[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-devel
Subject:    Re: Fix NtAccessCheck so it works with relative SECURITY_DESCRIPTORs
From:       Robert Shearman <rob () codeweavers ! com>
Date:       2005-05-31 6:51:20
Message-ID: 429C0968.2070903 () codeweavers ! com
[Download RAW message or body]

Evan Deaubl wrote:

>ChangeLog:
> * Fix NtAccessCheck so it works with relative SECURITY_DESCRIPTORs
>  
>

I cleaned up the patch a little. Does this still work for you?

Changelog:

Evan Deaubl <wine@warpedview.com>
Robert Shearman <rob@codeweavers.com>
- Implement RtlGetControlSecurityDescriptor
- Fix NtAccessCheck so it works with relative SECURITY_DESCRIPTORs

-- 
Rob Shearman


["accesscheck3.diff" (text/x-patch)]

Index: dlls/ntdll/sec.c
===================================================================
RCS file: /home/wine/wine/dlls/ntdll/sec.c,v
retrieving revision 1.52
diff -u -p -r1.52 sec.c
--- dlls/ntdll/sec.c	24 May 2005 12:32:19 -0000	1.52
+++ dlls/ntdll/sec.c	31 May 2005 06:47:20 -0000
@@ -831,6 +831,27 @@ NTSTATUS WINAPI RtlSelfRelativeToAbsolut
     return status;
 }
 
+/******************************************************************************
+ * RtlGetControlSecurityDescriptor (NTDLL.@)
+ */
+NTSTATUS WINAPI RtlGetControlSecurityDescriptor(
+    PSECURITY_DESCRIPTOR  pSecurityDescriptor,
+    PSECURITY_DESCRIPTOR_CONTROL pControl,
+    LPDWORD lpdwRevision)
+{
+    SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
+
+    TRACE("(%p,%p,%p),stub!\n",pSecurityDescriptor,pControl,lpdwRevision);
+
+    if ( !lpsd  || !pControl || !lpdwRevision )
+            return STATUS_INVALID_PARAMETER;
+
+    *lpdwRevision = lpsd->Revision;
+    *pControl = lpsd->Control;
+
+    return STATUS_SUCCESS;
+}
+
 
 /**************************************************************************
  *                 RtlAbsoluteToSelfRelativeSD [NTDLL.@]
@@ -1197,7 +1218,13 @@ NtAccessCheck(
     SERVER_START_REQ( access_check )
     {
         struct security_descriptor sd;
-        const SECURITY_DESCRIPTOR * RealSD = (const SECURITY_DESCRIPTOR \
*)SecurityDescriptor; +        PSID owner;
+        PSID group;
+        PACL sacl;
+        PACL dacl;
+        BOOLEAN defaulted, present;
+        DWORD revision;
+        SECURITY_DESCRIPTOR_CONTROL control;
 
         req->handle = ClientToken;
         req->desired_access = DesiredAccess;
@@ -1207,16 +1234,22 @@ NtAccessCheck(
         req->mapping_all = GenericMapping->GenericAll;
 
         /* marshal security descriptor */
-        sd.control = RealSD->Control;
-        sd.owner_len = RtlLengthSid( RealSD->Owner );
-        sd.group_len = RtlLengthSid( RealSD->Group );
-        sd.sacl_len = (RealSD->Sacl ? RealSD->Sacl->AclSize : 0);
-        sd.dacl_len = (RealSD->Dacl ? RealSD->Dacl->AclSize : 0);
+        RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+        sd.control = control & ~SE_SELF_RELATIVE;
+        RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+        sd.owner_len = RtlLengthSid( owner );
+        RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+        sd.group_len = RtlLengthSid( group );
+        RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, \
&defaulted ); +        sd.sacl_len = (present ? sacl->AclSize : 0);
+        RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, \
&defaulted ); +        sd.dacl_len = (present ? dacl->AclSize : 0);
+
         wine_server_add_data( req, &sd, sizeof(sd) );
-        wine_server_add_data( req, RealSD->Owner, sd.owner_len );
-        wine_server_add_data( req, RealSD->Group, sd.group_len );
-        wine_server_add_data( req, RealSD->Sacl, sd.sacl_len );
-        wine_server_add_data( req, RealSD->Dacl, sd.dacl_len );
+        wine_server_add_data( req, owner, sd.owner_len );
+        wine_server_add_data( req, group, sd.group_len );
+        wine_server_add_data( req, sacl, sd.sacl_len );
+        wine_server_add_data( req, dacl, sd.dacl_len );
 
         wine_server_set_reply( req, &PrivilegeSet->Privilege, *ReturnLength - \
FIELD_OFFSET( PRIVILEGE_SET, Privilege ) );  
@@ -1244,19 +1277,6 @@ NtSetSecurityObject(
         IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
 	FIXME("%p 0x%08lx %p\n", Handle, SecurityInformation, SecurityDescriptor);
-	return STATUS_SUCCESS;
-}
-
-/******************************************************************************
- * RtlGetControlSecurityDescriptor (NTDLL.@)
- */
-
-NTSTATUS WINAPI RtlGetControlSecurityDescriptor(
-	PSECURITY_DESCRIPTOR  pSecurityDescriptor,
-	PSECURITY_DESCRIPTOR_CONTROL pControl,
-	LPDWORD lpdwRevision)
-{
-	FIXME("(%p,%p,%p),stub!\n",pSecurityDescriptor,pControl,lpdwRevision);
 	return STATUS_SUCCESS;
 }
 



[prev in list] [next in list] [prev in thread] [next in thread]