wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-09-13 09:17:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Added patch for initial implementation of advapi32.BuildSecurityDescriptorW.

Browse Source
This commit is contained in:
Sebastian Lackner 2017-05-05 00:25:14 +02:00
parent 9985fe9035
commit a08b6b2b62
4 changed files with 536 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

268
patches/advapi32-BuildSecurityDescriptor/0001-advapi32-Implement-BuildSecurityDescriptorW.patch Normal file
View File

@ -0,0 +1,268 @@
From 994fe46f1b68d851d285a29cce904bd9f22540ea Mon Sep 17 00:00:00 2001
From: Andrew Wesie <awesie@gmail.com>
Date: Tue, 2 May 2017 00:59:49 -0500
Subject: advapi32: Implement BuildSecurityDescriptorW.
---
dlls/advapi32/security.c | 218 +++++++++++++++++++++++++++++++++++------------
1 file changed, 164 insertions(+), 54 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 24ec3099713..82bb6689d43 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -58,6 +58,7 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
LPDWORD cBytes);
static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
+static DWORD trustee_to_sid(DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee);
typedef struct _ACEFLAG
{
@@ -1264,16 +1265,122 @@ DWORD WINAPI BuildSecurityDescriptorW(
IN ULONG cCountOfAccessEntries,
IN PEXPLICIT_ACCESSW pListOfAccessEntries,
IN ULONG cCountOfAuditEntries,
- IN PEXPLICIT_ACCESSW pListofAuditEntries,
+ IN PEXPLICIT_ACCESSW pListOfAuditEntries,
IN PSECURITY_DESCRIPTOR pOldSD,
IN OUT PULONG lpdwBufferLength,
OUT PSECURITY_DESCRIPTOR* pNewSD)
{
- FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
- cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
- pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
+ SECURITY_DESCRIPTOR desc;
+ NTSTATUS status;
+ DWORD ret = ERROR_SUCCESS;
+
+ TRACE("(%p,%p,%d,%p,%d,%p,%p,%p,%p)\n", pOwner, pGroup,
+ cCountOfAccessEntries, pListOfAccessEntries, cCountOfAuditEntries,
+ pListOfAuditEntries, pOldSD, lpdwBufferLength, pNewSD);
- return ERROR_CALL_NOT_IMPLEMENTED;
+ if (pOldSD)
+ {
+ SECURITY_DESCRIPTOR_CONTROL control;
+ DWORD desc_size, dacl_size = 0, sacl_size = 0, owner_size = 0, group_size = 0;
+ PACL dacl = NULL, sacl = NULL;
+ PSID owner = NULL, group = NULL;
+ DWORD revision;
+
+ if ((status = RtlGetControlSecurityDescriptor( pOldSD, &control, &revision )) != STATUS_SUCCESS)
+ return RtlNtStatusToDosError( status );
+ if (!(control & SE_SELF_RELATIVE))
+ return ERROR_INVALID_SECURITY_DESCR;
+
+ desc_size = sizeof(desc);
+ status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
+ owner, &owner_size, group, &group_size );
+ if (status == STATUS_BUFFER_TOO_SMALL)
+ {
+ if (dacl_size)
+ dacl = LocalAlloc( LMEM_FIXED, dacl_size );
+ if (sacl_size)
+ sacl = LocalAlloc( LMEM_FIXED, sacl_size );
+ if (owner_size)
+ owner = LocalAlloc( LMEM_FIXED, owner_size );
+ if (group_size)
+ group = LocalAlloc( LMEM_FIXED, group_size );
+
+ desc_size = sizeof(desc);
+ status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
+ owner, &owner_size, group, &group_size );
+ }
+ if (status != STATUS_SUCCESS)
+ {
+ LocalFree( dacl );
+ LocalFree( sacl );
+ LocalFree( owner );
+ LocalFree( group );
+ return RtlNtStatusToDosError( status );
+ }
+ }
+ else
+ {
+ if ((status = RtlCreateSecurityDescriptor( &desc, SECURITY_DESCRIPTOR_REVISION )) != STATUS_SUCCESS)
+ return RtlNtStatusToDosError( status );
+ }
+
+ if (pOwner)
+ {
+ LocalFree( desc.Owner );
+ desc.Owner = LocalAlloc( LMEM_FIXED, sizeof(MAX_SID) );
