Jinoh Kang : server: Use the token owner instead of the token user for default object owner.
Alexandre Julliard
julliard at winehq.org
Wed Jul 20 15:55:32 CDT 2022
Module: wine
Branch: master
Commit: 9090229e6789f8ba3c24047134c47c7964b1d73b
URL: https://gitlab.winehq.org/wine/wine/-/commit/9090229e6789f8ba3c24047134c47c7964b1d73b
Author: Jinoh Kang <jinoh.kang.kr at gmail.com>
Date: Tue Jul 19 23:58:21 2022 +0900
server: Use the token owner instead of the token user for default object owner.
Also, replace the token user with the token owner for the default DACL
as well. Wine currently selects domain_users_sid as the token owner, so
use that. This is required to pass the advapi32:security test which
expects the security descriptor owner SID to be referenced in the DACL
as well.
---
dlls/advapi32/tests/security.c | 2 --
server/change.c | 2 +-
server/file.c | 4 ++--
server/object.c | 2 +-
server/security.h | 2 +-
server/token.c | 6 +++---
6 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 99e68c9a1e5..51bf60d0f36 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -6420,7 +6420,6 @@ static void test_default_dacl_owner_group_sid(void)
ok( ret, "error %lu\n", GetLastError() );
ok( owner != (void *)0xdeadbeef, "owner not set\n" );
ok( !defaulted, "owner defaulted\n" );
- todo_wine
ok( EqualSid( owner, token_owner->Owner ), "owner shall equal token owner\n" );
group = (void *)0xdeadbeef;
@@ -6460,7 +6459,6 @@ static void test_default_dacl_owner_group_sid(void)
"expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
if (EqualSid( &ace->SidStart, token_user->User.Sid )) found = TRUE;
}
- todo_wine
ok( !found, "DACL shall not reference token user if it is different from token owner\n" );
}
diff --git a/server/change.c b/server/change.c
index 6477b457f74..7a806abc017 100644
--- a/server/change.c
+++ b/server/change.c
@@ -391,7 +391,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
else if (obj->sd)
owner = sd_get_owner( obj->sd );
else
- owner = token_get_user( current->process->token );
+ owner = token_get_owner( current->process->token );
if (set_info & DACL_SECURITY_INFORMATION)
{
diff --git a/server/file.c b/server/file.c
index eb2dc5696ed..76c687833c9 100644
--- a/server/file.c
+++ b/server/file.c
@@ -245,7 +245,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
{
const struct sid *owner = sd_get_owner( sd );
if (!owner)
- owner = token_get_user( current->process->token );
+ owner = token_get_owner( current->process->token );
mode = sd_to_mode( sd, owner );
}
else if (options & FILE_DIRECTORY_FILE)
@@ -528,7 +528,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
else if (obj->sd)
owner = sd_get_owner( obj->sd );
else
- owner = token_get_user( current->process->token );
+ owner = token_get_owner( current->process->token );
/* group and sacl not supported */
diff --git a/server/object.c b/server/object.c
index 333f9e7b5d6..89e541ffb6b 100644
--- a/server/object.c
+++ b/server/object.c
@@ -574,7 +574,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
}
else if (token)
{
- owner = token_get_user( token );
+ owner = token_get_owner( token );
new_sd.owner_len = sid_len( owner );
}
else new_sd.owner_len = 0;
diff --git a/server/security.h b/server/security.h
index fa91b81b77c..58ab1594eae 100644
--- a/server/security.h
+++ b/server/security.h
@@ -73,7 +73,7 @@ extern int token_check_privileges( struct token *token, int all_required,
const struct luid_attr *reqprivs,
unsigned int count, struct luid_attr *usedprivs );
extern const struct acl *token_get_default_dacl( struct token *token );
-extern const struct sid *token_get_user( struct token *token );
+extern const struct sid *token_get_owner( struct token *token );
extern const struct sid *token_get_primary_group( struct token *token );
extern unsigned int token_get_session_id( struct token *token );
extern int token_sid_present( struct token *token, const struct sid *sid, int deny );
diff --git a/server/token.c b/server/token.c
index f817c1114f8..99f5e36e279 100644
--- a/server/token.c
+++ b/server/token.c
@@ -732,7 +732,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
/* on Windows, this value changes every time the user logs on */
struct sid logon_sid = { SID_REVISION, 3, SECURITY_NT_AUTHORITY, { SECURITY_LOGON_IDS_RID, 0, 0 /* FIXME: should be randomly generated when tokens are inherited by new processes */ }};
const struct sid *user_sid = security_unix_uid_to_sid( getuid() );
- struct acl *default_dacl = create_default_dacl( user_sid );
+ struct acl *default_dacl = create_default_dacl( &domain_users_sid );
const struct luid_attr admin_privs[] =
{
{ SeChangeNotifyPrivilege, SE_PRIVILEGE_ENABLED },
@@ -1044,9 +1044,9 @@ const struct acl *token_get_default_dacl( struct token *token )
return token->default_dacl;
}
-const struct sid *token_get_user( struct token *token )
+const struct sid *token_get_owner( struct token *token )
{
- return token->user;
+ return token->owner;
}
const struct sid *token_get_primary_group( struct token *token )
More information about the wine-cvs
mailing list