wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-04-13 14:42:51 -07:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: wine:v6.12
Branches Tags
wine:master wine:v2.10-backports wine:stable wine:acl-rework wine:d3d10 wine:fontsymlinks
wine:v10.5 wine:v10.4 wine:v10.3 wine:v10.2 wine:v10.1 wine:v10.0 wine:v10.0-rc6 wine:v10.0-rc5 wine:v10.0-rc4 wine:v10.0-rc3 wine:v10.0-rc2 wine:v10.0-rc1 wine:v9.22 wine:v9.21 wine:v9.20 wine:v9.19 wine:v9.18 wine:v9.17 wine:v9.16 wine:v9.15 wine:v9.14 wine:v9.13 wine:v9.12 wine:v9.11 wine:v9.10 wine:v9.9 wine:v9.8 wine:v9.7 wine:v9.6 wine:v9.5 wine:v9.4.1 wine:v9.4 wine:v9.3 wine:v9.2 wine:v9.1 wine:v9.0 wine:v9.0-rc5 wine:v9.0-rc4 wine:v9.0-rc3 wine:v9.0-rc2 wine:v9.0-rc1 wine:v8.21 wine:v8.20 wine:v8.19 wine:v8.18 wine:v8.17.1 wine:v8.17 wine:v8.16 wine:v8.15 wine:v8.14 wine:v8.13 wine:v8.12 wine:v8.11 wine:v8.10 wine:v8.9.1 wine:v8.9 wine:v8.8 wine:v8.7 wine:v8.6.1 wine:v8.6 wine:v8.5 wine:v8.4 wine:v8.3 wine:v8.2 wine:v8.1 wine:v8.0 wine:v8.0-rc5 wine:v8.0-rc4 wine:v8.0-rc3 wine:v8.0-rc2 wine:v8.0-rc1 wine:v7.22 wine:v7.21 wine:v7.20 wine:v7.19 wine:v7.18 wine:v7.17 wine:v7.16 wine:v7.15 wine:v7.14 wine:v7.13 wine:v7.12 wine:v7.11 wine:v7.10 wine:v7.9 wine:v7.8 wine:v7.7 wine:v7.6 wine:v7.5 wine:v7.4 wine:v7.3 wine:v7.2 wine:v7.1 wine:v7.0 wine:v7.0-rc6 wine:v7.0-rc5 wine:v7.0-rc4 wine:v7.0-rc3 wine:v7.0-rc2 wine:v7.0-rc1 wine:v6.23 wine:v6.22 wine:v6.21 wine:v6.20 wine:v6.19 wine:v6.18 wine:v6.17 wine:v6.16 wine:v6.15 wine:v6.14 wine:v6.13 wine:v6.12.1 wine:v6.12 wine:v6.11 wine:v6.10 wine:v6.9 wine:v6.8 wine:v6.7 wine:v6.6 wine:v6.5 wine:v6.4 wine:v6.3 wine:v6.2 wine:v6.1 wine:v6.0 wine:v6.0-rc6 wine:v6.0-rc5 wine:v6.0-rc4 wine:v6.0-rc3 wine:v6.0-rc2 wine:v6.0rc1 wine:v5.22 wine:v5.21 wine:v5.20 wine:v5.19 wine:v5.18 wine:v5.17.2 wine:v5.17.1 wine:v5.17 wine:v5.16 wine:v5.15.2 wine:v5.15.1 wine:v5.15 wine:v5.14 wine:v5.13 wine:v5.12.1 wine:v5.12 wine:v5.11 wine:v5.10 wine:v5.9 wine:v5.8 wine:v5.7 wine:v5.6.1 wine:v5.6 wine:v5.5 wine:v5.4 wine:v5.3 wine:v5.2 wine:v5.1 wine:v5.0 wine:v5.0-rc6 wine:v5.0-rc5 wine:v5.0-rc4 wine:v5.0-rc3 wine:v5.0-rc2 wine:v5.0-rc1 wine:v4.21 wine:v4.20 wine:v4.19 wine:v4.18 wine:v4.17 wine:v4.16 wine:v4.15-1 wine:v4.15 wine:v4.14 wine:v4.13 wine:v4.12.1 wine:v4.12 wine:v4.11 wine:v4.10 wine:v4.9 wine:v4.8 wine:v4.7 wine:v4.6 wine:v4.5 wine:v4.4 wine:v4.3 wine:v4.2 wine:v4.1-2 wine:v4.1-1 wine:v4.1 wine:v4.0 wine:v4.0-rc7 wine:v4.0-rc6 wine:v4.0-rc5 wine:v4.0-rc4 wine:v4.0-rc3 wine:v4.0-rc2 wine:v4.0-rc1 wine:v3.21 wine:v3.20 wine:v3.19 wine:v3.18 wine:v3.17 wine:v3.16 wine:v3.15 wine:v3.14 wine:v3.13.1 wine:v3.13 wine:v3.12 wine:v3.11 wine:v3.10 wine:v3.9 wine:v3.8 wine:v3.7 wine:v3.6 wine:v3.5 wine:show wine:v3.4 wine:v3.3 wine:latest-release wine:v2.21 wine:v2.20 wine:v2.19 wine:v2.18 wine:v2.17 wine:v2.16 wine:v2.15 wine:v2.14 wine:v2.13 wine:v2.12 wine:v2.11 wine:v2.10-3 wine:v2.10-2 wine:v2.10 wine:v2.9 wine:v2.8 wine:v2.7 wine:v2.6 wine:v2.5 wine:v2.4 wine:v2.3 wine:v2.2 wine:v2.1 wine:v2.0 wine:v2.0-rc6 wine:v2.0-rc5 wine:v1.8.6-unofficial wine:v1.8.5-unofficial wine:v2.0-rc4 wine:v2.0-rc3 wine:v2.0-rc2 wine:v2.0-rc1 wine:v1.9.23 wine:v1.9.22 wine:v1.9.21 wine:v1.9.20 wine:v1.9.19 wine:v1.9.18 wine:v1.8.4-unofficial wine:v1.9.17 wine:v1.9.16 wine:v1.9.15 wine:v1.9.14 wine:v1.8.3-unofficial wine:v1.9.13 wine:v1.9.12 wine:v1.9.11 wine:v1.9.10 wine:v1.9.9 wine:v1.8.2-unofficial wine:v1.9.8 wine:v1.9.7 wine:v1.8.1-unofficial wine:v1.9.6 wine:v1.9.5 wine:v1.9.4 wine:v1.9.3 wine:v1.9.2 wine:v1.9.1 wine:v1.9.0 wine:v1.8 wine:v1.8-rc4 wine:v1.8-rc3 wine:v1.8-rc2 wine:v1.8-rc1 wine:v1.7.55 wine:v1.7.54 wine:v1.7.53 wine:v1.7.52 wine:v1.7.51 wine:v1.7.50 wine:v1.7.49 wine:v1.7.48 wine:v1.7.47 wine:v1.7.46 wine:v1.7.45 wine:v1.7.44 wine:v1.7.43 wine:v1.7.42 wine:v1.7.41 wine:v1.7.40 wine:v1.7.39 wine:v1.7.38 wine:v1.7.37 wine:v1.7.36 wine:v1.7.35 wine:v1.7.34-1 wine:v1.7.34 wine:v1.7.33 wine:v1.7.32 wine:v1.7.31 wine:v1.7.30 wine:v1.7.29 wine:v1.7.28 wine:v1.7.27 wine:v1.7.26 wine:v1.7.25 wine:v1.7.24 wine:v1.7.23 wine:v1.7.22 wine:v1.7.21 wine:v1.7.20 wine:v1.7.19-1 wine:v1.7.19 wine:v1.7.18-1 wine:v1.7.18 wine:v1.7.17 wine:v1.7.16-1 wine:v1.7.16 wine:v1.7.15 wine:v1.7.14 wine:v1.7.13 wine:v1.7.12 wine:v1.7.11 wine:v1.7.10 wine:v1.7.9 wine:v1.7.8-1 wine:v1.7.8 wine:v1.7.7
