Author: ekohl Date: Sun Feb 1 23:01:31 2015 New Revision: 66148
URL: http://svn.reactos.org/svn/reactos?rev=66148&view=rev Log: [NTOSKRNL] SeAssignSecurityEx: Add support for SEF_DEFAULT_OWNER_FROM_PARENT and SEF_DEFAULT_GROUP_FROM_PARENT. This fixes several kmtest:SeInheritance bugs.
Modified: trunk/reactos/ntoskrnl/se/sd.c
Modified: trunk/reactos/ntoskrnl/se/sd.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/sd.c?rev=66148&... ============================================================================== --- trunk/reactos/ntoskrnl/se/sd.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/sd.c [iso-8859-1] Sun Feb 1 23:01:31 2015 @@ -1184,8 +1184,27 @@ } if (!Owner) { - DPRINT("Use token owner sid!\n"); - Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid; + if (AutoInheritFlags & 0x20 /* FIXME: SEF_DEFAULT_OWNER_FROM_PARENT */) + { + DPRINT("Use parent owner sid!\n"); + if (!ARGUMENT_PRESENT(ParentDescriptor)) + { + SeUnlockSubjectContext(SubjectContext); + return STATUS_INVALID_OWNER; + } + + Owner = SepGetOwnerFromDescriptor(ParentDescriptor); + if (!Owner) + { + SeUnlockSubjectContext(SubjectContext); + return STATUS_INVALID_OWNER; + } + } + else + { + DPRINT("Use token owner sid!\n"); + Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid; + } } OwnerLength = RtlLengthSid(Owner); NT_ASSERT(OwnerLength % sizeof(ULONG) == 0); @@ -1197,8 +1216,27 @@ } if (!Group) { - DPRINT("Use token group sid!\n"); - Group = Token->PrimaryGroup; + if (AutoInheritFlags & 0x40 /* FIXME: SEF_DEFAULT_GROUP_FROM_PARENT */) + { + DPRINT("Use parent group sid!\n"); + if (!ARGUMENT_PRESENT(ParentDescriptor)) + { + SeUnlockSubjectContext(SubjectContext); + return STATUS_INVALID_PRIMARY_GROUP; + } + + Group = SepGetGroupFromDescriptor(ParentDescriptor); + if (!Group) + { + SeUnlockSubjectContext(SubjectContext); + return STATUS_INVALID_PRIMARY_GROUP; + } + } + else + { + DPRINT("Use token group sid!\n"); + Group = Token->PrimaryGroup; + } } if (!Group) {