server: Set the security descriptor at object creation.time.

Signed-off-by: Alexandre Julliard <julliard@winehq.org>

server: Set the security descriptor at object creation.time.
3ea7f7d2 · Alexandre Julliard · 10a38ef0 · 3ea7f7d2 · 3ea7f7d2 · 3ea7f7d2
Commit 3ea7f7d2 authored Feb 12, 2016 by Alexandre Julliard
15 changed files
--- a/server/completion.c
+++ b/server/completion.c
@@ -136,15 +136,12 @@ static struct completion *create_completion( struct object *root, const struct u
 {
    struct completion *completion;
-    if ((completion = create_named_object( root, &completion_ops, name, attr )))
+    if ((completion = create_named_object( root, &completion_ops, name, attr, sd )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
            list_init( &completion->queue );
            completion->depth = 0;
-            if (sd) default_set_sd( &completion->obj, sd,
-                                    OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
-                                    DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
        }
    }

--- a/server/device.c
+++ b/server/device.c
@@ -604,7 +604,7 @@ static struct device *create_device( struct object *root, const struct unicode_s
 {
    struct device *device;
-    if ((device = create_named_object( root, &device_ops, name, attr )))
+    if ((device = create_named_object( root, &device_ops, name, attr, NULL )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
@@ -623,7 +623,7 @@ struct device *create_unix_device( struct object *root, const struct unicode_str
 {
    struct device *device;
-    if ((device = create_named_object( root, &device_ops, name, 0 )))
+    if ((device = create_named_object( root, &device_ops, name, 0, NULL )))
    {
        device->unix_path = strdup( unix_path );
        device->manager = NULL;  /* no manager, requests go straight to the Unix device */

--- a/server/directory.c
+++ b/server/directory.c
@@ -204,7 +204,7 @@ static struct directory *create_directory( struct object *root, const struct uni
 {
    struct directory *dir;
-    if ((dir = create_named_object( root, &directory_ops, name, attr )) &&
+    if ((dir = create_named_object( root, &directory_ops, name, attr, sd )) &&
        get_error() != STATUS_OBJECT_NAME_EXISTS)
    {
        if (!(dir->entries = create_namespace( hash_size )))
@@ -212,8 +212,6 @@ static struct directory *create_directory( struct object *root, const struct uni
            release_object( dir );
            return NULL;
        }
-        if (sd) default_set_sd( &dir->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
-                                DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
    }
    return dir;
 }
@@ -234,7 +232,7 @@ struct object_type *get_object_type( const struct unicode_str *name )
 {
    struct object_type *type;
-    if ((type = create_named_object( &dir_objtype->obj, &object_type_ops, name, OBJ_OPENIF )))
+    if ((type = create_named_object( &dir_objtype->obj, &object_type_ops, name, OBJ_OPENIF, NULL )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {

--- a/server/event.c
+++ b/server/event.c
@@ -112,17 +112,13 @@ struct event *create_event( struct object *root, const struct unicode_str *name,
 {
    struct event *event;
-    if ((event = create_named_object( root, &event_ops, name, attr )))
+    if ((event = create_named_object( root, &event_ops, name, attr, sd )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
            /* initialize it if it didn't already exist */
            event->manual_reset = manual_reset;
            event->signaled     = initial_state;
-            if (sd) default_set_sd( &event->obj, sd, OWNER_SECURITY_INFORMATION|
-                                                     GROUP_SECURITY_INFORMATION|
-                                                     DACL_SECURITY_INFORMATION|
-                                                     SACL_SECURITY_INFORMATION );
        }
    }
    return event;
@@ -211,15 +207,11 @@ struct keyed_event *create_keyed_event( struct object *root, const struct unicod
 {
    struct keyed_event *event;
-    if ((event = create_named_object( root, &keyed_event_ops, name, attr )))
+    if ((event = create_named_object( root, &keyed_event_ops, name, attr, sd )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
            /* initialize it if it didn't already exist */
-            if (sd) default_set_sd( &event->obj, sd, OWNER_SECURITY_INFORMATION|
-                                                     GROUP_SECURITY_INFORMATION|
-                                                     DACL_SECURITY_INFORMATION|
-                                                     SACL_SECURITY_INFORMATION );
        }
    }
    return event;

