Commit 9090229e authored by Jinoh Kang's avatar Jinoh Kang Committed by Alexandre Julliard

server: Use the token owner instead of the token user for default object owner.

Also, replace the token user with the token owner for the default DACL as well. Wine currently selects domain_users_sid as the token owner, so use that. This is required to pass the advapi32:security test which expects the security descriptor owner SID to be referenced in the DACL as well.
parent b735ded8
...@@ -6420,7 +6420,6 @@ static void test_default_dacl_owner_group_sid(void) ...@@ -6420,7 +6420,6 @@ static void test_default_dacl_owner_group_sid(void)
ok( ret, "error %lu\n", GetLastError() ); ok( ret, "error %lu\n", GetLastError() );
ok( owner != (void *)0xdeadbeef, "owner not set\n" ); ok( owner != (void *)0xdeadbeef, "owner not set\n" );
ok( !defaulted, "owner defaulted\n" ); ok( !defaulted, "owner defaulted\n" );
todo_wine
ok( EqualSid( owner, token_owner->Owner ), "owner shall equal token owner\n" ); ok( EqualSid( owner, token_owner->Owner ), "owner shall equal token owner\n" );
group = (void *)0xdeadbeef; group = (void *)0xdeadbeef;
...@@ -6460,7 +6459,6 @@ static void test_default_dacl_owner_group_sid(void) ...@@ -6460,7 +6459,6 @@ static void test_default_dacl_owner_group_sid(void)
"expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType ); "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
if (EqualSid( &ace->SidStart, token_user->User.Sid )) found = TRUE; if (EqualSid( &ace->SidStart, token_user->User.Sid )) found = TRUE;
} }
todo_wine
ok( !found, "DACL shall not reference token user if it is different from token owner\n" ); ok( !found, "DACL shall not reference token user if it is different from token owner\n" );
} }
......
...@@ -391,7 +391,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd, ...@@ -391,7 +391,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
else if (obj->sd) else if (obj->sd)
owner = sd_get_owner( obj->sd ); owner = sd_get_owner( obj->sd );
else else
owner = token_get_user( current->process->token ); owner = token_get_owner( current->process->token );
if (set_info & DACL_SECURITY_INFORMATION) if (set_info & DACL_SECURITY_INFORMATION)
{ {
......
...@@ -245,7 +245,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si ...@@ -245,7 +245,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
{ {
const struct sid *owner = sd_get_owner( sd ); const struct sid *owner = sd_get_owner( sd );
if (!owner) if (!owner)
owner = token_get_user( current->process->token ); owner = token_get_owner( current->process->token );
mode = sd_to_mode( sd, owner ); mode = sd_to_mode( sd, owner );
} }
else if (options & FILE_DIRECTORY_FILE) else if (options & FILE_DIRECTORY_FILE)
...@@ -528,7 +528,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd ...@@ -528,7 +528,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
else if (obj->sd) else if (obj->sd)
owner = sd_get_owner( obj->sd ); owner = sd_get_owner( obj->sd );
else else
owner = token_get_user( current->process->token ); owner = token_get_owner( current->process->token );
/* group and sacl not supported */ /* group and sacl not supported */
......
...@@ -574,7 +574,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri ...@@ -574,7 +574,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
} }
else if (token) else if (token)
{ {
owner = token_get_user( token ); owner = token_get_owner( token );
new_sd.owner_len = sid_len( owner ); new_sd.owner_len = sid_len( owner );
} }
else new_sd.owner_len = 0; else new_sd.owner_len = 0;
......
...@@ -73,7 +73,7 @@ extern int token_check_privileges( struct token *token, int all_required, ...@@ -73,7 +73,7 @@ extern int token_check_privileges( struct token *token, int all_required,
const struct luid_attr *reqprivs, const struct luid_attr *reqprivs,
unsigned int count, struct luid_attr *usedprivs ); unsigned int count, struct luid_attr *usedprivs );
extern const struct acl *token_get_default_dacl( struct token *token ); extern const struct acl *token_get_default_dacl( struct token *token );
extern const struct sid *token_get_user( struct token *token ); extern const struct sid *token_get_owner( struct token *token );
extern const struct sid *token_get_primary_group( struct token *token ); extern const struct sid *token_get_primary_group( struct token *token );
extern unsigned int token_get_session_id( struct token *token ); extern unsigned int token_get_session_id( struct token *token );
extern int token_sid_present( struct token *token, const struct sid *sid, int deny ); extern int token_sid_present( struct token *token, const struct sid *sid, int deny );
......
...@@ -732,7 +732,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int ...@@ -732,7 +732,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
/* on Windows, this value changes every time the user logs on */ /* on Windows, this value changes every time the user logs on */
struct sid logon_sid = { SID_REVISION, 3, SECURITY_NT_AUTHORITY, { SECURITY_LOGON_IDS_RID, 0, 0 /* FIXME: should be randomly generated when tokens are inherited by new processes */ }}; struct sid logon_sid = { SID_REVISION, 3, SECURITY_NT_AUTHORITY, { SECURITY_LOGON_IDS_RID, 0, 0 /* FIXME: should be randomly generated when tokens are inherited by new processes */ }};
const struct sid *user_sid = security_unix_uid_to_sid( getuid() ); const struct sid *user_sid = security_unix_uid_to_sid( getuid() );
struct acl *default_dacl = create_default_dacl( user_sid ); struct acl *default_dacl = create_default_dacl( &domain_users_sid );
const struct luid_attr admin_privs[] = const struct luid_attr admin_privs[] =
{ {
{ SeChangeNotifyPrivilege, SE_PRIVILEGE_ENABLED }, { SeChangeNotifyPrivilege, SE_PRIVILEGE_ENABLED },
...@@ -1044,9 +1044,9 @@ const struct acl *token_get_default_dacl( struct token *token ) ...@@ -1044,9 +1044,9 @@ const struct acl *token_get_default_dacl( struct token *token )
return token->default_dacl; return token->default_dacl;
} }
const struct sid *token_get_user( struct token *token ) const struct sid *token_get_owner( struct token *token )
{ {
return token->user; return token->owner;
} }
const struct sid *token_get_primary_group( struct token *token ) const struct sid *token_get_primary_group( struct token *token )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment