wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-09-13 09:17:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Split out a couple of ACL tests into separate patchset advapi32-ACL_Tests.

Browse Source
This commit is contained in:
Sebastian Lackner 2015-03-30 08:17:13 +02:00
parent 12a7d34650
commit a5dbd95e4c
13 changed files with 517 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
patches/advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch Normal file
View File

@ -0,0 +1,78 @@
From 55f59fd8586738ecb5afde3ec09d2216e2563c54 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 14:08:36 -0600
Subject: advapi32/tests: Add tests for inheriting ACL attributes.
---
dlls/advapi32/tests/security.c | 45 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 44 insertions(+), 1 deletion(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index c256753..9e44a35 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3118,10 +3118,11 @@ static void test_CreateDirectoryA(void)
ACL_SIZE_INFORMATION acl_size;
ACCESS_ALLOWED_ACE *ace;
SECURITY_ATTRIBUTES sa;
+ char tmpfile[MAX_PATH];
char tmpdir[MAX_PATH];
+ HANDLE token, hTemp;
struct _SID *owner;
BOOL bret = TRUE;
- HANDLE token;
DWORD error;
PACL pDacl;
@@ -3214,6 +3215,48 @@ static void test_CreateDirectoryA(void)
}
LocalFree(pSD);
+ /* Test inheritance of ACLs */
+ strcpy(tmpfile, tmpdir);
+ lstrcatA(tmpfile, "/tmpfile");
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_NEW,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
+ NULL, &pDacl, NULL, &pSD);
+ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ todo_wine
+ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
+ acl_size.AceCount);
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ todo_wine
+ ok(bret, "Inherited Current User ACE != Current User SID.\n");
+ todo_wine
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ todo_wine
+ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
+ todo_wine
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ CloseHandle(hTemp);
+
done:
HeapFree(GetProcessHeap(), 0, user);
bret = RemoveDirectoryA(tmpdir);
--
2.3.3

176
patches/advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch Normal file
View File

@ -0,0 +1,176 @@
From 0a2fa63085713b6e9a05bb8094fd375370e3b7d9 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 30 Mar 2015 06:19:39 +0200
Subject: advapi32/tests: Repeat ACL inheritance tests for NtCreateFile.
---
dlls/advapi32/tests/security.c | 104 ++++++++++++++++++++++++++++++++---------
1 file changed, 81 insertions(+), 23 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 9e44a35..7769d74 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -27,6 +27,7 @@
#include "windef.h"
#include "winbase.h"
#include "winerror.h"
+#include "winternl.h"
#include "aclapi.h"
#include "winnt.h"
#include "sddl.h"
@@ -59,29 +60,6 @@
#define THREAD_ALL_ACCESS_NT4 (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff)
#define THREAD_ALL_ACCESS_VISTA (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff)
-/* copied from Wine winternl.h - not included in the Windows SDK */
-typedef enum _OBJECT_INFORMATION_CLASS {
- ObjectBasicInformation,
- ObjectNameInformation,
- ObjectTypeInformation,
- ObjectAllInformation,
- ObjectDataInformation
-} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
-
-typedef struct _OBJECT_BASIC_INFORMATION {
- ULONG Attributes;
- ACCESS_MASK GrantedAccess;
- ULONG HandleCount;
- ULONG PointerCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG Reserved[3];
- ULONG NameInformationLength;
- ULONG TypeInformationLength;
- ULONG SecurityDescriptorLength;
- LARGE_INTEGER CreateTime;
-} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
-
#define expect_eq(expr, value, type, format) { type ret_ = expr; ok((value) == ret_, #expr " expected " format " got " format "\n", (value), (ret_)); }
static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
@@ -148,6 +126,9 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*);
static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
+static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
+static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
+static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
static HMODULE hmod;
static int myARGC;
@@ -175,6 +156,9 @@ static void init(void)
pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" );
pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" );
pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject");
+ pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile");
+ pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U");
+ pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString");
hmod = GetModuleHandleA("advapi32.dll");
pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
@@ -3108,6 +3092,24 @@ static void test_SetEntriesInAclA(void)
HeapFree(GetProcessHeap(), 0, OldAcl);
}
+/* helper function for test_CreateDirectoryA */
+static void get_nt_pathW(const char *name, UNICODE_STRING *nameW)
+{
+ UNICODE_STRING strW;
+ ANSI_STRING str;
+ NTSTATUS status;
+ BOOLEAN ret;
+ RtlInitAnsiString(&str, name);
+
+ status = pRtlAnsiStringToUnicodeString(&strW, &str, TRUE);
+ ok(!status, "RtlAnsiStringToUnicodeString failed with %08x\n", status);
+
+ ret = pRtlDosPathNameToNtPathName_U(strW.Buffer, nameW, NULL, NULL);
+ ok(ret, "RtlDosPathNameToNtPathName_U failed\n");
+
+ RtlFreeUnicodeString(&strW);
+}
+
static void test_CreateDirectoryA(void)
{
char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
@@ -3116,13 +3118,17 @@ static void test_CreateDirectoryA(void)
char sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
PSECURITY_DESCRIPTOR pSD = &sd;
ACL_SIZE_INFORMATION acl_size;
+ UNICODE_STRING tmpfileW;
ACCESS_ALLOWED_ACE *ace;
SECURITY_ATTRIBUTES sa;
+ OBJECT_ATTRIBUTES attr;
char tmpfile[MAX_PATH];
char tmpdir[MAX_PATH];
HANDLE token, hTemp;
+ IO_STATUS_BLOCK io;
struct _SID *owner;
BOOL bret = TRUE;
+ NTSTATUS status;
DWORD error;
PACL pDacl;
@@ -3257,6 +3263,58 @@ static void test_CreateDirectoryA(void)
}
CloseHandle(hTemp);
+ /* Repeat the same test with ntdll functions */
+ strcpy(tmpfile, tmpdir);
+ lstrcatA(tmpfile, "/tmpfile");
+ get_nt_pathW(tmpfile, &tmpfileW);
+ attr.Length = sizeof(attr);
+ attr.RootDirectory = 0;
+ attr.ObjectName = &tmpfileW;
+ attr.Attributes = OBJ_CASE_INSENSITIVE;
+ attr.SecurityDescriptor = NULL;
+ attr.SecurityQualityOfService = NULL;
+ status = pNtCreateFile(&hTemp, GENERIC_WRITE | DELETE, &attr, &io, NULL, 0, FILE_SHARE_READ,
+ FILE_CREATE, FILE_DELETE_ON_CLOSE, NULL, 0);
+ ok(!status, "NtCreateFile failed with %08x\n", status);
+ RtlFreeUnicodeString(&tmpfileW);
+
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
+ NULL, &pDacl, NULL, &pSD);
+ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ todo_wine
+ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
+ acl_size.AceCount);
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ todo_wine
+ ok(bret, "Inherited Current User ACE != Current User SID.\n");
+ todo_wine
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ todo_wine
+ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
+ todo_wine
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ CloseHandle(hTemp);
+
done:
HeapFree(GetProcessHeap(), 0, user);
bret = RemoveDirectoryA(tmpdir);
--
2.3.3

101
patches/advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch Normal file
View File

@ -0,0 +1,101 @@
From 0e7514bba4464a3a7ed1f85b0fd69de93a7018d4 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 14:10:49 -0600
Subject: advapi32/tests: Add tests for PROTECTED_DACL_SECURITY_INFORMATION.
---
dlls/advapi32/tests/security.c | 54 ++++++++++++++++++++++++++++++++++++++++++
include/winnt.h | 7 +++---
2 files changed, 58 insertions(+), 3 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 7769d74..0259b63 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3604,6 +3604,60 @@ static void test_GetNamedSecurityInfoA(void)
HeapFree(GetProcessHeap(), 0, user);
CloseHandle(hTemp);
+ /* Create security descriptor with no inheritance and test that it comes back the same */
+ pSD = &sd;
+ pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
+ InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
+ pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
+ bret = InitializeAcl(pDacl, 100, ACL_REVISION);
+ ok(bret, "Failed to initialize ACL.\n");
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
+ ok(bret, "Failed to add Current User to ACL.\n");
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, admin_sid);
+ ok(bret, "Failed to add Administrator Group to ACL.\n");
+ bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+ ok(bret, "Failed to add ACL to security desciptor.\n");
+ GetTempFileNameA(".", "foo", 0, tmpfile);
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION,
+ NULL, NULL, pDacl, NULL);
+ HeapFree(GetProcessHeap(), 0, pDacl);
+ ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error);
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
+ NULL, NULL, &pDacl, NULL, &pSD);
+ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ todo_wine
+ ok(bret, "Current User ACE != Current User SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == 0,
+ "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ ok(bret || broken(!bret) /* win2k */, "Administators Group ACE != Administators Group SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == 0,
+ "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */,
+ "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
+ }
+ LocalFree(pSD);
+ HeapFree(GetProcessHeap(), 0, pDacl);
+ CloseHandle(hTemp);
+
/* Test querying the ownership of a built-in registry key */
sid_size = sizeof(system_ptr);
pCreateWellKnownSid(WinLocalSystemSid, NULL, system_sid, &sid_size);
diff --git a/include/winnt.h b/include/winnt.h
index 4b06b2c..d575884 100644
--- a/include/winnt.h
+++ b/include/winnt.h
@@ -5078,14 +5078,15 @@ typedef struct _TAPE_GET_MEDIA_PARAMETERS {
BOOLEAN WriteProtected;
} TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS;
-/* ----------------------------- begin registry ----------------------------- */
-
-/* Registry security values */
#define OWNER_SECURITY_INFORMATION 0x00000001
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
+#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
+/* ----------------------------- begin registry ----------------------------- */
+
+/* Registry security values */
#define REG_OPTION_RESERVED 0x00000000
#define REG_OPTION_NON_VOLATILE 0x00000000
#define REG_OPTION_VOLATILE 0x00000001
--
2.3.3

1
patches/advapi32-ACL_Tests/definition Normal file
View File

@ -0,0 +1 @@
Depends: server-Stored_ACLs

10
patches/advapi32-Revert_DACL/0001-Revert-advapi32-Add-DACL-inheritance-support-in-SetS.patch
View File

@ -1,4 +1,4 @@
From 4cf7d2d6cdb9836ef549bcb5fcb1764e587ff01f Mon Sep 17 00:00:00 2001
From d134911c9e25467a2aad8b783cbd12e29c2a4874 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:04 +0100
Subject: Revert "advapi32: Add DACL inheritance support in SetSecurityInfo."
@ -172,10 +172,10 @@ index 71a8c92..e8cdcc5 100644
}
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index c256753..c0d518f 100644
index 0259b63..a2e4c98 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3416,22 +3416,25 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3517,22 +3517,25 @@ static void test_GetNamedSecurityInfoA(void)
error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
NULL, NULL, &pDacl, NULL, &pSD);
@ -211,7 +211,7 @@ index c256753..c0d518f 100644
CloseHandle(h);
/* NtSetSecurityObject doesn't inherit DACL entries */
@@ -4147,7 +4150,7 @@ static void test_GetSecurityInfo(void)
@@ -4302,7 +4305,7 @@ static void test_GetSecurityInfo(void)
bret = pGetAce(pDacl, 0, (VOID **)&ace);
ok(bret, "Failed to get Current User ACE.\n");
bret = EqualSid(&ace->SidStart, user_sid);
@ -220,7 +220,7 @@ index c256753..c0d518f 100644
ok(((ACE_HEADER *)ace)->AceFlags == 0,
"Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
@@ -4158,7 +4161,7 @@ static void test_GetSecurityInfo(void)
@@ -4313,7 +4316,7 @@ static void test_GetSecurityInfo(void)
bret = pGetAce(pDacl, 1, (VOID **)&ace);
ok(bret, "Failed to get Administators Group ACE.\n");
bret = EqualSid(&ace->SidStart, admin_sid);

12
patches/advapi32-Revert_DACL/0002-Revert-advapi32-tests-Add-test-for-mapping-DACL-to-p.patch
View File

@ -1,4 +1,4 @@
From 0a8954d7ed5e57340ab6b6234fb3bdfe498fb69e Mon Sep 17 00:00:00 2001
From d93bcd18c978d0d316c0c19a65d07f3d782479c4 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:17 +0100
Subject: Revert "advapi32/tests: Add test for mapping DACL to permission."
@ -9,10 +9,10 @@ This reverts commit a4b12eb9f937202848b229ed15f2c7d1823b41da.
1 file changed, 2 insertions(+), 33 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 6d3f9ac..dbe52b0 100644
index a2e4c98..c3884bf 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3405,6 +3405,7 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3505,6 +3505,7 @@ static void test_GetNamedSecurityInfoA(void)
"Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
}
LocalFree(pSD);
@ -20,7 +20,7 @@ index 6d3f9ac..dbe52b0 100644
/* show that setting empty DACL is not removing all file permissions */
pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
@@ -3441,7 +3442,7 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3541,7 +3542,7 @@ static void test_GetNamedSecurityInfoA(void)
/* NtSetSecurityObject doesn't inherit DACL entries */
pSD = sd+sizeof(void*)-((ULONG_PTR)sd)%sizeof(void*);
InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
@ -29,7 +29,7 @@ index 6d3f9ac..dbe52b0 100644
bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION);
ok(bret, "Failed to initialize ACL.\n");
bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
@@ -3472,39 +3473,7 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3572,39 +3573,7 @@ static void test_GetNamedSecurityInfoA(void)
NULL, OPEN_EXISTING, 0, NULL);
ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
CloseHandle(h);
@ -68,7 +68,7 @@ index 6d3f9ac..dbe52b0 100644
- HeapFree(GetProcessHeap(), 0, user);
CloseHandle(hTemp);
/* Test querying the ownership of a built-in registry key */
/* Create security descriptor with no inheritance and test that it comes back the same */
--
2.3.3

30
patches/advapi32-Revert_DACL/0003-Revert-advapi32-Add-SetNamedSecurityInfo-test-with-e.patch
View File

@ -1,4 +1,4 @@
From 99244514ca0c26e263e14d7fdf095083e4686166 Mon Sep 17 00:00:00 2001
From 753dc1b6d8025271b487b4c4cc39a6f44a274cfd Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:32 +0100
Subject: Revert "advapi32: Add SetNamedSecurityInfo test with empty DACL."
@ -9,26 +9,26 @@ This reverts commit 02c4f5bd275d70d1dcb48bf95775efa376b50c22.
1 file changed, 4 insertions(+), 75 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index dbe52b0..e3c1659 100644
index c3884bf..f98bf2b 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -147,7 +147,6 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
@@ -125,7 +125,6 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*);
-static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
static HMODULE hmod;
static int myARGC;
@@ -174,7 +173,6 @@ static void init(void)
static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
@@ -155,7 +154,6 @@ static void init(void)
hntdll = GetModuleHandleA("ntdll.dll");
pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" );
pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" );
- pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject");
hmod = GetModuleHandleA("advapi32.dll");
pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
@@ -3231,7 +3229,7 @@ static void test_GetNamedSecurityInfoA(void)
pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile");
pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U");
pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString");
@@ -3332,7 +3330,7 @@ static void test_GetNamedSecurityInfoA(void)
char invalid_path[] = "/an invalid file path";
int users_ace_id = -1, admins_ace_id = -1, i;
char software_key[] = "MACHINE\\Software";
@ -37,7 +37,7 @@ index dbe52b0..e3c1659 100644
SECURITY_DESCRIPTOR_CONTROL control;
ACL_SIZE_INFORMATION acl_size;
CHAR windows_dir[MAX_PATH];
@@ -3243,12 +3241,11 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3344,12 +3342,11 @@ static void test_GetNamedSecurityInfoA(void)
BOOL owner_defaulted;
BOOL group_defaulted;
BOOL dacl_defaulted;
@ -51,7 +51,7 @@ index dbe52b0..e3c1659 100644
if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid)
{
@@ -3353,8 +3350,8 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3454,8 +3451,8 @@ static void test_GetNamedSecurityInfoA(void)
bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
ok(bret, "Failed to add ACL to security desciptor.\n");
GetTempFileNameA(".", "foo", 0, tmpfile);
@ -62,7 +62,7 @@ index dbe52b0..e3c1659 100644
SetLastError(0xdeadbeef);
error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL,
NULL, pDacl, NULL);
@@ -3406,74 +3403,6 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3506,74 +3503,6 @@ static void test_GetNamedSecurityInfoA(void)
}
LocalFree(pSD);
HeapFree(GetProcessHeap(), 0, user);
@ -136,7 +136,7 @@ index dbe52b0..e3c1659 100644
- HeapFree(GetProcessHeap(), 0, pDacl);
CloseHandle(hTemp);
/* Test querying the ownership of a built-in registry key */
/* Create security descriptor with no inheritance and test that it comes back the same */
--
2.3.3

2
patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch
View File

@ -1,4 +1,4 @@
From 6b421f438ddf208d025318671e81f123e6ca59a3 Mon Sep 17 00:00:00 2001
From 815d8d20d0710dff782cb20cb286b32c23ee9f1e Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:44 +0100
Subject: Revert "server: Make directory DACL entries inheritable."

2
patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch
View File

@ -1,4 +1,4 @@
From 394aefa9d53684678f645bac131735630d910e8b Mon Sep 17 00:00:00 2001
From 1140e8684c3857c4ccb484cd8cd08c6fbe426066 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:56 +0100
Subject: Revert "advapi: Don't use CreateFile when opening file with possibly

2
patches/advapi32-Revert_DACL/definition
View File

@ -1 +1 @@
Depends: server-Stored_ACLs
Depends: advapi32-ACL_Tests

91
patches/patchinstall.sh
View File

@ -66,6 +66,7 @@ patch_enable_all ()
enable_Miscellaneous="$1"
enable_Pipelight="$1"
enable_Staging="$1"
enable_advapi32_ACL_Tests="$1"
enable_advapi32_Revert_DACL="$1"
enable_browseui_Progress_Dialog="$1"
enable_combase_String="$1"
@ -260,6 +261,9 @@ patch_enable ()
Staging)
enable_Staging="$2"
;;
advapi32-ACL_Tests)
enable_advapi32_ACL_Tests="$2"
;;
advapi32-Revert_DACL)
enable_advapi32_Revert_DACL="$2"
;;
@ -1204,8 +1208,15 @@ if test "$enable_d3dx9_24_ID3DXEffect" -eq 1; then
fi
if test "$enable_advapi32_Revert_DACL" -eq 1; then
if test "$enable_advapi32_ACL_Tests" -gt 1; then
abort "Patchset advapi32-ACL_Tests disabled, but advapi32-Revert_DACL depends on that."
fi
enable_advapi32_ACL_Tests=1
fi
if test "$enable_advapi32_ACL_Tests" -eq 1; then
if test "$enable_server_Stored_ACLs" -gt 1; then
abort "Patchset server-Stored_ACLs disabled, but advapi32-Revert_DACL depends on that."
abort "Patchset server-Stored_ACLs disabled, but advapi32-ACL_Tests depends on that."
fi
enable_server_Stored_ACLs=1
fi
@ -1420,6 +1431,22 @@ if test "$enable_server_Stored_ACLs" -eq 1; then
) >> "$patchlist"
fi
# Patchset advapi32-ACL_Tests
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, include/winnt.h
# |
if test "$enable_advapi32_ACL_Tests" -eq 1; then
patch_apply advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch
patch_apply advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch
patch_apply advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch
(
echo '+ { "Erich E. Hoover", "advapi32/tests: Add tests for inheriting ACL attributes.", 1 },';
echo '+ { "Sebastian Lackner", "advapi32/tests: Repeat ACL inheritance tests for NtCreateFile.", 1 },';
echo '+ { "Erich E. Hoover", "advapi32/tests: Add tests for PROTECTED_DACL_SECURITY_INFORMATION.", 1 },';
) >> "$patchlist"
fi
# Patchset advapi32-Revert_DACL
# |
# | Modified files:
@ -1999,6 +2026,21 @@ if test "$enable_wined3d_CSMT_Helper" -eq 1; then
) >> "$patchlist"
fi
# Patchset wined3d-Multisampling
# |
# | This patchset fixes the following Wine bugs:
# | * [#12652] Allow to override number of quality levels for D3DMULTISAMPLE_NONMASKABLE.
# |
# | Modified files:
# | * dlls/wined3d/directx.c, dlls/wined3d/wined3d_main.c, dlls/wined3d/wined3d_private.h
# |
if test "$enable_wined3d_Multisampling" -eq 1; then