--- a/server/mailslot.c
+++ b/server/mailslot.c
@@ -401,7 +401,7 @@ void create_mailslot_device( struct object *root, const struct unicode_str *name
 {
    struct mailslot_device *dev;
-    if ((dev = create_named_object( root, &mailslot_device_ops, name, 0 )) &&
+    if ((dev = create_named_object( root, &mailslot_device_ops, name, 0, NULL )) &&
        get_error() != STATUS_OBJECT_NAME_EXISTS)
    {
        dev->mailslots = NULL;
@@ -423,15 +423,13 @@ static struct mailslot *create_mailslot( struct object *root,
    struct mailslot *mailslot;
    int fds[2];
-    if (!(mailslot = create_named_object( root, &mailslot_ops, name, attr ))) return NULL;
+    if (!(mailslot = create_named_object( root, &mailslot_ops, name, attr, sd ))) return NULL;
    mailslot->fd = NULL;
    mailslot->write_fd = -1;
    mailslot->max_msgsize = max_msgsize;
    mailslot->read_timeout = read_timeout;
    list_init( &mailslot->writers );
-    if (sd) default_set_sd( &mailslot->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
-                            DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
    if (!socketpair( PF_UNIX, SOCK_DGRAM, 0, fds ))
    {

--- a/server/mapping.c
+++ b/server/mapping.c
@@ -483,15 +483,11 @@ static struct object *create_mapping( struct object *root, const struct unicode_
    if (!page_mask) page_mask = sysconf( _SC_PAGESIZE ) - 1;
-    if (!(mapping = create_named_object( root, &mapping_ops, name, attr )))
+    if (!(mapping = create_named_object( root, &mapping_ops, name, attr, sd )))
        return NULL;
    if (get_error() == STATUS_OBJECT_NAME_EXISTS)
        return &mapping->obj;  /* Nothing else to do */
-    if (sd) default_set_sd( &mapping->obj, sd, OWNER_SECURITY_INFORMATION|
-                                               GROUP_SECURITY_INFORMATION|
-                                               DACL_SECURITY_INFORMATION|
-                                               SACL_SECURITY_INFORMATION );
    mapping->header_size = 0;
    mapping->base        = 0;
    mapping->fd          = NULL;

--- a/server/mutex.c
+++ b/server/mutex.c
@@ -104,7 +104,7 @@ static struct mutex *create_mutex( struct object *root, const struct unicode_str
 {
    struct mutex *mutex;
-    if ((mutex = create_named_object( root, &mutex_ops, name, attr )))
+    if ((mutex = create_named_object( root, &mutex_ops, name, attr, sd )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
@@ -113,10 +113,6 @@ static struct mutex *create_mutex( struct object *root, const struct unicode_str
            mutex->owner = NULL;
            mutex->abandoned = 0;
            if (owned) do_grab( mutex, current );
-            if (sd) default_set_sd( &mutex->obj, sd, OWNER_SECURITY_INFORMATION|
-                                                     GROUP_SECURITY_INFORMATION|
-                                                     DACL_SECURITY_INFORMATION|
-                                                     SACL_SECURITY_INFORMATION );
        }
    }
    return mutex;

