From c3052d2e31445d590b784d39087cff88836a3cf6 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 16 Jan 2014 11:40:00 -0700 Subject: [PATCH] Add support for security access parameters for named pipes. --- ...port-for-security-access-parameters-.patch | 68 +++++++++++++++++++ .../29b2af38-7edd-11e3-a08d-0090f5c75ad5.def | 3 + patches/patch-list.patch | 3 +- 3 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 patches/07-Named_Pipe_Security/0001-kernel32-Add-support-for-security-access-parameters-.patch create mode 100644 patches/07-Named_Pipe_Security/29b2af38-7edd-11e3-a08d-0090f5c75ad5.def diff --git a/patches/07-Named_Pipe_Security/0001-kernel32-Add-support-for-security-access-parameters-.patch b/patches/07-Named_Pipe_Security/0001-kernel32-Add-support-for-security-access-parameters-.patch new file mode 100644 index 00000000..7dc0aba8 --- /dev/null +++ b/patches/07-Named_Pipe_Security/0001-kernel32-Add-support-for-security-access-parameters-.patch @@ -0,0 +1,68 @@ +From 2c5a578303cf9fff587c3ce42f049cf1e1e27305 Mon Sep 17 00:00:00 2001 +From: "Erich E. Hoover" +Date: Thu, 16 Jan 2014 11:06:37 -0700 +Subject: kernel32: Add support for security access parameters for named + pipes. + +--- + dlls/advapi32/tests/security.c | 29 +++++++++++++++++++++++++++++ + dlls/kernel32/sync.c | 3 +++ + 2 files changed, 32 insertions(+) + +diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c +index 2efe80e..e1e7d70 100644 +--- a/dlls/advapi32/tests/security.c ++++ b/dlls/advapi32/tests/security.c +@@ -4725,6 +4725,35 @@ static void test_named_pipe_security(HANDLE token) + { 1, GENERIC_EXECUTE, FILE_GENERIC_EXECUTE }, + { 1, GENERIC_ALL, STANDARD_RIGHTS_ALL | FILE_ALL_ACCESS } + }; ++ static const struct ++ { ++ DWORD open_mode; ++ DWORD access; ++ } creation_access[] = ++ { ++ { PIPE_ACCESS_INBOUND, FILE_GENERIC_READ }, ++ { PIPE_ACCESS_OUTBOUND, FILE_GENERIC_WRITE }, ++ { PIPE_ACCESS_DUPLEX, FILE_GENERIC_READ|FILE_GENERIC_WRITE }, ++ { PIPE_ACCESS_INBOUND|WRITE_DAC, FILE_GENERIC_READ|WRITE_DAC }, ++ { PIPE_ACCESS_INBOUND|WRITE_OWNER, FILE_GENERIC_READ|WRITE_OWNER } ++ /* ACCESS_SYSTEM_SECURITY is also valid, but will fail with ERROR_PRIVILEGE_NOT_HELD */ ++ }; ++ ++ /* Test the different security access options for pipes */ ++ for (i = 0; i < sizeof(creation_access)/sizeof(creation_access[0]); i++) ++ { ++ SetLastError(0xdeadbeef); ++ pipe = CreateNamedPipeA(WINE_TEST_PIPE, creation_access[i].open_mode, ++ PIPE_TYPE_BYTE | PIPE_NOWAIT, PIPE_UNLIMITED_INSTANCES, 0, 0, ++ NMPWAIT_USE_DEFAULT_WAIT, NULL); ++ ok(pipe != INVALID_HANDLE_VALUE, "CreateNamedPipe(0x%x) error %d\n", ++ creation_access[i].open_mode, GetLastError()); ++ access = get_obj_access(pipe); ++ ok(access == creation_access[i].access, ++ "CreateNamedPipeA(0x%x) pipe expected access 0x%x (got 0x%x)\n", ++ creation_access[i].open_mode, creation_access[i].access, access); ++ CloseHandle(pipe); ++ } + + SetLastError(0xdeadbeef); + pipe = CreateNamedPipeA(WINE_TEST_PIPE, PIPE_ACCESS_DUPLEX | FILE_FLAG_FIRST_PIPE_INSTANCE, +diff --git a/dlls/kernel32/sync.c b/dlls/kernel32/sync.c +index 2b7f4b0..547d437 100644 +--- a/dlls/kernel32/sync.c ++++ b/dlls/kernel32/sync.c +@@ -1395,6 +1395,9 @@ HANDLE WINAPI CreateNamedPipeW( LPCWSTR name, DWORD dwOpenMode, + } + access |= SYNCHRONIZE; + options = 0; ++ if (dwOpenMode & WRITE_DAC) access |= WRITE_DAC; ++ if (dwOpenMode & WRITE_OWNER) access |= WRITE_OWNER; ++ if (dwOpenMode & ACCESS_SYSTEM_SECURITY) access |= ACCESS_SYSTEM_SECURITY; + if (dwOpenMode & FILE_FLAG_WRITE_THROUGH) options |= FILE_WRITE_THROUGH; + if (!(dwOpenMode & FILE_FLAG_OVERLAPPED)) options |= FILE_SYNCHRONOUS_IO_NONALERT; + pipe_type = (dwPipeMode & PIPE_TYPE_MESSAGE) != 0; +-- +1.7.9.5 + diff --git a/patches/07-Named_Pipe_Security/29b2af38-7edd-11e3-a08d-0090f5c75ad5.def b/patches/07-Named_Pipe_Security/29b2af38-7edd-11e3-a08d-0090f5c75ad5.def new file mode 100644 index 00000000..57f0c91b --- /dev/null +++ b/patches/07-Named_Pipe_Security/29b2af38-7edd-11e3-a08d-0090f5c75ad5.def @@ -0,0 +1,3 @@ +Revision: 1 +Author: Erich E. Hoover +Title: Add support for security access parameters for named pipes. diff --git a/patches/patch-list.patch b/patches/patch-list.patch index 87256251..66b64a70 100644 --- a/patches/patch-list.patch +++ b/patches/patch-list.patch @@ -33,7 +33,7 @@ diff --git a/libs/wine/config.c b/libs/wine/config.c index a273502..5fa0cd5 100644 --- a/libs/wine/config.c +++ b/libs/wine/config.c -@@ -478,6 +478,31 @@ const char *wine_get_version(void) +@@ -478,6 +478,32 @@ const char *wine_get_version(void) return PACKAGE_VERSION; } @@ -50,6 +50,7 @@ index a273502..5fa0cd5 100644 + { "94186fff-6dbf-44d0-8eb1-2463d1608a0f:1", "Sebastian Lackner", "Update gl_drawable for embedded windows." }, + { "cbe240e8-2c58-430a-b61c-7fbb9d0e1e11:1", "Sebastian Lackner", "Change return value of stub SetNamedPipeHandleState to TRUE." }, + { "00273da7-72f8-4025-9e96-0c2bc95dacdb:2", "Maarten Lankhorst", "Winepulse patches extracted from https://launchpad.net/~mlankhorst/+archive/ppa/+files/wine1.7_1.7.10-0ubuntu1~saucy1.debian.tar.gz." }, ++ { "29b2af38-7edd-11e3-a08d-0090f5c75ad5:1", "Erich E. Hoover", "Add support for security access parameters for named pipes." }, + { "0b21d7ac-0387-4493-aa38-fbafe3e749f5:1", "Michael Müller", "Decrease minimum SetTimer interval from 15 to 5 ms." }, + { "19835498-8d90-4673-867e-2376af4d7c76:1", "Sebastian Lackner", "Allow to set wined3d strictDrawOrdering via environment variable." }, + { "eec5dea8-879d-417b-9f97-364deaae6576:1", "Sebastian Lackner", "Add tests for IVMRMonitorConfig." },