server: Add get_sd and set_sd object operations to allow the security descriptor to be stored somewhere other than server memory, such as on disk.

2007-10-03 13:10:37 +01:00 · 2007-10-03 13:10:37 +01:00 · c1707d8938
parent 8184bcc91a
commit c1707d8938
34 changed files with 117 additions and 6 deletions
--- a/server/async.c
+++ b/server/async.c
@ -59,6 +59,8 @@ static const struct object_ops async_ops =
    no_signal,                 /* signal */
    no_get_fd,                 /* get_fd */
    no_map_access,             /* map_access */
+    default_get_sd,            /* get_sd */
+    default_set_sd,            /* set_sd */
    no_lookup_name,            /* lookup_name */
    no_open_file,              /* open_file */
    no_close_handle,           /* close_handle */
@ -86,6 +88,8 @@ static const struct object_ops async_queue_ops =
    no_signal,                       /* signal */
    no_get_fd,                       /* get_fd */
    no_map_access,                   /* map_access */
+    default_get_sd,                  /* get_sd */
+    default_set_sd,                  /* set_sd */
    no_lookup_name,                  /* lookup_name */
    no_open_file,                    /* open_file */
    no_close_handle,                 /* close_handle */
--- a/server/atom.c
+++ b/server/atom.c
@ -83,6 +83,8 @@ static const struct object_ops atom_table_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    no_map_access,                /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    no_close_handle,              /* close_handle */
--- a/server/change.c
+++ b/server/change.c
@ -171,6 +171,8 @@ static const struct object_ops dir_ops =
    no_signal,                /* signal */
    dir_get_fd,               /* get_fd */
    default_fd_map_access,    /* map_access */
+    default_get_sd,           /* get_sd */
+    default_set_sd,           /* set_sd */
    no_lookup_name,           /* lookup_name */
    no_open_file,             /* open_file */
    fd_close_handle,          /* close_handle */
--- a/server/clipboard.c
+++ b/server/clipboard.c
@ -59,6 +59,8 @@ static const struct object_ops clipboard_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    no_map_access,                /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    no_close_handle,              /* close_handle */
--- a/server/completion.c
+++ b/server/completion.c
@ -66,6 +66,8 @@ static const struct object_ops completion_ops =
    no_signal,                 /* signal */
    no_get_fd,                 /* get_fd */
    no_map_access,             /* map_access */
+    default_get_sd,            /* get_sd */
+    default_set_sd,            /* set_sd */
    no_lookup_name,            /* lookup_name */
    no_open_file,              /* open_file */
    no_close_handle,           /* close_handle */
--- a/server/console.c
+++ b/server/console.c
@ -83,6 +83,8 @@ static const struct object_ops console_input_ops =
    no_signal,                        /* signal */
    no_get_fd,                        /* get_fd */
    console_map_access,               /* map_access */
+    default_get_sd,                   /* get_sd */
+    default_set_sd,                   /* set_sd */
    no_lookup_name,                   /* lookup_name */
    no_open_file,                     /* open_file */
    no_close_handle,                  /* close_handle */
@ -112,6 +114,8 @@ static const struct object_ops console_input_events_ops =
    no_signal,                        /* signal */
    no_get_fd,                        /* get_fd */
    console_map_access,               /* map_access */
+    default_get_sd,                   /* get_sd */
+    default_set_sd,                   /* set_sd */
    no_lookup_name,                   /* lookup_name */
    no_open_file,                     /* open_file */
    no_close_handle,                  /* close_handle */
@ -152,6 +156,8 @@ static const struct object_ops screen_buffer_ops =
    no_signal,                        /* signal */
    no_get_fd,                        /* get_fd */
    console_map_access,               /* map_access */
+    default_get_sd,                   /* get_sd */
+    default_set_sd,                   /* set_sd */
    no_lookup_name,                   /* lookup_name */
    no_open_file,                     /* open_file */
    no_close_handle,                  /* close_handle */
--- a/server/debugger.c
+++ b/server/debugger.c
@ -76,6 +76,8 @@ static const struct object_ops debug_event_ops =
    no_signal,                     /* signal */
    no_get_fd,                     /* get_fd */
    no_map_access,                 /* map_access */
+    default_get_sd,                /* get_sd */
+    default_set_sd,                /* set_sd */
    no_lookup_name,                /* lookup_name */
    no_open_file,                  /* open_file */
    no_close_handle,               /* close_handle */
@ -97,6 +99,8 @@ static const struct object_ops debug_ctx_ops =
    no_signal,                     /* signal */
    no_get_fd,                     /* get_fd */
    no_map_access,                 /* map_access */
+    default_get_sd,                /* get_sd */
+    default_set_sd,                /* set_sd */