+ if ((ret = trustee_to_sid( sizeof(MAX_SID), desc.Owner, pOwner )))
+ goto done;
+ }
+
+ if (pGroup)
+ {
+ LocalFree( desc.Group );
+ desc.Group = LocalAlloc( LMEM_FIXED, sizeof(MAX_SID) );
+ if ((ret = trustee_to_sid( sizeof(MAX_SID), desc.Group, pGroup )))
+ goto done;
+ }
+
+ if (pListOfAccessEntries)
+ {
+ PACL new_dacl;
+
+ if ((ret = SetEntriesInAclW( cCountOfAccessEntries, pListOfAccessEntries, desc.Dacl, &new_dacl )))
+ goto done;
+
+ LocalFree( desc.Dacl );
+ desc.Dacl = new_dacl;
+ desc.Control |= SE_DACL_PRESENT;
+ }
+
+ if (pListOfAuditEntries)
+ {
+ PACL new_sacl;
+
+ if ((ret = SetEntriesInAclW( cCountOfAuditEntries, pListOfAuditEntries, desc.Sacl, &new_sacl )))
+ goto done;
+
+ LocalFree( desc.Sacl );
+ desc.Sacl = new_sacl;
+ desc.Control |= SE_SACL_PRESENT;
+ }
+
+ *lpdwBufferLength = RtlLengthSecurityDescriptor( &desc );
+ *pNewSD = LocalAlloc( LMEM_FIXED, *lpdwBufferLength );
+
+ if ((status = RtlMakeSelfRelativeSD( &desc, *pNewSD, lpdwBufferLength )) != STATUS_SUCCESS)
+ {
+ ret = RtlNtStatusToDosError( status );
+ LocalFree( *pNewSD );
+ *pNewSD = NULL;
+ }
+
+done:
+ /* free absolute descriptor */
+ LocalFree( desc.Owner );
+ LocalFree( desc.Group );
+ LocalFree( desc.Sacl );
+ LocalFree( desc.Dacl );
+ return ret;
}
/******************************************************************************
@@ -3766,6 +3873,56 @@ static void free_trustee_name(TRUSTEE_FORM form, WCHAR *trustee_nameW)
}
}
+static DWORD trustee_to_sid( DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee )
+{
+ if (pTrustee->MultipleTrusteeOperation == TRUSTEE_IS_IMPERSONATE)
+ {
+ WARN("bad multiple trustee operation %d\n", pTrustee->MultipleTrusteeOperation);
+ return ERROR_INVALID_PARAMETER;
+ }
+
+ switch (pTrustee->TrusteeForm)
+ {
+ case TRUSTEE_IS_SID:
+ if (!CopySid(nDestinationSidLength, pDestinationSid, pTrustee->ptstrName))
+ {
+ WARN("bad sid %p\n", pTrustee->ptstrName);
+ return ERROR_INVALID_PARAMETER;
+ }
+ break;
+ case TRUSTEE_IS_NAME:
+ {
+ DWORD sid_size = nDestinationSidLength;
+ DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1;
+ SID_NAME_USE use;
+ if (!strcmpW( pTrustee->ptstrName, CURRENT_USER ))
+ {
+ if (!lookup_user_account_name( pDestinationSid, &sid_size, NULL, &domain_size, &use ))
+ {
+ return GetLastError();
+ }
+ }
+ else if (!LookupAccountNameW(NULL, pTrustee->ptstrName, pDestinationSid, &sid_size, NULL, &domain_size, &use))
+ {
+ WARN("bad user name %s\n", debugstr_w(pTrustee->ptstrName));
+ return ERROR_INVALID_PARAMETER;
+ }
+ break;
+ }
+ case TRUSTEE_IS_OBJECTS_AND_SID:
+ FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n");
+ break;
+ case TRUSTEE_IS_OBJECTS_AND_NAME:
+ FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n");
+ break;
+ default:
+ WARN("bad trustee form %d\n", pTrustee->TrusteeForm);
+ return ERROR_INVALID_PARAMETER;
+ }
+
+ return ERROR_SUCCESS;
+}
+
/******************************************************************************
* SetEntriesInAclA [ADVAPI32.@]
*/
@@ -3861,56 +4018,9 @@ DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
pEntries[i].Trustee.TrusteeForm, pEntries[i].Trustee.TrusteeType,
pEntries[i].Trustee.ptstrName);
- if (pEntries[i].Trustee.MultipleTrusteeOperation == TRUSTEE_IS_IMPERSONATE)
- {
- WARN("bad multiple trustee operation %d for trustee %d\n", pEntries[i].Trustee.MultipleTrusteeOperation, i);
- ret = ERROR_INVALID_PARAMETER;
- goto exit;
- }
-
- switch (pEntries[i].Trustee.TrusteeForm)
- {
- case TRUSTEE_IS_SID:
- if (!CopySid(FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]),
- ppsid[i], pEntries[i].Trustee.ptstrName))
- {
- WARN("bad sid %p for trustee %d\n", pEntries[i].Trustee.ptstrName, i);
- ret = ERROR_INVALID_PARAMETER;
- goto exit;
- }
- break;
- case TRUSTEE_IS_NAME:
- {
- DWORD sid_size = FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
- DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1;
- SID_NAME_USE use;
- if (!strcmpW( pEntries[i].Trustee.ptstrName, CURRENT_USER ))
- {
- if (!lookup_user_account_name( ppsid[i], &sid_size, NULL, &domain_size, &use ))
- {
- ret = GetLastError();
- goto exit;
- }
- }
- else if (!LookupAccountNameW(NULL, pEntries[i].Trustee.ptstrName, ppsid[i], &sid_size, NULL, &domain_size, &use))
- {
- WARN("bad user name %s for trustee %d\n", debugstr_w(pEntries[i].Trustee.ptstrName), i);
- ret = ERROR_INVALID_PARAMETER;
- goto exit;
- }
- break;
- }
- case TRUSTEE_IS_OBJECTS_AND_SID:
- FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n");
- break;
- case TRUSTEE_IS_OBJECTS_AND_NAME:
- FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n");
- break;
- default:
- WARN("bad trustee form %d for trustee %d\n", pEntries[i].Trustee.TrusteeForm, i);
- ret = ERROR_INVALID_PARAMETER;
+ ret = trustee_to_sid( FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]), ppsid[i], &pEntries[i].Trustee);
+ if (ret)
goto exit;
- }
/* Note: we overestimate the ACL size here as a tradeoff between
* instructions (simplicity) and memory */
--
2.12.2

69
patches/advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch Normal file
View File

@ -0,0 +1,69 @@
From 63082c3863d8be466ed14f532653ddf35e40328a Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 5 May 2017 00:18:50 +0200
Subject: advapi32/tests: Add basic tests for BuildSecurityDescriptor.
---
dlls/advapi32/tests/security.c | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index d6ea3a19fad..c591f7b6e5f 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -7489,6 +7489,44 @@ static void test_child_token_sd(void)
HeapFree(GetProcessHeap(), 0, sd);
}
+static void test_BuildSecurityDescriptorW(void)
+{
+ SECURITY_DESCRIPTOR old_sd, *new_sd, *rel_sd;
+ ULONG new_sd_size;
+ DWORD buf_size;
+ char buf[1024];
+ BOOL success;
+ DWORD ret;
+
+ InitializeSecurityDescriptor(&old_sd, SECURITY_DESCRIPTOR_REVISION);
+
+ buf_size = sizeof(buf);
+ rel_sd = (SECURITY_DESCRIPTOR *)buf;
+ success = MakeSelfRelativeSD(&old_sd, rel_sd, &buf_size);
+ ok(success, "MakeSelfRelativeSD failed with %u\n", GetLastError());
+
+ new_sd = NULL;
+ new_sd_size = 0;
+ ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, NULL, &new_sd_size, (void **)&new_sd);
+ ok(ret == ERROR_SUCCESS, "BuildSecurityDescriptor failed with %u\n", ret);
+ ok(new_sd != NULL, "expected new_sd != NULL\n");
+ ok(new_sd_size == sizeof(old_sd), "expected new_sd_size == sizeof(old_sd), got %u\n", new_sd_size);
+ LocalFree(new_sd);
+
+ new_sd = (void *)0xdeadbeef;
+ ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, &old_sd, &new_sd_size, (void **)&new_sd);
+ ok(ret == ERROR_INVALID_SECURITY_DESCR, "expected ERROR_INVALID_SECURITY_DESCR, got %u\n", ret);
+ ok(new_sd == (void *)0xdeadbeef, "expected new_sd == 0xdeadbeef, got %p\n", new_sd);
+
+ new_sd = NULL;
+ new_sd_size = 0;
+ ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, rel_sd, &new_sd_size, (void **)&new_sd);
+ ok(ret == ERROR_SUCCESS, "BuildSecurityDescriptor failed with %u\n", ret);
+ ok(new_sd != NULL, "expected new_sd != NULL\n");
