wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-09-12 18:50:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Rebase against upstream Wine (what the ...).

Browse Source 
Introduce a new 'advapi32-Revert_DACL' patchset for now, to revert all the
changes by Piotr Caban.  We have a completely independent and relatively
well-tested implementation of the same functionality in the wineserver.

TODO: Take a closer look at all the tests from our version and the proposed
change, and then finally decide which implementation we want to keep.
This commit is contained in:
Sebastian Lackner
2015-03-27 15:43:54 +01:00
parent f7fb8e8959
commit f3032f5a57
13 changed files with 687 additions and 320 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
patches/advapi32-Revert_DACL/0001-Revert-advapi32-Add-DACL-inheritance-support-in-SetS.patch Normal file
View File

@@ -0,0 +1,216 @@
From 8ce7a8b0f7ea6a94ae8327b4a3d07a10c12a2c9e Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:04 +0100
Subject: Revert "advapi32: Add DACL inheritance support in SetSecurityInfo."
This reverts commit f974d726720eff4fcd7371bca95e6cdcc4b4a848.
---
dlls/advapi32/security.c | 130 +----------------------------------------
dlls/advapi32/tests/security.c | 23 ++++----
2 files changed, 14 insertions(+), 139 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 71a8c92..e8cdcc5 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -4052,8 +4052,6 @@ DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
}
break;
case SE_FILE_OBJECT:
- if (SecurityInfo & DACL_SECURITY_INFORMATION)
- access |= READ_CONTROL;
if (!(err = get_security_file( pObjectName, access, &handle )))
{
err = SetSecurityInfo( handle, ObjectType, SecurityInfo, psidOwner, psidGroup, pDacl, pSacl );
@@ -5731,7 +5729,6 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
PSID psidGroup, PACL pDacl, PACL pSacl)
{
SECURITY_DESCRIPTOR sd;
- PACL dacl = pDacl;
NTSTATUS status;
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
@@ -5742,130 +5739,7 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
if (SecurityInfo & GROUP_SECURITY_INFORMATION)
SetSecurityDescriptorGroup(&sd, psidGroup, FALSE);
if (SecurityInfo & DACL_SECURITY_INFORMATION)
- {
- if (ObjectType == SE_FILE_OBJECT)
- {
- SECURITY_DESCRIPTOR_CONTROL control;
- PSECURITY_DESCRIPTOR psd;
- OBJECT_NAME_INFORMATION *name_info;
- DWORD size, rev;
-
- status = NtQuerySecurityObject(handle, SecurityInfo, NULL, 0, &size);
- if (status != STATUS_BUFFER_TOO_SMALL)
- return RtlNtStatusToDosError(status);
-
- psd = heap_alloc(size);
- if (!psd)
- return ERROR_NOT_ENOUGH_MEMORY;
-
- status = NtQuerySecurityObject(handle, SecurityInfo, psd, size, &size);
- if (status)
- {
- heap_free(psd);
- return RtlNtStatusToDosError(status);
- }
-
- status = RtlGetControlSecurityDescriptor(psd, &control, &rev);
- heap_free(psd);
- if (status)
- return RtlNtStatusToDosError(status);
- /* TODO: copy some control flags to new sd */
-
- /* inherit parent directory DACL */
- if (!(control & SE_DACL_PROTECTED))
- {
- status = NtQueryObject(handle, ObjectNameInformation, NULL, 0, &size);
- if (status != STATUS_INFO_LENGTH_MISMATCH)
- return RtlNtStatusToDosError(status);
-
- name_info = heap_alloc(size);
- if (!name_info)
- return ERROR_NOT_ENOUGH_MEMORY;
-
- status = NtQueryObject(handle, ObjectNameInformation, name_info, size, NULL);
- if (status)
- {
- heap_free(name_info);
- return RtlNtStatusToDosError(status);
- }
-
- for (name_info->Name.Length-=2; name_info->Name.Length>0; name_info->Name.Length-=2)
- if (name_info->Name.Buffer[name_info->Name.Length/2-1]=='\\' ||
- name_info->Name.Buffer[name_info->Name.Length/2-1]=='/')
- break;
- if (name_info->Name.Length)
- {
- OBJECT_ATTRIBUTES attr;
- IO_STATUS_BLOCK io;
- HANDLE parent;
- PSECURITY_DESCRIPTOR parent_sd;
- ACL *parent_dacl;
- DWORD err = ERROR_ACCESS_DENIED;
-
- name_info->Name.Buffer[name_info->Name.Length/2] = 0;
-
- attr.Length = sizeof(attr);
- attr.RootDirectory = 0;
- attr.Attributes = 0;
- attr.ObjectName = &name_info->Name;
- attr.SecurityDescriptor = NULL;
- status = NtOpenFile(&parent, READ_CONTROL, &attr, &io,
- FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
- FILE_OPEN_FOR_BACKUP_INTENT);
- heap_free(name_info);
- if (!status)
- {
- err = GetSecurityInfo(parent, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
- NULL, NULL, &parent_dacl, NULL, &parent_sd);
- CloseHandle(parent);
- }
-
- if (!err)
- {
- int i;
-
- dacl = heap_alloc_zero(pDacl->AclSize+parent_dacl->AclSize);
- if (!dacl)
- {
- LocalFree(parent_sd);
- return ERROR_NOT_ENOUGH_MEMORY;
- }
- memcpy(dacl, pDacl, pDacl->AclSize);
- dacl->AclSize = pDacl->AclSize+parent_dacl->AclSize;
-
- for (i=0; i<parent_dacl->AceCount; i++)
- {
- ACE_HEADER *ace;
-
- if (!GetAce(parent_dacl, i, (void*)&ace))
- continue;
- if (!(ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)))
- continue;
- if ((ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)) !=
- (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE))
- {
- FIXME("unsupported flags: %x\n", ace->AceFlags);
- continue;
- }
-
- if (ace->AceFlags & NO_PROPAGATE_INHERIT_ACE)
- ace->AceFlags &= ~(OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE|NO_PROPAGATE_INHERIT_ACE);
- ace->AceFlags &= ~INHERIT_ONLY_ACE;
- ace->AceFlags |= INHERITED_ACE;
-
- if(!AddAce(dacl, ACL_REVISION, MAXDWORD, ace, ace->AceSize))
- WARN("error adding inherited ACE\n");
- }
- LocalFree(parent_sd);
- }
- }
- else
- heap_free(name_info);
- }
- }
-
- SetSecurityDescriptorDacl(&sd, TRUE, dacl, FALSE);
- }
+ SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE);
if (SecurityInfo & SACL_SECURITY_INFORMATION)
SetSecurityDescriptorSacl(&sd, TRUE, pSacl, FALSE);
@@ -5879,8 +5753,6 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
status = NtSetSecurityObject(handle, SecurityInfo, &sd);
break;
}
- if (dacl != pDacl)
- heap_free(dacl);
return RtlNtStatusToDosError(status);
}
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 15c3b1d..6d3f9ac 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3417,22 +3417,25 @@ static void test_GetNamedSecurityInfoA(void)
error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
NULL, NULL, &pDacl, NULL, &pSD);
- ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+ todo_wine ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
- bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
- ok(bret, "GetAclInformation failed\n");
- if (acl_size.AceCount > 0)
+ if (!error)
{
- bret = pGetAce(pDacl, 0, (VOID **)&ace);
- ok(bret, "Failed to get ACE.\n");
- todo_wine ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
- "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Failed to get ACE.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
+ "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
+ }
+ LocalFree(pSD);
}
- LocalFree(pSD);
h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
NULL, OPEN_EXISTING, 0, NULL);
- ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+ todo_wine ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
CloseHandle(h);
/* NtSetSecurityObject doesn't inherit DACL entries */
--
2.3.3

74
patches/advapi32-Revert_DACL/0002-Revert-advapi32-tests-Add-test-for-mapping-DACL-to-p.patch Normal file
View File