...
compare: wine:acl-rework
Branches Tags
wine:master wine:v2.10-backports wine:stable wine:acl-rework wine:d3d10 wine:fontsymlinks
wine:v10.5 wine:v10.4 wine:v10.3 wine:v10.2 wine:v10.1 wine:v10.0 wine:v10.0-rc6 wine:v10.0-rc5 wine:v10.0-rc4 wine:v10.0-rc3 wine:v10.0-rc2 wine:v10.0-rc1 wine:v9.22 wine:v9.21 wine:v9.20 wine:v9.19 wine:v9.18 wine:v9.17 wine:v9.16 wine:v9.15 wine:v9.14 wine:v9.13 wine:v9.12 wine:v9.11 wine:v9.10 wine:v9.9 wine:v9.8 wine:v9.7 wine:v9.6 wine:v9.5 wine:v9.4.1 wine:v9.4 wine:v9.3 wine:v9.2 wine:v9.1 wine:v9.0 wine:v9.0-rc5 wine:v9.0-rc4 wine:v9.0-rc3 wine:v9.0-rc2 wine:v9.0-rc1 wine:v8.21 wine:v8.20 wine:v8.19 wine:v8.18 wine:v8.17.1 wine:v8.17 wine:v8.16 wine:v8.15 wine:v8.14 wine:v8.13 wine:v8.12 wine:v8.11 wine:v8.10 wine:v8.9.1 wine:v8.9 wine:v8.8 wine:v8.7 wine:v8.6.1 wine:v8.6 wine:v8.5 wine:v8.4 wine:v8.3 wine:v8.2 wine:v8.1 wine:v8.0 wine:v8.0-rc5 wine:v8.0-rc4 wine:v8.0-rc3 wine:v8.0-rc2 wine:v8.0-rc1 wine:v7.22 wine:v7.21 wine:v7.20 wine:v7.19 wine:v7.18 wine:v7.17 wine:v7.16 wine:v7.15 wine:v7.14 wine:v7.13 wine:v7.12 wine:v7.11 wine:v7.10 wine:v7.9 wine:v7.8 wine:v7.7 wine:v7.6 wine:v7.5 wine:v7.4 wine:v7.3 wine:v7.2 wine:v7.1 wine:v7.0 wine:v7.0-rc6 wine:v7.0-rc5 wine:v7.0-rc4 wine:v7.0-rc3 wine:v7.0-rc2 wine:v7.0-rc1 wine:v6.23 wine:v6.22 wine:v6.21 wine:v6.20 wine:v6.19 wine:v6.18 wine:v6.17 wine:v6.16 wine:v6.15 wine:v6.14 wine:v6.13 wine:v6.12.1 wine:v6.12 wine:v6.11 wine:v6.10 wine:v6.9 wine:v6.8 wine:v6.7 wine:v6.6 wine:v6.5 wine:v6.4 wine:v6.3 wine:v6.2 wine:v6.1 wine:v6.0 wine:v6.0-rc6 wine:v6.0-rc5 wine:v6.0-rc4 wine:v6.0-rc3 wine:v6.0-rc2 wine:v6.0rc1 wine:v5.22 wine:v5.21 wine:v5.20 wine:v5.19 wine:v5.18 wine:v5.17.2 wine:v5.17.1 wine:v5.17 wine:v5.16 wine:v5.15.2 wine:v5.15.1 wine:v5.15 wine:v5.14 wine:v5.13 wine:v5.12.1 wine:v5.12 wine:v5.11 wine:v5.10 wine:v5.9 wine:v5.8 wine:v5.7 wine:v5.6.1 wine:v5.6 wine:v5.5 wine:v5.4 wine:v5.3 wine:v5.2 wine:v5.1 wine:v5.0 wine:v5.0-rc6 wine:v5.0-rc5 wine:v5.0-rc4 wine:v5.0-rc3 wine:v5.0-rc2 wine:v5.0-rc1 wine:v4.21 wine:v4.20 wine:v4.19 wine:v4.18 wine:v4.17 wine:v4.16 wine:v4.15-1 wine:v4.15 wine:v4.14 wine:v4.13 wine:v4.12.1 wine:v4.12 wine:v4.11 wine:v4.10 wine:v4.9 wine:v4.8 wine:v4.7 wine:v4.6 wine:v4.5 wine:v4.4 wine:v4.3 wine:v4.2 wine:v4.1-2 wine:v4.1-1 wine:v4.1 wine:v4.0 wine:v4.0-rc7 wine:v4.0-rc6 wine:v4.0-rc5 wine:v4.0-rc4 wine:v4.0-rc3 wine:v4.0-rc2 wine:v4.0-rc1 wine:v3.21 wine:v3.20 wine:v3.19 wine:v3.18 wine:v3.17 wine:v3.16 wine:v3.15 wine:v3.14 wine:v3.13.1 wine:v3.13 wine:v3.12 wine:v3.11 wine:v3.10 wine:v3.9 wine:v3.8 wine:v3.7 wine:v3.6 wine:v3.5 wine:show wine:v3.4 wine:v3.3 wine:latest-release wine:v2.21 wine:v2.20 wine:v2.19 wine:v2.18 wine:v2.17 wine:v2.16 wine:v2.15 wine:v2.14 wine:v2.13 wine:v2.12 wine:v2.11 wine:v2.10-3 wine:v2.10-2 wine:v2.10 wine:v2.9 wine:v2.8 wine:v2.7 wine:v2.6 wine:v2.5 wine:v2.4 wine:v2.3 wine:v2.2 wine:v2.1 wine:v2.0 wine:v2.0-rc6 wine:v2.0-rc5 wine:v1.8.6-unofficial wine:v1.8.5-unofficial wine:v2.0-rc4 wine:v2.0-rc3 wine:v2.0-rc2 wine:v2.0-rc1 wine:v1.9.23 wine:v1.9.22 wine:v1.9.21 wine:v1.9.20 wine:v1.9.19 wine:v1.9.18 wine:v1.8.4-unofficial wine:v1.9.17 wine:v1.9.16 wine:v1.9.15 wine:v1.9.14 wine:v1.8.3-unofficial wine:v1.9.13 wine:v1.9.12 wine:v1.9.11 wine:v1.9.10 wine:v1.9.9 wine:v1.8.2-unofficial wine:v1.9.8 wine:v1.9.7 wine:v1.8.1-unofficial wine:v1.9.6 wine:v1.9.5 wine:v1.9.4 wine:v1.9.3 wine:v1.9.2 wine:v1.9.1 wine:v1.9.0 wine:v1.8 wine:v1.8-rc4 wine:v1.8-rc3 wine:v1.8-rc2 wine:v1.8-rc1 wine:v1.7.55 wine:v1.7.54 wine:v1.7.53 wine:v1.7.52 wine:v1.7.51 wine:v1.7.50 wine:v1.7.49 wine:v1.7.48 wine:v1.7.47 wine:v1.7.46 wine:v1.7.45 wine:v1.7.44 wine:v1.7.43 wine:v1.7.42 wine:v1.7.41 wine:v1.7.40 wine:v1.7.39 wine:v1.7.38 wine:v1.7.37 wine:v1.7.36 wine:v1.7.35 wine:v1.7.34-1 wine:v1.7.34 wine:v1.7.33 wine:v1.7.32 wine:v1.7.31 wine:v1.7.30 wine:v1.7.29 wine:v1.7.28 wine:v1.7.27 wine:v1.7.26 wine:v1.7.25 wine:v1.7.24 wine:v1.7.23 wine:v1.7.22 wine:v1.7.21 wine:v1.7.20 wine:v1.7.19-1 wine:v1.7.19 wine:v1.7.18-1 wine:v1.7.18 wine:v1.7.17 wine:v1.7.16-1 wine:v1.7.16 wine:v1.7.15 wine:v1.7.14 wine:v1.7.13 wine:v1.7.12 wine:v1.7.11 wine:v1.7.10 wine:v1.7.9 wine:v1.7.8-1 wine:v1.7.8 wine:v1.7.7

