From 24af6f3e0185e0d61327093bfa6c25de124bfbbf Mon Sep 17 00:00:00 2001
From: Hans Leidekker <hans@codeweavers.com>
Date: Tue, 21 Apr 2009 09:53:16 +0200
Subject: [PATCH] server: Add requests to set and retrieve default dacl.

---
 include/wine/server_protocol.h | 32 ++++++++++++++++++++++-
 server/protocol.def            | 12 +++++++++
 server/request.h               |  9 +++++++
 server/token.c                 | 46 ++++++++++++++++++++++++++++++++++
 server/trace.c                 | 30 ++++++++++++++++++++++
 5 files changed, 128 insertions(+), 1 deletion(-)

diff --git a/include/wine/server_protocol.h b/include/wine/server_protocol.h
index 31ef863261..f819686092 100644
--- a/include/wine/server_protocol.h
+++ b/include/wine/server_protocol.h
@@ -4100,6 +4100,30 @@ struct get_token_groups_reply
     char __pad_12[4];
 };
 
+struct get_token_default_dacl_request
+{
+    struct request_header __header;
+    obj_handle_t    handle;
+};
+struct get_token_default_dacl_reply
+{
+    struct reply_header __header;
+    data_size_t     acl_len;
+    /* VARARG(acl,ACL); */
+    char __pad_12[4];
+};
+
+struct set_token_default_dacl_request
+{
+    struct request_header __header;
+    obj_handle_t    handle;
+    /* VARARG(acl,ACL); */
+};
+struct set_token_default_dacl_reply
+{
+    struct reply_header __header;
+};
+
 struct set_security_object_request
 {
     struct request_header __header;
@@ -4765,6 +4789,8 @@ enum request
     REQ_access_check,
     REQ_get_token_user,
     REQ_get_token_groups,
+    REQ_get_token_default_dacl,
+    REQ_set_token_default_dacl,
     REQ_set_security_object,
     REQ_get_security_object,
     REQ_create_mailslot,
@@ -5008,6 +5034,8 @@ union generic_request
     struct access_check_request access_check_request;
     struct get_token_user_request get_token_user_request;
     struct get_token_groups_request get_token_groups_request;
+    struct get_token_default_dacl_request get_token_default_dacl_request;
+    struct set_token_default_dacl_request set_token_default_dacl_request;
     struct set_security_object_request set_security_object_request;
     struct get_security_object_request get_security_object_request;
     struct create_mailslot_request create_mailslot_request;
@@ -5249,6 +5277,8 @@ union generic_reply
     struct access_check_reply access_check_reply;
     struct get_token_user_reply get_token_user_reply;
     struct get_token_groups_reply get_token_groups_reply;
+    struct get_token_default_dacl_reply get_token_default_dacl_reply;
+    struct set_token_default_dacl_reply set_token_default_dacl_reply;
     struct set_security_object_reply set_security_object_reply;
     struct get_security_object_reply get_security_object_reply;
     struct create_mailslot_reply create_mailslot_reply;
@@ -5280,6 +5310,6 @@ union generic_reply
     struct set_window_layered_info_reply set_window_layered_info_reply;
 };
 
-#define SERVER_PROTOCOL_VERSION 385
+#define SERVER_PROTOCOL_VERSION 386
 
 #endif /* __WINE_WINE_SERVER_PROTOCOL_H */
diff --git a/server/protocol.def b/server/protocol.def
index 004f4c9d51..8ae653bea3 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -2896,6 +2896,18 @@ enum message_type
     VARARG(user,token_groups); /* groups the token's user belongs to */
 @END
 