@@ -0,0 +1,74 @@
From 0a8954d7ed5e57340ab6b6234fb3bdfe498fb69e Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:17 +0100
Subject: Revert "advapi32/tests: Add test for mapping DACL to permission."
This reverts commit a4b12eb9f937202848b229ed15f2c7d1823b41da.
---
dlls/advapi32/tests/security.c | 35 ++---------------------------------
1 file changed, 2 insertions(+), 33 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 6d3f9ac..dbe52b0 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3405,6 +3405,7 @@ static void test_GetNamedSecurityInfoA(void)
"Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
}
LocalFree(pSD);
+ HeapFree(GetProcessHeap(), 0, user);
/* show that setting empty DACL is not removing all file permissions */
pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
@@ -3441,7 +3442,7 @@ static void test_GetNamedSecurityInfoA(void)
/* NtSetSecurityObject doesn't inherit DACL entries */
pSD = sd+sizeof(void*)-((ULONG_PTR)sd)%sizeof(void*);
InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
- pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
+ pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION);
ok(bret, "Failed to initialize ACL.\n");
bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
@@ -3472,39 +3473,7 @@ static void test_GetNamedSecurityInfoA(void)
NULL, OPEN_EXISTING, 0, NULL);
ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
CloseHandle(h);
-
- /* test if DACL is properly mapped to permission */
- bret = InitializeAcl(pDacl, 100, ACL_REVISION);
- ok(bret, "Failed to initialize ACL.\n");
- bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
- ok(bret, "Failed to add Current User to ACL.\n");
- bret = pAddAccessDeniedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
- ok(bret, "Failed to add Current User to ACL.\n");
- bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
- ok(bret, "Failed to add ACL to security desciptor.\n");
- status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
- ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
-
- h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
- NULL, OPEN_EXISTING, 0, NULL);
- todo_wine ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
-
- bret = InitializeAcl(pDacl, 100, ACL_REVISION);
- ok(bret, "Failed to initialize ACL.\n");
- bret = pAddAccessDeniedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
- ok(bret, "Failed to add Current User to ACL.\n");
- bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
- ok(bret, "Failed to add Current User to ACL.\n");
- bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
- ok(bret, "Failed to add ACL to security desciptor.\n");
- status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
- ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
-
- h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
- NULL, OPEN_EXISTING, 0, NULL);
- ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
HeapFree(GetProcessHeap(), 0, pDacl);
- HeapFree(GetProcessHeap(), 0, user);
CloseHandle(hTemp);
/* Test querying the ownership of a built-in registry key */
--
2.3.3

142
patches/advapi32-Revert_DACL/0003-Revert-advapi32-Add-SetNamedSecurityInfo-test-with-e.patch Normal file
View File

@@ -0,0 +1,142 @@
From 99244514ca0c26e263e14d7fdf095083e4686166 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:32 +0100
Subject: Revert "advapi32: Add SetNamedSecurityInfo test with empty DACL."
This reverts commit 02c4f5bd275d70d1dcb48bf95775efa376b50c22.
---
dlls/advapi32/tests/security.c | 79 +++---------------------------------------
1 file changed, 4 insertions(+), 75 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index dbe52b0..e3c1659 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -147,7 +147,6 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*);
-static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
static HMODULE hmod;
static int myARGC;
@@ -174,7 +173,6 @@ static void init(void)
hntdll = GetModuleHandleA("ntdll.dll");
pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" );
pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" );
- pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject");
hmod = GetModuleHandleA("advapi32.dll");
pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
@@ -3231,7 +3229,7 @@ static void test_GetNamedSecurityInfoA(void)
char invalid_path[] = "/an invalid file path";
int users_ace_id = -1, admins_ace_id = -1, i;
char software_key[] = "MACHINE\\Software";
- char sd[SECURITY_DESCRIPTOR_MIN_LENGTH+sizeof(void*)];
+ char sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
SECURITY_DESCRIPTOR_CONTROL control;
ACL_SIZE_INFORMATION acl_size;
CHAR windows_dir[MAX_PATH];
@@ -3243,12 +3241,11 @@ static void test_GetNamedSecurityInfoA(void)
BOOL owner_defaulted;
BOOL group_defaulted;
BOOL dacl_defaulted;
- HANDLE token, hTemp, h;
+ HANDLE token, hTemp;
PSID owner, group;
BOOL dacl_present;
PACL pDacl;
BYTE flags;
- NTSTATUS status;
if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid)
{
@@ -3353,8 +3350,8 @@ static void test_GetNamedSecurityInfoA(void)
bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
ok(bret, "Failed to add ACL to security desciptor.\n");
GetTempFileNameA(".", "foo", 0, tmpfile);
- hTemp = CreateFileA(tmpfile, WRITE_DAC|GENERIC_WRITE, FILE_SHARE_DELETE|FILE_SHARE_READ,
- NULL, OPEN_EXISTING, FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
SetLastError(0xdeadbeef);
error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL,
NULL, pDacl, NULL);
@@ -3406,74 +3403,6 @@ static void test_GetNamedSecurityInfoA(void)
}
LocalFree(pSD);
HeapFree(GetProcessHeap(), 0, user);
-
- /* show that setting empty DACL is not removing all file permissions */
- pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
- bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION);
- ok(bret, "Failed to initialize ACL.\n");
- error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
- NULL, NULL, pDacl, NULL);
- ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error);
- HeapFree(GetProcessHeap(), 0, pDacl);
-
- error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
- NULL, NULL, &pDacl, NULL, &pSD);
- todo_wine ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
-
- if (!error)
- {
- bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
- ok(bret, "GetAclInformation failed\n");
- if (acl_size.AceCount > 0)
- {
- bret = pGetAce(pDacl, 0, (VOID **)&ace);
- ok(bret, "Failed to get ACE.\n");
- ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
- "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
- }
- LocalFree(pSD);
- }
-
- h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
- NULL, OPEN_EXISTING, 0, NULL);
- todo_wine ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
- CloseHandle(h);
-
- /* NtSetSecurityObject doesn't inherit DACL entries */
- pSD = sd+sizeof(void*)-((ULONG_PTR)sd)%sizeof(void*);
- InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
- pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
- bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION);
- ok(bret, "Failed to initialize ACL.\n");
- bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
- ok(bret, "Failed to add ACL to security desciptor.\n");
- status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
- ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
-
- h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
- NULL, OPEN_EXISTING, 0, NULL);
- ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
- CloseHandle(h);
-
- pSetSecurityDescriptorControl(pSD, SE_DACL_AUTO_INHERIT_REQ, SE_DACL_AUTO_INHERIT_REQ);
- status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
- ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
-
- h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
- NULL, OPEN_EXISTING, 0, NULL);
- ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
- CloseHandle(h);
-
- pSetSecurityDescriptorControl(pSD, SE_DACL_AUTO_INHERIT_REQ|SE_DACL_AUTO_INHERITED,
- SE_DACL_AUTO_INHERIT_REQ|SE_DACL_AUTO_INHERITED);
- status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
- ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
-
- h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
- NULL, OPEN_EXISTING, 0, NULL);
- ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
- CloseHandle(h);
- HeapFree(GetProcessHeap(), 0, pDacl);
CloseHandle(hTemp);
/* Test querying the ownership of a built-in registry key */
--
2.3.3

84
patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch Normal file
View File