4 Commits
v6.12 ... acl-rework

Author SHA1 Message Date
Sebastian Lackner
e01e628f6e server-Stored_ACLs: Fix some issues causing out-of-sync of local security descriptors and extended attributes. 2015-03-30 21:48:59 +02:00
Sebastian Lackner
a5dbd95e4c Split out a couple of ACL tests into separate patchset advapi32-ACL_Tests. 2015-03-30 08:17:13 +02:00
Sebastian Lackner
12a7d34650 advapi32-Revert_DACL: Add missing definition file. 2015-03-30 04:39:57 +02:00
Sebastian Lackner
5309fe6cb0 Move advapi-Revert_DACL patchset after server-Stored_ACLs. 2015-03-30 03:51:23 +02:00
24 changed files with 1166 additions and 720 deletions
Expand all files Collapse all files

78
patches/advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch Normal file
View File

@@ -0,0 +1,78 @@
From 55f59fd8586738ecb5afde3ec09d2216e2563c54 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 14:08:36 -0600
Subject: advapi32/tests: Add tests for inheriting ACL attributes.
---
dlls/advapi32/tests/security.c | 45 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 44 insertions(+), 1 deletion(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index c256753..9e44a35 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3118,10 +3118,11 @@ static void test_CreateDirectoryA(void)
ACL_SIZE_INFORMATION acl_size;
ACCESS_ALLOWED_ACE *ace;
SECURITY_ATTRIBUTES sa;
+ char tmpfile[MAX_PATH];
char tmpdir[MAX_PATH];
+ HANDLE token, hTemp;
struct _SID *owner;
BOOL bret = TRUE;
- HANDLE token;
DWORD error;
PACL pDacl;
@@ -3214,6 +3215,48 @@ static void test_CreateDirectoryA(void)
}
LocalFree(pSD);
+ /* Test inheritance of ACLs */
+ strcpy(tmpfile, tmpdir);
+ lstrcatA(tmpfile, "/tmpfile");
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_NEW,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
+ NULL, &pDacl, NULL, &pSD);
+ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ todo_wine
+ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
+ acl_size.AceCount);
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ todo_wine
+ ok(bret, "Inherited Current User ACE != Current User SID.\n");
+ todo_wine
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ todo_wine
+ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
+ todo_wine
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ CloseHandle(hTemp);
+
done:
HeapFree(GetProcessHeap(), 0, user);
bret = RemoveDirectoryA(tmpdir);
--
2.3.3

176
patches/advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch Normal file
View File

@@ -0,0 +1,176 @@
From 0a2fa63085713b6e9a05bb8094fd375370e3b7d9 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 30 Mar 2015 06:19:39 +0200
Subject: advapi32/tests: Repeat ACL inheritance tests for NtCreateFile.
---
dlls/advapi32/tests/security.c | 104 ++++++++++++++++++++++++++++++++---------
1 file changed, 81 insertions(+), 23 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 9e44a35..7769d74 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -27,6 +27,7 @@
#include "windef.h"
#include "winbase.h"
#include "winerror.h"
+#include "winternl.h"
#include "aclapi.h"
#include "winnt.h"
#include "sddl.h"
@@ -59,29 +60,6 @@
#define THREAD_ALL_ACCESS_NT4 (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff)
#define THREAD_ALL_ACCESS_VISTA (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff)
-/* copied from Wine winternl.h - not included in the Windows SDK */
-typedef enum _OBJECT_INFORMATION_CLASS {
- ObjectBasicInformation,
- ObjectNameInformation,
- ObjectTypeInformation,
- ObjectAllInformation,
- ObjectDataInformation
-} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
-
-typedef struct _OBJECT_BASIC_INFORMATION {
- ULONG Attributes;
- ACCESS_MASK GrantedAccess;
- ULONG HandleCount;
- ULONG PointerCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG Reserved[3];
- ULONG NameInformationLength;
- ULONG TypeInformationLength;
- ULONG SecurityDescriptorLength;
- LARGE_INTEGER CreateTime;
-} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
-
#define expect_eq(expr, value, type, format) { type ret_ = expr; ok((value) == ret_, #expr " expected " format " got " format "\n", (value), (ret_)); }
static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
@@ -148,6 +126,9 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*);
static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
+static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
+static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
+static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
static HMODULE hmod;
static int myARGC;
@@ -175,6 +156,9 @@ static void init(void)
pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" );
pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" );
pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject");
+ pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile");
+ pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U");
+ pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString");
hmod = GetModuleHandleA("advapi32.dll");
pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
@@ -3108,6 +3092,24 @@ static void test_SetEntriesInAclA(void)
HeapFree(GetProcessHeap(), 0, OldAcl);
}
+/* helper function for test_CreateDirectoryA */
+static void get_nt_pathW(const char *name, UNICODE_STRING *nameW)
+{
+ UNICODE_STRING strW;
+ ANSI_STRING str;
+ NTSTATUS status;
+ BOOLEAN ret;
+ RtlInitAnsiString(&str, name);
+
+ status = pRtlAnsiStringToUnicodeString(&strW, &str, TRUE);
+ ok(!status, "RtlAnsiStringToUnicodeString failed with %08x\n", status);
+
+ ret = pRtlDosPathNameToNtPathName_U(strW.Buffer, nameW, NULL, NULL);
+ ok(ret, "RtlDosPathNameToNtPathName_U failed\n");
+
+ RtlFreeUnicodeString(&strW);
+}
+
static void test_CreateDirectoryA(void)
{
char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
@@ -3116,13 +3118,17 @@ static void test_CreateDirectoryA(void)
char sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
PSECURITY_DESCRIPTOR pSD = &sd;
ACL_SIZE_INFORMATION acl_size;
+ UNICODE_STRING tmpfileW;
ACCESS_ALLOWED_ACE *ace;
SECURITY_ATTRIBUTES sa;
+ OBJECT_ATTRIBUTES attr;
char tmpfile[MAX_PATH];
char tmpdir[MAX_PATH];
HANDLE token, hTemp;
+ IO_STATUS_BLOCK io;
struct _SID *owner;
BOOL bret = TRUE;
+ NTSTATUS status;
DWORD error;
PACL pDacl;
@@ -3257,6 +3263,58 @@ static void test_CreateDirectoryA(void)
}
CloseHandle(hTemp);
+ /* Repeat the same test with ntdll functions */
+ strcpy(tmpfile, tmpdir);
+ lstrcatA(tmpfile, "/tmpfile");
+ get_nt_pathW(tmpfile, &tmpfileW);
+ attr.Length = sizeof(attr);
+ attr.RootDirectory = 0;
+ attr.ObjectName = &tmpfileW;
+ attr.Attributes = OBJ_CASE_INSENSITIVE;
+ attr.SecurityDescriptor = NULL;
+ attr.SecurityQualityOfService = NULL;
+ status = pNtCreateFile(&hTemp, GENERIC_WRITE | DELETE, &attr, &io, NULL, 0, FILE_SHARE_READ,
+ FILE_CREATE, FILE_DELETE_ON_CLOSE, NULL, 0);
+ ok(!status, "NtCreateFile failed with %08x\n", status);
+ RtlFreeUnicodeString(&tmpfileW);
+
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
+ NULL, &pDacl, NULL, &pSD);
+ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ todo_wine
+ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
+ acl_size.AceCount);
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ todo_wine
+ ok(bret, "Inherited Current User ACE != Current User SID.\n");
+ todo_wine
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ todo_wine
+ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
+ todo_wine
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ CloseHandle(hTemp);
+
done:
HeapFree(GetProcessHeap(), 0, user);
bret = RemoveDirectoryA(tmpdir);
--
2.3.3

