server: Add primitive support for setting and getting the security descriptor of…

server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions.

server: Add primitive support for setting and getting the security descriptor of…
cb124c9b · Rob Shearman · Alexandre Julliard · c1707d89 · cb124c9b · cb124c9b
Commit cb124c9b authored Oct 03, 2007 by Rob Shearman Committed by Alexandre Julliard Oct 04, 2007
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 13 deletions

file.c server/file.c +0 -0

security.h server/security.h +13 -0

token.c server/token.c +2 -13

No files found.
--- a/server/file.c
+++ b/server/file.c
--- a/server/security.h
+++ b/server/security.h
@@ -39,7 +39,9 @@ extern const LUID SeManageVolumePrivilege;
 extern const LUID SeImpersonatePrivilege;
 extern const LUID SeCreateGlobalPrivilege;

+extern const PSID security_world_sid;
 extern const PSID security_interactive_sid;
+extern const PSID security_local_system_sid;


 /* token functions */
@@ -54,6 +56,17 @@ extern const ACL *token_get_default_dacl( struct token *token );
 extern const SID *token_get_user( struct token *token );
 extern const SID *token_get_primary_group( struct token *token );

+static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
+{
+    return (const ACE_HEADER *)((const char *)ace + ace->AceSize);
+}
+
+static inline int security_equal_sid( const SID *sid1, const SID *sid2 )
+{
+    return ((sid1->SubAuthorityCount == sid2->SubAuthorityCount) &&
+            !memcmp( sid1, sid2, FIELD_OFFSET(SID, SubAuthority[sid1->SubAuthorityCount]) ));
+}
+
 extern void security_set_thread_token( struct thread *thread, obj_handle_t handle );
 extern const SID *security_unix_uid_to_sid( uid_t uid );
 extern int check_object_access( struct object *obj, unsigned int *access );

--- a/server/token.c
+++ b/server/token.c
@@ -70,11 +70,11 @@ static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY },
 static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } };
 static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
 static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
-static const PSID security_world_sid = (PSID)&world_sid;
+const PSID security_world_sid = (PSID)&world_sid;
 static const PSID security_local_sid = (PSID)&local_sid;
 const PSID security_interactive_sid = (PSID)&interactive_sid;
 static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid;
-static const PSID security_local_system_sid = (PSID)&local_system_sid;
+const PSID security_local_system_sid = (PSID)&local_system_sid;

 static luid_t prev_luid_value = { 1000, 0 };

@@ -166,12 +166,6 @@ static SID *security_sid_alloc( const SID_IDENTIFIER_AUTHORITY *idauthority, int
    return sid;
 }

-static inline int security_equal_sid( const SID *sid1, const SID *sid2 )
-{
-    return ((sid1->SubAuthorityCount == sid2->SubAuthorityCount) &&
-        !memcmp( sid1, sid2, FIELD_OFFSET(SID, SubAuthority[sid1->SubAuthorityCount]) ));
-}
-
 void security_set_thread_token( struct thread *thread, obj_handle_t handle )
 {
    if (!handle)
@@ -195,11 +189,6 @@ void security_set_thread_token( struct thread *thread, obj_handle_t handle )
    }
 }

-static const ACE_HEADER *ace_next( const ACE_HEADER *ace )
-{
-    return (const ACE_HEADER *)((const char *)ace + ace->AceSize);
-}
-
 const SID *security_unix_uid_to_sid( uid_t uid )
 {
    /* very simple mapping: either the current user or not the current user */