@@ -0,0 +1,84 @@
From e2eaeb0bfc7411c74f1387e59c121f5cee6c013a Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:44 +0100
Subject: Revert "server: Make directory DACL entries inheritable."
This reverts commit 3eb448cf33b6b6635bac4e06ea7fddd190e26450.
---
dlls/advapi32/tests/security.c | 12 ++++++------
server/file.c | 8 ++++----
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index e3c1659..04a88ae 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3192,9 +3192,9 @@ static void test_CreateDirectoryA(void)
ok(bret, "Failed to get Current User ACE.\n");
bret = EqualSid(&ace->SidStart, user_sid);
todo_wine ok(bret, "Current User ACE != Current User SID.\n");
- ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
- "Current User ACE has unexpected flags (0x%x != 0x03)\n",
- ((ACE_HEADER *)ace)->AceFlags);
+ todo_wine ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
+ "Current User ACE has unexpected flags (0x%x != 0x03)\n",
+ ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
ace->Mask);
}
@@ -3204,9 +3204,9 @@ static void test_CreateDirectoryA(void)
ok(bret, "Failed to get Administators Group ACE.\n");
bret = EqualSid(&ace->SidStart, admin_sid);
todo_wine ok(bret, "Administators Group ACE != Administators Group SID.\n");
- ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
- "Administators Group ACE has unexpected flags (0x%x != 0x03)\n",
- ((ACE_HEADER *)ace)->AceFlags);
+ todo_wine ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
+ "Administators Group ACE has unexpected flags (0x%x != 0x03)\n",
+ ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
ace->Mask);
}
diff --git a/server/file.c b/server/file.c
index f565f5a..abda2c3 100644
--- a/server/file.c
+++ b/server/file.c
@@ -367,7 +367,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
aaa = (ACCESS_ALLOWED_ACE *)(dacl + 1);
current_ace = &aaa->Header;
aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
- aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
+ aaa->Header.AceFlags = 0;
aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( local_system_sid );
aaa->Mask = FILE_ALL_ACCESS;
sid = (SID *)&aaa->SidStart;
@@ -379,7 +379,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace );
current_ace = &aaa->Header;
aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
- aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
+ aaa->Header.AceFlags = 0;
aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( user );
aaa->Mask = WRITE_DAC | WRITE_OWNER;
if (mode & S_IRUSR)
@@ -397,7 +397,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
ACCESS_DENIED_ACE *ada = (ACCESS_DENIED_ACE *)ace_next( current_ace );
current_ace = &ada->Header;
ada->Header.AceType = ACCESS_DENIED_ACE_TYPE;
- ada->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
+ ada->Header.AceFlags = 0;
ada->Header.AceSize = FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + security_sid_len( user );
ada->Mask = 0;
if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
@@ -414,7 +414,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace );
current_ace = &aaa->Header;
aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
- aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
+ aaa->Header.AceFlags = 0;
aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( world_sid );
aaa->Mask = 0;
if (mode & S_IROTH)
--
2.3.3

77
patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch Normal file
View File

@@ -0,0 +1,77 @@
From 59067deb0ad4afb77deca29300133bff9d49f9f7 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:56 +0100
Subject: Revert "advapi: Don't use CreateFile when opening file with possibly
empty DACL."
This reverts commit f956bb4caa442ccde1ddaf483c5cb619bbf4049a.
---
dlls/advapi32/security.c | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index e8cdcc5..097b0da 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -397,7 +397,7 @@ static inline BOOL set_ntstatus( NTSTATUS status )
}
/* helper function for SE_FILE_OBJECT objects in [Get|Set]NamedSecurityInfo */
-static inline DWORD get_security_file( LPCWSTR full_file_name, DWORD access, HANDLE *file )
+static inline DWORD get_security_file( LPWSTR full_file_name, DWORD access, HANDLE *file )
{
UNICODE_STRING file_nameW;
OBJECT_ATTRIBUTES attr;
@@ -2029,7 +2029,7 @@ GetFileSecurityW( LPCWSTR lpFileName,
{
HANDLE hfile;
NTSTATUS status;
- DWORD access = 0, err;
+ DWORD access = 0;
TRACE("(%s,%d,%p,%d,%p)\n", debugstr_w(lpFileName),
RequestedInformation, pSecurityDescriptor,
@@ -2041,12 +2041,10 @@ GetFileSecurityW( LPCWSTR lpFileName,
if (RequestedInformation & SACL_SECURITY_INFORMATION)
access |= ACCESS_SYSTEM_SECURITY;
- err = get_security_file( lpFileName, access, &hfile);
- if (err)
- {
- SetLastError(err);
+ hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 );
+ if ( hfile == INVALID_HANDLE_VALUE )
return FALSE;
- }
status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor,
nLength, lpnLengthNeeded );
@@ -2327,7 +2325,7 @@ SetFileSecurityW( LPCWSTR lpFileName,
PSECURITY_DESCRIPTOR pSecurityDescriptor )
{
HANDLE file;
- DWORD access = 0, err;
+ DWORD access = 0;
NTSTATUS status;
TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation,
@@ -2341,12 +2339,10 @@ SetFileSecurityW( LPCWSTR lpFileName,
if (RequestedInformation & DACL_SECURITY_INFORMATION)
access |= WRITE_DAC;
- err = get_security_file( lpFileName, access, &file);
- if (err)
- {
- SetLastError(err);
+ file = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL );
+ if (file == INVALID_HANDLE_VALUE)
return FALSE;
- }
status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor );
CloseHandle( file );
--
2.3.3