+ ok(new_sd_size == sizeof(old_sd), "expected new_sd_size == sizeof(old_sd), got %u\n", new_sd_size);
+ LocalFree(new_sd);
+}
+
START_TEST(security)
{
init();
@@ -7542,6 +7580,7 @@ START_TEST(security)
test_pseudo_tokens();
test_maximum_allowed();
test_GetExplicitEntriesFromAclW();
+ test_BuildSecurityDescriptorW();
/* must be the last test, modifies process token */
test_token_security_descriptor();
--
2.12.2

2
patches/advapi32-BuildSecurityDescriptor/definition Normal file
View File

@ -0,0 +1,2 @@
Fixes: Initial implementation of advapi32.BuildSecurityDescriptorW
Depends: server-LABEL_SECURITY_INFORMATION

365
patches/patchinstall.sh
View File

@ -87,6 +87,7 @@ patch_enable_all ()
enable_Pipelight="$1"
enable_Staging="$1"
enable_advapi_LsaLookupPrivilegeName="$1"
enable_advapi32_BuildSecurityDescriptor="$1"
enable_advapi32_GetExplicitEntriesFromAclW="$1"
enable_advapi32_LsaLookupSids="$1"
enable_advapi32_SetSecurityInfo="$1"
@ -489,6 +490,9 @@ patch_enable ()
advapi-LsaLookupPrivilegeName)
enable_advapi_LsaLookupPrivilegeName="$2"
;;
advapi32-BuildSecurityDescriptor)
enable_advapi32_BuildSecurityDescriptor="$2"
;;
advapi32-GetExplicitEntriesFromAclW)
enable_advapi32_GetExplicitEntriesFromAclW="$2"
;;
@ -2220,21 +2224,6 @@ if test "$enable_server_Shared_Memory" -eq 1; then
enable_server_Signal_Thread=1
fi
if test "$enable_server_LABEL_SECURITY_INFORMATION" -eq 1; then
if test "$enable_advapi32_GetExplicitEntriesFromAclW" -gt 1; then
abort "Patchset advapi32-GetExplicitEntriesFromAclW disabled, but server-LABEL_SECURITY_INFORMATION depends on that."
fi
if test "$enable_server_Misc_ACL" -gt 1; then
abort "Patchset server-Misc_ACL disabled, but server-LABEL_SECURITY_INFORMATION depends on that."
fi
if test "$enable_server_Stored_ACLs" -gt 1; then
abort "Patchset server-Stored_ACLs disabled, but server-LABEL_SECURITY_INFORMATION depends on that."
fi
enable_advapi32_GetExplicitEntriesFromAclW=1
enable_server_Misc_ACL=1
enable_server_Stored_ACLs=1
fi
if test "$enable_server_Inherited_ACLs" -eq 1; then
if test "$enable_server_Stored_ACLs" -gt 1; then
abort "Patchset server-Stored_ACLs disabled, but server-Inherited_ACLs depends on that."
@ -2242,17 +2231,6 @@ if test "$enable_server_Inherited_ACLs" -eq 1; then
enable_server_Stored_ACLs=1
fi
if test "$enable_server_Stored_ACLs" -eq 1; then
if test "$enable_ntdll_DOS_Attributes" -gt 1; then
abort "Patchset ntdll-DOS_Attributes disabled, but server-Stored_ACLs depends on that."
fi
if test "$enable_server_File_Permissions" -gt 1; then
abort "Patchset server-File_Permissions disabled, but server-Stored_ACLs depends on that."
fi
enable_ntdll_DOS_Attributes=1
enable_server_File_Permissions=1
fi
if test "$enable_oleaut32_OLEPictureImpl_SaveAsFile" -eq 1; then
if test "$enable_oleaut32_Load_Save_EMF" -gt 1; then
abort "Patchset oleaut32-Load_Save_EMF disabled, but oleaut32-OLEPictureImpl_SaveAsFile depends on that."
@ -2516,6 +2494,39 @@ if test "$enable_advapi32_LsaLookupSids" -eq 1; then
enable_server_Misc_ACL=1
fi
if test "$enable_advapi32_BuildSecurityDescriptor" -eq 1; then
if test "$enable_server_LABEL_SECURITY_INFORMATION" -gt 1; then
abort "Patchset server-LABEL_SECURITY_INFORMATION disabled, but advapi32-BuildSecurityDescriptor depends on that."
fi
enable_server_LABEL_SECURITY_INFORMATION=1
fi
if test "$enable_server_LABEL_SECURITY_INFORMATION" -eq 1; then
if test "$enable_advapi32_GetExplicitEntriesFromAclW" -gt 1; then
abort "Patchset advapi32-GetExplicitEntriesFromAclW disabled, but server-LABEL_SECURITY_INFORMATION depends on that."