--- a/server/named_pipe.c
+++ b/server/named_pipe.c
@@ -504,7 +504,7 @@ void create_named_pipe_device( struct object *root, const struct unicode_str *na
 {
    struct named_pipe_device *dev;
-    if ((dev = create_named_object( root, &named_pipe_device_ops, name, 0 )) &&
+    if ((dev = create_named_object( root, &named_pipe_device_ops, name, 0, NULL )) &&
        get_error() != STATUS_OBJECT_NAME_EXISTS)
    {
        dev->pipes = NULL;
@@ -915,7 +915,7 @@ DECL_HANDLER(create_named_pipe)
        if (!(root = get_directory_obj( current->process, objattr->rootdir ))) return;
    }
-    pipe = create_named_object( root, &named_pipe_ops, &name, objattr->attributes | OBJ_OPENIF );
+    pipe = create_named_object( root, &named_pipe_ops, &name, objattr->attributes | OBJ_OPENIF, NULL );
    if (root) release_object( root );
    if (!pipe) return;

--- a/server/object.c
+++ b/server/object.c
@@ -262,38 +262,50 @@ struct object *lookup_named_object( struct object *root, const struct unicode_st
    return parent;
 }
-void *create_object( struct object *parent, const struct object_ops *ops, const struct unicode_str *name )
+static struct object *create_object( struct object *parent, const struct object_ops *ops,
+                                     const struct unicode_str *name, const struct security_descriptor *sd )
 {
    struct object *obj;
    struct object_name *name_ptr;
    if (!(name_ptr = alloc_name( name ))) return NULL;
-    if ((obj = alloc_object( ops )))
+    if (!(obj = alloc_object( ops ))) goto failed;
-    {
+    if (sd && !default_set_sd( obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
-        if (!obj->ops->link_name( obj, name_ptr, parent ))
+                               DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION ))
-        {
+        goto failed;
-            free_object( obj );
+    if (!obj->ops->link_name( obj, name_ptr, parent )) goto failed;
-            free( name_ptr );
-            return NULL;
+    name_ptr->obj = obj;
-        }
+    obj->name = name_ptr;
-        name_ptr->obj = obj;
-        obj->name = name_ptr;
-    }
-    else
-        free( name_ptr );
    return obj;
+failed:
+    if (obj) free_object( obj );
+    free( name_ptr );
+    return NULL;
 }
 /* create an object as named child under the specified parent */
 void *create_named_object( struct object *parent, const struct object_ops *ops,
-                           const struct unicode_str *name, unsigned int attributes )
+                           const struct unicode_str *name, unsigned int attributes,
+                           const struct security_descriptor *sd )
 {
    struct object *obj, *new_obj;
    struct unicode_str new_name;
    clear_error();
-    if (!name || !name->len) return alloc_object( ops );
+    if (!name || !name->len)
+    {
+        if (!(new_obj = alloc_object( ops ))) return NULL;
+        if (sd && !default_set_sd( new_obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
+                                   DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION ))
+        {
+            free_object( new_obj );
+            return NULL;
+        }
+        return new_obj;
+    }
    if (!(obj = lookup_named_object( parent, name, attributes, &new_name ))) return NULL;
@@ -313,7 +325,7 @@ void *create_named_object( struct object *parent, const struct object_ops *ops,
        return obj;
    }
-    new_obj = create_object( obj, ops, &new_name );
+    new_obj = create_object( obj, ops, &new_name, sd );
    release_object( obj );
    return new_obj;
 }

--- a/server/object.h
+++ b/server/object.h
@@ -133,10 +133,9 @@ extern WCHAR *get_object_full_name( struct object *obj, data_size_t *ret_len );
 extern void dump_object_name( struct object *obj );
 extern struct object *lookup_named_object( struct object *root, const struct unicode_str *name,
                                           unsigned int attr, struct unicode_str *name_left );
-extern void *create_object( struct object *parent, const struct object_ops *ops,
-                            const struct unicode_str *name );
 extern void *create_named_object( struct object *parent, const struct object_ops *ops,
-                                  const struct unicode_str *name, unsigned int attributes );
+                                  const struct unicode_str *name, unsigned int attributes,
+                                  const struct security_descriptor *sd );
 extern void *open_named_object( struct object *parent, const struct object_ops *ops,
                                const struct unicode_str *name, unsigned int attributes );
 extern void unlink_named_object( struct object *obj );

