diff --git a/patches/advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch b/patches/advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch new file mode 100644 index 00000000..fd78a639 --- /dev/null +++ b/patches/advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch @@ -0,0 +1,78 @@ +From 55f59fd8586738ecb5afde3ec09d2216e2563c54 Mon Sep 17 00:00:00 2001 +From: "Erich E. Hoover" +Date: Fri, 18 Apr 2014 14:08:36 -0600 +Subject: advapi32/tests: Add tests for inheriting ACL attributes. + +--- + dlls/advapi32/tests/security.c | 45 +++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 44 insertions(+), 1 deletion(-) + +diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c +index c256753..9e44a35 100644 +--- a/dlls/advapi32/tests/security.c ++++ b/dlls/advapi32/tests/security.c +@@ -3118,10 +3118,11 @@ static void test_CreateDirectoryA(void) + ACL_SIZE_INFORMATION acl_size; + ACCESS_ALLOWED_ACE *ace; + SECURITY_ATTRIBUTES sa; ++ char tmpfile[MAX_PATH]; + char tmpdir[MAX_PATH]; ++ HANDLE token, hTemp; + struct _SID *owner; + BOOL bret = TRUE; +- HANDLE token; + DWORD error; + PACL pDacl; + +@@ -3214,6 +3215,48 @@ static void test_CreateDirectoryA(void) + } + LocalFree(pSD); + ++ /* Test inheritance of ACLs */ ++ strcpy(tmpfile, tmpdir); ++ lstrcatA(tmpfile, "/tmpfile"); ++ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_NEW, ++ FILE_FLAG_DELETE_ON_CLOSE, NULL); ++ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, ++ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner, ++ NULL, &pDacl, NULL, &pSD); ++ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n"); ++ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); ++ ok(bret, "GetAclInformation failed\n"); ++ todo_wine ++ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n", ++ acl_size.AceCount); ++ if (acl_size.AceCount > 0) ++ { ++ bret = pGetAce(pDacl, 0, (VOID **)&ace); ++ ok(bret, "Inherited Failed to get Current User ACE.\n"); ++ bret = EqualSid(&ace->SidStart, user_sid); ++ todo_wine ++ ok(bret, "Inherited Current User ACE != Current User SID.\n"); ++ todo_wine ++ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, ++ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); ++ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", ++ ace->Mask); ++ } ++ if (acl_size.AceCount > 1) ++ { ++ bret = pGetAce(pDacl, 1, (VOID **)&ace); ++ ok(bret, "Inherited Failed to get Administators Group ACE.\n"); ++ bret = EqualSid(&ace->SidStart, admin_sid); ++ todo_wine ++ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n"); ++ todo_wine ++ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, ++ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); ++ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ++ ace->Mask); ++ } ++ CloseHandle(hTemp); ++ + done: + HeapFree(GetProcessHeap(), 0, user); + bret = RemoveDirectoryA(tmpdir); +-- +2.3.3 + diff --git a/patches/advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch b/patches/advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch new file mode 100644 index 00000000..be049817 --- /dev/null +++ b/patches/advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch @@ -0,0 +1,176 @@ +From 0a2fa63085713b6e9a05bb8094fd375370e3b7d9 Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Mon, 30 Mar 2015 06:19:39 +0200 +Subject: advapi32/tests: Repeat ACL inheritance tests for NtCreateFile. + +--- + dlls/advapi32/tests/security.c | 104 ++++++++++++++++++++++++++++++++--------- + 1 file changed, 81 insertions(+), 23 deletions(-) + +diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c +index 9e44a35..7769d74 100644 +--- a/dlls/advapi32/tests/security.c ++++ b/dlls/advapi32/tests/security.c +@@ -27,6 +27,7 @@ + #include "windef.h" + #include "winbase.h" + #include "winerror.h" ++#include "winternl.h" + #include "aclapi.h" + #include "winnt.h" + #include "sddl.h" +@@ -59,29 +60,6 @@ + #define THREAD_ALL_ACCESS_NT4 (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff) + #define THREAD_ALL_ACCESS_VISTA (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff) + +-/* copied from Wine winternl.h - not included in the Windows SDK */ +-typedef enum _OBJECT_INFORMATION_CLASS { +- ObjectBasicInformation, +- ObjectNameInformation, +- ObjectTypeInformation, +- ObjectAllInformation, +- ObjectDataInformation +-} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS; +- +-typedef struct _OBJECT_BASIC_INFORMATION { +- ULONG Attributes; +- ACCESS_MASK GrantedAccess; +- ULONG HandleCount; +- ULONG PointerCount; +- ULONG PagedPoolUsage; +- ULONG NonPagedPoolUsage; +- ULONG Reserved[3]; +- ULONG NameInformationLength; +- ULONG TypeInformationLength; +- ULONG SecurityDescriptorLength; +- LARGE_INTEGER CreateTime; +-} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; +- + #define expect_eq(expr, value, type, format) { type ret_ = expr; ok((value) == ret_, #expr " expected " format " got " format "\n", (value), (ret_)); } + + static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL, DWORD, DWORD, DWORD, PSID); +@@ -148,6 +126,9 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR + static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS); + static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*); + static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR); ++static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG); ++static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*); ++static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN); + + static HMODULE hmod; + static int myARGC; +@@ -175,6 +156,9 @@ static void init(void) + pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" ); + pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" ); + pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject"); ++ pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile"); ++ pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U"); ++ pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString"); + + hmod = GetModuleHandleA("advapi32.dll"); + pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx"); +@@ -3108,6 +3092,24 @@ static void test_SetEntriesInAclA(void) + HeapFree(GetProcessHeap(), 0, OldAcl); + } + ++/* helper function for test_CreateDirectoryA */ ++static void get_nt_pathW(const char *name, UNICODE_STRING *nameW) ++{ ++ UNICODE_STRING strW; ++ ANSI_STRING str; ++ NTSTATUS status; ++ BOOLEAN ret; ++ RtlInitAnsiString(&str, name); ++ ++ status = pRtlAnsiStringToUnicodeString(&strW, &str, TRUE); ++ ok(!status, "RtlAnsiStringToUnicodeString failed with %08x\n", status); ++ ++ ret = pRtlDosPathNameToNtPathName_U(strW.Buffer, nameW, NULL, NULL); ++ ok(ret, "RtlDosPathNameToNtPathName_U failed\n"); ++ ++ RtlFreeUnicodeString(&strW); ++} ++ + static void test_CreateDirectoryA(void) + { + char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user; +@@ -3116,13 +3118,17 @@ static void test_CreateDirectoryA(void) + char sd[SECURITY_DESCRIPTOR_MIN_LENGTH]; + PSECURITY_DESCRIPTOR pSD = &sd; + ACL_SIZE_INFORMATION acl_size; ++ UNICODE_STRING tmpfileW; + ACCESS_ALLOWED_ACE *ace; + SECURITY_ATTRIBUTES sa; ++ OBJECT_ATTRIBUTES attr; + char tmpfile[MAX_PATH]; + char tmpdir[MAX_PATH]; + HANDLE token, hTemp; ++ IO_STATUS_BLOCK io; + struct _SID *owner; + BOOL bret = TRUE; ++ NTSTATUS status; + DWORD error; + PACL pDacl; + +@@ -3257,6 +3263,58 @@ static void test_CreateDirectoryA(void) + } + CloseHandle(hTemp); + ++ /* Repeat the same test with ntdll functions */ ++ strcpy(tmpfile, tmpdir); ++ lstrcatA(tmpfile, "/tmpfile"); ++ get_nt_pathW(tmpfile, &tmpfileW); ++ attr.Length = sizeof(attr); ++ attr.RootDirectory = 0; ++ attr.ObjectName = &tmpfileW; ++ attr.Attributes = OBJ_CASE_INSENSITIVE; ++ attr.SecurityDescriptor = NULL; ++ attr.SecurityQualityOfService = NULL; ++ status = pNtCreateFile(&hTemp, GENERIC_WRITE | DELETE, &attr, &io, NULL, 0, FILE_SHARE_READ, ++ FILE_CREATE, FILE_DELETE_ON_CLOSE, NULL, 0); ++ ok(!status, "NtCreateFile failed with %08x\n", status); ++ RtlFreeUnicodeString(&tmpfileW); ++ ++ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, ++ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner, ++ NULL, &pDacl, NULL, &pSD); ++ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n"); ++ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); ++ ok(bret, "GetAclInformation failed\n"); ++ todo_wine ++ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n", ++ acl_size.AceCount); ++ if (acl_size.AceCount > 0) ++ { ++ bret = pGetAce(pDacl, 0, (VOID **)&ace); ++ ok(bret, "Inherited Failed to get Current User ACE.\n"); ++ bret = EqualSid(&ace->SidStart, user_sid); ++ todo_wine ++ ok(bret, "Inherited Current User ACE != Current User SID.\n"); ++ todo_wine ++ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, ++ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); ++ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", ++ ace->Mask); ++ } ++ if (acl_size.AceCount > 1) ++ { ++ bret = pGetAce(pDacl, 1, (VOID **)&ace); ++ ok(bret, "Inherited Failed to get Administators Group ACE.\n"); ++ bret = EqualSid(&ace->SidStart, admin_sid); ++ todo_wine ++ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n"); ++ todo_wine ++ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, ++ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); ++ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ++ ace->Mask); ++ } ++ CloseHandle(hTemp); ++ + done: + HeapFree(GetProcessHeap(), 0, user); + bret = RemoveDirectoryA(tmpdir); +-- +2.3.3 + diff --git a/patches/advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch b/patches/advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch new file mode 100644 index 00000000..36f86ce9 --- /dev/null +++ b/patches/advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch @@ -0,0 +1,101 @@ +From 0e7514bba4464a3a7ed1f85b0fd69de93a7018d4 Mon Sep 17 00:00:00 2001 +From: "Erich E. Hoover" +Date: Fri, 18 Apr 2014 14:10:49 -0600 +Subject: advapi32/tests: Add tests for PROTECTED_DACL_SECURITY_INFORMATION. + +--- + dlls/advapi32/tests/security.c | 54 ++++++++++++++++++++++++++++++++++++++++++ + include/winnt.h | 7 +++--- + 2 files changed, 58 insertions(+), 3 deletions(-) + +diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c +index 7769d74..0259b63 100644 +--- a/dlls/advapi32/tests/security.c ++++ b/dlls/advapi32/tests/security.c +@@ -3604,6 +3604,60 @@ static void test_GetNamedSecurityInfoA(void) + HeapFree(GetProcessHeap(), 0, user); + CloseHandle(hTemp); + ++ /* Create security descriptor with no inheritance and test that it comes back the same */ ++ pSD = &sd; ++ pDacl = HeapAlloc(GetProcessHeap(), 0, 100); ++ InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION); ++ pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size); ++ bret = InitializeAcl(pDacl, 100, ACL_REVISION); ++ ok(bret, "Failed to initialize ACL.\n"); ++ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid); ++ ok(bret, "Failed to add Current User to ACL.\n"); ++ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, admin_sid); ++ ok(bret, "Failed to add Administrator Group to ACL.\n"); ++ bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE); ++ ok(bret, "Failed to add ACL to security desciptor.\n"); ++ GetTempFileNameA(".", "foo", 0, tmpfile); ++ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, ++ FILE_FLAG_DELETE_ON_CLOSE, NULL); ++ error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, ++ DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION, ++ NULL, NULL, pDacl, NULL); ++ HeapFree(GetProcessHeap(), 0, pDacl); ++ ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error); ++ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, ++ NULL, NULL, &pDacl, NULL, &pSD); ++ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error); ++ ++ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); ++ ok(bret, "GetAclInformation failed\n"); ++ if (acl_size.AceCount > 0) ++ { ++ bret = pGetAce(pDacl, 0, (VOID **)&ace); ++ ok(bret, "Failed to get Current User ACE.\n"); ++ bret = EqualSid(&ace->SidStart, user_sid); ++ todo_wine ++ ok(bret, "Current User ACE != Current User SID.\n"); ++ ok(((ACE_HEADER *)ace)->AceFlags == 0, ++ "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); ++ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", ++ ace->Mask); ++ } ++ if (acl_size.AceCount > 1) ++ { ++ bret = pGetAce(pDacl, 1, (VOID **)&ace); ++ ok(bret, "Failed to get Administators Group ACE.\n"); ++ bret = EqualSid(&ace->SidStart, admin_sid); ++ ok(bret || broken(!bret) /* win2k */, "Administators Group ACE != Administators Group SID.\n"); ++ ok(((ACE_HEADER *)ace)->AceFlags == 0, ++ "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); ++ ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */, ++ "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask); ++ } ++ LocalFree(pSD); ++ HeapFree(GetProcessHeap(), 0, pDacl); ++ CloseHandle(hTemp); ++ + /* Test querying the ownership of a built-in registry key */ + sid_size = sizeof(system_ptr); + pCreateWellKnownSid(WinLocalSystemSid, NULL, system_sid, &sid_size); +diff --git a/include/winnt.h b/include/winnt.h +index 4b06b2c..d575884 100644 +--- a/include/winnt.h ++++ b/include/winnt.h +@@ -5078,14 +5078,15 @@ typedef struct _TAPE_GET_MEDIA_PARAMETERS { + BOOLEAN WriteProtected; + } TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS; + +-/* ----------------------------- begin registry ----------------------------- */ +- +-/* Registry security values */ + #define OWNER_SECURITY_INFORMATION 0x00000001 + #define GROUP_SECURITY_INFORMATION 0x00000002 + #define DACL_SECURITY_INFORMATION 0x00000004 + #define SACL_SECURITY_INFORMATION 0x00000008 ++#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 + ++/* ----------------------------- begin registry ----------------------------- */ ++ ++/* Registry security values */ + #define REG_OPTION_RESERVED 0x00000000 + #define REG_OPTION_NON_VOLATILE 0x00000000 + #define REG_OPTION_VOLATILE 0x00000001 +-- +2.3.3 + diff --git a/patches/advapi32-ACL_Tests/definition b/patches/advapi32-ACL_Tests/definition new file mode 100644 index 00000000..379940dd --- /dev/null +++ b/patches/advapi32-ACL_Tests/definition @@ -0,0 +1 @@ +Depends: server-Stored_ACLs diff --git a/patches/advapi32-Revert_DACL/0001-Revert-advapi32-Add-DACL-inheritance-support-in-SetS.patch b/patches/advapi32-Revert_DACL/0001-Revert-advapi32-Add-DACL-inheritance-support-in-SetS.patch index 9f66b656..a4fc3bdc 100644 --- a/patches/advapi32-Revert_DACL/0001-Revert-advapi32-Add-DACL-inheritance-support-in-SetS.patch +++ b/patches/advapi32-Revert_DACL/0001-Revert-advapi32-Add-DACL-inheritance-support-in-SetS.patch @@ -1,4 +1,4 @@ -From 4cf7d2d6cdb9836ef549bcb5fcb1764e587ff01f Mon Sep 17 00:00:00 2001 +From d134911c9e25467a2aad8b783cbd12e29c2a4874 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 27 Mar 2015 15:32:04 +0100 Subject: Revert "advapi32: Add DACL inheritance support in SetSecurityInfo." @@ -172,10 +172,10 @@ index 71a8c92..e8cdcc5 100644 } diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index c256753..c0d518f 100644 +index 0259b63..a2e4c98 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -3416,22 +3416,25 @@ static void test_GetNamedSecurityInfoA(void) +@@ -3517,22 +3517,25 @@ static void test_GetNamedSecurityInfoA(void) error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pDacl, NULL, &pSD); @@ -211,7 +211,7 @@ index c256753..c0d518f 100644 CloseHandle(h); /* NtSetSecurityObject doesn't inherit DACL entries */ -@@ -4147,7 +4150,7 @@ static void test_GetSecurityInfo(void) +@@ -4302,7 +4305,7 @@ static void test_GetSecurityInfo(void) bret = pGetAce(pDacl, 0, (VOID **)&ace); ok(bret, "Failed to get Current User ACE.\n"); bret = EqualSid(&ace->SidStart, user_sid); @@ -220,7 +220,7 @@ index c256753..c0d518f 100644 ok(((ACE_HEADER *)ace)->AceFlags == 0, "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", -@@ -4158,7 +4161,7 @@ static void test_GetSecurityInfo(void) +@@ -4313,7 +4316,7 @@ static void test_GetSecurityInfo(void) bret = pGetAce(pDacl, 1, (VOID **)&ace); ok(bret, "Failed to get Administators Group ACE.\n"); bret = EqualSid(&ace->SidStart, admin_sid); diff --git a/patches/advapi32-Revert_DACL/0002-Revert-advapi32-tests-Add-test-for-mapping-DACL-to-p.patch b/patches/advapi32-Revert_DACL/0002-Revert-advapi32-tests-Add-test-for-mapping-DACL-to-p.patch index b108015b..49394f4e 100644 --- a/patches/advapi32-Revert_DACL/0002-Revert-advapi32-tests-Add-test-for-mapping-DACL-to-p.patch +++ b/patches/advapi32-Revert_DACL/0002-Revert-advapi32-tests-Add-test-for-mapping-DACL-to-p.patch @@ -1,4 +1,4 @@ -From 0a8954d7ed5e57340ab6b6234fb3bdfe498fb69e Mon Sep 17 00:00:00 2001 +From d93bcd18c978d0d316c0c19a65d07f3d782479c4 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 27 Mar 2015 15:32:17 +0100 Subject: Revert "advapi32/tests: Add test for mapping DACL to permission." @@ -9,10 +9,10 @@ This reverts commit a4b12eb9f937202848b229ed15f2c7d1823b41da. 1 file changed, 2 insertions(+), 33 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index 6d3f9ac..dbe52b0 100644 +index a2e4c98..c3884bf 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -3405,6 +3405,7 @@ static void test_GetNamedSecurityInfoA(void) +@@ -3505,6 +3505,7 @@ static void test_GetNamedSecurityInfoA(void) "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask); } LocalFree(pSD); @@ -20,7 +20,7 @@ index 6d3f9ac..dbe52b0 100644 /* show that setting empty DACL is not removing all file permissions */ pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL)); -@@ -3441,7 +3442,7 @@ static void test_GetNamedSecurityInfoA(void) +@@ -3541,7 +3542,7 @@ static void test_GetNamedSecurityInfoA(void) /* NtSetSecurityObject doesn't inherit DACL entries */ pSD = sd+sizeof(void*)-((ULONG_PTR)sd)%sizeof(void*); InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION); @@ -29,7 +29,7 @@ index 6d3f9ac..dbe52b0 100644 bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION); ok(bret, "Failed to initialize ACL.\n"); bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE); -@@ -3472,39 +3473,7 @@ static void test_GetNamedSecurityInfoA(void) +@@ -3572,39 +3573,7 @@ static void test_GetNamedSecurityInfoA(void) NULL, OPEN_EXISTING, 0, NULL); ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError()); CloseHandle(h); @@ -68,7 +68,7 @@ index 6d3f9ac..dbe52b0 100644 - HeapFree(GetProcessHeap(), 0, user); CloseHandle(hTemp); - /* Test querying the ownership of a built-in registry key */ + /* Create security descriptor with no inheritance and test that it comes back the same */ -- 2.3.3 diff --git a/patches/advapi32-Revert_DACL/0003-Revert-advapi32-Add-SetNamedSecurityInfo-test-with-e.patch b/patches/advapi32-Revert_DACL/0003-Revert-advapi32-Add-SetNamedSecurityInfo-test-with-e.patch index 7c048731..b26e996a 100644 --- a/patches/advapi32-Revert_DACL/0003-Revert-advapi32-Add-SetNamedSecurityInfo-test-with-e.patch +++ b/patches/advapi32-Revert_DACL/0003-Revert-advapi32-Add-SetNamedSecurityInfo-test-with-e.patch @@ -1,4 +1,4 @@ -From 99244514ca0c26e263e14d7fdf095083e4686166 Mon Sep 17 00:00:00 2001 +From 753dc1b6d8025271b487b4c4cc39a6f44a274cfd Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 27 Mar 2015 15:32:32 +0100 Subject: Revert "advapi32: Add SetNamedSecurityInfo test with empty DACL." @@ -9,26 +9,26 @@ This reverts commit 02c4f5bd275d70d1dcb48bf95775efa376b50c22. 1 file changed, 4 insertions(+), 75 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index dbe52b0..e3c1659 100644 +index c3884bf..f98bf2b 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -147,7 +147,6 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR +@@ -125,7 +125,6 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE); static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS); static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*); -static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR); - - static HMODULE hmod; - static int myARGC; -@@ -174,7 +173,6 @@ static void init(void) + static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG); + static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*); + static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN); +@@ -155,7 +154,6 @@ static void init(void) hntdll = GetModuleHandleA("ntdll.dll"); pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" ); pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" ); - pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject"); - - hmod = GetModuleHandleA("advapi32.dll"); - pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx"); -@@ -3231,7 +3229,7 @@ static void test_GetNamedSecurityInfoA(void) + pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile"); + pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U"); + pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString"); +@@ -3332,7 +3330,7 @@ static void test_GetNamedSecurityInfoA(void) char invalid_path[] = "/an invalid file path"; int users_ace_id = -1, admins_ace_id = -1, i; char software_key[] = "MACHINE\\Software"; @@ -37,7 +37,7 @@ index dbe52b0..e3c1659 100644 SECURITY_DESCRIPTOR_CONTROL control; ACL_SIZE_INFORMATION acl_size; CHAR windows_dir[MAX_PATH]; -@@ -3243,12 +3241,11 @@ static void test_GetNamedSecurityInfoA(void) +@@ -3344,12 +3342,11 @@ static void test_GetNamedSecurityInfoA(void) BOOL owner_defaulted; BOOL group_defaulted; BOOL dacl_defaulted; @@ -51,7 +51,7 @@ index dbe52b0..e3c1659 100644 if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid) { -@@ -3353,8 +3350,8 @@ static void test_GetNamedSecurityInfoA(void) +@@ -3454,8 +3451,8 @@ static void test_GetNamedSecurityInfoA(void) bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE); ok(bret, "Failed to add ACL to security desciptor.\n"); GetTempFileNameA(".", "foo", 0, tmpfile); @@ -62,7 +62,7 @@ index dbe52b0..e3c1659 100644 SetLastError(0xdeadbeef); error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); -@@ -3406,74 +3403,6 @@ static void test_GetNamedSecurityInfoA(void) +@@ -3506,74 +3503,6 @@ static void test_GetNamedSecurityInfoA(void) } LocalFree(pSD); HeapFree(GetProcessHeap(), 0, user); @@ -136,7 +136,7 @@ index dbe52b0..e3c1659 100644 - HeapFree(GetProcessHeap(), 0, pDacl); CloseHandle(hTemp); - /* Test querying the ownership of a built-in registry key */ + /* Create security descriptor with no inheritance and test that it comes back the same */ -- 2.3.3 diff --git a/patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch b/patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch index 3ec44204..4813a2d7 100644 --- a/patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch +++ b/patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch @@ -1,4 +1,4 @@ -From 6b421f438ddf208d025318671e81f123e6ca59a3 Mon Sep 17 00:00:00 2001 +From 815d8d20d0710dff782cb20cb286b32c23ee9f1e Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 27 Mar 2015 15:32:44 +0100 Subject: Revert "server: Make directory DACL entries inheritable." diff --git a/patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch b/patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch index 040d3018..b5ad7511 100644 --- a/patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch +++ b/patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch @@ -1,4 +1,4 @@ -From 394aefa9d53684678f645bac131735630d910e8b Mon Sep 17 00:00:00 2001 +From 1140e8684c3857c4ccb484cd8cd08c6fbe426066 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 27 Mar 2015 15:32:56 +0100 Subject: Revert "advapi: Don't use CreateFile when opening file with possibly diff --git a/patches/advapi32-Revert_DACL/definition b/patches/advapi32-Revert_DACL/definition index 379940dd..da85cdaf 100644 --- a/patches/advapi32-Revert_DACL/definition +++ b/patches/advapi32-Revert_DACL/definition @@ -1 +1 @@ -Depends: server-Stored_ACLs +Depends: advapi32-ACL_Tests diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 275fac4b..3b36c3fa 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -66,6 +66,7 @@ patch_enable_all () enable_Miscellaneous="$1" enable_Pipelight="$1" enable_Staging="$1" + enable_advapi32_ACL_Tests="$1" enable_advapi32_Revert_DACL="$1" enable_browseui_Progress_Dialog="$1" enable_combase_String="$1" @@ -260,6 +261,9 @@ patch_enable () Staging) enable_Staging="$2" ;; + advapi32-ACL_Tests) + enable_advapi32_ACL_Tests="$2" + ;; advapi32-Revert_DACL) enable_advapi32_Revert_DACL="$2" ;; @@ -1204,8 +1208,15 @@ if test "$enable_d3dx9_24_ID3DXEffect" -eq 1; then fi if test "$enable_advapi32_Revert_DACL" -eq 1; then + if test "$enable_advapi32_ACL_Tests" -gt 1; then + abort "Patchset advapi32-ACL_Tests disabled, but advapi32-Revert_DACL depends on that." + fi + enable_advapi32_ACL_Tests=1 +fi + +if test "$enable_advapi32_ACL_Tests" -eq 1; then if test "$enable_server_Stored_ACLs" -gt 1; then - abort "Patchset server-Stored_ACLs disabled, but advapi32-Revert_DACL depends on that." + abort "Patchset server-Stored_ACLs disabled, but advapi32-ACL_Tests depends on that." fi enable_server_Stored_ACLs=1 fi @@ -1420,6 +1431,22 @@ if test "$enable_server_Stored_ACLs" -eq 1; then ) >> "$patchlist" fi +# Patchset advapi32-ACL_Tests +# | +# | Modified files: +# | * dlls/advapi32/tests/security.c, include/winnt.h +# | +if test "$enable_advapi32_ACL_Tests" -eq 1; then + patch_apply advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch + patch_apply advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch + patch_apply advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch + ( + echo '+ { "Erich E. Hoover", "advapi32/tests: Add tests for inheriting ACL attributes.", 1 },'; + echo '+ { "Sebastian Lackner", "advapi32/tests: Repeat ACL inheritance tests for NtCreateFile.", 1 },'; + echo '+ { "Erich E. Hoover", "advapi32/tests: Add tests for PROTECTED_DACL_SECURITY_INFORMATION.", 1 },'; + ) >> "$patchlist" +fi + # Patchset advapi32-Revert_DACL # | # | Modified files: @@ -1999,6 +2026,21 @@ if test "$enable_wined3d_CSMT_Helper" -eq 1; then ) >> "$patchlist" fi +# Patchset wined3d-Multisampling +# | +# | This patchset fixes the following Wine bugs: +# | * [#12652] Allow to override number of quality levels for D3DMULTISAMPLE_NONMASKABLE. +# | +# | Modified files: +# | * dlls/wined3d/directx.c, dlls/wined3d/wined3d_main.c, dlls/wined3d/wined3d_private.h +# | +if test "$enable_wined3d_Multisampling" -eq 1; then + patch_apply wined3d-Multisampling/0001-wined3d-Allow-to-specify-multisampling-AA-quality-le.patch + ( + echo '+ { "Austin English", "wined3d: Allow to specify multisampling AA quality levels via registry.", 1 },'; + ) >> "$patchlist" +fi + # Patchset wined3d-Revert_PixelFormat # | # | This patchset fixes the following Wine bugs: @@ -2045,21 +2087,6 @@ if test "$enable_wined3d_UnhandledBlendFactor" -eq 1; then ) >> "$patchlist" fi -# Patchset wined3d-Multisampling -# | -# | This patchset fixes the following Wine bugs: -# | * [#12652] Allow to override number of quality levels for D3DMULTISAMPLE_NONMASKABLE. -# | -# | Modified files: -# | * dlls/wined3d/directx.c, dlls/wined3d/wined3d_main.c, dlls/wined3d/wined3d_private.h -# | -if test "$enable_wined3d_Multisampling" -eq 1; then - patch_apply wined3d-Multisampling/0001-wined3d-Allow-to-specify-multisampling-AA-quality-le.patch - ( - echo '+ { "Austin English", "wined3d: Allow to specify multisampling AA quality levels via registry.", 1 },'; - ) >> "$patchlist" -fi - # Patchset wined3d-CSMT_Main # | # | This patchset fixes the following Wine bugs: @@ -3720,7 +3747,7 @@ fi # | * [#34406] Support for inherited file ACLs # | # | Modified files: -# | * dlls/advapi32/tests/security.c, include/winnt.h, server/fd.c, server/file.c, server/file.h +# | * dlls/advapi32/tests/security.c, server/fd.c, server/file.c, server/file.h # | if test "$enable_server_Inherited_ACLs" -eq 1; then patch_apply server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch @@ -3795,6 +3822,21 @@ if test "$enable_server_CreateProcess_ACLs" -eq 1; then ) >> "$patchlist" fi +# Patchset server-OpenProcess +# | +# | This patchset fixes the following Wine bugs: +# | * [#37087] Return an error when trying to open a terminated process +# | +# | Modified files: +# | * server/process.c, server/process.h +# | +if test "$enable_server_OpenProcess" -eq 1; then + patch_apply server-OpenProcess/0001-server-Return-error-when-opening-a-terminating-proce.patch + ( + echo '+ { "Michael Müller", "server: Return error when opening a terminating process.", 3 },'; + ) >> "$patchlist" +fi + # Patchset server-Misc_ACL # | # | This patchset fixes the following Wine bugs: @@ -3812,21 +3854,6 @@ if test "$enable_server_Misc_ACL" -eq 1; then ) >> "$patchlist" fi -# Patchset server-OpenProcess -# | -# | This patchset fixes the following Wine bugs: -# | * [#37087] Return an error when trying to open a terminated process -# | -# | Modified files: -# | * server/process.c, server/process.h -# | -if test "$enable_server_OpenProcess" -eq 1; then - patch_apply server-OpenProcess/0001-server-Return-error-when-opening-a-terminating-proce.patch - ( - echo '+ { "Michael Müller", "server: Return error when opening a terminating process.", 3 },'; - ) >> "$patchlist" -fi - # Patchset server-JobObjects # | # | This patchset fixes the following Wine bugs: diff --git a/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch b/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch index 008c8578..29a0fc41 100644 --- a/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch +++ b/patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch @@ -1,75 +1,74 @@ -From 342e7b54a72ca30753ee0b7e2651582574869887 Mon Sep 17 00:00:00 2001 +From bab9a36e823c7d0227bcc72d691eac90a5ff405d Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 14:08:36 -0600 Subject: server: Inherit security attributes from parent directories on creation. (try 7) --- - dlls/advapi32/tests/security.c | 40 +++++++++++- + dlls/advapi32/tests/security.c | 10 --- server/file.c | 137 +++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 176 insertions(+), 1 deletion(-) + 2 files changed, 137 insertions(+), 10 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index df6f8ca..b2f6052 100644 +index f98bf2b..8eed015 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -3116,10 +3116,11 @@ static void test_CreateDirectoryA(void) - ACL_SIZE_INFORMATION acl_size; - ACCESS_ALLOWED_ACE *ace; - SECURITY_ATTRIBUTES sa; -+ char tmpfile[MAX_PATH]; - char tmpdir[MAX_PATH]; -+ HANDLE token, hTemp; - struct _SID *owner; - BOOL bret = TRUE; -- HANDLE token; - DWORD error; - PACL pDacl; - -@@ -3212,6 +3213,43 @@ static void test_CreateDirectoryA(void) - } - LocalFree(pSD); - -+ /* Test inheritance of ACLs */ -+ strcpy(tmpfile, tmpdir); -+ lstrcatA(tmpfile, "/tmpfile"); -+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_NEW, -+ FILE_FLAG_DELETE_ON_CLOSE, NULL); -+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, -+ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner, -+ NULL, &pDacl, NULL, &pSD); -+ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n"); -+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); -+ ok(bret, "GetAclInformation failed\n"); -+ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n", -+ acl_size.AceCount); -+ if (acl_size.AceCount > 0) -+ { -+ bret = pGetAce(pDacl, 0, (VOID **)&ace); -+ ok(bret, "Inherited Failed to get Current User ACE.\n"); -+ bret = EqualSid(&ace->SidStart, user_sid); -+ ok(bret, "Inherited Current User ACE != Current User SID.\n"); -+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, -+ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); -+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", -+ ace->Mask); -+ } -+ if (acl_size.AceCount > 1) -+ { -+ bret = pGetAce(pDacl, 1, (VOID **)&ace); -+ ok(bret, "Inherited Failed to get Administators Group ACE.\n"); -+ bret = EqualSid(&ace->SidStart, admin_sid); -+ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n"); -+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, -+ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); -+ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", -+ ace->Mask); -+ } -+ CloseHandle(hTemp); -+ - done: - HeapFree(GetProcessHeap(), 0, user); - bret = RemoveDirectoryA(tmpdir); +@@ -3230,7 +3230,6 @@ static void test_CreateDirectoryA(void) + ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n"); + bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); + ok(bret, "GetAclInformation failed\n"); +- todo_wine + ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n", + acl_size.AceCount); + if (acl_size.AceCount > 0) +@@ -3238,9 +3237,7 @@ static void test_CreateDirectoryA(void) + bret = pGetAce(pDacl, 0, (VOID **)&ace); + ok(bret, "Inherited Failed to get Current User ACE.\n"); + bret = EqualSid(&ace->SidStart, user_sid); +- todo_wine + ok(bret, "Inherited Current User ACE != Current User SID.\n"); +- todo_wine + ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, + "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); + ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", +@@ -3251,9 +3248,7 @@ static void test_CreateDirectoryA(void) + bret = pGetAce(pDacl, 1, (VOID **)&ace); + ok(bret, "Inherited Failed to get Administators Group ACE.\n"); + bret = EqualSid(&ace->SidStart, admin_sid); +- todo_wine + ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n"); +- todo_wine + ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, + "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); + ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", +@@ -3282,7 +3277,6 @@ static void test_CreateDirectoryA(void) + ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n"); + bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); + ok(bret, "GetAclInformation failed\n"); +- todo_wine + ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n", + acl_size.AceCount); + if (acl_size.AceCount > 0) +@@ -3290,9 +3284,7 @@ static void test_CreateDirectoryA(void) + bret = pGetAce(pDacl, 0, (VOID **)&ace); + ok(bret, "Inherited Failed to get Current User ACE.\n"); + bret = EqualSid(&ace->SidStart, user_sid); +- todo_wine + ok(bret, "Inherited Current User ACE != Current User SID.\n"); +- todo_wine + ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, + "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); + ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", +@@ -3303,9 +3295,7 @@ static void test_CreateDirectoryA(void) + bret = pGetAce(pDacl, 1, (VOID **)&ace); + ok(bret, "Inherited Failed to get Administators Group ACE.\n"); + bret = EqualSid(&ace->SidStart, admin_sid); +- todo_wine + ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n"); +- todo_wine + ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE, + "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags); + ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", diff --git a/server/file.c b/server/file.c index 09b7811..188e352 100644 --- a/server/file.c @@ -245,5 +244,5 @@ index 09b7811..188e352 100644 return obj; } -- -2.3.2 +2.3.3 diff --git a/patches/server-Inherited_ACLs/0002-server-Inherit-security-attributes-from-parent-direc.patch b/patches/server-Inherited_ACLs/0002-server-Inherit-security-attributes-from-parent-direc.patch index c4684cdb..17061f9f 100644 --- a/patches/server-Inherited_ACLs/0002-server-Inherit-security-attributes-from-parent-direc.patch +++ b/patches/server-Inherited_ACLs/0002-server-Inherit-security-attributes-from-parent-direc.patch @@ -1,119 +1,15 @@ -From cf51d788cce57b6c5f99bfc15e81790fb5d449c4 Mon Sep 17 00:00:00 2001 +From 72d852c01753120da3503f97dc1b9ab7d7c4d8f9 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 18 Apr 2014 14:10:49 -0600 Subject: server: Inherit security attributes from parent directories on SetSecurityInfo. (try 7) --- - dlls/advapi32/tests/security.c | 68 +++++++++++++++++++++ - include/winnt.h | 7 ++- - server/fd.c | 13 +++- - server/file.c | 133 +++++++++++++++++++++++++++++++++++++++-- - server/file.h | 1 + - 5 files changed, 213 insertions(+), 9 deletions(-) + server/fd.c | 13 +++++- + server/file.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- + server/file.h | 1 + + 3 files changed, 141 insertions(+), 6 deletions(-) -diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index 3e88c2e..952d001 100644 ---- a/dlls/advapi32/tests/security.c -+++ b/dlls/advapi32/tests/security.c -@@ -3440,6 +3440,74 @@ static void test_GetNamedSecurityInfoA(void) - "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask); - } - LocalFree(pSD); -+ CloseHandle(hTemp); -+ -+ /* Create security descriptor with no inheritance and test that it comes back the same */ -+ pSD = &sd; -+ pDacl = HeapAlloc(GetProcessHeap(), 0, 100); -+ InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION); -+ pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size); -+ bret = InitializeAcl(pDacl, 100, ACL_REVISION); -+ ok(bret, "Failed to initialize ACL.\n"); -+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid); -+ ok(bret, "Failed to add Current User to ACL.\n"); -+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, admin_sid); -+ ok(bret, "Failed to add Administrator Group to ACL.\n"); -+ bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE); -+ ok(bret, "Failed to add ACL to security desciptor.\n"); -+ GetTempFileNameA(".", "foo", 0, tmpfile); -+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, -+ FILE_FLAG_DELETE_ON_CLOSE, NULL); -+ SetLastError(0xdeadbeef); -+ error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, -+ DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION, -+ NULL, NULL, pDacl, NULL); -+ HeapFree(GetProcessHeap(), 0, pDacl); -+ if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)) -+ { -+ win_skip("SetNamedSecurityInfoA is not implemented\n"); -+ HeapFree(GetProcessHeap(), 0, user); -+ CloseHandle(hTemp); -+ return; -+ } -+ ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error); -+ SetLastError(0xdeadbeef); -+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, -+ NULL, NULL, &pDacl, NULL, &pSD); -+ if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)) -+ { -+ win_skip("GetNamedSecurityInfoA is not implemented\n"); -+ HeapFree(GetProcessHeap(), 0, user); -+ CloseHandle(hTemp); -+ return; -+ } -+ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error); -+ -+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation); -+ ok(bret, "GetAclInformation failed\n"); -+ if (acl_size.AceCount > 0) -+ { -+ bret = pGetAce(pDacl, 0, (VOID **)&ace); -+ ok(bret, "Failed to get Current User ACE.\n"); -+ bret = EqualSid(&ace->SidStart, user_sid); -+ ok(bret, "Current User ACE != Current User SID.\n"); -+ ok(((ACE_HEADER *)ace)->AceFlags == 0, -+ "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); -+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", -+ ace->Mask); -+ } -+ if (acl_size.AceCount > 1) -+ { -+ bret = pGetAce(pDacl, 1, (VOID **)&ace); -+ ok(bret, "Failed to get Administators Group ACE.\n"); -+ bret = EqualSid(&ace->SidStart, admin_sid); -+ ok(bret || broken(!bret) /* win2k */, "Administators Group ACE != Administators Group SID.\n"); -+ ok(((ACE_HEADER *)ace)->AceFlags == 0, -+ "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags); -+ ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */, -+ "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask); -+ } -+ LocalFree(pSD); - HeapFree(GetProcessHeap(), 0, user); - CloseHandle(hTemp); - -diff --git a/include/winnt.h b/include/winnt.h -index 709a93f..63882bb 100644 ---- a/include/winnt.h -+++ b/include/winnt.h -@@ -5078,14 +5078,15 @@ typedef struct _TAPE_GET_MEDIA_PARAMETERS { - BOOLEAN WriteProtected; - } TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS; - --/* ----------------------------- begin registry ----------------------------- */ -- --/* Registry security values */ - #define OWNER_SECURITY_INFORMATION 0x00000001 - #define GROUP_SECURITY_INFORMATION 0x00000002 - #define DACL_SECURITY_INFORMATION 0x00000004 - #define SACL_SECURITY_INFORMATION 0x00000008 -+#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 - -+/* ----------------------------- begin registry ----------------------------- */ -+ -+/* Registry security values */ - #define REG_OPTION_RESERVED 0x00000000 - #define REG_OPTION_NON_VOLATILE 0x00000000 - #define REG_OPTION_VOLATILE 0x00000001 diff --git a/server/fd.c b/server/fd.c index e3b722c..e6ec90a 100644 --- a/server/fd.c @@ -146,10 +42,10 @@ index e3b722c..e6ec90a 100644 if (orig->inode) diff --git a/server/file.c b/server/file.c -index 431b8a1..a5d2de3 100644 +index 188e352..146ea68 100644 --- a/server/file.c +++ b/server/file.c -@@ -329,6 +329,106 @@ struct security_descriptor *inherit_sd( const struct security_descriptor *parent +@@ -333,6 +333,106 @@ struct security_descriptor *inherit_sd( const struct security_descriptor *parent return sd; } @@ -256,7 +152,7 @@ index 431b8a1..a5d2de3 100644 static struct security_descriptor *file_get_parent_sd( struct fd *root, const char *child_name, int child_len, int is_dir ) { -@@ -800,20 +900,41 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) +@@ -805,20 +905,41 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner ) int set_file_sd( struct object *obj, struct fd *fd, const struct security_descriptor *sd, unsigned int set_info ) { @@ -299,7 +195,7 @@ index 431b8a1..a5d2de3 100644 } if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) )) { -@@ -831,7 +952,8 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri +@@ -836,7 +957,8 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri if (!group) { set_error( STATUS_INVALID_SECURITY_DESCR ); @@ -309,7 +205,7 @@ index 431b8a1..a5d2de3 100644 } if (!obj->sd || !security_equal_sid( group, sd_get_group( obj->sd ) )) { -@@ -856,10 +978,13 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri +@@ -861,10 +983,13 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri if (((st.st_mode ^ mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, mode ) == -1) { file_set_error(); @@ -326,7 +222,7 @@ index 431b8a1..a5d2de3 100644 static int file_set_sd( struct object *obj, const struct security_descriptor *sd, diff --git a/server/file.h b/server/file.h -index be25fb6..b43f329 100644 +index e15fa2a..00bfa7a 100644 --- a/server/file.h +++ b/server/file.h @@ -79,6 +79,7 @@ extern void allow_fd_caching( struct fd *fd ); @@ -338,5 +234,5 @@ index be25fb6..b43f329 100644 extern unsigned int default_fd_map_access( struct object *obj, unsigned int access ); extern int default_fd_get_poll_events( struct fd *fd ); -- -2.1.0 +2.3.3