fi
if test "$enable_server_Misc_ACL" -gt 1; then
abort "Patchset server-Misc_ACL disabled, but server-LABEL_SECURITY_INFORMATION depends on that."
fi
if test "$enable_server_Stored_ACLs" -gt 1; then
abort "Patchset server-Stored_ACLs disabled, but server-LABEL_SECURITY_INFORMATION depends on that."
fi
enable_advapi32_GetExplicitEntriesFromAclW=1
enable_server_Misc_ACL=1
enable_server_Stored_ACLs=1
fi
if test "$enable_server_Stored_ACLs" -eq 1; then
if test "$enable_ntdll_DOS_Attributes" -gt 1; then
abort "Patchset ntdll-DOS_Attributes disabled, but server-Stored_ACLs depends on that."
fi
if test "$enable_server_File_Permissions" -gt 1; then
abort "Patchset server-File_Permissions disabled, but server-Stored_ACLs depends on that."
fi
enable_ntdll_DOS_Attributes=1
enable_server_File_Permissions=1
fi
# If autoupdate is enabled then create a tempfile to keep track of all patches
if test "$enable_patchlist" -eq 1; then
@ -2660,6 +2671,166 @@ if test "$enable_advapi32_GetExplicitEntriesFromAclW" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-Misc_ACL
# |
# | This patchset fixes the following Wine bugs:
# | * [#15980] GetSecurityInfo returns NULL DACL for process object
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c
# |
if test "$enable_server_Misc_ACL" -eq 1; then
patch_apply server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch
patch_apply server-Misc_ACL/0002-server-Add-default-security-descriptor-DACL-for-proc.patch
(
printf '%s\n' '+ { "Erich E. Hoover", "server: Add default security descriptor ownership for processes.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Add default security descriptor DACL for processes.", 1 },';
) >> "$patchlist"
fi
# Patchset ntdll-DOS_Attributes
# |
# | This patchset fixes the following Wine bugs:
# | * [#9158] Support for DOS hidden/system file attributes
# |
# | Modified files:
# | * configure.ac, dlls/ntdll/directory.c, dlls/ntdll/file.c, dlls/ntdll/ntdll_misc.h, dlls/ntdll/tests/directory.c,
# | dlls/ntdll/tests/file.c, include/wine/port.h, libs/port/Makefile.in, libs/port/xattr.c
# |
if test "$enable_ntdll_DOS_Attributes" -eq 1; then
patch_apply ntdll-DOS_Attributes/0001-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch
patch_apply ntdll-DOS_Attributes/0002-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch
patch_apply ntdll-DOS_Attributes/0003-ntdll-Implement-storing-DOS-attributes-in-NtSetInfor.patch
patch_apply ntdll-DOS_Attributes/0004-ntdll-Implement-storing-DOS-attributes-in-NtCreateFi.patch
patch_apply ntdll-DOS_Attributes/0005-libport-Add-support-for-Mac-OS-X-style-extended-attr.patch
patch_apply ntdll-DOS_Attributes/0006-libport-Add-support-for-FreeBSD-style-extended-attri.patch
patch_apply ntdll-DOS_Attributes/0007-ntdll-Perform-the-Unix-style-hidden-file-check-withi.patch
patch_apply ntdll-DOS_Attributes/0008-ntdll-Always-store-SAMBA_XATTR_DOS_ATTRIB-when-path-.patch
(
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQueryInformationFile.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQuery[Full]AttributesFile and NtQueryDirectoryFile.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtSetInformationFile.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtCreateFile.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "libport: Add support for Mac OS X style extended attributes.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "libport: Add support for FreeBSD style extended attributes.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Perform the Unix-style hidden file check within the unified file info grabbing routine.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "ntdll: Always store SAMBA_XATTR_DOS_ATTRIB when path could be interpreted as hidden.", 1 },';
) >> "$patchlist"
fi
# Patchset server-File_Permissions
# |
# | This patchset fixes the following Wine bugs:
# | * [#38970] Improve mapping of DACL to file permissions
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c, server/file.c
# |
if test "$enable_server_File_Permissions" -eq 1; then
patch_apply server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch
patch_apply server-File_Permissions/0002-server-Allow-to-open-files-without-any-permission-bi.patch
patch_apply server-File_Permissions/0003-server-When-creating-new-directories-temporarily-giv.patch
patch_apply server-File_Permissions/0004-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch
patch_apply server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch
patch_apply server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch
patch_apply server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch
patch_apply server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch
(
printf '%s\n' '+ { "Sebastian Lackner", "server: Improve STATUS_CANNOT_DELETE checks for directory case.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: Allow to open files without any permission bits.", 2 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: When creating new directories temporarily give read-permissions until they are opened.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add tests for ACL inheritance in CreateDirectoryA.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add ACL inheritance tests for creating subdirectories with NtCreateFile.", 1 },';
printf '%s\n' '+ { "Qian Hong", "ntdll/tests: Added tests for open behaviour on readonly files.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: FILE_WRITE_ATTRIBUTES should succeed for readonly files.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: Improve mapping of DACL to file permissions.", 1 },';
) >> "$patchlist"
fi
# Patchset server-Stored_ACLs
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * ntdll-DOS_Attributes, server-File_Permissions
# |
# | This patchset fixes the following Wine bugs:
# | * [#33576] Support for stored file ACLs
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, include/wine/port.h, server/change.c, server/file.c, server/file.h, server/object.c,
# | server/object.h
# |
if test "$enable_server_Stored_ACLs" -eq 1; then
patch_apply server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch
patch_apply server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch
patch_apply server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch
patch_apply server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch
patch_apply server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch
patch_apply server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch
patch_apply server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch
(
printf '%s\n' '+ { "Erich E. Hoover", "server: Unify the storage of security attributes for files and directories.", 7 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Unify the retrieval of security attributes for files and directories.", 7 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: Add a helper function set_sd_from_token_internal to merge two security descriptors.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: Temporarily store the full security descriptor for file objects.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Store file security attributes with extended file attributes.", 8 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Convert return of file security masks with generic access mappings.", 7 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Retrieve file security attributes with extended file attributes.", 7 },';
) >> "$patchlist"
fi
# Patchset server-LABEL_SECURITY_INFORMATION
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * advapi32-GetExplicitEntriesFromAclW, server-Misc_ACL, ntdll-DOS_Attributes, server-File_Permissions, server-Stored_ACLs
# |
# | This patchset fixes the following Wine bugs:
# | * [#42014] Implement support for LABEL_SECURITY_INFORMATION
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, dlls/ntdll/nt.c, dlls/ntdll/sec.c, include/winnt.h, server/handle.c, server/object.c,
# | server/process.c, server/protocol.def, server/security.h, server/token.c
# |
if test "$enable_server_LABEL_SECURITY_INFORMATION" -eq 1; then
patch_apply server-LABEL_SECURITY_INFORMATION/0001-server-Implement-querying-the-security-label-of-a-se.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0002-server-Implement-changing-the-label-of-a-security-de.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0003-server-Do-not-set-SE_-D-S-ACL_PRESENT-if-no-D-S-ACL-.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0004-server-Implement-setting-a-security-descriptor-when-.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0005-advapi32-tests-Add-basic-tests-for-token-security-de.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0006-advapi32-tests-Show-that-tokens-do-not-inherit-secur.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0007-advapi32-tests-Show-that-tokens-do-not-inherit-dacls.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0008-advapi32-tests-Show-that-tokens-do-not-inherit-sacls.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0009-server-Assign-a-default-label-high-to-all-tokens.patch
(
printf '%s\n' '+ { "Michael Müller", "server: Implement querying the security label of a security descriptor.", 1 },';
printf '%s\n' '+ { "Michael Müller", "server: Implement changing the label of a security descriptor.", 1 },';
printf '%s\n' '+ { "Michael Müller", "server: Do not set SE_{D,S}ACL_PRESENT if no {D,S}ACL was set.", 1 },';
printf '%s\n' '+ { "Michael Müller", "server: Implement setting a security descriptor when duplicating tokens.", 1 },';
printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Add basic tests for token security descriptors.", 1 },';
printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit security descriptors during duplication.", 1 },';
printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit dacls while creating child processes.", 1 },';
printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit sacls / mandatory labels while creating child processes.", 1 },';
printf '%s\n' '+ { "Michael Müller", "server: Assign a default label (high) to all tokens.", 1 },';
) >> "$patchlist"
fi
# Patchset advapi32-BuildSecurityDescriptor
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * advapi32-GetExplicitEntriesFromAclW, server-Misc_ACL, ntdll-DOS_Attributes, server-File_Permissions, server-Stored_ACLs,
# | server-LABEL_SECURITY_INFORMATION
# |
# | Modified files:
# | * dlls/advapi32/security.c, dlls/advapi32/tests/security.c
# |
if test "$enable_advapi32_BuildSecurityDescriptor" -eq 1; then
