diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index ab201eb5..71200b43 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -6299,7 +6299,7 @@ if test "$enable_server_Stored_ACLs" -eq 1; then patch_apply server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch patch_apply server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch patch_apply server-Stored_ACLs/0008-server-Fix-handling-of-MAXIMUM_ALLOWED-in-token_acce.patch - patch_apply server-Stored_ACLs/0009-server-Map-MAXIMUM_ALLOWED-even-if-skipping-access-c.patch + patch_apply server-Stored_ACLs/0009-server-Give-all-access-rights-when-opening-an-object.patch ( echo '+ { "Erich E. Hoover", "server: Unify the storage of security attributes for files and directories.", 7 },'; echo '+ { "Erich E. Hoover", "server: Unify the retrieval of security attributes for files and directories.", 7 },'; @@ -6309,7 +6309,7 @@ if test "$enable_server_Stored_ACLs" -eq 1; then echo '+ { "Erich E. Hoover", "server: Convert return of file security masks with generic access mappings.", 7 },'; echo '+ { "Erich E. Hoover", "server: Retrieve file security attributes with extended file attributes.", 7 },'; echo '+ { "Sebastian Lackner", "server: Fix handling of MAXIMUM_ALLOWED in token_access_check.", 1 },'; - echo '+ { "Sebastian Lackner", "server: Map MAXIMUM_ALLOWED even if skipping access check.", 1 },'; + echo '+ { "Michael Müller", "server: Give all access rights when opening an object with MAXIMUM_ALLOWED.", 1 },'; ) >> "$patchlist" fi diff --git a/patches/server-Stored_ACLs/0009-server-Give-all-access-rights-when-opening-an-object.patch b/patches/server-Stored_ACLs/0009-server-Give-all-access-rights-when-opening-an-object.patch new file mode 100644 index 00000000..e70c7a8f --- /dev/null +++ b/patches/server-Stored_ACLs/0009-server-Give-all-access-rights-when-opening-an-object.patch @@ -0,0 +1,73 @@ +From 32c244368e3a3d5dd4fe642af6f5c6409bea7065 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20M=C3=BCller?= +Date: Sun, 16 Oct 2016 02:01:16 +0200 +Subject: server: Give all access rights when opening an object with + MAXIMUM_ALLOWED. + +--- + dlls/advapi32/tests/security.c | 29 +++++++++++++++++++++++++++++ + server/handle.c | 1 + + 2 files changed, 30 insertions(+) + +diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c +index 3c6c0ab02be..f8aa49e04ed 100644 +--- a/dlls/advapi32/tests/security.c ++++ b/dlls/advapi32/tests/security.c +@@ -6016,6 +6016,34 @@ static void test_process_access(void) + CloseHandle(process); + } + ++static void test_maximum_allowed(void) ++{ ++ char buffer_sd[SECURITY_DESCRIPTOR_MIN_LENGTH], buffer_acl[256]; ++ SECURITY_DESCRIPTOR *sd = (SECURITY_DESCRIPTOR *)&buffer_sd; ++ SECURITY_ATTRIBUTES sa; ++ ACL *acl = (ACL *)&buffer_acl; ++ ACCESS_MASK mask; ++ HANDLE handle; ++ BOOL ret; ++ ++ ret = InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION); ++ ok(ret, "InitializeSecurityDescriptor failed with %u\n", GetLastError()); ++ ret = InitializeAcl(acl, 256, ACL_REVISION); ++ ok(ret, "InitializeAcl failed with %u\n", GetLastError()); ++ ret = SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE); ++ ok(ret, "SetSecurityDescriptorDacl failed with %u\n", GetLastError()); ++ ++ sa.nLength = sizeof(SECURITY_ATTRIBUTES); ++ sa.lpSecurityDescriptor = sd; ++ sa.bInheritHandle = FALSE; ++ ++ handle = CreateEventExA(&sa, NULL, 0, MAXIMUM_ALLOWED | 0x4); ++ ok(handle != NULL, "CreateEventExA failed with error %u\n", GetLastError()); ++ mask = get_obj_access(handle); ++ ok(mask == EVENT_ALL_ACCESS, "Expected %x, got %x\n", EVENT_ALL_ACCESS, mask); ++ CloseHandle(handle); ++} ++ + static BOOL validate_impersonation_token(HANDLE token, DWORD *token_type) + { + DWORD ret, needed; +@@ -6094,6 +6122,7 @@ static void test_kernel_objects_security(void) + test_filemap_security(); + test_thread_security(); + test_process_access(); ++ test_maximum_allowed(); + /* FIXME: test other kernel object types */ + + CloseHandle(process_token); +diff --git a/server/handle.c b/server/handle.c +index 37fba69eac3..4d8d03a494c 100644 +--- a/server/handle.c ++++ b/server/handle.c +@@ -273,6 +273,7 @@ obj_handle_t alloc_handle_no_access_check( struct process *process, void *ptr, u + { + struct object *obj = ptr; + access = obj->ops->map_access( obj, access ) & ~RESERVED_ALL; ++ if (access & MAXIMUM_ALLOWED) access = obj->ops->map_access( obj, GENERIC_ALL ); + return alloc_handle_entry( process, ptr, access, attr ); + } + +-- +2.11.0 + diff --git a/patches/server-Stored_ACLs/0009-server-Map-MAXIMUM_ALLOWED-even-if-skipping-access-c.patch b/patches/server-Stored_ACLs/0009-server-Map-MAXIMUM_ALLOWED-even-if-skipping-access-c.patch deleted file mode 100644 index b8f39b41..00000000 --- a/patches/server-Stored_ACLs/0009-server-Map-MAXIMUM_ALLOWED-even-if-skipping-access-c.patch +++ /dev/null @@ -1,24 +0,0 @@ -From cfe794189edc600ca60308be5ba9e4a965c5112a Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Sun, 16 Oct 2016 02:01:16 +0200 -Subject: server: Map MAXIMUM_ALLOWED even if skipping access check. - ---- - server/handle.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/server/handle.c b/server/handle.c -index 6b68ff4..b4114ef 100644 ---- a/server/handle.c -+++ b/server/handle.c -@@ -278,6 +278,7 @@ obj_handle_t alloc_handle_no_access_check( struct process *process, void *ptr, u - { - struct object *obj = ptr; - access = obj->ops->map_access( obj, access ) & ~RESERVED_ALL; -+ if ((access & MAXIMUM_ALLOWED) && !check_object_access( obj, &access )) return 0; - return alloc_handle_entry( process, ptr, access, attr ); - } - --- -2.9.0 -