    no_lookup_name,                /* lookup_name */
    no_open_file,                  /* open_file */
    no_close_handle,               /* close_handle */
--- a/server/device.c
+++ b/server/device.c
@ -65,6 +65,8 @@ static const struct object_ops ioctl_call_ops =
    no_signal,                        /* signal */
    no_get_fd,                        /* get_fd */
    no_map_access,                    /* map_access */
+    default_get_sd,                   /* get_sd */
+    default_set_sd,                   /* set_sd */
    no_lookup_name,                   /* lookup_name */
    no_open_file,                     /* open_file */
    no_close_handle,                  /* close_handle */
@ -94,6 +96,8 @@ static const struct object_ops device_manager_ops =
    no_signal,                        /* signal */
    no_get_fd,                        /* get_fd */
    no_map_access,                    /* map_access */
+    default_get_sd,                   /* get_sd */
+    default_set_sd,                   /* set_sd */
    no_lookup_name,                   /* lookup_name */
    no_open_file,                     /* open_file */
    no_close_handle,                  /* close_handle */
@ -131,6 +135,8 @@ static const struct object_ops device_ops =
    no_signal,                        /* signal */
    device_get_fd,                    /* get_fd */
    default_fd_map_access,            /* map_access */
+    default_get_sd,                   /* get_sd */
+    default_set_sd,                   /* set_sd */
    no_lookup_name,                   /* lookup_name */
    device_open_file,                 /* open_file */
    no_close_handle,                  /* close_handle */
--- a/server/directory.c
+++ b/server/directory.c
@ -63,6 +63,8 @@ static const struct object_ops directory_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    default_fd_map_access,        /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    directory_lookup_name,        /* lookup_name */
    no_open_file,                 /* open_file */
    no_close_handle,              /* close_handle */
--- a/server/event.c
+++ b/server/event.c
@ -59,6 +59,8 @@ static const struct object_ops event_ops =
    event_signal,              /* signal */
    no_get_fd,                 /* get_fd */
    event_map_access,          /* map_access */
+    default_get_sd,            /* get_sd */
+    default_set_sd,            /* set_sd */
    no_lookup_name,            /* lookup_name */
    no_open_file,              /* open_file */
    no_close_handle,           /* close_handle */
--- a/server/fd.c
+++ b/server/fd.c
@ -198,6 +198,8 @@ static const struct object_ops fd_ops =
    no_signal,                /* signal */
    no_get_fd,                /* get_fd */
    no_map_access,            /* map_access */
+    default_get_sd,           /* get_sd */
+    default_set_sd,           /* set_sd */
    no_lookup_name,           /* lookup_name */
    no_open_file,             /* open_file */
    no_close_handle,          /* close_handle */
@ -232,6 +234,8 @@ static const struct object_ops device_ops =
    no_signal,                /* signal */
    no_get_fd,                /* get_fd */
    no_map_access,            /* map_access */
+    default_get_sd,           /* get_sd */
+    default_set_sd,           /* set_sd */
    no_lookup_name,           /* lookup_name */
    no_open_file,             /* open_file */
    no_close_handle,          /* close_handle */
@ -265,6 +269,8 @@ static const struct object_ops inode_ops =
    no_signal,                /* signal */
    no_get_fd,                /* get_fd */
    no_map_access,            /* map_access */
+    default_get_sd,           /* get_sd */
+    default_set_sd,           /* set_sd */
    no_lookup_name,           /* lookup_name */
    no_open_file,             /* open_file */
    no_close_handle,          /* close_handle */
@ -300,6 +306,8 @@ static const struct object_ops file_lock_ops =
    no_signal,                  /* signal */
    no_get_fd,                  /* get_fd */
    no_map_access,              /* map_access */
+    default_get_sd,             /* get_sd */
+    default_set_sd,             /* set_sd */
    no_lookup_name,             /* lookup_name */
    no_open_file,               /* open_file */
    no_close_handle,            /* close_handle */
--- a/server/file.c
+++ b/server/file.c
@ -82,6 +82,8 @@ static const struct object_ops file_ops =
    no_signal,                    /* signal */
    file_get_fd,                  /* get_fd */
    default_fd_map_access,        /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    fd_close_handle,              /* close_handle */
--- a/server/handle.c
+++ b/server/handle.c
@ -111,6 +111,8 @@ static const struct object_ops handle_table_ops =
    no_signal,                       /* signal */
    no_get_fd,                       /* get_fd */
    no_map_access,                   /* map_access */
+    default_get_sd,                  /* get_sd */
+    default_set_sd,                  /* set_sd */
    no_lookup_name,                  /* lookup_name */
    no_open_file,                    /* open_file */
    no_close_handle,                 /* close_handle */
@ -612,7 +614,7 @@ DECL_HANDLER(set_security_object)

