[PATCH 2/2] server: Grant implicit DACL_SECURITY_INFORMATION permission to an object owner.
Dmitry Timoshkov
dmitry at baikal.ru
Tue Feb 2 08:41:09 CST 2021
Signed-off-by: Dmitry Timoshkov <dmitry at baikal.ru>
---
dlls/advapi32/tests/security.c | 4 ----
server/handle.c | 11 +++++++++++
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 91c49378e7f..f6a64b316e8 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -7898,15 +7898,11 @@ static void test_regkey_security(void)
sd = NULL;
dacl = NULL;
ret = GetSecurityInfo(hkey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, NULL, &sd);
-todo_wine
ok(ret == ERROR_SUCCESS, "got %u\n", ret);
-todo_wine
ok(sd != NULL, "sd should not be NULL\n");
-todo_wine
ok(dacl != NULL, "dacl should not be NULL\n");
ret = SetSecurityInfo(hkey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, dacl, NULL);
-todo_wine
ok(ret == ERROR_SUCCESS, "got %u\n", ret);
LocalFree(sd);
diff --git a/server/handle.c b/server/handle.c
index 2556a03901e..fd17be3d40c 100644
--- a/server/handle.c
+++ b/server/handle.c
@@ -479,6 +479,17 @@ struct object *get_handle_obj( struct process *process, obj_handle_t handle,
set_error( STATUS_OBJECT_TYPE_MISMATCH ); /* not the right type */
return NULL;
}
+ if (access & (READ_CONTROL | WRITE_DAC))
+ {
+ const struct security_descriptor *sd = obj->ops->get_sd( obj );
+ if (sd)
+ {
+ struct token *token = current->token ? current->token : current->process->token;
+ const SID *owner = sd_get_owner( sd );
+ if (token_sid_present( token, owner, FALSE ))
+ access &= ~(READ_CONTROL | WRITE_DAC);
+ }
+ }
if ((entry->access & access) != access)
{
set_error( STATUS_ACCESS_DENIED );
--
2.29.2
More information about the wine-devel
mailing list