[PATCH 2/4] server: Store the token owner separately.
Hans Leidekker
hans at codeweavers.com
Wed May 2 03:45:42 CDT 2018
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
server/token.c | 29 ++++++++++++-----------------
1 file changed, 12 insertions(+), 17 deletions(-)
diff --git a/server/token.c b/server/token.c
index cde9c5a584..0810a61353 100644
--- a/server/token.c
+++ b/server/token.c
@@ -104,7 +104,8 @@ struct token
struct list privileges; /* privileges available to the token */
struct list groups; /* groups that the user of this token belongs to (sid_and_attributes) */
SID *user; /* SID of user this token represents */
- SID *primary_group; /* SID of user's primary group */
+ SID *owner; /* SID of owner (points to user or one of groups) */
+ SID *primary_group; /* SID of user's primary group (points to one of groups) */
unsigned primary; /* is this a primary or impersonation token? */
ACL *default_dacl; /* the default DACL to assign to objects created by this user */
TOKEN_SOURCE source; /* source of the token */
@@ -582,9 +583,12 @@ static struct token *create_token( unsigned primary, const SID *user,
group->resource = FALSE;
group->deny_only = FALSE;
list_add_tail( &token->groups, &group->entry );
- /* Use first owner capable group as an owner */
+ /* Use first owner capable group as owner and primary group */
if (!token->primary_group && group->owner)
+ {
+ token->owner = &group->sid;
token->primary_group = &group->sid;
+ }
}
/* copy privileges */
@@ -654,7 +658,10 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
memcpy( newgroup, group, size );
list_add_tail( &token->groups, &newgroup->entry );
if (src_token->primary_group == &group->sid)
+ {
+ token->owner = &newgroup->sid;
token->primary_group = &newgroup->sid;
+ }
}
assert( token->primary_group );
@@ -1393,16 +1400,14 @@ DECL_HANDLER(access_check)
}
}
-/* retrieves the SID of the user that the token represents */
+/* retrieves an SID from the token */
DECL_HANDLER(get_token_sid)
{
struct token *token;
reply->sid_len = 0;
- if ((token = (struct token *)get_handle_obj( current->process, req->handle,
- TOKEN_QUERY,
- &token_ops )))
+ if ((token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_QUERY, &token_ops )))
{
const SID *sid = NULL;
@@ -1416,18 +1421,8 @@ DECL_HANDLER(get_token_sid)
sid = token->primary_group;
break;
case TokenOwner:
- {
- struct group *group;
- LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
- {
- if (group->owner)
- {
- sid = &group->sid;
- break;
- }
- }
+ sid = token->owner;
break;
- }
case TokenLogonSid:
sid = (const SID *)&builtin_logon_sid;
break;
--
2.11.0
More information about the wine-devel
mailing list