101
patches/advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch Normal file
View File

@@ -0,0 +1,101 @@
From 0e7514bba4464a3a7ed1f85b0fd69de93a7018d4 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 14:10:49 -0600
Subject: advapi32/tests: Add tests for PROTECTED_DACL_SECURITY_INFORMATION.
---
dlls/advapi32/tests/security.c | 54 ++++++++++++++++++++++++++++++++++++++++++
include/winnt.h | 7 +++---
2 files changed, 58 insertions(+), 3 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 7769d74..0259b63 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3604,6 +3604,60 @@ static void test_GetNamedSecurityInfoA(void)
HeapFree(GetProcessHeap(), 0, user);
CloseHandle(hTemp);
+ /* Create security descriptor with no inheritance and test that it comes back the same */
+ pSD = &sd;
+ pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
+ InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
+ pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
+ bret = InitializeAcl(pDacl, 100, ACL_REVISION);
+ ok(bret, "Failed to initialize ACL.\n");
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
+ ok(bret, "Failed to add Current User to ACL.\n");
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, admin_sid);
+ ok(bret, "Failed to add Administrator Group to ACL.\n");
+ bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+ ok(bret, "Failed to add ACL to security desciptor.\n");
+ GetTempFileNameA(".", "foo", 0, tmpfile);
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION,
+ NULL, NULL, pDacl, NULL);
+ HeapFree(GetProcessHeap(), 0, pDacl);
+ ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error);
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
+ NULL, NULL, &pDacl, NULL, &pSD);
+ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ todo_wine
+ ok(bret, "Current User ACE != Current User SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == 0,
+ "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ ok(bret || broken(!bret) /* win2k */, "Administators Group ACE != Administators Group SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == 0,
+ "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */,
+ "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
+ }
+ LocalFree(pSD);
+ HeapFree(GetProcessHeap(), 0, pDacl);
+ CloseHandle(hTemp);
+
/* Test querying the ownership of a built-in registry key */
sid_size = sizeof(system_ptr);
pCreateWellKnownSid(WinLocalSystemSid, NULL, system_sid, &sid_size);
diff --git a/include/winnt.h b/include/winnt.h
index 4b06b2c..d575884 100644
--- a/include/winnt.h
+++ b/include/winnt.h
@@ -5078,14 +5078,15 @@ typedef struct _TAPE_GET_MEDIA_PARAMETERS {
BOOLEAN WriteProtected;
} TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS;
-/* ----------------------------- begin registry ----------------------------- */
-
-/* Registry security values */
#define OWNER_SECURITY_INFORMATION 0x00000001
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
+#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
+/* ----------------------------- begin registry ----------------------------- */
+
+/* Registry security values */
#define REG_OPTION_RESERVED 0x00000000
#define REG_OPTION_NON_VOLATILE 0x00000000
#define REG_OPTION_VOLATILE 0x00000001
--
2.3.3

1
patches/advapi32-ACL_Tests/definition Normal file
View File

@@ -0,0 +1 @@
Depends: server-Stored_ACLs

10
patches/advapi32-Revert_DACL/0001-Revert-advapi32-Add-DACL-inheritance-support-in-SetS.patch
View File

@@ -1,4 +1,4 @@
From 8ce7a8b0f7ea6a94ae8327b4a3d07a10c12a2c9e Mon Sep 17 00:00:00 2001
From 8ea5a805609c2a13199ffcaa8b9b24f413d00d8b Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:04 +0100
Subject: Revert "advapi32: Add DACL inheritance support in SetSecurityInfo."
@@ -172,10 +172,10 @@ index 71a8c92..e8cdcc5 100644
}
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 15c3b1d..6d3f9ac 100644
index 10f3f8e..a10d781 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3417,22 +3417,25 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3517,22 +3517,25 @@ static void test_GetNamedSecurityInfoA(void)
error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
NULL, NULL, &pDacl, NULL, &pSD);
@@ -189,8 +189,8 @@ index 15c3b1d..6d3f9ac 100644
{
- bret = pGetAce(pDacl, 0, (VOID **)&ace);
- ok(bret, "Failed to get ACE.\n");
- todo_wine ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
- "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
- ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
- "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ if (acl_size.AceCount > 0)

12
patches/advapi32-Revert_DACL/0002-Revert-advapi32-tests-Add-test-for-mapping-DACL-to-p.patch
View File

@@ -1,4 +1,4 @@
From 0a8954d7ed5e57340ab6b6234fb3bdfe498fb69e Mon Sep 17 00:00:00 2001
From d93bcd18c978d0d316c0c19a65d07f3d782479c4 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:17 +0100
Subject: Revert "advapi32/tests: Add test for mapping DACL to permission."
@@ -9,10 +9,10 @@ This reverts commit a4b12eb9f937202848b229ed15f2c7d1823b41da.
1 file changed, 2 insertions(+), 33 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 6d3f9ac..dbe52b0 100644
index a2e4c98..c3884bf 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3405,6 +3405,7 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3505,6 +3505,7 @@ static void test_GetNamedSecurityInfoA(void)
"Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
}
LocalFree(pSD);
@@ -20,7 +20,7 @@ index 6d3f9ac..dbe52b0 100644
/* show that setting empty DACL is not removing all file permissions */
pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
@@ -3441,7 +3442,7 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3541,7 +3542,7 @@ static void test_GetNamedSecurityInfoA(void)
/* NtSetSecurityObject doesn't inherit DACL entries */
pSD = sd+sizeof(void*)-((ULONG_PTR)sd)%sizeof(void*);
InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
@@ -29,7 +29,7 @@ index 6d3f9ac..dbe52b0 100644
bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION);
ok(bret, "Failed to initialize ACL.\n");
bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
@@ -3472,39 +3473,7 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3572,39 +3573,7 @@ static void test_GetNamedSecurityInfoA(void)
NULL, OPEN_EXISTING, 0, NULL);
ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
CloseHandle(h);
@@ -68,7 +68,7 @@ index 6d3f9ac..dbe52b0 100644
- HeapFree(GetProcessHeap(), 0, user);
CloseHandle(hTemp);
/* Test querying the ownership of a built-in registry key */
/* Create security descriptor with no inheritance and test that it comes back the same */
--
2.3.3

30
patches/advapi32-Revert_DACL/0003-Revert-advapi32-Add-SetNamedSecurityInfo-test-with-e.patch
View File

@@ -1,4 +1,4 @@
From 99244514ca0c26e263e14d7fdf095083e4686166 Mon Sep 17 00:00:00 2001
From 753dc1b6d8025271b487b4c4cc39a6f44a274cfd Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:32 +0100
Subject: Revert "advapi32: Add SetNamedSecurityInfo test with empty DACL."
@@ -9,26 +9,26 @@ This reverts commit 02c4f5bd275d70d1dcb48bf95775efa376b50c22.
1 file changed, 4 insertions(+), 75 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index dbe52b0..e3c1659 100644
index c3884bf..f98bf2b 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -147,7 +147,6 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
@@ -125,7 +125,6 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*);
-static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
static HMODULE hmod;
static int myARGC;
@@ -174,7 +173,6 @@ static void init(void)
static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
@@ -155,7 +154,6 @@ static void init(void)
hntdll = GetModuleHandleA("ntdll.dll");
pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" );
pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" );
- pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject");
hmod = GetModuleHandleA("advapi32.dll");
pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
@@ -3231,7 +3229,7 @@ static void test_GetNamedSecurityInfoA(void)
pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile");
pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U");
pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString");
@@ -3332,7 +3330,7 @@ static void test_GetNamedSecurityInfoA(void)
char invalid_path[] = "/an invalid file path";
int users_ace_id = -1, admins_ace_id = -1, i;
char software_key[] = "MACHINE\\Software";
@@ -37,7 +37,7 @@ index dbe52b0..e3c1659 100644
SECURITY_DESCRIPTOR_CONTROL control;
ACL_SIZE_INFORMATION acl_size;
CHAR windows_dir[MAX_PATH];
@@ -3243,12 +3241,11 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3344,12 +3342,11 @@ static void test_GetNamedSecurityInfoA(void)
BOOL owner_defaulted;
BOOL group_defaulted;
BOOL dacl_defaulted;
@@ -51,7 +51,7 @@ index dbe52b0..e3c1659 100644
if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid)
{
@@ -3353,8 +3350,8 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3454,8 +3451,8 @@ static void test_GetNamedSecurityInfoA(void)
bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
ok(bret, "Failed to add ACL to security desciptor.\n");
GetTempFileNameA(".", "foo", 0, tmpfile);
@@ -62,7 +62,7 @@ index dbe52b0..e3c1659 100644
SetLastError(0xdeadbeef);
error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL,
NULL, pDacl, NULL);
@@ -3406,74 +3403,6 @@ static void test_GetNamedSecurityInfoA(void)
@@ -3506,74 +3503,6 @@ static void test_GetNamedSecurityInfoA(void)
}
LocalFree(pSD);
HeapFree(GetProcessHeap(), 0, user);
@@ -136,7 +136,7 @@ index dbe52b0..e3c1659 100644
- HeapFree(GetProcessHeap(), 0, pDacl);
CloseHandle(hTemp);
/* Test querying the ownership of a built-in registry key */
/* Create security descriptor with no inheritance and test that it comes back the same */
--
2.3.3

47
patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch
View File

@@ -1,49 +1,18 @@
From e2eaeb0bfc7411c74f1387e59c121f5cee6c013a Mon Sep 17 00:00:00 2001
From 815d8d20d0710dff782cb20cb286b32c23ee9f1e Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:44 +0100
Subject: Revert "server: Make directory DACL entries inheritable."
This reverts commit 3eb448cf33b6b6635bac4e06ea7fddd190e26450.
---
dlls/advapi32/tests/security.c | 12 ++++++------
server/file.c | 8 ++++----
2 files changed, 10 insertions(+), 10 deletions(-)
server/file.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index e3c1659..04a88ae 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3192,9 +3192,9 @@ static void test_CreateDirectoryA(void)
ok(bret, "Failed to get Current User ACE.\n");
bret = EqualSid(&ace->SidStart, user_sid);
todo_wine ok(bret, "Current User ACE != Current User SID.\n");
- ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
- "Current User ACE has unexpected flags (0x%x != 0x03)\n",
- ((ACE_HEADER *)ace)->AceFlags);
+ todo_wine ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
+ "Current User ACE has unexpected flags (0x%x != 0x03)\n",
+ ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
ace->Mask);
}
@@ -3204,9 +3204,9 @@ static void test_CreateDirectoryA(void)
ok(bret, "Failed to get Administators Group ACE.\n");
bret = EqualSid(&ace->SidStart, admin_sid);
todo_wine ok(bret, "Administators Group ACE != Administators Group SID.\n");
- ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
- "Administators Group ACE has unexpected flags (0x%x != 0x03)\n",
- ((ACE_HEADER *)ace)->AceFlags);
+ todo_wine ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
+ "Administators Group ACE has unexpected flags (0x%x != 0x03)\n",
+ ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
ace->Mask);
}
diff --git a/server/file.c b/server/file.c
index f565f5a..abda2c3 100644
index a50276e..09b7811 100644
--- a/server/file.c
+++ b/server/file.c
@@ -367,7 +367,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
@@ -442,7 +442,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
aaa = (ACCESS_ALLOWED_ACE *)(dacl + 1);
current_ace = &aaa->Header;
aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
@@ -52,7 +21,7 @@ index f565f5a..abda2c3 100644
aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( local_system_sid );
aaa->Mask = FILE_ALL_ACCESS;
sid = (SID *)&aaa->SidStart;
@@ -379,7 +379,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
@@ -454,7 +454,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace );
current_ace = &aaa->Header;
aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
@@ -61,7 +30,7 @@ index f565f5a..abda2c3 100644
aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( user );
aaa->Mask = WRITE_DAC | WRITE_OWNER;
if (mode & S_IRUSR)
@@ -397,7 +397,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
@@ -472,7 +472,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
ACCESS_DENIED_ACE *ada = (ACCESS_DENIED_ACE *)ace_next( current_ace );
current_ace = &ada->Header;
ada->Header.AceType = ACCESS_DENIED_ACE_TYPE;
@@ -70,7 +39,7 @@ index f565f5a..abda2c3 100644
ada->Header.AceSize = FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + security_sid_len( user );
ada->Mask = 0;
if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
@@ -414,7 +414,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
@@ -489,7 +489,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace );
current_ace = &aaa->Header;
aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;

2
patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch
View File

@@ -1,4 +1,4 @@
From 59067deb0ad4afb77deca29300133bff9d49f9f7 Mon Sep 17 00:00:00 2001
From 1140e8684c3857c4ccb484cd8cd08c6fbe426066 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 27 Mar 2015 15:32:56 +0100
Subject: Revert "advapi: Don't use CreateFile when opening file with possibly

