ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server: The owner of a securable object should have all the standard access rights. 

Cygwin fork() fails in NtCreateSymbolicLinkObject(). We successfully
create the link but then fail to alloc_handle() with STATUS_ACCESS_DENIED,
because the requested access rights exceed what the owner is allowed.
Allow it more.

Thank you to Dmitry Timoshkov for debugging the security details from
alloc_handle() onwards.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=48891
Signed-off-by: Damjan Jovanovic <damjan.jov@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
(cherry picked from commit 31e984a09d)
Signed-off-by: Michael Stefaniuc <mstefani@winehq.org>
This commit is contained in:
Damjan Jovanovic 2021-06-06 03:59:38 +02:00 committed by Michael Stefaniuc
parent 1ecb100289
commit 4fddab4813
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
dlls/advapi32/tests/security.c
View File

@ -1083,10 +1083,25 @@ todo_wine {
SetLastError(0xdeadbeef);
rc = AccessCheck(sd, token, DELETE, &mapping, &priv_set, &priv_set_len, &granted, &status);
ok(rc, "AccessCheck error %d\n", GetLastError());
todo_wine {
ok(status == 1, "expected 1, got %d\n", status);
ok(granted == DELETE, "expected DELETE, got %#x\n", granted);
}
granted = 0xdeadbeef;
status = 0xdeadbeef;
SetLastError(0xdeadbeef);
rc = AccessCheck(sd, token, WRITE_OWNER, &mapping, &priv_set, &priv_set_len, &granted, &status);
ok(rc, "AccessCheck error %d\n", GetLastError());
ok(status == 1, "expected 1, got %d\n", status);
ok(granted == WRITE_OWNER, "expected WRITE_OWNER, got %#x\n", granted);
granted = 0xdeadbeef;
status = 0xdeadbeef;
SetLastError(0xdeadbeef);
rc = AccessCheck(sd, token, SYNCHRONIZE, &mapping, &priv_set, &priv_set_len, &granted, &status);
ok(rc, "AccessCheck error %d\n", GetLastError());
ok(status == 1, "expected 1, got %d\n", status);
ok(granted == SYNCHRONIZE, "expected SYNCHRONIZE, got %#x\n", granted);
granted = 0xdeadbeef;
status = 0xdeadbeef;
SetLastError(0xdeadbeef);

2
server/token.c
View File

@ -1124,7 +1124,7 @@ static unsigned int token_access_check( struct token *token,
* determined here. */
if (token_sid_present( token, owner, FALSE ))
{
current_access |= (READ_CONTROL | WRITE_DAC);
current_access |= (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE);
if (desired_access == current_access)
{
*granted_access = current_access;