server: Use the token owner instead of the token user for default object owner.

dlls/advapi32/tests/security.c

@@ -6420,7 +6420,6 @@ static void test_default_dacl_owner_group_sid(void)
     ok( ret, "error %lu\n", GetLastError() );
     ok( owner != (void *)0xdeadbeef, "owner not set\n" );
     ok( !defaulted, "owner defaulted\n" );
-    todo_wine
     ok( EqualSid( owner, token_owner->Owner ), "owner shall equal token owner\n" );
 
     group = (void *)0xdeadbeef;
@@ -6460,7 +6459,6 @@ static void test_default_dacl_owner_group_sid(void)
                 "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
             if (EqualSid( &ace->SidStart, token_user->User.Sid )) found = TRUE;
         }
-        todo_wine
         ok( !found, "DACL shall not reference token user if it is different from token owner\n" );
     }
 

server/change.c

@@ -391,7 +391,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
     else if (obj->sd)
         owner = sd_get_owner( obj->sd );
     else
-        owner = token_get_user( current->process->token );
+        owner = token_get_owner( current->process->token );
 
     if (set_info & DACL_SECURITY_INFORMATION)
     {

server/file.c

@@ -245,7 +245,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
     {
         const struct sid *owner = sd_get_owner( sd );
         if (!owner)
-            owner = token_get_user( current->process->token );
+            owner = token_get_owner( current->process->token );
         mode = sd_to_mode( sd, owner );
     }
     else if (options & FILE_DIRECTORY_FILE)
@@ -528,7 +528,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
     else if (obj->sd)
         owner = sd_get_owner( obj->sd );
     else
-        owner = token_get_user( current->process->token );
+        owner = token_get_owner( current->process->token );
 
     /* group and sacl not supported */
 

server/object.c

@@ -574,7 +574,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
     }
     else if (token)
     {
-        owner = token_get_user( token );
+        owner = token_get_owner( token );
         new_sd.owner_len = sid_len( owner );
     }
     else new_sd.owner_len = 0;

server/security.h

@@ -73,7 +73,7 @@ extern int token_check_privileges( struct token *token, int all_required,
                                    const struct luid_attr *reqprivs,
                                    unsigned int count, struct luid_attr *usedprivs );
 extern const struct acl *token_get_default_dacl( struct token *token );
-extern const struct sid *token_get_user( struct token *token );
+extern const struct sid *token_get_owner( struct token *token );
 extern const struct sid *token_get_primary_group( struct token *token );
 extern unsigned int token_get_session_id( struct token *token );
 extern int token_sid_present( struct token *token, const struct sid *sid, int deny );

server/token.c

@@ -732,7 +732,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
     /* on Windows, this value changes every time the user logs on */
     struct sid logon_sid = { SID_REVISION, 3, SECURITY_NT_AUTHORITY, { SECURITY_LOGON_IDS_RID, 0, 0 /* FIXME: should be randomly generated when tokens are inherited by new processes */ }};
     const struct sid *user_sid = security_unix_uid_to_sid( getuid() );
-    struct acl *default_dacl = create_default_dacl( user_sid );
+    struct acl *default_dacl = create_default_dacl( &domain_users_sid );
     const struct luid_attr admin_privs[] =
     {
         { SeChangeNotifyPrivilege, SE_PRIVILEGE_ENABLED },
@@ -1044,9 +1044,9 @@ const struct acl *token_get_default_dacl( struct token *token )
     return token->default_dacl;
 }
 
-const struct sid *token_get_user( struct token *token )
+const struct sid *token_get_owner( struct token *token )
 {
-    return token->user;
+    return token->owner;
 }
 
 const struct sid *token_get_primary_group( struct token *token )