1
patches/advapi32-Revert_DACL/definition Normal file
View File

@@ -0,0 +1 @@
Depends: advapi32-ACL_Tests

225
patches/patchinstall.sh
View File

@@ -66,6 +66,7 @@ patch_enable_all ()
enable_Miscellaneous="$1"
enable_Pipelight="$1"
enable_Staging="$1"
enable_advapi32_ACL_Tests="$1"
enable_advapi32_Revert_DACL="$1"
enable_browseui_Progress_Dialog="$1"
enable_combase_String="$1"
@@ -260,6 +261,9 @@ patch_enable ()
Staging)
enable_Staging="$2"
;;
advapi32-ACL_Tests)
enable_advapi32_ACL_Tests="$2"
;;
advapi32-Revert_DACL)
enable_advapi32_Revert_DACL="$2"
;;
@@ -1069,21 +1073,10 @@ if test "$enable_server_ACL_Compat" -eq 1; then
fi
if test "$enable_server_Inherited_ACLs" -eq 1; then
if test "$enable_server_Stored_ACLs" -gt 1; then
abort "Patchset server-Stored_ACLs disabled, but server-Inherited_ACLs depends on that."
fi
enable_server_Stored_ACLs=1
fi
if test "$enable_server_Stored_ACLs" -eq 1; then
if test "$enable_advapi32_Revert_DACL" -gt 1; then
abort "Patchset advapi32-Revert_DACL disabled, but server-Stored_ACLs depends on that."
fi
if test "$enable_ntdll_DOS_Attributes" -gt 1; then
abort "Patchset ntdll-DOS_Attributes disabled, but server-Stored_ACLs depends on that."
abort "Patchset advapi32-Revert_DACL disabled, but server-Inherited_ACLs depends on that."
fi
enable_advapi32_Revert_DACL=1
enable_ntdll_DOS_Attributes=1
fi
if test "$enable_nvencodeapi_Video_Encoder" -eq 1; then
@@ -1214,6 +1207,27 @@ if test "$enable_d3dx9_24_ID3DXEffect" -eq 1; then
enable_d3dx9_25_ID3DXEffect=1
fi
if test "$enable_advapi32_Revert_DACL" -eq 1; then
if test "$enable_advapi32_ACL_Tests" -gt 1; then
abort "Patchset advapi32-ACL_Tests disabled, but advapi32-Revert_DACL depends on that."
fi
enable_advapi32_ACL_Tests=1
fi
if test "$enable_advapi32_ACL_Tests" -eq 1; then
if test "$enable_server_Stored_ACLs" -gt 1; then
abort "Patchset server-Stored_ACLs disabled, but advapi32-ACL_Tests depends on that."
fi
enable_server_Stored_ACLs=1
fi
if test "$enable_server_Stored_ACLs" -eq 1; then
if test "$enable_ntdll_DOS_Attributes" -gt 1; then
abort "Patchset ntdll-DOS_Attributes disabled, but server-Stored_ACLs depends on that."
fi
enable_ntdll_DOS_Attributes=1
fi
if test "$enable_Exagear" -eq 1; then
if test "$enable_ntdll_WRITECOPY" -gt 1; then
abort "Patchset ntdll-WRITECOPY disabled, but Exagear depends on that."
@@ -1364,6 +1378,78 @@ if test "$enable_Staging" -eq 1; then
) >> "$patchlist"
fi
# Patchset ntdll-DOS_Attributes
# |
# | This patchset fixes the following Wine bugs:
# | * [#9158] Support for DOS hidden/system file attributes
# |
# | Modified files:
# | * configure.ac, dlls/ntdll/directory.c, dlls/ntdll/file.c, dlls/ntdll/ntdll_misc.h, dlls/ntdll/tests/directory.c,
# | dlls/ntdll/tests/file.c, include/wine/port.h, libs/port/Makefile.in, libs/port/xattr.c
# |
if test "$enable_ntdll_DOS_Attributes" -eq 1; then
patch_apply ntdll-DOS_Attributes/0001-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch
patch_apply ntdll-DOS_Attributes/0002-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch
patch_apply ntdll-DOS_Attributes/0003-ntdll-Implement-storing-DOS-attributes-in-NtSetInfor.patch
patch_apply ntdll-DOS_Attributes/0004-ntdll-Implement-storing-DOS-attributes-in-NtCreateFi.patch
patch_apply ntdll-DOS_Attributes/0005-libport-Add-support-for-Mac-OS-X-style-extended-attr.patch
patch_apply ntdll-DOS_Attributes/0006-libport-Add-support-for-FreeBSD-style-extended-attri.patch
patch_apply ntdll-DOS_Attributes/0007-ntdll-Perform-the-Unix-style-hidden-file-check-withi.patch
(
echo '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQueryInformationFile.", 1 },';
echo '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQuery[Full]AttributesFile and NtQueryDirectoryFile.", 1 },';
echo '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtSetInformationFile.", 1 },';
echo '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtCreateFile.", 1 },';
echo '+ { "Erich E. Hoover", "libport: Add support for Mac OS X style extended attributes.", 1 },';
echo '+ { "Erich E. Hoover", "libport: Add support for FreeBSD style extended attributes.", 1 },';
echo '+ { "Erich E. Hoover", "ntdll: Perform the Unix-style hidden file check within the unified file info grabbing routine.", 1 },';
) >> "$patchlist"
fi
# Patchset server-Stored_ACLs
# |
# | This patchset fixes the following Wine bugs:
# | * [#33576] Support for stored file ACLs
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, include/wine/port.h, server/change.c, server/file.c, server/file.h, server/object.c,
# | server/object.h
# |
if test "$enable_server_Stored_ACLs" -eq 1; then
patch_apply server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch
patch_apply server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch
patch_apply server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch
patch_apply server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch
patch_apply server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch
patch_apply server-Stored_ACLs/0006-server-Retrieve-file-security-attributes-with-extend.patch
patch_apply server-Stored_ACLs/0007-server-Convert-return-of-file-security-masks-with-ge.patch
(
echo '+ { "Erich E. Hoover", "server: Unify the storage of security attributes for files and directories.", 7 },';
echo '+ { "Erich E. Hoover", "server: Unify the retrieval of security attributes for files and directories.", 7 },';
echo '+ { "Sebastian Lackner", "server: Add a helper function set_sd_from_token_internal to merge two security descriptors.", 1 },';
echo '+ { "Sebastian Lackner", "server: Temporarily store the full security descriptor for file objects.", 1 },';
echo '+ { "Erich E. Hoover", "server: Store file security attributes with extended file attributes.", 8 },';
echo '+ { "Erich E. Hoover", "server: Retrieve file security attributes with extended file attributes.", 7 },';
echo '+ { "Erich E. Hoover", "server: Convert return of file security masks with generic access mappings.", 7 },';
) >> "$patchlist"
fi
# Patchset advapi32-ACL_Tests
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, include/winnt.h
# |
if test "$enable_advapi32_ACL_Tests" -eq 1; then
patch_apply advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch
patch_apply advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch
patch_apply advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch
(
echo '+ { "Erich E. Hoover", "advapi32/tests: Add tests for inheriting ACL attributes.", 1 },';
echo '+ { "Sebastian Lackner", "advapi32/tests: Repeat ACL inheritance tests for NtCreateFile.", 1 },';
echo '+ { "Erich E. Hoover", "advapi32/tests: Add tests for PROTECTED_DACL_SECURITY_INFORMATION.", 1 },';
) >> "$patchlist"
fi
# Patchset advapi32-Revert_DACL
# |
# | Modified files:
@@ -1943,6 +2029,21 @@ if test "$enable_wined3d_CSMT_Helper" -eq 1; then
) >> "$patchlist"
fi