    if (!(obj = get_handle_obj( current->process, req->handle, access, NULL ))) return;

-    set_object_sd( obj, sd, req->security_info );
+    obj->ops->set_sd( obj, sd, req->security_info );
    release_object( obj );
 }

@ -631,7 +633,7 @@ DECL_HANDLER(get_security_object)

    if (!(obj = get_handle_obj( current->process, req->handle, access, NULL ))) return;

-    sd = obj->sd;
+    sd = obj->ops->get_sd( obj );
    if (sd)
    {
        req_sd.control = sd->control & ~SE_SELF_RELATIVE;
--- a/server/hook.c
+++ b/server/hook.c
@ -84,6 +84,8 @@ static const struct object_ops hook_table_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    no_map_access,                /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    no_close_handle,              /* close_handle */
--- a/server/mailslot.c
+++ b/server/mailslot.c
@ -81,6 +81,8 @@ static const struct object_ops mailslot_ops =
    no_signal,                 /* signal */
    mailslot_get_fd,           /* get_fd */
    mailslot_map_access,       /* map_access */
+    default_get_sd,            /* get_sd */
+    default_set_sd,            /* set_sd */
    no_lookup_name,            /* lookup_name */
    mailslot_open_file,        /* open_file */
    fd_close_handle,           /* close_handle */
@ -129,6 +131,8 @@ static const struct object_ops mail_writer_ops =
    no_signal,                  /* signal */
    mail_writer_get_fd,         /* get_fd */
    mail_writer_map_access,     /* map_access */
+    default_get_sd,             /* get_sd */
+    default_set_sd,             /* set_sd */
    no_lookup_name,             /* lookup_name */
    no_open_file,               /* open_file */
    fd_close_handle,            /* close_handle */
@ -177,6 +181,8 @@ static const struct object_ops mailslot_device_ops =
    no_signal,                      /* signal */
    mailslot_device_get_fd,         /* get_fd */
    no_map_access,                  /* map_access */
+    default_get_sd,                 /* get_sd */
+    default_set_sd,                 /* set_sd */
    mailslot_device_lookup_name,    /* lookup_name */
    mailslot_device_open_file,      /* open_file */
    fd_close_handle,                /* close_handle */
--- a/server/mapping.c
+++ b/server/mapping.c
@ -67,6 +67,8 @@ static const struct object_ops mapping_ops =
    no_signal,                   /* signal */
    mapping_get_fd,              /* get_fd */
    mapping_map_access,          /* map_access */
+    default_get_sd,              /* get_sd */
+    default_set_sd,              /* set_sd */
    no_lookup_name,              /* lookup_name */
    no_open_file,                /* open_file */
    fd_close_handle,             /* close_handle */
--- a/server/mutex.c
+++ b/server/mutex.c
@ -62,6 +62,8 @@ static const struct object_ops mutex_ops =
    mutex_signal,              /* signal */
    no_get_fd,                 /* get_fd */
    mutex_map_access,          /* map_access */
