[3/6] server: A new function "set_sd_defaults_from_token" that sets the security descriptor along with a token that will be used to gather defaults, instead of always using the primary token
Joris van der Wel
joris at jorisvanderwel.com
Sun Jul 6 13:18:07 CDT 2014
server: A new function "set_sd_defaults_from_token" that sets the
security descriptor along with a token that will be used to gather
defaults, instead of always using the primary token.
Some objects take their defaults not from a primary token but from a
different one (such as from the impersonation token or the process
token).
This function can be used to create the various set_sd implementations
for the objects that need it. As a bonus, a NULL token will skip
setting any defaults.
---
server/object.c | 23 +++++++++++++++--------
server/object.h | 2 ++
2 files changed, 17 insertions(+), 8 deletions(-)
-------------- next part --------------
From a06685284e79f2f7c60b3c297cd0e3bf9d037b1f Mon Sep 17 00:00:00 2001
From: Joris van der Wel <joris at jorisvanderwel.com>
Date: Sun, 6 Jul 2014 12:59:24 +0200
Subject: =?UTF-8?q?server:=20A=20new=20function=20"set=5Fsd=5Fdefaults=5Ff?=
=?UTF-8?q?rom=5Ftoken"=20that=20sets=20the=20security=20descriptor=20alon?=
=?UTF-8?q?g=20with=20a=20token=20that=20will=20be=20used=20to=20gather=20?=
=?UTF-8?q?defaults,=20instead=20of=20always=20using=20the=20primary=20tok?=
=?UTF-8?q?en.=0ASome=20objects=20take=20their=20defaults=20not=20from=20a?=
=?UTF-8?q?=20primary=20token=20but=20from=20a=20different=20one=20(such?=
=?UTF-8?q?=20as=20from=20the=20impersonation=20token=20or=20the=20process?=
=?UTF-8?q?=20token).=0AThis=20function=20can=20be=20used=20to=20create=20?=
=?UTF-8?q?the=20various=20set=5Fsd=20implementations=20for=20the=20object?=
=?UTF-8?q?s=20that=20need=20it.=20As=20a=20bonus,=20a=20NULL=20token=20wi?=
=?UTF-8?q?ll=20skip=20setting=20any=20defaults.?=
---
server/object.c | 23 +++++++++++++++--------
server/object.h | 2 ++
2 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/server/object.c b/server/object.c
index c0d9818..f8342fc 100644
--- a/server/object.c
+++ b/server/object.c
@@ -423,8 +423,8 @@ struct security_descriptor *default_get_sd( struct object *obj )
return obj->sd;
}
-int default_set_sd( struct object *obj, const struct security_descriptor *sd,
- unsigned int set_info )
+int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd,
+ unsigned int set_info, struct token *token )
{
struct security_descriptor new_sd, *new_sd_ptr;
int present;
@@ -447,9 +447,9 @@ int default_set_sd( struct object *obj, const struct security_descriptor *sd,
{
new_sd.owner_len = obj->sd->owner_len;
}
- else
+ else if (token)
{
- owner = token_get_user( current->process->token );
+ owner = token_get_user( token );
new_sd.owner_len = security_sid_len( owner );
}
}
@@ -464,9 +464,9 @@ int default_set_sd( struct object *obj, const struct security_descriptor *sd,
{
new_sd.group_len = obj->sd->group_len;
}
- else
+ else if (token)
{
- group = token_get_primary_group( current->process->token );
+ group = token_get_primary_group( token );
new_sd.group_len = security_sid_len( group );
}
}
@@ -497,9 +497,9 @@ int default_set_sd( struct object *obj, const struct security_descriptor *sd,
if (obj->sd && present)
new_sd.dacl_len = obj->sd->dacl_len;
- else
+ else if (token)
{
- dacl = token_get_default_dacl( current->process->token );
+ dacl = token_get_default_dacl( token );
new_sd.dacl_len = dacl->AclSize;
}
}
@@ -524,6 +524,13 @@ int default_set_sd( struct object *obj, const struct security_descriptor *sd,
return 1;
}
+/** Set the security descriptor using the current primary token for defaults. */
+int default_set_sd( struct object *obj, const struct security_descriptor *sd,
+ unsigned int set_info )
+{
+ return set_sd_defaults_from_token( obj, sd, set_info, current ? current->process->token : NULL );
+}
+
struct object *no_lookup_name( struct object *obj, struct unicode_str *name,
unsigned int attr )
{
diff --git a/server/object.h b/server/object.h
index bb3ff21..7201ff9 100644
--- a/server/object.h
+++ b/server/object.h
@@ -139,6 +139,8 @@ extern struct fd *no_get_fd( struct object *obj );
extern unsigned int no_map_access( struct object *obj, unsigned int access );
extern struct security_descriptor *default_get_sd( struct object *obj );
extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info );
+extern int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd,
+ unsigned int set_info, struct token *token );
extern struct object *no_lookup_name( struct object *obj, struct unicode_str *name, unsigned int attributes );
extern struct object *no_open_file( struct object *obj, unsigned int access, unsigned int sharing,
unsigned int options );
--
1.8.1.msysgit.1
More information about the wine-patches
mailing list