patch_apply wined3d-Multisampling/0001-wined3d-Allow-to-specify-multisampling-AA-quality-le.patch
(
echo '+ { "Austin English", "wined3d: Allow to specify multisampling AA quality levels via registry.", 1 },';
) >> "$patchlist"
fi
# Patchset wined3d-Revert_PixelFormat
# |
# | This patchset fixes the following Wine bugs:
@ -2045,21 +2087,6 @@ if test "$enable_wined3d_UnhandledBlendFactor" -eq 1; then
) >> "$patchlist"
fi
# Patchset wined3d-Multisampling
# |
# | This patchset fixes the following Wine bugs:
# | * [#12652] Allow to override number of quality levels for D3DMULTISAMPLE_NONMASKABLE.
# |
# | Modified files:
# | * dlls/wined3d/directx.c, dlls/wined3d/wined3d_main.c, dlls/wined3d/wined3d_private.h
# |
if test "$enable_wined3d_Multisampling" -eq 1; then
patch_apply wined3d-Multisampling/0001-wined3d-Allow-to-specify-multisampling-AA-quality-le.patch
(
echo '+ { "Austin English", "wined3d: Allow to specify multisampling AA quality levels via registry.", 1 },';
) >> "$patchlist"
fi
# Patchset wined3d-CSMT_Main
# |
# | This patchset fixes the following Wine bugs:
@ -3720,7 +3747,7 @@ fi
# | * [#34406] Support for inherited file ACLs
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, include/winnt.h, server/fd.c, server/file.c, server/file.h
# | * dlls/advapi32/tests/security.c, server/fd.c, server/file.c, server/file.h
# |
if test "$enable_server_Inherited_ACLs" -eq 1; then
patch_apply server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch
@ -3795,6 +3822,21 @@ if test "$enable_server_CreateProcess_ACLs" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-OpenProcess
# |
# | This patchset fixes the following Wine bugs:
# | * [#37087] Return an error when trying to open a terminated process
# |
# | Modified files:
# | * server/process.c, server/process.h
# |
if test "$enable_server_OpenProcess" -eq 1; then
patch_apply server-OpenProcess/0001-server-Return-error-when-opening-a-terminating-proce.patch
(
echo '+ { "Michael Müller", "server: Return error when opening a terminating process.", 3 },';
) >> "$patchlist"
fi
# Patchset server-Misc_ACL
# |
# | This patchset fixes the following Wine bugs:
@ -3812,21 +3854,6 @@ if test "$enable_server_Misc_ACL" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-OpenProcess
# |
# | This patchset fixes the following Wine bugs:
# | * [#37087] Return an error when trying to open a terminated process
# |
# | Modified files:
# | * server/process.c, server/process.h
# |
if test "$enable_server_OpenProcess" -eq 1; then
patch_apply server-OpenProcess/0001-server-Return-error-when-opening-a-terminating-proce.patch
(
echo '+ { "Michael Müller", "server: Return error when opening a terminating process.", 3 },';
) >> "$patchlist"
fi
# Patchset server-JobObjects
# |
# | This patchset fixes the following Wine bugs:

123
patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch
View File

@ -1,75 +1,74 @@
From 342e7b54a72ca30753ee0b7e2651582574869887 Mon Sep 17 00:00:00 2001
From bab9a36e823c7d0227bcc72d691eac90a5ff405d Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 14:08:36 -0600
Subject: server: Inherit security attributes from parent directories on
creation. (try 7)
---
dlls/advapi32/tests/security.c | 40 +++++++++++-
dlls/advapi32/tests/security.c | 10 ---
server/file.c | 137 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 176 insertions(+), 1 deletion(-)
2 files changed, 137 insertions(+), 10 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index df6f8ca..b2f6052 100644
index f98bf2b..8eed015 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3116,10 +3116,11 @@ static void test_CreateDirectoryA(void)
ACL_SIZE_INFORMATION acl_size;
ACCESS_ALLOWED_ACE *ace;
SECURITY_ATTRIBUTES sa;
+ char tmpfile[MAX_PATH];
char tmpdir[MAX_PATH];
+ HANDLE token, hTemp;
struct _SID *owner;
BOOL bret = TRUE;
- HANDLE token;
DWORD error;
PACL pDacl;
@@ -3212,6 +3213,43 @@ static void test_CreateDirectoryA(void)
}
LocalFree(pSD);
+ /* Test inheritance of ACLs */
+ strcpy(tmpfile, tmpdir);
+ lstrcatA(tmpfile, "/tmpfile");
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_NEW,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
+ NULL, &pDacl, NULL, &pSD);
+ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
+ acl_size.AceCount);
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ ok(bret, "Inherited Current User ACE != Current User SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ CloseHandle(hTemp);
+
done:
HeapFree(GetProcessHeap(), 0, user);
bret = RemoveDirectoryA(tmpdir);
@@ -3230,7 +3230,6 @@ static void test_CreateDirectoryA(void)
ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
ok(bret, "GetAclInformation failed\n");
- todo_wine
ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
acl_size.AceCount);
if (acl_size.AceCount > 0)
@@ -3238,9 +3237,7 @@ static void test_CreateDirectoryA(void)
bret = pGetAce(pDacl, 0, (VOID **)&ace);
ok(bret, "Inherited Failed to get Current User ACE.\n");
bret = EqualSid(&ace->SidStart, user_sid);
- todo_wine
ok(bret, "Inherited Current User ACE != Current User SID.\n");
- todo_wine
ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
"Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
@@ -3251,9 +3248,7 @@ static void test_CreateDirectoryA(void)
bret = pGetAce(pDacl, 1, (VOID **)&ace);
ok(bret, "Inherited Failed to get Administators Group ACE.\n");
bret = EqualSid(&ace->SidStart, admin_sid);
- todo_wine
ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
- todo_wine
ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
"Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
@@ -3282,7 +3277,6 @@ static void test_CreateDirectoryA(void)
ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
ok(bret, "GetAclInformation failed\n");
- todo_wine
ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
acl_size.AceCount);
if (acl_size.AceCount > 0)
@@ -3290,9 +3284,7 @@ static void test_CreateDirectoryA(void)
bret = pGetAce(pDacl, 0, (VOID **)&ace);
ok(bret, "Inherited Failed to get Current User ACE.\n");
bret = EqualSid(&ace->SidStart, user_sid);
- todo_wine
ok(bret, "Inherited Current User ACE != Current User SID.\n");
- todo_wine
ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
"Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
@@ -3303,9 +3295,7 @@ static void test_CreateDirectoryA(void)
bret = pGetAce(pDacl, 1, (VOID **)&ace);
ok(bret, "Inherited Failed to get Administators Group ACE.\n");
bret = EqualSid(&ace->SidStart, admin_sid);
- todo_wine
ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
- todo_wine
ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
"Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
diff --git a/server/file.c b/server/file.c
index 09b7811..188e352 100644
--- a/server/file.c
@ -245,5 +244,5 @@ index 09b7811..188e352 100644
return obj;
}
--
2.3.2
2.3.3

128
patches/server-Inherited_ACLs/0002-server-Inherit-security-attributes-from-parent-direc.patch
View File

@ -1,119 +1,15 @@
From cf51d788cce57b6c5f99bfc15e81790fb5d449c4 Mon Sep 17 00:00:00 2001
From 72d852c01753120da3503f97dc1b9ab7d7c4d8f9 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 14:10:49 -0600
Subject: server: Inherit security attributes from parent directories on
SetSecurityInfo. (try 7)
---
dlls/advapi32/tests/security.c | 68 +++++++++++++++++++++
include/winnt.h | 7 ++-
server/fd.c | 13 +++-
server/file.c | 133 +++++++++++++++++++++++++++++++++++++++--
server/file.h | 1 +
5 files changed, 213 insertions(+), 9 deletions(-)
server/fd.c | 13 +++++-
server/file.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
server/file.h | 1 +
3 files changed, 141 insertions(+), 6 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 3e88c2e..952d001 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3440,6 +3440,74 @@ static void test_GetNamedSecurityInfoA(void)
"Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
}
LocalFree(pSD);
+ CloseHandle(hTemp);
+
+ /* Create security descriptor with no inheritance and test that it comes back the same */
+ pSD = &sd;
+ pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
+ InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
+ pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
+ bret = InitializeAcl(pDacl, 100, ACL_REVISION);
+ ok(bret, "Failed to initialize ACL.\n");
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
+ ok(bret, "Failed to add Current User to ACL.\n");
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, admin_sid);
+ ok(bret, "Failed to add Administrator Group to ACL.\n");
+ bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+ ok(bret, "Failed to add ACL to security desciptor.\n");
+ GetTempFileNameA(".", "foo", 0, tmpfile);
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ SetLastError(0xdeadbeef);
+ error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION,
+ NULL, NULL, pDacl, NULL);
+ HeapFree(GetProcessHeap(), 0, pDacl);
+ if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED))
+ {
+ win_skip("SetNamedSecurityInfoA is not implemented\n");
+ HeapFree(GetProcessHeap(), 0, user);
+ CloseHandle(hTemp);
+ return;
+ }
+ ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error);
+ SetLastError(0xdeadbeef);
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
+ NULL, NULL, &pDacl, NULL, &pSD);
+ if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED))
+ {
+ win_skip("GetNamedSecurityInfoA is not implemented\n");
+ HeapFree(GetProcessHeap(), 0, user);
+ CloseHandle(hTemp);
+ return;
+ }
+ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ ok(bret, "Current User ACE != Current User SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == 0,
+ "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ ok(bret || broken(!bret) /* win2k */, "Administators Group ACE != Administators Group SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == 0,
+ "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */,
+ "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
+ }
+ LocalFree(pSD);
HeapFree(GetProcessHeap(), 0, user);
CloseHandle(hTemp);
diff --git a/include/winnt.h b/include/winnt.h
index 709a93f..63882bb 100644
--- a/include/winnt.h
+++ b/include/winnt.h
@@ -5078,14 +5078,15 @@ typedef struct _TAPE_GET_MEDIA_PARAMETERS {
BOOLEAN WriteProtected;
} TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS;
-/* ----------------------------- begin registry ----------------------------- */
-
-/* Registry security values */
#define OWNER_SECURITY_INFORMATION 0x00000001
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
+#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
+/* ----------------------------- begin registry ----------------------------- */
+
+/* Registry security values */
#define REG_OPTION_RESERVED 0x00000000
#define REG_OPTION_NON_VOLATILE 0x00000000
#define REG_OPTION_VOLATILE 0x00000001
diff --git a/server/fd.c b/server/fd.c
index e3b722c..e6ec90a 100644
--- a/server/fd.c
@ -146,10 +42,10 @@ index e3b722c..e6ec90a 100644
if (orig->inode)
diff --git a/server/file.c b/server/file.c
index 431b8a1..a5d2de3 100644
index 188e352..146ea68 100644
--- a/server/file.c
+++ b/server/file.c
@@ -329,6 +329,106 @@ struct security_descriptor *inherit_sd( const struct security_descriptor *parent
@@ -333,6 +333,106 @@ struct security_descriptor *inherit_sd( const struct security_descriptor *parent
return sd;
}
@ -256,7 +152,7 @@ index 431b8a1..a5d2de3 100644
static struct security_descriptor *file_get_parent_sd( struct fd *root, const char *child_name,
int child_len, int is_dir )
{
@@ -800,20 +900,41 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
@@ -805,20 +905,41 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
int set_file_sd( struct object *obj, struct fd *fd, const struct security_descriptor *sd,
unsigned int set_info )
{
@ -299,7 +195,7 @@ index 431b8a1..a5d2de3 100644
}
if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) ))
{
@@ -831,7 +952,8 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
@@ -836,7 +957,8 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
if (!group)
{
set_error( STATUS_INVALID_SECURITY_DESCR );
@ -309,7 +205,7 @@ index 431b8a1..a5d2de3 100644
}
if (!obj->sd || !security_equal_sid( group, sd_get_group( obj->sd ) ))
{
@@ -856,10 +978,13 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
@@ -861,10 +983,13 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
if (((st.st_mode ^ mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, mode ) == -1)
{
file_set_error();
@ -326,7 +222,7 @@ index 431b8a1..a5d2de3 100644
static int file_set_sd( struct object *obj, const struct security_descriptor *sd,
diff --git a/server/file.h b/server/file.h
index be25fb6..b43f329 100644
index e15fa2a..00bfa7a 100644
--- a/server/file.h
+++ b/server/file.h
@@ -79,6 +79,7 @@ extern void allow_fd_caching( struct fd *fd );
@ -338,5 +234,5 @@ index be25fb6..b43f329 100644
extern unsigned int default_fd_map_access( struct object *obj, unsigned int access );
extern int default_fd_get_poll_events( struct fd *fd );
--
2.1.0
2.3.3