+    default_get_sd,            /* get_sd */
+    default_set_sd,            /* set_sd */
    no_lookup_name,            /* lookup_name */
    no_open_file,              /* open_file */
    no_close_handle,           /* close_handle */
--- a/server/named_pipe.c
+++ b/server/named_pipe.c
@ -124,6 +124,8 @@ static const struct object_ops named_pipe_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    named_pipe_map_access,        /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    named_pipe_open_file,         /* open_file */
    no_close_handle,              /* close_handle */
@ -150,6 +152,8 @@ static const struct object_ops pipe_server_ops =
    no_signal,                    /* signal */
    pipe_server_get_fd,           /* get_fd */
    default_fd_map_access,        /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    fd_close_handle,              /* close_handle */
@ -186,6 +190,8 @@ static const struct object_ops pipe_client_ops =
    no_signal,                    /* signal */
    pipe_client_get_fd,           /* get_fd */
    default_fd_map_access,        /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    fd_close_handle,              /* close_handle */
@ -226,6 +232,8 @@ static const struct object_ops named_pipe_device_ops =
    no_signal,                        /* signal */
    named_pipe_device_get_fd,         /* get_fd */
    no_map_access,                    /* map_access */
+    default_get_sd,                   /* get_sd */
+    default_set_sd,                   /* set_sd */
    named_pipe_device_lookup_name,    /* lookup_name */
    named_pipe_device_open_file,      /* open_file */
    fd_close_handle,                  /* close_handle */
--- a/server/object.c
+++ b/server/object.c
@ -367,7 +367,12 @@ unsigned int no_map_access( struct object *obj, unsigned int access )
    return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
 }

-void set_object_sd( struct object *obj, const struct security_descriptor *sd,
+struct security_descriptor *default_get_sd( struct object *obj )
+{
+    return obj->sd;
+}
+
+int default_set_sd( struct object *obj, const struct security_descriptor *sd,
                    unsigned int set_info )
 {
    struct security_descriptor new_sd, *new_sd_ptr;
@ -376,7 +381,7 @@ void set_object_sd( struct object *obj, const struct security_descriptor *sd,
    const ACL *sacl, *dacl;
    char *ptr;

-    if (!set_info) return;
+    if (!set_info) return 1;

    new_sd.control = sd->control & ~SE_SELF_RELATIVE;

@ -437,7 +442,7 @@ void set_object_sd( struct object *obj, const struct security_descriptor *sd,

    ptr = mem_alloc( sizeof(new_sd) + new_sd.owner_len + new_sd.group_len +
                     new_sd.sacl_len + new_sd.dacl_len );
-    if (!ptr) return;
+    if (!ptr) return 0;
    new_sd_ptr = (struct security_descriptor*)ptr;

    memcpy( ptr, &new_sd, sizeof(new_sd) );
@ -452,6 +457,7 @@ void set_object_sd( struct object *obj, const struct security_descriptor *sd,

    free( obj->sd );
    obj->sd = new_sd_ptr;
+    return 1;
 }

 struct object *no_lookup_name( struct object *obj, struct unicode_str *name,
--- a/server/object.h
+++ b/server/object.h
@ -74,6 +74,10 @@ struct object_ops
    struct fd *(*get_fd)(struct object *);
    /* map access rights to the specific rights for this object */
    unsigned int (*map_access)(struct object *, unsigned int);
+    /* returns the security descriptor of the object */
+    struct security_descriptor *(*get_sd)( struct object * );
+    /* sets the security descriptor of the object */
+    int (*set_sd)( struct object *, const struct security_descriptor *, unsigned int );
    /* lookup a name if an object has a namespace */
    struct object *(*lookup_name)(struct object *, struct unicode_str *,unsigned int);
    /* open a file object to access this object */
@ -127,7 +131,8 @@ extern int no_satisfied( struct object *obj, struct thread *thread );
 extern int no_signal( struct object *obj, unsigned int access );
 extern struct fd *no_get_fd( struct object *obj );
 extern unsigned int no_map_access( struct object *obj, unsigned int access );
-extern void set_object_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info );
+extern struct security_descriptor *default_get_sd( struct object *obj );
+extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info );
 extern struct object *no_lookup_name( struct object *obj, struct unicode_str *name, unsigned int attributes );
 extern struct object *no_open_file( struct object *obj, unsigned int access, unsigned int sharing,
                                    unsigned int options );
--- a/server/process.c
+++ b/server/process.c
@ -74,6 +74,8 @@ static const struct object_ops process_ops =
    no_signal,                   /* signal */
    no_get_fd,                   /* get_fd */
    process_map_access,          /* map_access */
+    default_get_sd,              /* get_sd */
+    default_set_sd,              /* set_sd */
    no_lookup_name,              /* lookup_name */
    no_open_file,                /* open_file */
    no_close_handle,             /* close_handle */
@ -121,6 +123,8 @@ static const struct object_ops startup_info_ops =
    no_signal,                     /* signal */
    no_get_fd,                     /* get_fd */
    no_map_access,                 /* map_access */
+    default_get_sd,                /* get_sd */
+    default_set_sd,                /* set_sd */
    no_lookup_name,                /* lookup_name */
    no_open_file,                  /* open_file */
    no_close_handle,               /* close_handle */
--- a/server/queue.c
+++ b/server/queue.c
@ -156,6 +156,8 @@ static const struct object_ops msg_queue_ops =
    no_signal,                 /* signal */
    no_get_fd,                 /* get_fd */
    no_map_access,             /* map_access */
+    default_get_sd,            /* get_sd */
+    default_set_sd,            /* set_sd */
    no_lookup_name,            /* lookup_name */
    no_open_file,              /* open_file */
    no_close_handle,           /* close_handle */
@ -186,6 +188,8 @@ static const struct object_ops thread_input_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    no_map_access,                /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    no_close_handle,              /* close_handle */
--- a/server/registry.c
+++ b/server/registry.c
@ -149,6 +149,8 @@ static const struct object_ops key_ops =
    no_signal,               /* signal */
    no_get_fd,               /* get_fd */
    key_map_access,          /* map_access */
+    default_get_sd,          /* get_sd */
+    default_set_sd,          /* set_sd */
    no_lookup_name,          /* lookup_name */
    no_open_file,            /* open_file */
    key_close_handle,        /* close_handle */
--- a/server/request.c
+++ b/server/request.c
@ -96,6 +96,8 @@ static const struct object_ops master_socket_ops =
    no_signal,                     /* signal */
    no_get_fd,                     /* get_fd */
    no_map_access,                 /* map_access */
+    default_get_sd,                /* get_sd */
+    default_set_sd,                /* set_sd */
    no_lookup_name,                /* lookup_name */
    no_open_file,                  /* open_file */
    no_close_handle,               /* close_handle */
--- a/server/semaphore.c
+++ b/server/semaphore.c
@ -59,6 +59,8 @@ static const struct object_ops semaphore_ops =
    semaphore_signal,              /* signal */
    no_get_fd,                     /* get_fd */
    semaphore_map_access,          /* map_access */
+    default_get_sd,                /* get_sd */
+    default_set_sd,                /* set_sd */
