* autoload.cc: Add load statemant for SetSecurityDescriptorControl.

* security.cc (alloc_sd): Always set SE_DACL_PROTECTED flag on
        Win2K and higher.
This commit is contained in:
Corinna Vinschen
2000-12-20 12:42:43 +00:00
parent e625e1b99e
commit aa2b85cc90
3 changed files with 22 additions and 0 deletions

View File

@@ -915,6 +915,21 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
return NULL;
}
/*
* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being modified
* by inheritable ACEs.
* This flag as well as the SetSecurityDescriptorControl call are available only
* since Win2K.
*/
static int win2KorHigher = -1;
if (win2KorHigher == -1)
{
DWORD version = GetVersion ();
win2KorHigher = (version & 0x80000000) || (version & 0xff) < 5 ? 0 : 1;
}
if (win2KorHigher > 0)
SetSecurityDescriptorControl (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
/* Create owner for local security descriptor. */
if (! SetSecurityDescriptorOwner(&sd, owner_sid, FALSE))
{