14:23:36 2007 +0000

server: Don't do access checks on the security descriptors of newly created objects.

---

 dlls/kernel32/tests/sync.c |    1 -
 server/event.c             |    5 ++++-
 server/handle.c            |    2 +-
 server/handle.h            |    2 ++
 server/mapping.c           |    5 ++++-
 server/mutex.c             |    5 ++++-
 server/semaphore.c         |    5 ++++-
 7 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/dlls/kernel32/tests/sync.c b/dlls/kernel32/tests/sync.c
index 716e56e..616404e 100644
--- a/dlls/kernel32/tests/sync.c
+++ b/dlls/kernel32/tests/sync.c
@@ -278,7 +278,6 @@ static void test_event_security(void)
     InitializeAcl(&acl, sizeof(acl), ACL_REVISION);
     SetSecurityDescriptorDacl(&sd, TRUE, &acl, FALSE);
     handle = CreateEventA(&sa, FALSE, FALSE, __FILE__ ": Test Event");
-    todo_wine
     ok(handle != NULL, "CreateEventW with blank sd failed with error %d\n", GetLastError());
     CloseHandle(handle);
 }
diff --git a/server/event.c b/server/event.c
index 99d0f4b..624159b 100644
--- a/server/event.c
+++ b/server/event.c
@@ -187,7 +187,10 @@ DECL_HANDLER(create_event)
 
     if ((event = create_event( root, &name, req->attributes, req->manual_reset, req->initial_state, sd )))
     {
-        reply->handle = alloc_handle( current->process, event, req->access, req->attributes );
+        if (get_error() == STATUS_OBJECT_NAME_EXISTS)
+            reply->handle = alloc_handle( current->process, event, req->access, req->attributes );
+        else
+            reply->handle = alloc_handle_no_access_check( current->process, event, req->access, req->attributes );
         release_object( event );
     }
 
diff --git a/server/handle.c b/server/handle.c
index 30facbe..9b14810 100644
--- a/server/handle.c
+++ b/server/handle.c
@@ -226,7 +226,7 @@ static obj_handle_t alloc_entry( struct handle_table *table, void *obj, unsigned
 
 /* allocate a handle for an object, incrementing its refcount */
 /* return the handle, or 0 on error */
-static obj_handle_t alloc_handle_no_access_check( struct process *process, void *ptr, unsigned int access, unsigned int attr )
+obj_handle_t alloc_handle_no_access_check( struct process *process, void *ptr, unsigned int access, unsigned int attr )
 {
     struct object *obj = ptr;
 
diff --git a/server/handle.h b/server/handle.h
index db19590..fc34ee7 100644
--- a/server/handle.h
+++ b/server/handle.h
@@ -36,6 +36,8 @@ struct unicode_str;
 /* that the thing pointed to starts with a struct object... */
 extern obj_handle_t alloc_handle( struct process *process, void *obj,
                                   unsigned int access, unsigned int attr );
+extern obj_handle_t alloc_handle_no_access_check( struct process *process, void *ptr,
+                                                  unsigned int access, unsigned int attr );
 extern int close_handle( struct process *process, obj_handle_t handle );
 extern struct object *get_handle_obj( struct process *process, obj_handle_t handle,
                                       unsigned int access, const struct object_ops *ops );
diff --git a/server/mapping.c b/server/mapping.c
index bd21a50..9f062d0 100644
--- a/server/mapping.c
+++ b/server/mapping.c
@@ -415,7 +415,10 @@ DECL_HANDLER(create_mapping)
 
     if ((obj = create_mapping( root, &name, req->attributes, req->size, req->protect, req->file_handle, sd )))
     {
-        reply->handle = alloc_handle( current->process, obj, req->access, req->attributes );
+        if (get_error() == STATUS_OBJECT_NAME_EXISTS)
+            reply->handle = alloc_handle( current->process, obj, req->access, req->attributes );
+        else
+            reply->handle = alloc_handle_no_access_check( current->process, obj, req->access, req->attributes );
         release_object( obj );
     }
 
diff --git a/server/mutex.c b/server/mutex.c
index 979f21f..0193422 100644
--- a/server/mutex.c
+++ b/server/mutex.c
@@ -212,7 +212,10 @@ DECL_HANDLER(create_mutex)
 
     if ((mutex = create_mutex( root, &name, req->attributes, req->owned, sd )))
     {
-        reply->handle = alloc_handle( current->process, mutex, req->access, req->attributes );
+        if (get_error() == STATUS_OBJECT_NAME_EXISTS)
+            reply->handle = alloc_handle( current->process, mutex, req->access, req->attributes );
+        else
+            reply->handle = alloc_handle_no_access_check( current->process, mutex, req->access, req->attributes );
         release_object( mutex );
     }
 
diff --git a/server/semaphore.c b/server/semaphore.c
index 09445e1..1412170 100644
--- a/server/semaphore.c
+++ b/server/semaphore.c
@@ -187,7 +187,10 @@ DECL_HANDLER(create_semaphore)
 
     if ((sem = create_semaphore( root, &name, req->attributes, req->initial, req->max, sd )))
     {
-        reply->handle = alloc_handle( current->process, sem, req->access, req->attributes );
+        if (get_error() == STATUS_OBJECT_NAME_EXISTS)
+            reply->handle = alloc_handle( current->process, sem, req->access, req->attributes );
+        else
+            reply->handle = alloc_handle_no_access_check( current->process, sem, req->access, req->attributes );
         release_object( sem );
     }

More information about the wine-cvs mailing list