wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-01-28 22:04:43 -08:00
Code Issues Packages Projects Releases Wiki Activity

Replaced patch for shell32-Default_Folder_ACLs.

Browse Source 
The old patch contained several issues, including invalid memory access, a memory leak,
and wrong DACL size calculation. This updated version simplifies the logic a bit and should
fix those issues.
This commit is contained in:
Sebastian Lackner 2014-10-19 06:53:16 +02:00
parent 2f5a9b7ba1
commit 4410ccbead
4 changed files with 75 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/changelog vendored
View File

@ -1,5 +1,6 @@
wine-compholio (1.7.29) UNRELEASED; urgency=low
* Updated DOS Attributes patch to better detect XATTR functions.
* Updated patch for shell32 default folder ACLs.
* Updated NtQuerySection patch.
* Added patch to support IDF_CHECKFIRST in SetupPromptForDisk.
* Added patch to fix issues when executing pages with guard page / write watch permissions.
@ -17,7 +18,7 @@ wine-compholio (1.7.29) UNRELEASED; urgency=low
* Removed patch to fix issues with drag image in ImageLists (accepted upstream).
* Removed patch to set ldr.EntryPoint for main executable (accepted upstream).
* Removed patch to implement stubs for [Get|Set]SystemFileCacheSize (accepted upstream).
* Removed patches for ATL thunk patches (accepted upstream).
* Removed patches for ATL thunk implementation (accepted upstream).
* Partially removed patches for WRITECOPY memory protection (accepted upstream).
-- Sebastian Lackner <sebastian@fds-team.de> Mon, 06 Oct 2014 01:02:37 +0200

4
patches/Makefile
View File

@ -1186,7 +1186,7 @@ shdocvw-ParseURLFromOutsideSource_Tests.ok:
# Patchset shell32-Default_Folder_ACLs
# |
# | Included patches:
# | * Generate default ACLs for user shell folders. [rev 6, by Erich E. Hoover]
# | * Generate default ACLs for user shell folders. [rev 7, by Sebastian Lackner]
# |
# | Modified files:
# | * dlls/shell32/shellpath.c
@ -1195,7 +1195,7 @@ shdocvw-ParseURLFromOutsideSource_Tests.ok:
shell32-Default_Folder_ACLs.ok:
$(call APPLY_FILE,shell32-Default_Folder_ACLs/0001-shell32-Set-the-default-security-attributes-for-user.patch)
@( \
echo '+ { "shell32-Default_Folder_ACLs", "Erich E. Hoover", "Generate default ACLs for user shell folders. [rev 6]" },'; \
echo '+ { "shell32-Default_Folder_ACLs", "Sebastian Lackner", "Generate default ACLs for user shell folders. [rev 7]" },'; \
) > shell32-Default_Folder_ACLs.ok
# Patchset shell32-Default_Path

142
patches/shell32-Default_Folder_ACLs/0001-shell32-Set-the-default-security-attributes-for-user.patch
View File

@ -1,103 +1,99 @@
From 5acc23c9ced211c685c64716f20eecbdb8f2aa27 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Tue, 25 Feb 2014 10:44:36 -0700
From 8ce582105c47e7c2b58dc06770c5dba00faa89a3 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Sun, 19 Oct 2014 06:47:11 +0200
Subject: shell32: Set the default security attributes for user shell folders.
Based on a patch by Erich E. Hoover.
---
dlls/shell32/shellpath.c | 101 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 100 insertions(+), 1 deletion(-)
dlls/shell32/shellpath.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 95 insertions(+), 1 deletion(-)
diff --git a/dlls/shell32/shellpath.c b/dlls/shell32/shellpath.c
index f92d56e..0ca7211 100644
index f92d56e..b6ac04b 100644
--- a/dlls/shell32/shellpath.c
+++ b/dlls/shell32/shellpath.c
@@ -2200,6 +2200,85 @@ cleanup:
@@ -2200,6 +2200,80 @@ cleanup:
return hr;
}
+static BOOL alloc_sid( PSID src, PSID *dst )
+static PSID get_user_sid( TOKEN_USER **user )
+{
+ return AllocateAndInitializeSid(GetSidIdentifierAuthority(src), *GetSidSubAuthorityCount(src),
+ *GetSidSubAuthority(src, 0), *GetSidSubAuthority(src, 1),
+ *GetSidSubAuthority(src, 2), *GetSidSubAuthority(src, 3),
+ *GetSidSubAuthority(src, 4), *GetSidSubAuthority(src, 5),
+ *GetSidSubAuthority(src, 6), *GetSidSubAuthority(src, 7), dst);
+}
+
+static PSID get_user_sid( void )
+{
+ PSID ret = NULL, user_sid;
+ TOKEN_USER *user = NULL;
+ DWORD user_size = 0;
+ HANDLE token;
+
+ if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token))
+ if (OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token) ||
+ (GetLastError() == ERROR_NO_TOKEN &&
+ OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)))
+ {
+ if (GetLastError() != ERROR_NO_TOKEN) return NULL;
+ if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) return NULL;
+ if (!GetTokenInformation(token, TokenUser, NULL, 0, &user_size) &&
+ GetLastError() == ERROR_INSUFFICIENT_BUFFER &&
+ (*user = HeapAlloc(GetProcessHeap(), 0, user_size)))
+ {
+ if (GetTokenInformation(token, TokenUser, *user, user_size, &user_size))
+ {
+ CloseHandle(token);
+ return (*user)->User.Sid;
+ }
+ HeapFree(GetProcessHeap(), 0, *user);
+ }
+ CloseHandle(token);
+ }
+ GetTokenInformation(token, TokenUser, NULL, 0, &user_size);
+ if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto cleanup;
+ if ((user = HeapAlloc(GetProcessHeap(), 0, user_size)) == NULL) goto cleanup;
+ if (!GetTokenInformation(token, TokenUser, user, user_size, &user_size)) goto cleanup;
+ user_sid = user->User.Sid;
+ alloc_sid(user_sid, &ret);
+
+cleanup:
+ HeapFree(GetProcessHeap(), 0, user);
+ CloseHandle(token);
+ return ret;
+ return NULL;
+}
+
+static PSID get_admin_sid( void )
+{
+ PSID ret = NULL, admin_sid = NULL;
+ DWORD admin_size = 0;
+
+ CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, NULL, &admin_size);
+ if(GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto cleanup;
+ if((admin_sid = HeapAlloc(GetProcessHeap(), 0, admin_size)) == NULL) goto cleanup;
+ if(!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &admin_size)) goto cleanup;
+ alloc_sid(admin_sid, &ret);
+
+cleanup:
+ HeapFree(GetProcessHeap(), 0, admin_sid);
+ return ret;
+ DWORD sid_size = 0;
+ PSID admin_sid;
+ if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, NULL, &sid_size) &&
+ GetLastError() == ERROR_INSUFFICIENT_BUFFER &&
+ (admin_sid = HeapAlloc(GetProcessHeap(), 0, sid_size)))
+ {
+ if (CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size))
+ return admin_sid;
+ HeapFree(GetProcessHeap(), 0, admin_sid);
+ }
+ return NULL;
+}
+
+static PSECURITY_DESCRIPTOR _SHGetUserSecurityDescriptor( void )
+{
+ PACL dacl = HeapAlloc(GetProcessHeap(), 0, 100);
+ PSECURITY_DESCRIPTOR sd = NULL, ret = NULL;
+ PSID admin_sid = NULL, user_sid = NULL;
+ DWORD dacl_size;
+ PSID user_sid, admin_sid = NULL;
+ SECURITY_DESCRIPTOR *sd = NULL;
+ TOKEN_USER *user = NULL;
+
+ if ((user_sid = get_user_sid()) == NULL) goto cleanup;
+ if ((admin_sid = get_admin_sid()) == NULL) goto cleanup;
+ dacl_size = 2 * sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(user_sid) + GetLengthSid(admin_sid);
+ if ((sd = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH + dacl_size)) == NULL) goto cleanup;
+ if ((user_sid = get_user_sid( &user )) &&
+ (admin_sid = get_admin_sid()))
+ {
+ DWORD dacl_size = sizeof(ACL) + 2 * sizeof(ACE_HEADER) + 2 * sizeof(DWORD) +
+ GetLengthSid(user_sid) + GetLengthSid(admin_sid);
+ if ((sd = HeapAlloc(GetProcessHeap(), 0, sizeof(SECURITY_DESCRIPTOR) + dacl_size)))
+ {
+ PACL dacl = (ACL *)(sd + 1);
+ if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION) ||
+ !InitializeAcl(dacl, dacl_size, ACL_REVISION) ||
+ !AddAccessAllowedAceEx(dacl, ACL_REVISION,
+ OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+ GENERIC_ALL, user_sid) ||
+ !AddAccessAllowedAceEx(dacl, ACL_REVISION,
+ OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+ GENERIC_ALL, admin_sid) ||
+ !SetSecurityDescriptorDacl(sd, TRUE, dacl, FALSE))
+ {
+ HeapFree(GetProcessHeap(), 0, sd);
+ sd = NULL;
+ }
+ }
+ }
+
+ /* build the DACL */
+ if(!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) goto cleanup;
+ if(!InitializeAcl(dacl, dacl_size, ACL_REVISION)) goto cleanup;
+ if(!AddAccessAllowedAceEx(dacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE,
+ GENERIC_ALL, user_sid)) goto cleanup;
+ if(!AddAccessAllowedAceEx(dacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE,
+ GENERIC_ALL, admin_sid)) goto cleanup;
+ if(!SetSecurityDescriptorDacl(sd, TRUE, dacl, FALSE)) goto cleanup;
+ ret = sd;
+
+cleanup:
+ FreeSid(user_sid);
+ FreeSid(admin_sid);
+ if(ret == NULL) HeapFree(GetProcessHeap(), 0, sd);
+ return ret;
+ HeapFree(GetProcessHeap(), 0, admin_sid);
+ HeapFree(GetProcessHeap(), 0, user);
+ return sd;
+}
+
/*************************************************************************
* SHGetFolderPathAndSubDirW [SHELL32.@]
*/
@@ -2211,6 +2290,8 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
@@ -2211,6 +2285,8 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
LPCWSTR pszSubPath,/* [I] sub directory of the specified folder */
LPWSTR pszPath) /* [O] converted path */
{
@ -106,7 +102,7 @@ index f92d56e..0ca7211 100644
HRESULT hr;
WCHAR szBuildPath[MAX_PATH], szTemp[MAX_PATH];
DWORD folder = nFolder & CSIDL_FOLDER_MASK;
@@ -2323,8 +2404,25 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
@@ -2323,8 +2399,25 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
goto end;
}
@ -133,7 +129,7 @@ index f92d56e..0ca7211 100644
if (ret && ret != ERROR_ALREADY_EXISTS)
{
ERR("Failed to create directory %s.\n", debugstr_w(szBuildPath));
@@ -2334,6 +2432,7 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
@@ -2334,6 +2427,7 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
TRACE("Created missing system directory %s\n", debugstr_w(szBuildPath));
end:
@ -142,5 +138,5 @@ index f92d56e..0ca7211 100644
return hr;
}
--
1.7.9.5
2.1.2

4
patches/shell32-Default_Folder_ACLs/definition
View File

@ -1,4 +1,4 @@
Author: Erich E. Hoover
Author: Sebastian Lackner
Subject: Generate default ACLs for user shell folders.
Revision: 6
Revision: 7
Fixes: Add default ACLs for user shell folders