server: Store the full group attributes.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
parent
3eb944c0a7
commit
1a0f082682
|
@ -128,15 +128,9 @@ struct privilege
|
||||||
|
|
||||||
struct group
|
struct group
|
||||||
{
|
{
|
||||||
struct list entry;
|
struct list entry;
|
||||||
unsigned enabled : 1; /* is the sid currently enabled? */
|
unsigned int attrs;
|
||||||
unsigned def : 1; /* is the sid enabled by default? */
|
struct sid sid;
|
||||||
unsigned logon : 1; /* is this a logon sid? */
|
|
||||||
unsigned mandatory: 1; /* is this sid always enabled? */
|
|
||||||
unsigned owner : 1; /* can this sid be an owner of an object? */
|
|
||||||
unsigned resource : 1; /* is this a domain-local group? */
|
|
||||||
unsigned deny_only: 1; /* is this a sid that should be use for denying only? */
|
|
||||||
struct sid sid;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
static void token_dump( struct object *obj, int verbose );
|
static void token_dump( struct object *obj, int verbose );
|
||||||
|
@ -523,17 +517,11 @@ static struct token *create_token( unsigned int primary, unsigned int session_id
|
||||||
release_object( token );
|
release_object( token );
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
group->attrs = groups[i].attrs;
|
||||||
copy_sid( &group->sid, groups[i].sid );
|
copy_sid( &group->sid, groups[i].sid );
|
||||||
group->enabled = TRUE;
|
|
||||||
group->def = TRUE;
|
|
||||||
group->logon = (groups[i].attrs & SE_GROUP_LOGON_ID) != 0;
|
|
||||||
group->mandatory = (groups[i].attrs & SE_GROUP_MANDATORY) != 0;
|
|
||||||
group->owner = (groups[i].attrs & SE_GROUP_OWNER) != 0;
|
|
||||||
group->resource = FALSE;
|
|
||||||
group->deny_only = FALSE;
|
|
||||||
list_add_tail( &token->groups, &group->entry );
|
list_add_tail( &token->groups, &group->entry );
|
||||||
/* Use first owner capable group as owner and primary group */
|
/* Use first owner capable group as owner and primary group */
|
||||||
if (!token->primary_group && group->owner)
|
if (!token->primary_group && (group->attrs & SE_GROUP_OWNER))
|
||||||
{
|
{
|
||||||
token->owner = &group->sid;
|
token->owner = &group->sid;
|
||||||
token->primary_group = &group->sid;
|
token->primary_group = &group->sid;
|
||||||
|
@ -628,9 +616,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
|
||||||
memcpy( newgroup, group, size );
|
memcpy( newgroup, group, size );
|
||||||
if (filter_group( group, remove_groups, remove_group_count ))
|
if (filter_group( group, remove_groups, remove_group_count ))
|
||||||
{
|
{
|
||||||
newgroup->enabled = 0;
|
newgroup->attrs &= ~(SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT);
|
||||||
newgroup->def = 0;
|
newgroup->attrs |= SE_GROUP_USE_FOR_DENY_ONLY;
|
||||||
newgroup->deny_only = 1;
|
|
||||||
}
|
}
|
||||||
list_add_tail( &token->groups, &newgroup->entry );
|
list_add_tail( &token->groups, &newgroup->entry );
|
||||||
if (src_token->primary_group == &group->sid)
|
if (src_token->primary_group == &group->sid)
|
||||||
|
@ -888,8 +875,8 @@ int token_sid_present( struct token *token, const struct sid *sid, int deny )
|
||||||
|
|
||||||
LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
|
LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
|
||||||
{
|
{
|
||||||
if (!group->enabled) continue;
|
if (!(group->attrs & SE_GROUP_ENABLED)) continue;
|
||||||
if (group->deny_only && !deny) continue;
|
if (!deny && (group->attrs & SE_GROUP_USE_FOR_DENY_ONLY)) continue;
|
||||||
if (equal_sid( &group->sid, sid )) return TRUE;
|
if (equal_sid( &group->sid, sid )) return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1411,16 +1398,8 @@ DECL_HANDLER(get_token_groups)
|
||||||
{
|
{
|
||||||
LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
|
LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
|
||||||
{
|
{
|
||||||
*attr_ptr = 0;
|
|
||||||
if (group->mandatory) *attr_ptr |= SE_GROUP_MANDATORY;
|
|
||||||
if (group->def) *attr_ptr |= SE_GROUP_ENABLED_BY_DEFAULT;
|
|
||||||
if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED;
|
|
||||||
if (group->owner) *attr_ptr |= SE_GROUP_OWNER;
|
|
||||||
if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY;
|
|
||||||
if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
|
|
||||||
if (group->logon) *attr_ptr |= SE_GROUP_LOGON_ID;
|
|
||||||
sid = copy_sid( sid, &group->sid );
|
sid = copy_sid( sid, &group->sid );
|
||||||
attr_ptr++;
|
*attr_ptr++ = group->attrs;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue