From 5d8ef8d88105f566ccf5aab61be0b8811ad161da Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Wed, 27 Mar 2024 18:08:14 -0500 Subject: [PATCH] Rebase against e01cb2b9156f808acc279a1b4753a48de0fda327. --- ...ment-FltBuildDefaultSecurityDescript.patch | 153 ------------------ ...002-fltmgr.sys-Create-import-library.patch | 23 --- ...-FltBuildDefaultSecurityDescriptor-t.patch | 133 --------------- .../definition | 2 - ...ice-Load-some-common-drivers-and-fix.patch | 20 +-- staging/upstream-commit | 2 +- 6 files changed, 11 insertions(+), 322 deletions(-) delete mode 100644 patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0001-fltmgr.sys-Implement-FltBuildDefaultSecurityDescript.patch delete mode 100644 patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0002-fltmgr.sys-Create-import-library.patch delete mode 100644 patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0003-ntoskrnl.exe-Add-FltBuildDefaultSecurityDescriptor-t.patch delete mode 100644 patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/definition diff --git a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0001-fltmgr.sys-Implement-FltBuildDefaultSecurityDescript.patch b/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0001-fltmgr.sys-Implement-FltBuildDefaultSecurityDescript.patch deleted file mode 100644 index 8be6d21b..00000000 --- a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0001-fltmgr.sys-Implement-FltBuildDefaultSecurityDescript.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 8caf8262a8ae8b5f0275172a62d807240d86968d Mon Sep 17 00:00:00 2001 -From: Alistair Leslie-Hughes -Date: Sun, 29 Aug 2021 13:26:53 +1000 -Subject: [PATCH 1/3] fltmgr.sys: Implement FltBuildDefaultSecurityDescriptor - -Signed-off-by: Alistair Leslie-Hughes ---- - dlls/fltmgr.sys/Makefile.in | 1 + - dlls/fltmgr.sys/fltmgr.sys.spec | 4 +- - dlls/fltmgr.sys/main.c | 75 ++++++++++++++++++++++++++++++++- - include/ddk/fltkernel.h | 3 +- - 4 files changed, 79 insertions(+), 4 deletions(-) - -diff --git a/dlls/fltmgr.sys/Makefile.in b/dlls/fltmgr.sys/Makefile.in -index 6ebd48d9412..ae0e812cb22 100644 ---- a/dlls/fltmgr.sys/Makefile.in -+++ b/dlls/fltmgr.sys/Makefile.in -@@ -1,5 +1,6 @@ - MODULE = fltmgr.sys - EXTRADLLFLAGS = -Wl,--subsystem,native -+IMPORTS = ntoskrnl - - SOURCES = \ - fltmgr.sys.spec \ -diff --git a/dlls/fltmgr.sys/fltmgr.sys.spec b/dlls/fltmgr.sys/fltmgr.sys.spec -index 39ce6798178..8943b9f85cf 100644 ---- a/dlls/fltmgr.sys/fltmgr.sys.spec -+++ b/dlls/fltmgr.sys/fltmgr.sys.spec -@@ -10,7 +10,7 @@ - @ stub FltAllocatePoolAlignedWithTag - @ stub FltAttachVolume - @ stub FltAttachVolumeAtAltitude --@ stub FltBuildDefaultSecurityDescriptor -+@ stdcall FltBuildDefaultSecurityDescriptor(ptr long) - @ stub FltCancelFileOpen - @ stub FltCancelIo - @ stub FltCbdqDisable -@@ -60,7 +60,7 @@ - @ stub FltFreeFileLock - @ stub FltFreeGenericWorkItem - @ stub FltFreePoolAlignedWithTag --@ stub FltFreeSecurityDescriptor -+@ stdcall FltFreeSecurityDescriptor(ptr) - @ stub FltFsControlFile - @ stub FltGetBottomInstance - @ stub FltGetContexts -diff --git a/dlls/fltmgr.sys/main.c b/dlls/fltmgr.sys/main.c -index e1016a4989c..9a85f4b6c82 100644 ---- a/dlls/fltmgr.sys/main.c -+++ b/dlls/fltmgr.sys/main.c -@@ -23,7 +23,6 @@ - #include "ntstatus.h" - #define WIN32_NO_STATUS - #include "windef.h" --#include "winbase.h" - #include "winternl.h" - #include "ddk/fltkernel.h" - -@@ -93,3 +92,77 @@ void* WINAPI FltGetRoutineAddress(LPCSTR name) - - return func; - } -+ -+NTSTATUS WINAPI FltBuildDefaultSecurityDescriptor(PSECURITY_DESCRIPTOR *descriptor, ACCESS_MASK access) -+{ -+ PACL dacl; -+ NTSTATUS ret = STATUS_INSUFFICIENT_RESOURCES; -+ DWORD sid_len; -+ SID *sid; -+ SID *sid_system = NULL; -+ PSECURITY_DESCRIPTOR sec_desc = NULL; -+ SID_IDENTIFIER_AUTHORITY auth = { SECURITY_NULL_SID_AUTHORITY }; -+ -+ *descriptor = NULL; -+ -+ sid_len = RtlLengthRequiredSid(2); -+ sid = ExAllocatePool(PagedPool, sid_len); -+ if (!sid) -+ goto done; -+ RtlInitializeSid(sid, &auth, 2); -+ sid->SubAuthority[1] = DOMAIN_GROUP_RID_ADMINS; -+ sid->SubAuthority[0] = SECURITY_BUILTIN_DOMAIN_RID; -+ -+ sid_len = RtlLengthRequiredSid(1); -+ sid_system = ExAllocatePool(PagedPool, sid_len); -+ if (!sid_system) -+ goto done; -+ RtlInitializeSid(sid_system, &auth, 1); -+ sid_system->SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID; -+ -+ sid_len = SECURITY_DESCRIPTOR_MIN_LENGTH + sizeof(ACL) + -+ sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid) + -+ sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid_system); -+ -+ sec_desc = ExAllocatePool(PagedPool, sid_len); -+ if (!sec_desc) -+ { -+ ret = STATUS_NO_MEMORY; -+ goto done; -+ } -+ -+ ret = RtlCreateSecurityDescriptor(sec_desc, SECURITY_DESCRIPTOR_REVISION); -+ if (ret != STATUS_SUCCESS) -+ goto done; -+ -+ dacl = (PACL)((char*)sec_desc + SECURITY_DESCRIPTOR_MIN_LENGTH); -+ ret = RtlCreateAcl(dacl, sid_len - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION); -+ if (ret != STATUS_SUCCESS) -+ goto done; -+ -+ ret = RtlAddAccessAllowedAce(dacl, ACL_REVISION, access, sid); -+ if (ret != STATUS_SUCCESS) -+ goto done; -+ -+ ret = RtlAddAccessAllowedAce(dacl, ACL_REVISION, access, sid_system); -+ if (ret != STATUS_SUCCESS) -+ goto done; -+ -+ ret = RtlSetDaclSecurityDescriptor(sec_desc, 1, dacl, 0); -+ if (ret == STATUS_SUCCESS) -+ *descriptor = sec_desc; -+ -+done: -+ if (ret != STATUS_SUCCESS) -+ ExFreePool(sec_desc); -+ -+ ExFreePool(sid); -+ ExFreePool(sid_system); -+ -+ return ret; -+} -+ -+void WINAPI FltFreeSecurityDescriptor(PSECURITY_DESCRIPTOR descriptor) -+{ -+ ExFreePool(descriptor); -+} -diff --git a/include/ddk/fltkernel.h b/include/ddk/fltkernel.h -index 49c9d55dbaa..e5483d5a3fa 100644 ---- a/include/ddk/fltkernel.h -+++ b/include/ddk/fltkernel.h -@@ -653,7 +653,8 @@ typedef struct _FLT_REGISTRATION - PFLT_SECTION_CONFLICT_NOTIFICATION_CALLBACK SectionNotificationCallback; - } FLT_REGISTRATION, *PFLT_REGISTRATION; - -- -+NTSTATUS WINAPI FltBuildDefaultSecurityDescriptor(PSECURITY_DESCRIPTOR *, ACCESS_MASK); -+void WINAPI FltFreeSecurityDescriptor(PSECURITY_DESCRIPTOR); - void* WINAPI FltGetRoutineAddress(LPCSTR name); - NTSTATUS WINAPI FltRegisterFilter(PDRIVER_OBJECT, const FLT_REGISTRATION *, PFLT_FILTER *); - NTSTATUS WINAPI FltStartFiltering(PFLT_FILTER); --- -2.42.0 - diff --git a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0002-fltmgr.sys-Create-import-library.patch b/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0002-fltmgr.sys-Create-import-library.patch deleted file mode 100644 index 7f124508..00000000 --- a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0002-fltmgr.sys-Create-import-library.patch +++ /dev/null @@ -1,23 +0,0 @@ -From c1af142bac149b296b2dea06cd99c13e0f8814c9 Mon Sep 17 00:00:00 2001 -From: Alistair Leslie-Hughes -Date: Mon, 30 Aug 2021 15:15:35 +1000 -Subject: [PATCH 2/3] fltmgr.sys: Create import library - -Signed-off-by: Alistair Leslie-Hughes ---- - dlls/fltmgr.sys/Makefile.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/dlls/fltmgr.sys/Makefile.in b/dlls/fltmgr.sys/Makefile.in -index ae0e812cb22..ae02da9b5d6 100644 ---- a/dlls/fltmgr.sys/Makefile.in -+++ b/dlls/fltmgr.sys/Makefile.in -@@ -1,4 +1,5 @@ - MODULE = fltmgr.sys -+IMPORTLIB = fltmgr - EXTRADLLFLAGS = -Wl,--subsystem,native - IMPORTS = ntoskrnl - --- -2.42.0 - diff --git a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0003-ntoskrnl.exe-Add-FltBuildDefaultSecurityDescriptor-t.patch b/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0003-ntoskrnl.exe-Add-FltBuildDefaultSecurityDescriptor-t.patch deleted file mode 100644 index 1e5a71d3..00000000 --- a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0003-ntoskrnl.exe-Add-FltBuildDefaultSecurityDescriptor-t.patch +++ /dev/null @@ -1,133 +0,0 @@ -From c69247afcbd83af223f471342c67bc06deeffda0 Mon Sep 17 00:00:00 2001 -From: Alistair Leslie-Hughes -Date: Mon, 30 Aug 2021 15:16:06 +1000 -Subject: [PATCH] ntoskrnl.exe: Add FltBuildDefaultSecurityDescriptor test - -Signed-off-by: Alistair Leslie-Hughes ---- - dlls/ntoskrnl.exe/tests/Makefile.in | 2 +- - dlls/ntoskrnl.exe/tests/driver.c | 81 +++++++++++++++++++++++++++++ - 2 files changed, 82 insertions(+), 1 deletion(-) - -diff --git a/dlls/ntoskrnl.exe/tests/Makefile.in b/dlls/ntoskrnl.exe/tests/Makefile.in -index f610df6a947..97dee8b25cf 100644 ---- a/dlls/ntoskrnl.exe/tests/Makefile.in -+++ b/dlls/ntoskrnl.exe/tests/Makefile.in -@@ -1,7 +1,7 @@ - TESTDLL = ntoskrnl.exe - IMPORTS = advapi32 crypt32 newdev setupapi user32 wintrust ws2_32 hid - --driver_IMPORTS = winecrt0 ntoskrnl hal -+driver_IMPORTS = winecrt0 ntoskrnl hal fltmgr - driver_EXTRADLLFLAGS = -nodefaultlibs -nostartfiles -Wl,--subsystem,native - driver2_IMPORTS = winecrt0 ntoskrnl hal - driver2_EXTRADLLFLAGS = -nodefaultlibs -nostartfiles -Wl,--subsystem,native -diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c -index ea4bd03ee44..844a181472c 100644 ---- a/dlls/ntoskrnl.exe/tests/driver.c -+++ b/dlls/ntoskrnl.exe/tests/driver.c -@@ -36,6 +36,7 @@ - #include "ddk/ntddk.h" - #include "ddk/ntifs.h" - #include "ddk/wdm.h" -+#include "ddk/fltkernel.h" - - #include "driver.h" - -@@ -2393,6 +2394,85 @@ static void test_default_modules(void) - ok(dxgmms1, "Failed to find dxgmms1.sys\n"); - } - -+static void test_default_security(void) -+{ -+ PSECURITY_DESCRIPTOR sd = NULL; -+ NTSTATUS status; -+ PSID group = NULL, owner = NULL; -+ BOOLEAN isdefault, present; -+ PACL acl = NULL; -+ PACCESS_ALLOWED_ACE ace; -+ SID_IDENTIFIER_AUTHORITY auth = { SECURITY_NULL_SID_AUTHORITY }; -+ SID_IDENTIFIER_AUTHORITY authwine7 = { SECURITY_NT_AUTHORITY }; -+ PSID sid1, sid2, sidwin7; -+ BOOL ret; -+ -+ status = FltBuildDefaultSecurityDescriptor(&sd, STANDARD_RIGHTS_ALL); -+ ok(status == STATUS_SUCCESS, "got %#lx\n", status); -+ if (status != STATUS_SUCCESS) -+ { -+ win_skip("Skipping FltBuildDefaultSecurityDescriptor tests\n"); -+ return; -+ } -+ ok(sd != NULL, "Failed to return descriptor\n"); -+ -+ status = RtlGetGroupSecurityDescriptor(sd, &group, &isdefault); -+ ok(status == STATUS_SUCCESS, "got %#lx\n", status); -+ ok(group == NULL, "group isn't NULL\n"); -+ -+ status = RtlGetOwnerSecurityDescriptor(sd, &owner, &isdefault); -+ ok(status == STATUS_SUCCESS, "got %#lx\n", status); -+ ok(owner == NULL, "owner isn't NULL\n"); -+ -+ status = RtlGetDaclSecurityDescriptor(sd, &present, &acl, &isdefault); -+ ok(status == STATUS_SUCCESS, "got %#lx\n", status); -+ ok(acl != NULL, "acl is NULL\n"); -+ ok(acl->AceCount == 2, "got %d\n", acl->AceCount); -+ -+ sid1 = ExAllocatePool(NonPagedPool, RtlLengthRequiredSid(2)); -+ status = RtlInitializeSid(sid1, &auth, 2); -+ ok(status == STATUS_SUCCESS, "got %#lx\n", status); -+ *RtlSubAuthoritySid(sid1, 0) = SECURITY_BUILTIN_DOMAIN_RID; -+ *RtlSubAuthoritySid(sid1, 1) = DOMAIN_GROUP_RID_ADMINS; -+ -+ sidwin7 = ExAllocatePool(NonPagedPool, RtlLengthRequiredSid(2)); -+ status = RtlInitializeSid(sidwin7, &authwine7, 2); -+ ok(status == STATUS_SUCCESS, "got %#lx\n", status); -+ *RtlSubAuthoritySid(sidwin7, 0) = SECURITY_BUILTIN_DOMAIN_RID; -+ *RtlSubAuthoritySid(sidwin7, 1) = DOMAIN_ALIAS_RID_ADMINS; -+ -+ sid2 = ExAllocatePool(NonPagedPool, RtlLengthRequiredSid(1)); -+ RtlInitializeSid(sid2, &auth, 1); -+ *RtlSubAuthoritySid(sid2, 0) = SECURITY_LOCAL_SYSTEM_RID; -+ -+ /* SECURITY_BUILTIN_DOMAIN_RID */ -+ status = RtlGetAce(acl, 0, (void**)&ace); -+ ok(status == STATUS_SUCCESS, "got %#lx\n", status); -+ -+ ok(ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE, "got %#x\n", ace->Header.AceType); -+ ok(ace->Header.AceFlags == 0, "got %#x\n", ace->Header.AceFlags); -+ ok(ace->Mask == STANDARD_RIGHTS_ALL, "got %#lx\n", ace->Mask); -+ -+ ret = RtlEqualSid(sid1, (PSID)&ace->SidStart) || RtlEqualSid(sidwin7, (PSID)&ace->SidStart); -+ ok(ret, "SID not equal\n"); -+ -+ /* SECURITY_LOCAL_SYSTEM_RID */ -+ status = RtlGetAce(acl, 1, (void**)&ace); -+ ok(status == STATUS_SUCCESS, "got %#lx\n", status); -+ -+ ok(ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE, "got %#x\n", ace->Header.AceType); -+ ok(ace->Header.AceFlags == 0, "got %#x\n", ace->Header.AceFlags); -+ ok(ace->Mask == STANDARD_RIGHTS_ALL, "got %#lx\n", ace->Mask); -+ -+ ret = RtlEqualSid(sid2, (PSID)&ace->SidStart) || RtlEqualSid(sidwin7, (PSID)&ace->SidStart); -+ ok(ret, "SID not equal\n"); -+ -+ ExFreePool(sid1); -+ ExFreePool(sid2); -+ -+ FltFreeSecurityDescriptor(sd); -+} -+ - static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack) - { - void *buffer = irp->AssociatedIrp.SystemBuffer; -@@ -2438,6 +2518,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st - test_process_memory(test_input); - test_permanence(); - test_driver_object_extension(); -+ test_default_security(); - - IoMarkIrpPending(irp); - IoQueueWorkItem(work_item, main_test_task, DelayedWorkQueue, irp); --- -2.42.0 - diff --git a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/definition b/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/definition deleted file mode 100644 index 40775697..00000000 --- a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/definition +++ /dev/null @@ -1,2 +0,0 @@ -Fixes: [49089] fltmgr.sys: Implement FltBuildDefaultSecurityDescriptor -Depends: winedevice-Default_Drivers diff --git a/patches/winedevice-Default_Drivers/0004-programs-winedevice-Load-some-common-drivers-and-fix.patch b/patches/winedevice-Default_Drivers/0004-programs-winedevice-Load-some-common-drivers-and-fix.patch index 9c6948ff..62684aca 100644 --- a/patches/winedevice-Default_Drivers/0004-programs-winedevice-Load-some-common-drivers-and-fix.patch +++ b/patches/winedevice-Default_Drivers/0004-programs-winedevice-Load-some-common-drivers-and-fix.patch @@ -1,4 +1,4 @@ -From 951d65cf18b7950d1aadaaf63c02c6a2a6fce073 Mon Sep 17 00:00:00 2001 +From 555187b5ebdae9e7aa8a3edf7a74997c86fe0016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Thu, 8 Jun 2017 23:50:03 +0200 Subject: [PATCH] programs/winedevice: Load some common drivers and fix ldr @@ -10,10 +10,10 @@ Subject: [PATCH] programs/winedevice: Load some common drivers and fix ldr 2 files changed, 76 insertions(+) diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c -index a80bef78fab..18f2920759d 100644 +index 751f2acff96..1af19c6f9ba 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c -@@ -52,6 +52,7 @@ static int kmemcmp( const void *ptr1, const void *ptr2, size_t n ) +@@ -57,6 +57,7 @@ static int kmemcmp( const void *ptr1, const void *ptr2, size_t n ) static DRIVER_OBJECT *driver_obj; static DEVICE_OBJECT *lower_device, *upper_device; @@ -21,7 +21,7 @@ index a80bef78fab..18f2920759d 100644 static POBJECT_TYPE *pExEventObjectType, *pIoFileObjectType, *pPsThreadType, *pIoDriverObjectType; static PEPROCESS *pPsInitialSystemProcess; -@@ -1713,6 +1714,7 @@ static void test_resource(void) +@@ -1716,6 +1717,7 @@ static void test_resource(void) ok(status == STATUS_SUCCESS, "got status %#lx\n", status); } @@ -29,8 +29,8 @@ index a80bef78fab..18f2920759d 100644 static void test_lookup_thread(void) { NTSTATUS status; -@@ -2326,6 +2328,52 @@ static void test_driver_object_extension(void) - ok(get_obj_ext == NULL, "got %p\n", get_obj_ext); +@@ -2425,6 +2427,52 @@ static void test_default_security(void) + FltFreeSecurityDescriptor(sd); } +static void test_default_modules(void) @@ -82,7 +82,7 @@ index a80bef78fab..18f2920759d 100644 static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack) { void *buffer = irp->AssociatedIrp.SystemBuffer; -@@ -2358,6 +2406,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st +@@ -2457,6 +2505,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st test_stack_callout(); test_lookaside_list(); test_ob_reference(); @@ -90,7 +90,7 @@ index a80bef78fab..18f2920759d 100644 test_resource(); test_lookup_thread(); test_IoAttachDeviceToDeviceStack(); -@@ -2838,6 +2887,7 @@ NTSTATUS WINAPI DriverEntry(DRIVER_OBJECT *driver, PUNICODE_STRING registry) +@@ -2938,6 +2987,7 @@ NTSTATUS WINAPI DriverEntry(DRIVER_OBJECT *driver, PUNICODE_STRING registry) DbgPrint("loading driver\n"); driver_obj = driver; @@ -99,7 +99,7 @@ index a80bef78fab..18f2920759d 100644 /* Allow unloading of the driver */ driver->DriverUnload = driver_Unload; diff --git a/programs/winedevice/device.c b/programs/winedevice/device.c -index 0a96307a017..abcb7b20679 100644 +index bb585087230..9b4395ff098 100644 --- a/programs/winedevice/device.c +++ b/programs/winedevice/device.c @@ -122,8 +122,16 @@ static DWORD WINAPI service_handler( DWORD ctrl, DWORD event_type, LPVOID event_ @@ -145,5 +145,5 @@ index 0a96307a017..abcb7b20679 100644 set_service_status( service_handle, SERVICE_RUNNING, SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN ); -- -2.39.2 +2.43.0 diff --git a/staging/upstream-commit b/staging/upstream-commit index 42d36180..edbb8e7d 100644 --- a/staging/upstream-commit +++ b/staging/upstream-commit @@ -1 +1 @@ -4573910acc2783a3f678a428aa313377b09a04e8 +e01cb2b9156f808acc279a1b4753a48de0fda327