From 3eb448cf33b6b6635bac4e06ea7fddd190e26450 Mon Sep 17 00:00:00 2001 From: Piotr Caban Date: Fri, 27 Mar 2015 11:11:40 +0100 Subject: [PATCH] server: Make directory DACL entries inheritable. --- dlls/advapi32/tests/security.c | 12 ++++++------ server/file.c | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 04a88ae3e88..e3c1659c837 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -3192,9 +3192,9 @@ static void test_CreateDirectoryA(void) ok(bret, "Failed to get Current User ACE.\n"); bret = EqualSid(&ace->SidStart, user_sid); todo_wine ok(bret, "Current User ACE != Current User SID.\n"); - todo_wine ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE), - "Current User ACE has unexpected flags (0x%x != 0x03)\n", - ((ACE_HEADER *)ace)->AceFlags); + ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE), + "Current User ACE has unexpected flags (0x%x != 0x03)\n", + ((ACE_HEADER *)ace)->AceFlags); ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask); } @@ -3204,9 +3204,9 @@ static void test_CreateDirectoryA(void) ok(bret, "Failed to get Administators Group ACE.\n"); bret = EqualSid(&ace->SidStart, admin_sid); todo_wine ok(bret, "Administators Group ACE != Administators Group SID.\n"); - todo_wine ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE), - "Administators Group ACE has unexpected flags (0x%x != 0x03)\n", - ((ACE_HEADER *)ace)->AceFlags); + ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE), + "Administators Group ACE has unexpected flags (0x%x != 0x03)\n", + ((ACE_HEADER *)ace)->AceFlags); ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask); } diff --git a/server/file.c b/server/file.c index abda2c38e24..f565f5acb7f 100644 --- a/server/file.c +++ b/server/file.c @@ -367,7 +367,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID aaa = (ACCESS_ALLOWED_ACE *)(dacl + 1); current_ace = &aaa->Header; aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; - aaa->Header.AceFlags = 0; + aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0; aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( local_system_sid ); aaa->Mask = FILE_ALL_ACCESS; sid = (SID *)&aaa->SidStart; @@ -379,7 +379,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace ); current_ace = &aaa->Header; aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; - aaa->Header.AceFlags = 0; + aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0; aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( user ); aaa->Mask = WRITE_DAC | WRITE_OWNER; if (mode & S_IRUSR) @@ -397,7 +397,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID ACCESS_DENIED_ACE *ada = (ACCESS_DENIED_ACE *)ace_next( current_ace ); current_ace = &ada->Header; ada->Header.AceType = ACCESS_DENIED_ACE_TYPE; - ada->Header.AceFlags = 0; + ada->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0; ada->Header.AceSize = FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + security_sid_len( user ); ada->Mask = 0; if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH))) @@ -414,7 +414,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace ); current_ace = &aaa->Header; aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; - aaa->Header.AceFlags = 0; + aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0; aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( world_sid ); aaa->Mask = 0; if (mode & S_IROTH)