--- a/server/process.c
+++ b/server/process.c
@@ -186,15 +186,11 @@ static struct job *create_job_object( struct object *root, const struct unicode_
 {
    struct job *job;
-    if ((job = create_named_object( root, &job_ops, name, attr )))
+    if ((job = create_named_object( root, &job_ops, name, attr, sd )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
            /* initialize it if it didn't already exist */
-            if (sd) default_set_sd( &job->obj, sd, OWNER_SECURITY_INFORMATION |
-                                                   GROUP_SECURITY_INFORMATION |
-                                                   DACL_SECURITY_INFORMATION |
-                                                   SACL_SECURITY_INFORMATION );
            list_init( &job->process_list );
            job->num_processes = 0;
            job->limit_flags = 0;

--- a/server/semaphore.c
+++ b/server/semaphore.c
@@ -84,17 +84,13 @@ static struct semaphore *create_semaphore( struct object *root, const struct uni
        set_error( STATUS_INVALID_PARAMETER );
        return NULL;
    }
-    if ((sem = create_named_object( root, &semaphore_ops, name, attr )))
+    if ((sem = create_named_object( root, &semaphore_ops, name, attr, sd )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
            /* initialize it if it didn't already exist */
            sem->count = initial;
            sem->max   = max;
-            if (sd) default_set_sd( &sem->obj, sd, OWNER_SECURITY_INFORMATION|
-                                                   GROUP_SECURITY_INFORMATION|
-                                                   DACL_SECURITY_INFORMATION|
-                                                   SACL_SECURITY_INFORMATION );
        }
    }
    return sem;

--- a/server/symlink.c
+++ b/server/symlink.c
@@ -144,16 +144,12 @@ struct symlink *create_symlink( struct object *root, const struct unicode_str *n
        set_error( STATUS_INVALID_PARAMETER );
        return NULL;
    }
-    if ((symlink = create_named_object( root, &symlink_ops, name, attr )) &&
+    if ((symlink = create_named_object( root, &symlink_ops, name, attr, sd )) &&
        (get_error() != STATUS_OBJECT_NAME_EXISTS))
    {
        if ((symlink->target = memdup( target->str, target->len )))
        {
            symlink->len = target->len;
-            if (sd)
-                default_set_sd( &symlink->obj, sd,
-                                OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
-                                DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
        }
        else
        {

--- a/server/timer.c
+++ b/server/timer.c
@@ -86,7 +86,7 @@ static struct timer *create_timer( struct object *root, const struct unicode_str
 {
    struct timer *timer;
-    if ((timer = create_named_object( root, &timer_ops, name, attr )))
+    if ((timer = create_named_object( root, &timer_ops, name, attr, sd )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
@@ -97,9 +97,6 @@ static struct timer *create_timer( struct object *root, const struct unicode_str
            timer->period   = 0;
            timer->timeout  = NULL;
            timer->thread   = NULL;
-            if (sd) default_set_sd( &timer->obj, sd,
-                                    OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
-                                    DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
        }
    }
    return timer;

--- a/server/winstation.c
+++ b/server/winstation.c
@@ -110,7 +110,7 @@ static struct winstation *create_winstation( struct object *root, const struct u
 {
    struct winstation *winstation;
-    if ((winstation = create_named_object( root, &winstation_ops, name, attr )))
+    if ((winstation = create_named_object( root, &winstation_ops, name, attr, NULL )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {
@@ -213,7 +213,7 @@ static struct desktop *create_desktop( const struct unicode_str *name, unsigned 
 {
    struct desktop *desktop;
-    if ((desktop = create_named_object( &winstation->obj, &desktop_ops, name, attr )))
+    if ((desktop = create_named_object( &winstation->obj, &desktop_ops, name, attr, NULL )))
    {
        if (get_error() != STATUS_OBJECT_NAME_EXISTS)
        {