[ros-diffs] [ekohl] 66148: [NTOSKRNL] SeAssignSecurityEx: Add support for SEF_DEFAULT_OWNER_FROM_PARENT and SEF_DEFAULT_GROUP_FROM_PARENT. This fixes several kmtest:SeInheritance bugs.

1 Feb 2015

Author: ekohl
Date: Sun Feb  1 23:01:31 2015
New Revision: 66148

URL: http://svn.reactos.org/svn/reactos?rev=66148&view=rev
Log:
[NTOSKRNL]
SeAssignSecurityEx: Add support for SEF_DEFAULT_OWNER_FROM_PARENT and
SEF_DEFAULT_GROUP_FROM_PARENT.
This fixes several kmtest:SeInheritance bugs.

Modified:
    trunk/reactos/ntoskrnl/se/sd.c

Modified: trunk/reactos/ntoskrnl/se/sd.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/sd.c?rev=66148…
==============================================================================

--- trunk/reactos/ntoskrnl/se/sd.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/sd.c	[iso-8859-1] Sun Feb  1 23:01:31 2015
@@ -1184,8 +1184,27 @@
     }
     if (!Owner)
     {
-        DPRINT("Use token owner sid!\n");
-        Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
+        if (AutoInheritFlags & 0x20 /* FIXME: SEF_DEFAULT_OWNER_FROM_PARENT */)
+        {
+            DPRINT("Use parent owner sid!\n");
+            if (!ARGUMENT_PRESENT(ParentDescriptor))
+            {
+                SeUnlockSubjectContext(SubjectContext);
+                return STATUS_INVALID_OWNER;
+            }
+
+            Owner = SepGetOwnerFromDescriptor(ParentDescriptor);
+            if (!Owner)
+            {
+                SeUnlockSubjectContext(SubjectContext);
+                return STATUS_INVALID_OWNER;
+            }
+        }
+        else
+        {
+            DPRINT("Use token owner sid!\n");
+            Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
+        }
     }
     OwnerLength = RtlLengthSid(Owner);
     NT_ASSERT(OwnerLength % sizeof(ULONG) == 0);
@@ -1197,8 +1216,27 @@
     }
     if (!Group)
     {
-        DPRINT("Use token group sid!\n");
-        Group = Token->PrimaryGroup;
+        if (AutoInheritFlags & 0x40 /* FIXME: SEF_DEFAULT_GROUP_FROM_PARENT */)
+        {
+            DPRINT("Use parent group sid!\n");
+            if (!ARGUMENT_PRESENT(ParentDescriptor))
+            {
+                SeUnlockSubjectContext(SubjectContext);
+                return STATUS_INVALID_PRIMARY_GROUP;
+            }
+
+            Group = SepGetGroupFromDescriptor(ParentDescriptor);
+            if (!Group)
+            {
+                SeUnlockSubjectContext(SubjectContext);
+                return STATUS_INVALID_PRIMARY_GROUP;
+            }
+        }
+        else
+        {
+            DPRINT("Use token group sid!\n");
+            Group = Token->PrimaryGroup;
+        }
     }
     if (!Group)
     {



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [ekohl] 66148: [NTOSKRNL] SeAssignSecurityEx: Add support for SEF_DEFAULT_OWNER_FROM_PARENT and SEF_DEFAULT_GROUP_FROM_PARENT. This fixes several kmtest:SeInheritance bugs.