    no_lookup_name,                /* lookup_name */
    no_open_file,                  /* open_file */
    no_close_handle,               /* close_handle */
--- a/server/serial.c
+++ b/server/serial.c
@ -94,6 +94,8 @@ static const struct object_ops serial_ops =
    no_signal,                    /* signal */
    serial_get_fd,                /* get_fd */
    default_fd_map_access,        /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    fd_close_handle,              /* close_handle */
--- a/server/signal.c
+++ b/server/signal.c
@ -70,6 +70,8 @@ static const struct object_ops handler_ops =
    no_signal,                /* signal */
    no_get_fd,                /* get_fd */
    no_map_access,            /* map_access */
+    default_get_sd,           /* get_sd */
+    default_set_sd,           /* set_sd */
    no_lookup_name,           /* lookup_name */
    no_open_file,             /* open_file */
    no_close_handle,          /* close_handle */
--- a/server/snapshot.c
+++ b/server/snapshot.c
@ -68,6 +68,8 @@ static const struct object_ops snapshot_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    no_map_access,                /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    no_close_handle,              /* close_handle */
--- a/server/sock.c
+++ b/server/sock.c
@ -113,6 +113,8 @@ static const struct object_ops sock_ops =
    no_signal,                    /* signal */
    sock_get_fd,                  /* get_fd */
    default_fd_map_access,        /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    fd_close_handle,              /* close_handle */
--- a/server/symlink.c
+++ b/server/symlink.c
@ -62,6 +62,8 @@ static const struct object_ops symlink_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    symlink_map_access,           /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    symlink_lookup_name,          /* lookup_name */
    no_open_file,                 /* open_file */
    no_close_handle,              /* close_handle */
--- a/server/thread.c
+++ b/server/thread.c
@ -93,6 +93,8 @@ static const struct object_ops thread_apc_ops =
    no_signal,                  /* signal */
    no_get_fd,                  /* get_fd */
    no_map_access,              /* map_access */
+    default_get_sd,             /* get_sd */
+    default_set_sd,             /* set_sd */
    no_lookup_name,             /* lookup_name */
    no_open_file,               /* open_file */
    no_close_handle,            /* close_handle */
@ -119,6 +121,8 @@ static const struct object_ops thread_ops =
    no_signal,                  /* signal */
    no_get_fd,                  /* get_fd */
    thread_map_access,          /* map_access */
+    default_get_sd,             /* get_sd */
+    default_set_sd,             /* set_sd */
    no_lookup_name,             /* lookup_name */
    no_open_file,               /* open_file */
    no_close_handle,            /* close_handle */
--- a/server/timer.c
+++ b/server/timer.c
@ -67,6 +67,8 @@ static const struct object_ops timer_ops =
    no_signal,                 /* signal */
    no_get_fd,                 /* get_fd */
    timer_map_access,          /* map_access */
+    default_get_sd,            /* get_sd */
+    default_set_sd,            /* set_sd */
    no_lookup_name,            /* lookup_name */
    no_open_file,              /* open_file */
    no_close_handle,           /* close_handle */
--- a/server/token.c
+++ b/server/token.c
@ -129,6 +129,8 @@ static const struct object_ops token_ops =
    no_signal,                 /* signal */
    no_get_fd,                 /* get_fd */
    token_map_access,          /* map_access */
+    default_get_sd,            /* get_sd */
+    default_set_sd,            /* set_sd */
    no_lookup_name,            /* lookup_name */
    no_open_file,              /* open_file */
    no_close_handle,           /* close_handle */
--- a/server/winstation.c
+++ b/server/winstation.c
@ -63,6 +63,8 @@ static const struct object_ops winstation_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    winstation_map_access,        /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    winstation_close_handle,      /* close_handle */
@ -81,6 +83,8 @@ static const struct object_ops desktop_ops =
    no_signal,                    /* signal */
    no_get_fd,                    /* get_fd */
    desktop_map_access,           /* map_access */
+    default_get_sd,               /* get_sd */
+    default_set_sd,               /* set_sd */
    no_lookup_name,               /* lookup_name */
    no_open_file,                 /* open_file */
    desktop_close_handle,         /* close_handle */