patch_apply advapi32-BuildSecurityDescriptor/0001-advapi32-Implement-BuildSecurityDescriptorW.patch
patch_apply advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch
(
printf '%s\n' '+ { "Andrew Wesie", "advapi32: Implement BuildSecurityDescriptorW.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add basic tests for BuildSecurityDescriptor.", 1 },';
) >> "$patchlist"
fi
# Patchset server-CreateProcess_ACLs
# |
# | This patchset fixes the following Wine bugs:
@ -2679,23 +2850,6 @@ if test "$enable_server_CreateProcess_ACLs" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-Misc_ACL
# |
# | This patchset fixes the following Wine bugs:
# | * [#15980] GetSecurityInfo returns NULL DACL for process object
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c
# |
if test "$enable_server_Misc_ACL" -eq 1; then
patch_apply server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch
patch_apply server-Misc_ACL/0002-server-Add-default-security-descriptor-DACL-for-proc.patch
(
printf '%s\n' '+ { "Erich E. Hoover", "server: Add default security descriptor ownership for processes.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Add default security descriptor DACL for processes.", 1 },';
) >> "$patchlist"
fi
# Patchset advapi32-LsaLookupSids
# |
# | This patchset has the following (direct or indirect) dependencies:
@ -4419,35 +4573,6 @@ if test "$enable_kernel32_COMSPEC" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-File_Permissions
# |
# | This patchset fixes the following Wine bugs:
# | * [#38970] Improve mapping of DACL to file permissions
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c, server/file.c
# |
if test "$enable_server_File_Permissions" -eq 1; then
patch_apply server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch
patch_apply server-File_Permissions/0002-server-Allow-to-open-files-without-any-permission-bi.patch
patch_apply server-File_Permissions/0003-server-When-creating-new-directories-temporarily-giv.patch
patch_apply server-File_Permissions/0004-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch
patch_apply server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch
patch_apply server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch
patch_apply server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch
patch_apply server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch
(
printf '%s\n' '+ { "Sebastian Lackner", "server: Improve STATUS_CANNOT_DELETE checks for directory case.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: Allow to open files without any permission bits.", 2 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: When creating new directories temporarily give read-permissions until they are opened.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add tests for ACL inheritance in CreateDirectoryA.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add ACL inheritance tests for creating subdirectories with NtCreateFile.", 1 },';
printf '%s\n' '+ { "Qian Hong", "ntdll/tests: Added tests for open behaviour on readonly files.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: FILE_WRITE_ATTRIBUTES should succeed for readonly files.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: Improve mapping of DACL to file permissions.", 1 },';
) >> "$patchlist"
fi
# Patchset ntdll-FileDispositionInformation
# |
# | This patchset has the following (direct or indirect) dependencies:
@ -5202,36 +5327,6 @@ if test "$enable_ntdll_CLI_Images" -eq 1; then
) >> "$patchlist"
fi
# Patchset ntdll-DOS_Attributes
# |
# | This patchset fixes the following Wine bugs:
# | * [#9158] Support for DOS hidden/system file attributes
# |
# | Modified files:
# | * configure.ac, dlls/ntdll/directory.c, dlls/ntdll/file.c, dlls/ntdll/ntdll_misc.h, dlls/ntdll/tests/directory.c,
# | dlls/ntdll/tests/file.c, include/wine/port.h, libs/port/Makefile.in, libs/port/xattr.c
# |
if test "$enable_ntdll_DOS_Attributes" -eq 1; then
patch_apply ntdll-DOS_Attributes/0001-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch
patch_apply ntdll-DOS_Attributes/0002-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch
patch_apply ntdll-DOS_Attributes/0003-ntdll-Implement-storing-DOS-attributes-in-NtSetInfor.patch
patch_apply ntdll-DOS_Attributes/0004-ntdll-Implement-storing-DOS-attributes-in-NtCreateFi.patch
patch_apply ntdll-DOS_Attributes/0005-libport-Add-support-for-Mac-OS-X-style-extended-attr.patch
patch_apply ntdll-DOS_Attributes/0006-libport-Add-support-for-FreeBSD-style-extended-attri.patch
patch_apply ntdll-DOS_Attributes/0007-ntdll-Perform-the-Unix-style-hidden-file-check-withi.patch
patch_apply ntdll-DOS_Attributes/0008-ntdll-Always-store-SAMBA_XATTR_DOS_ATTRIB-when-path-.patch
(
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQueryInformationFile.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQuery[Full]AttributesFile and NtQueryDirectoryFile.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtSetInformationFile.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtCreateFile.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "libport: Add support for Mac OS X style extended attributes.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "libport: Add support for FreeBSD style extended attributes.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Perform the Unix-style hidden file check within the unified file info grabbing routine.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "ntdll: Always store SAMBA_XATTR_DOS_ATTRIB when path could be interpreted as hidden.", 1 },';
