server: Ignore ACEs with the INHERIT_ONLY_ACE flag set during access checks.

2007-10-25 16:19:54 +01:00 · 2007-10-25 16:19:54 +01:00 · e51f8490f2
parent 340122abb7
commit e51f8490f2
2 changed files with 5 additions and 5 deletions
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@ -908,10 +908,8 @@ static void test_AccessCheck(void)
                      PrivSet, &PrivSetLen, &Access, &AccessStatus);
    ok(ret, "AccessCheck failed with error %d\n", GetLastError());
    err = GetLastError();
-    todo_wine
    ok(!AccessStatus && err == ERROR_ACCESS_DENIED, "AccessCheck should have failed "
       "with ERROR_ACCESS_DENIED, instead of %d\n", err);
-    todo_wine
    ok(!Access, "Should have failed to grant any access, got 0x%08x\n", Access);

    CloseHandle(Token);
--- a/server/token.c
+++ b/server/token.c
@ -895,11 +895,15 @@ static unsigned int token_access_check( struct token *token,

    /* 4: Grant rights according to the DACL */
    ace = (const ACE_HEADER *)(dacl + 1);
-    for (i = 0; i < dacl->AceCount; i++)
+    for (i = 0; i < dacl->AceCount; i++, ace = ace_next( ace ))
    {
        const ACCESS_ALLOWED_ACE *aa_ace;
        const ACCESS_DENIED_ACE *ad_ace;
        const SID *sid;
+
+        if (ace->AceFlags & INHERIT_ONLY_ACE)
+            continue;
+
        switch (ace->AceType)
        {
        case ACCESS_DENIED_ACE_TYPE:
@ -937,8 +941,6 @@ static unsigned int token_access_check( struct token *token,
            * rights we need */
        if (desired_access == *granted_access)
            break;
-
-        ace = ace_next( ace );
    }

 done: