server: Do not set SE_{D, S}ACL_PRESENT if no {D, S}ACL was set.

Signed-off-by: Matteo Bruni <mbruni@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-14 20:20:42 +02:00 · 2017-06-14 20:20:42 +02:00 · 187b53e5a5
parent af2d01c2fa
commit 187b53e5a5
3 changed files with 16 additions and 6 deletions
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@ -6207,8 +6207,8 @@ static void test_AddMandatoryAce(void)
    present = TRUE;
    ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted);
    ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
-    todo_wine ok(!present, "SACL is present\n");
-    todo_wine ok(sacl == (void *)0xdeadbeef, "SACL is set\n");
+    ok(!present, "SACL is present\n");
+    ok(sacl == (void *)0xdeadbeef, "SACL is set\n");

    HeapFree(GetProcessHeap(), 0, sd2);
    CloseHandle(handle);
--- a/server/handle.c
+++ b/server/handle.c
@ -734,7 +734,6 @@ DECL_HANDLER(get_security_object)
        else
            req_sd.group_len = 0;

-        req_sd.control |= SE_SACL_PRESENT;
        sacl = sd_get_sacl( sd, &present );
        if (req->security_info & SACL_SECURITY_INFORMATION && present)
            req_sd.sacl_len = sd->sacl_len;
@ -747,7 +746,6 @@ DECL_HANDLER(get_security_object)
        else
            req_sd.sacl_len = 0;

-        req_sd.control |= SE_DACL_PRESENT;
        dacl = sd_get_dacl( sd, &present );
        if (req->security_info & DACL_SECURITY_INFORMATION && present)
            req_sd.dacl_len = sd->dacl_len;
--- a/server/object.c
+++ b/server/object.c
@ -583,15 +583,18 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
    }
    else new_sd.group_len = 0;

-    new_sd.control |= SE_SACL_PRESENT;
    sacl = sd_get_sacl( sd, &present );
    if (set_info & SACL_SECURITY_INFORMATION && present)
+    {
+        new_sd.control |= SE_SACL_PRESENT;
        new_sd.sacl_len = sd->sacl_len;
+    }
    else if (set_info & LABEL_SECURITY_INFORMATION && present)
    {
        const ACL *old_sacl = NULL;
        if (obj->sd && obj->sd->control & SE_SACL_PRESENT) old_sacl = sd_get_sacl( obj->sd, &present );
        if (!(replaced_sacl = replace_security_labels( old_sacl, sacl ))) return 0;
+        new_sd.control |= SE_SACL_PRESENT;
        new_sd.sacl_len = replaced_sacl->AclSize;
        sacl = replaced_sacl;
    }
@ -600,24 +603,33 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
        if (obj->sd) sacl = sd_get_sacl( obj->sd, &present );

        if (obj->sd && present)
+        {
+            new_sd.control |= SE_SACL_PRESENT;
            new_sd.sacl_len = obj->sd->sacl_len;
+        }
        else
            new_sd.sacl_len = 0;
    }

-    new_sd.control |= SE_DACL_PRESENT;
    dacl = sd_get_dacl( sd, &present );
    if (set_info & DACL_SECURITY_INFORMATION && present)
+    {
+        new_sd.control |= SE_DACL_PRESENT;
        new_sd.dacl_len = sd->dacl_len;
+    }
    else
    {
        if (obj->sd) dacl = sd_get_dacl( obj->sd, &present );

        if (obj->sd && present)
+        {
+            new_sd.control |= SE_DACL_PRESENT;
            new_sd.dacl_len = obj->sd->dacl_len;
+        }
        else if (token)
        {
            dacl = token_get_default_dacl( token );
+            new_sd.control |= SE_DACL_PRESENT;
            new_sd.dacl_len = dacl->AclSize;
        }
        else new_sd.dacl_len = 0;