) >> "$patchlist"
fi
# Patchset ntdll-Dealloc_Thread_Stack
# |
# | Modified files:
@ -6637,37 +6732,6 @@ if test "$enable_server_FileEndOfFileInformation" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-Stored_ACLs
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * ntdll-DOS_Attributes, server-File_Permissions
# |
# | This patchset fixes the following Wine bugs:
# | * [#33576] Support for stored file ACLs
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, include/wine/port.h, server/change.c, server/file.c, server/file.h, server/object.c,
# | server/object.h
# |
if test "$enable_server_Stored_ACLs" -eq 1; then
patch_apply server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch
patch_apply server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch
patch_apply server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch
patch_apply server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch
patch_apply server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch
patch_apply server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch
patch_apply server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch
(
printf '%s\n' '+ { "Erich E. Hoover", "server: Unify the storage of security attributes for files and directories.", 7 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Unify the retrieval of security attributes for files and directories.", 7 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: Add a helper function set_sd_from_token_internal to merge two security descriptors.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "server: Temporarily store the full security descriptor for file objects.", 1 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Store file security attributes with extended file attributes.", 8 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Convert return of file security masks with generic access mappings.", 7 },';
printf '%s\n' '+ { "Erich E. Hoover", "server: Retrieve file security attributes with extended file attributes.", 7 },';
) >> "$patchlist"
fi
# Patchset server-Inherited_ACLs
# |
# | This patchset has the following (direct or indirect) dependencies:
@ -6701,41 +6765,6 @@ if test "$enable_server_Key_State" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-LABEL_SECURITY_INFORMATION
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * advapi32-GetExplicitEntriesFromAclW, server-Misc_ACL, ntdll-DOS_Attributes, server-File_Permissions, server-Stored_ACLs
# |
# | This patchset fixes the following Wine bugs:
# | * [#42014] Implement support for LABEL_SECURITY_INFORMATION
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, dlls/ntdll/nt.c, dlls/ntdll/sec.c, include/winnt.h, server/handle.c, server/object.c,
# | server/process.c, server/protocol.def, server/security.h, server/token.c
# |
if test "$enable_server_LABEL_SECURITY_INFORMATION" -eq 1; then
patch_apply server-LABEL_SECURITY_INFORMATION/0001-server-Implement-querying-the-security-label-of-a-se.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0002-server-Implement-changing-the-label-of-a-security-de.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0003-server-Do-not-set-SE_-D-S-ACL_PRESENT-if-no-D-S-ACL-.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0004-server-Implement-setting-a-security-descriptor-when-.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0005-advapi32-tests-Add-basic-tests-for-token-security-de.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0006-advapi32-tests-Show-that-tokens-do-not-inherit-secur.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0007-advapi32-tests-Show-that-tokens-do-not-inherit-dacls.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0008-advapi32-tests-Show-that-tokens-do-not-inherit-sacls.patch
patch_apply server-LABEL_SECURITY_INFORMATION/0009-server-Assign-a-default-label-high-to-all-tokens.patch
(
printf '%s\n' '+ { "Michael Müller", "server: Implement querying the security label of a security descriptor.", 1 },';
printf '%s\n' '+ { "Michael Müller", "server: Implement changing the label of a security descriptor.", 1 },';
printf '%s\n' '+ { "Michael Müller", "server: Do not set SE_{D,S}ACL_PRESENT if no {D,S}ACL was set.", 1 },';
printf '%s\n' '+ { "Michael Müller", "server: Implement setting a security descriptor when duplicating tokens.", 1 },';
printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Add basic tests for token security descriptors.", 1 },';
printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit security descriptors during duplication.", 1 },';
printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit dacls while creating child processes.", 1 },';
printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit sacls / mandatory labels while creating child processes.", 1 },';
printf '%s\n' '+ { "Michael Müller", "server: Assign a default label (high) to all tokens.", 1 },';
) >> "$patchlist"
fi
# Patchset server-Map_EXDEV_Error
# |
# | Modified files: