server: Store the token owner separately.

Signed-off-by: Hans Leidekker <hans@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

server: Store the token owner separately.
fc3057c4 · Hans Leidekker · Alexandre Julliard · 14191f2d · fc3057c4
Commit fc3057c4 authored May 02, 2018 by Hans Leidekker Committed by Alexandre Julliard May 02, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 17 deletions

token.c server/token.c +12 -17

No files found.
--- a/server/token.c
+++ b/server/token.c
@@ -104,7 +104,8 @@ struct token
    struct list    privileges;      /* privileges available to the token */
    struct list    groups;          /* groups that the user of this token belongs to (sid_and_attributes) */
    SID           *user;            /* SID of user this token represents */
-    SID           *primary_group;   /* SID of user's primary group */
+    SID           *owner;           /* SID of owner (points to user or one of groups) */
+    SID           *primary_group;   /* SID of user's primary group (points to one of groups) */
    unsigned       primary;         /* is this a primary or impersonation token? */
    ACL           *default_dacl;    /* the default DACL to assign to objects created by this user */
    TOKEN_SOURCE   source;          /* source of the token */
@@ -582,9 +583,12 @@ static struct token *create_token( unsigned primary, const SID *user,
            group->resource = FALSE;
            group->deny_only = FALSE;
            list_add_tail( &token->groups, &group->entry );
-            /* Use first owner capable group as an owner */
+            /* Use first owner capable group as owner and primary group */
            if (!token->primary_group && group->owner)
+            {
+                token->owner = &group->sid;
                token->primary_group = &group->sid;
+            }
        }

        /* copy privileges */
@@ -654,7 +658,10 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
        memcpy( newgroup, group, size );
        list_add_tail( &token->groups, &newgroup->entry );
        if (src_token->primary_group == &group->sid)
+        {
+            token->owner = &newgroup->sid;
            token->primary_group = &newgroup->sid;
+        }
    }
    assert( token->primary_group );

@@ -1393,16 +1400,14 @@ DECL_HANDLER(access_check)
    }
 }

-/* retrieves the SID of the user that the token represents */
+/* retrieves an SID from the token */
 DECL_HANDLER(get_token_sid)
 {
    struct token *token;

    reply->sid_len = 0;

-    if ((token = (struct token *)get_handle_obj( current->process, req->handle,
-                                                 TOKEN_QUERY,
-                                                 &token_ops )))
+    if ((token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_QUERY, &token_ops )))
    {
        const SID *sid = NULL;

@@ -1416,18 +1421,8 @@ DECL_HANDLER(get_token_sid)
            sid = token->primary_group;
            break;
        case TokenOwner:
-        {
-            struct group *group;
-            LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
-            {
-                if (group->owner)
-                {
-                    sid = &group->sid;
-                    break;
-                }
-            }
+            sid = token->owner;
            break;
-        }
        case TokenLogonSid:
            sid = (const SID *)&builtin_logon_sid;
            break;