[PATCH 1/7] server: Get the primary group from the token.
Vitaliy Margolen
wine-patches at kievinfo.com
Thu Feb 1 16:57:10 CST 2007
Robert Shearman wrote:
> Vitaliy Margolen wrote:
>> list_add_tail( &token->groups, &group->entry );
>> + /* Use first owner capable group as an owner */
>> + if (!token->primary_group && group->owner)
>> + token->primary_group = &group->sid;
>> + }
>> + /* we really need a primary group */
>> + if (!token->primary_group && group_count)
>> + {
>> + release_object( token );
>> + return NULL;
>> }
>>
>
> According to documentation from Microsoft, "the primary group only needs
> to be set if POSIX compatibility is required." Also, the default
> security descriptor does not require a group - a NULL group is fine.
>
However access check against token will fail without group being set. So
I don't see why can't we require valid group in the security descriptor?
Vitaliy.
More information about the wine-devel
mailing list