advapi32: Allow GetFileSecurityA/W to work on files that have been opened…

advapi32: Allow GetFileSecurityA/W to work on files that have been opened already with restricted sharing flags. Only use the minimum required access rights for the information being retrieved.

advapi32: Allow GetFileSecurityA/W to work on files that have been opened…
00bc3d9e · Rob Shearman · Alexandre Julliard · 1262d7db · 00bc3d9e
Commit 00bc3d9e authored Oct 02, 2007 by Rob Shearman Committed by Alexandre Julliard Oct 03, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

security.c dlls/advapi32/security.c +8 -1

No files found.
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -1819,8 +1819,15 @@ GetFileSecurityW( LPCWSTR lpFileName,
 {
    HANDLE hfile;
    NTSTATUS status;
+    DWORD access = 0;
+
+    if (RequestedInformation & (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|
+                                DACL_SECURITY_INFORMATION))
+        access |= READ_CONTROL;
+    if (RequestedInformation & SACL_SECURITY_INFORMATION)
+        access |= ACCESS_SYSTEM_SECURITY;

-    hfile = CreateFileW( lpFileName, GENERIC_READ, FILE_SHARE_READ,
+    hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
                         NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 );
    if ( hfile == INVALID_HANDLE_VALUE )
        return FALSE;