+@REQ(get_token_default_dacl)
+    obj_handle_t    handle;     /* handle to the token */
+@REPLY
+    data_size_t     acl_len;    /* length needed to store access control list */
+    VARARG(acl,ACL);            /* access control list */
+@END
+
+@REQ(set_token_default_dacl)
+    obj_handle_t    handle;     /* handle to the token */
+    VARARG(acl,ACL);            /* default dacl to set */
+@END
+
 @REQ(set_security_object)
     obj_handle_t    handle;       /* handle to the object */
     unsigned int    security_info; /* which parts of security descriptor to set */
diff --git a/server/request.h b/server/request.h
index f0ebcbabcf..f85756c8f8 100644
--- a/server/request.h
+++ b/server/request.h
@@ -318,6 +318,8 @@ DECL_HANDLER(duplicate_token);
 DECL_HANDLER(access_check);
 DECL_HANDLER(get_token_user);
 DECL_HANDLER(get_token_groups);
+DECL_HANDLER(get_token_default_dacl);
+DECL_HANDLER(set_token_default_dacl);
 DECL_HANDLER(set_security_object);
 DECL_HANDLER(get_security_object);
 DECL_HANDLER(create_mailslot);
@@ -560,6 +562,8 @@ static const req_handler req_handlers[REQ_NB_REQUESTS] =
     (req_handler)req_access_check,
     (req_handler)req_get_token_user,
     (req_handler)req_get_token_groups,
+    (req_handler)req_get_token_default_dacl,
+    (req_handler)req_set_token_default_dacl,
     (req_handler)req_set_security_object,
     (req_handler)req_get_security_object,
     (req_handler)req_create_mailslot,
@@ -1750,6 +1754,11 @@ C_ASSERT( sizeof(struct get_token_user_reply) == 16 );
 C_ASSERT( FIELD_OFFSET(struct get_token_groups_request, handle) == 12 );
 C_ASSERT( FIELD_OFFSET(struct get_token_groups_reply, user_len) == 8 );
 C_ASSERT( sizeof(struct get_token_groups_reply) == 16 );
+C_ASSERT( FIELD_OFFSET(struct get_token_default_dacl_request, handle) == 12 );
+C_ASSERT( FIELD_OFFSET(struct get_token_default_dacl_reply, acl_len) == 8 );
+C_ASSERT( sizeof(struct get_token_default_dacl_reply) == 16 );
+C_ASSERT( FIELD_OFFSET(struct set_token_default_dacl_request, handle) == 12 );
+C_ASSERT( sizeof(struct set_token_default_dacl_request) == 16 );
 C_ASSERT( FIELD_OFFSET(struct set_security_object_request, handle) == 12 );
 C_ASSERT( FIELD_OFFSET(struct set_security_object_request, security_info) == 16 );
 C_ASSERT( sizeof(struct set_security_object_request) == 24 );
diff --git a/server/token.c b/server/token.c
index 7352ec2050..ce896ac17d 100644
--- a/server/token.c
+++ b/server/token.c
@@ -1344,3 +1344,49 @@ DECL_HANDLER(get_token_statistics)
         release_object( token );
     }
 }
+
+DECL_HANDLER(get_token_default_dacl)
+{
+    struct token *token;
+
+    reply->acl_len = 0;
+
+    if ((token = (struct token *)get_handle_obj( current->process, req->handle,
+                                                 TOKEN_QUERY,
+                                                 &token_ops )))
+    {
+        if (token->default_dacl)
+            reply->acl_len = token->default_dacl->AclSize;
+
+        if (reply->acl_len <= get_reply_max_size())
+        {
+            ACL *acl_reply = set_reply_data_size( reply->acl_len );
+            if (acl_reply)
+                memcpy( acl_reply, token->default_dacl, reply->acl_len );
+        }
+        else set_error( STATUS_BUFFER_TOO_SMALL );
+
+        release_object( token );
+    }
+}
+
+DECL_HANDLER(set_token_default_dacl)
+{
+    struct token *token;
+
+    if ((token = (struct token *)get_handle_obj( current->process, req->handle,
+                                                 TOKEN_ADJUST_DEFAULT,
+                                                 &token_ops )))
+    {
+        const ACL *acl = get_req_data();
+        unsigned int acl_size = get_req_data_size();
+
+        free( token->default_dacl );
+        token->default_dacl = NULL;
+
+        if (acl_size)
+            token->default_dacl = memdup( acl, acl_size );
+
+        release_object( token );
+    }
+}
diff --git a/server/trace.c b/server/trace.c
index 4a7bfa54b8..6781ef7f39 100644
--- a/server/trace.c
+++ b/server/trace.c
@@ -907,6 +907,13 @@ static void dump_inline_acl( const char *prefix, const ACL *acl, data_size_t siz
     fputc( '}', stderr );
 }
 
+static void dump_varargs_ACL( const char *prefix, data_size_t size )
+{
+    const ACL *acl = cur_data;
+    dump_inline_acl( prefix, acl, size );
+    remove_data( size );
+}
+
 static void dump_inline_security_descriptor( const char *prefix, const struct security_descriptor *sd, data_size_t size )
 {
     fprintf( stderr,"%s{", prefix );
@@ -3461,6 +3468,23 @@ static void dump_get_token_groups_reply( const struct get_token_groups_reply *re
     dump_varargs_token_groups( ", user=", cur_size );
 }
 
+static void dump_get_token_default_dacl_request( const struct get_token_default_dacl_request *req )
+{
+    fprintf( stderr, " handle=%04x", req->handle );
+}
+
+static void dump_get_token_default_dacl_reply( const struct get_token_default_dacl_reply *req )
+{
+    fprintf( stderr, " acl_len=%u", req->acl_len );
+    dump_varargs_ACL( ", acl=", cur_size );
+}
+
+static void dump_set_token_default_dacl_request( const struct set_token_default_dacl_request *req )
+{
+    fprintf( stderr, " handle=%04x", req->handle );
+    dump_varargs_ACL( ", acl=", cur_size );
+}
+
 static void dump_set_security_object_request( const struct set_security_object_request *req )
 {
     fprintf( stderr, " handle=%04x", req->handle );
@@ -3995,6 +4019,8 @@ static const dump_func req_dumpers[REQ_NB_REQUESTS] = {
     (dump_func)dump_access_check_request,
     (dump_func)dump_get_token_user_request,
     (dump_func)dump_get_token_groups_request,
+    (dump_func)dump_get_token_default_dacl_request,
+    (dump_func)dump_set_token_default_dacl_request,
     (dump_func)dump_set_security_object_request,
     (dump_func)dump_get_security_object_request,
     (dump_func)dump_create_mailslot_request,
@@ -4234,6 +4260,8 @@ static const dump_func reply_dumpers[REQ_NB_REQUESTS] = {
     (dump_func)dump_access_check_reply,
     (dump_func)dump_get_token_user_reply,
     (dump_func)dump_get_token_groups_reply,
+    (dump_func)dump_get_token_default_dacl_reply,
+    NULL,
     NULL,
     (dump_func)dump_get_security_object_reply,
     (dump_func)dump_create_mailslot_reply,
@@ -4473,6 +4501,8 @@ static const char * const req_names[REQ_NB_REQUESTS] = {
     "access_check",
     "get_token_user",
     "get_token_groups",
+    "get_token_default_dacl",
+    "set_token_default_dacl",
     "set_security_object",
     "get_security_object",
     "create_mailslot",