advapi32: Handle NULL DACL in SetSecurityInfo
Piotr Caban
piotr at codeweavers.com
Fri Apr 3 03:47:48 CDT 2015
On 04/03/15 01:56, Erich E. Hoover wrote:
> On Thu, Apr 2, 2015 at 4:54 PM, Piotr Caban <piotr at codeweavers.com> wrote:
>> ...
>> the patch restores old SetSecurityInfo behavior. It also works around a
>> crash in current implementation when NULL DACL is passed. It's as close to
>> native behavior as it currently can be. Setting NULL DACL means: allow every
>> permission on windows. Your test shows that we should get NULL while asking
>> about DACL but there's no way of correctly supporting it in wine currently
>> (and I'm not sure if it can be cleanly supported in future, as far as I can
>> see nor POSIX ACL, nor NFSv4 ACL supports anything like this).
>> ...
>
> This is one of the reasons why in our implementation we stored the
> security descriptor in an extended filesystem attribute. Samba
> encountered the same problems with a lot of the win ACLs, they found
> that for some things the only way to provide full support is to store
> a perfect copy of the security descriptor. Doing so works around a
> lot of these issues where there's no equivalent Unix permission.
The problem is that reporting permissions that we don't really support
leads to other problems. Hopefully NFSv4 (richacls) will get popular in
Linux soon so it will be possible to fix it properly (currently only
available on OSX and Suse 11.3).
Thanks,
Piotr
More information about the wine-devel
mailing list