# Patchset wined3d-Multisampling
# |
# | This patchset fixes the following Wine bugs:
# | * [#12652] Allow to override number of quality levels for D3DMULTISAMPLE_NONMASKABLE.
# |
# | Modified files:
# | * dlls/wined3d/directx.c, dlls/wined3d/wined3d_main.c, dlls/wined3d/wined3d_private.h
# |
if test "$enable_wined3d_Multisampling" -eq 1; then
patch_apply wined3d-Multisampling/0001-wined3d-Allow-to-specify-multisampling-AA-quality-le.patch
(
echo '+ { "Austin English", "wined3d: Allow to specify multisampling AA quality levels via registry.", 1 },';
) >> "$patchlist"
fi
# Patchset wined3d-Revert_PixelFormat
# |
# | This patchset fixes the following Wine bugs:
@@ -1989,21 +2090,6 @@ if test "$enable_wined3d_UnhandledBlendFactor" -eq 1; then
) >> "$patchlist"
fi
# Patchset wined3d-Multisampling
# |
# | This patchset fixes the following Wine bugs:
# | * [#12652] Allow to override number of quality levels for D3DMULTISAMPLE_NONMASKABLE.
# |
# | Modified files:
# | * dlls/wined3d/directx.c, dlls/wined3d/wined3d_main.c, dlls/wined3d/wined3d_private.h
# |
if test "$enable_wined3d_Multisampling" -eq 1; then
patch_apply wined3d-Multisampling/0001-wined3d-Allow-to-specify-multisampling-AA-quality-le.patch
(
echo '+ { "Austin English", "wined3d: Allow to specify multisampling AA quality levels via registry.", 1 },';
) >> "$patchlist"
fi
# Patchset wined3d-CSMT_Main
# |
# | This patchset fixes the following Wine bugs:
@@ -2973,34 +3059,6 @@ if test "$enable_ntdll_Activation_Context" -eq 1; then
) >> "$patchlist"
fi
# Patchset ntdll-DOS_Attributes
# |
# | This patchset fixes the following Wine bugs:
# | * [#9158] Support for DOS hidden/system file attributes
# |
# | Modified files:
# | * configure.ac, dlls/ntdll/directory.c, dlls/ntdll/file.c, dlls/ntdll/ntdll_misc.h, dlls/ntdll/tests/directory.c,
# | dlls/ntdll/tests/file.c, include/wine/port.h, libs/port/Makefile.in, libs/port/xattr.c
# |
if test "$enable_ntdll_DOS_Attributes" -eq 1; then
patch_apply ntdll-DOS_Attributes/0001-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch
patch_apply ntdll-DOS_Attributes/0002-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch
patch_apply ntdll-DOS_Attributes/0003-ntdll-Implement-storing-DOS-attributes-in-NtSetInfor.patch
patch_apply ntdll-DOS_Attributes/0004-ntdll-Implement-storing-DOS-attributes-in-NtCreateFi.patch
patch_apply ntdll-DOS_Attributes/0005-libport-Add-support-for-Mac-OS-X-style-extended-attr.patch
patch_apply ntdll-DOS_Attributes/0006-libport-Add-support-for-FreeBSD-style-extended-attri.patch
patch_apply ntdll-DOS_Attributes/0007-ntdll-Perform-the-Unix-style-hidden-file-check-withi.patch
(
echo '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQueryInformationFile.", 1 },';
echo '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQuery[Full]AttributesFile and NtQueryDirectoryFile.", 1 },';
echo '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtSetInformationFile.", 1 },';
echo '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtCreateFile.", 1 },';
echo '+ { "Erich E. Hoover", "libport: Add support for Mac OS X style extended attributes.", 1 },';
echo '+ { "Erich E. Hoover", "libport: Add support for FreeBSD style extended attributes.", 1 },';
echo '+ { "Erich E. Hoover", "ntdll: Perform the Unix-style hidden file check within the unified file info grabbing routine.", 1 },';
) >> "$patchlist"
fi
# Patchset ntdll-DVD_Read_Size
# |
# | This patchset fixes the following Wine bugs:
@@ -3686,38 +3744,13 @@ if test "$enable_secur32_Schannel_ContextAttr" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-Stored_ACLs
# |
# | This patchset fixes the following Wine bugs:
# | * [#33576] Support for stored file ACLs
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, include/wine/port.h, server/change.c, server/file.c, server/file.h
# |
if test "$enable_server_Stored_ACLs" -eq 1; then
patch_apply server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch
patch_apply server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch
patch_apply server-Stored_ACLs/0003-server-Store-file-security-attributes-with-extended-.patch
patch_apply server-Stored_ACLs/0004-server-Store-user-and-group-inside-stored-extended-f.patch
patch_apply server-Stored_ACLs/0005-server-Retrieve-file-security-attributes-with-extend.patch
patch_apply server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch
(
echo '+ { "Erich E. Hoover", "server: Unify the storage of security attributes for files and directories.", 7 },';
echo '+ { "Erich E. Hoover", "server: Unify the retrieval of security attributes for files and directories.", 7 },';
echo '+ { "Erich E. Hoover", "server: Store file security attributes with extended file attributes.", 7 },';
echo '+ { "Erich E. Hoover", "server: Store user and group inside stored extended file attribute information.", 7 },';
echo '+ { "Erich E. Hoover", "server: Retrieve file security attributes with extended file attributes.", 7 },';
echo '+ { "Erich E. Hoover", "server: Convert return of file security masks with generic access mappings.", 7 },';
) >> "$patchlist"
fi
# Patchset server-Inherited_ACLs
# |
# | This patchset fixes the following Wine bugs:
# | * [#34406] Support for inherited file ACLs
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, include/winnt.h, server/fd.c, server/file.c, server/file.h
# | * dlls/advapi32/tests/security.c, server/fd.c, server/file.c, server/file.h
# |
if test "$enable_server_Inherited_ACLs" -eq 1; then
patch_apply server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch
@@ -3792,6 +3825,21 @@ if test "$enable_server_CreateProcess_ACLs" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-OpenProcess
# |
# | This patchset fixes the following Wine bugs:
# | * [#37087] Return an error when trying to open a terminated process
# |
# | Modified files:
# | * server/process.c, server/process.h
# |
if test "$enable_server_OpenProcess" -eq 1; then
patch_apply server-OpenProcess/0001-server-Return-error-when-opening-a-terminating-proce.patch
(
echo '+ { "Michael MĂĽller", "server: Return error when opening a terminating process.", 3 },';
) >> "$patchlist"
fi
# Patchset server-Misc_ACL
# |
# | This patchset fixes the following Wine bugs:
@@ -3809,21 +3857,6 @@ if test "$enable_server_Misc_ACL" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-OpenProcess
# |
# | This patchset fixes the following Wine bugs:
# | * [#37087] Return an error when trying to open a terminated process
# |
# | Modified files:
# | * server/process.c, server/process.h
# |
if test "$enable_server_OpenProcess" -eq 1; then
patch_apply server-OpenProcess/0001-server-Return-error-when-opening-a-terminating-proce.patch
(
echo '+ { "Michael MĂĽller", "server: Return error when opening a terminating process.", 3 },';
) >> "$patchlist"
fi
# Patchset server-JobObjects
# |
# | This patchset fixes the following Wine bugs:

38
patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch
View File

@@ -1,26 +1,26 @@
From c7ee69405e7f18058ca0b1c05e8dfa7ee669df13 Mon Sep 17 00:00:00 2001
From e474515fe1624147bde11553c701462b14d7850b Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 15:21:00 -0600
Subject: server: Add compatibility code for handling the old method of storing
ACLs. (try 6)
---
server/file.c | 167 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 164 insertions(+), 3 deletions(-)
server/file.c | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 167 insertions(+), 3 deletions(-)
diff --git a/server/file.c b/server/file.c
index 146ea68..4c72775 100644
index 9031de3..4150d42 100644
--- a/server/file.c
+++ b/server/file.c
@@ -72,6 +72,7 @@ struct file
static unsigned int generic_file_map_access( unsigned int access );
struct security_descriptor *get_xattr_sd( int fd );
+struct security_descriptor *get_xattr_acls( int fd, const SID *user, const SID *group );
static struct security_descriptor *get_xattr_sd( int fd );
+static struct security_descriptor *get_xattr_acls( int fd, const SID *user, const SID *group );
static void file_dump( struct object *obj, int verbose );
static struct fd *file_get_fd( struct object *obj );
@@ -440,6 +441,7 @@ static struct security_descriptor *file_get_parent_sd( struct fd *root, const ch
@@ -408,6 +409,7 @@ static struct security_descriptor *file_get_parent_sd( struct fd *root, const ch
mode_t parent_mode = 0555;
char *p, *parent_name;
struct fd *parent_fd;
@@ -28,7 +28,7 @@ index 146ea68..4c72775 100644
int unix_fd;
if (!(parent_name = mem_alloc( child_len + 1 ))) return NULL;
@@ -472,6 +474,9 @@ static struct security_descriptor *file_get_parent_sd( struct fd *root, const ch
@@ -440,6 +442,9 @@ static struct security_descriptor *file_get_parent_sd( struct fd *root, const ch
if (unix_fd != -1)
{
parent_sd = get_xattr_sd( unix_fd );
@@ -38,11 +38,11 @@ index 146ea68..4c72775 100644
if (parent_sd)
{
sd = inherit_sd( parent_sd, is_dir );
@@ -759,6 +764,160 @@ struct security_descriptor *get_xattr_sd( int fd )
return sd;
@@ -723,6 +728,163 @@ static void convert_generic_sd( struct security_descriptor *sd )
}
}
+struct security_descriptor *get_xattr_acls( int fd, const SID *user, const SID *group )
+static struct security_descriptor *get_xattr_acls( int fd, const SID *user, const SID *group )
+{
+ int dacl_size = sizeof(ACL), n;
+ int offset, type, flags, mask, rev, ia, sa;
@@ -189,17 +189,20 @@ index 146ea68..4c72775 100644
+ while (*p);
+
+ if (sd_is_valid( sd, n ))
+ {
+ convert_generic_sd( sd );
+ return sd;
+ }
+
+err:
+ free( sd );
+ return NULL;
+}
+
/* Convert generic rights into standard access rights */
void convert_generic_sd( struct security_descriptor *sd )
static struct security_descriptor *get_xattr_sd( int fd )
{
@@ -786,6 +945,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
struct security_descriptor *sd;
@@ -752,6 +914,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
int unix_fd = get_unix_fd( fd );
struct stat st;
struct security_descriptor *sd;
@@ -207,22 +210,21 @@ index 146ea68..4c72775 100644
if (unix_fd == -1 || fstat( unix_fd, &st ) == -1)
return obj->sd;
@@ -795,11 +955,12 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
@@ -761,10 +924,11 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
(st.st_uid == *uid))
return obj->sd;
+ user = security_unix_uid_to_sid( st.st_uid );
+ group = token_get_primary_group( current->process->token );
sd = get_xattr_sd( unix_fd );
+ if (!sd) sd = get_xattr_acls( unix_fd, user, group );
if (sd) convert_generic_sd( sd );
- if (!sd) sd = mode_to_sd( st.st_mode,
- security_unix_uid_to_sid( st.st_uid ),
- token_get_primary_group( current->process->token ));
+ if (!sd) sd = get_xattr_acls( unix_fd, user, group );
+ if (!sd) sd = mode_to_sd( st.st_mode, user, group );
if (!sd) return obj->sd;
*mode = st.st_mode;
--
2.3.2
2.3.3

139
patches/server-Inherited_ACLs/0001-server-Inherit-security-attributes-from-parent-direc.patch
View File

@@ -1,92 +1,91 @@
From 342e7b54a72ca30753ee0b7e2651582574869887 Mon Sep 17 00:00:00 2001
From 2b904b005f24af58f0b74a7b4d4f3e4db31f2553 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 14:08:36 -0600
Subject: server: Inherit security attributes from parent directories on
creation. (try 7)
---
dlls/advapi32/tests/security.c | 40 +++++++++++-
dlls/advapi32/tests/security.c | 10 ---
server/file.c | 137 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 176 insertions(+), 1 deletion(-)
2 files changed, 137 insertions(+), 10 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index df6f8ca..b2f6052 100644
index 137ac5a..fc666f4 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3116,10 +3116,11 @@ static void test_CreateDirectoryA(void)
ACL_SIZE_INFORMATION acl_size;
ACCESS_ALLOWED_ACE *ace;
SECURITY_ATTRIBUTES sa;
+ char tmpfile[MAX_PATH];
char tmpdir[MAX_PATH];
+ HANDLE token, hTemp;
struct _SID *owner;
BOOL bret = TRUE;
- HANDLE token;
DWORD error;
PACL pDacl;
@@ -3212,6 +3213,43 @@ static void test_CreateDirectoryA(void)
}
LocalFree(pSD);
+ /* Test inheritance of ACLs */
+ strcpy(tmpfile, tmpdir);
+ lstrcatA(tmpfile, "/tmpfile");
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_NEW,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
+ NULL, &pDacl, NULL, &pSD);
+ ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
+ acl_size.AceCount);
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ ok(bret, "Inherited Current User ACE != Current User SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Inherited Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
+ "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ CloseHandle(hTemp);
+
done:
HeapFree(GetProcessHeap(), 0, user);
bret = RemoveDirectoryA(tmpdir);
@@ -3230,7 +3230,6 @@ static void test_CreateDirectoryA(void)
ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
ok(bret, "GetAclInformation failed\n");
- todo_wine
ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
acl_size.AceCount);
if (acl_size.AceCount > 0)
@@ -3238,9 +3237,7 @@ static void test_CreateDirectoryA(void)
bret = pGetAce(pDacl, 0, (VOID **)&ace);
ok(bret, "Inherited Failed to get Current User ACE.\n");
bret = EqualSid(&ace->SidStart, user_sid);
- todo_wine
ok(bret, "Inherited Current User ACE != Current User SID.\n");
- todo_wine
ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
"Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
@@ -3251,9 +3248,7 @@ static void test_CreateDirectoryA(void)
bret = pGetAce(pDacl, 1, (VOID **)&ace);
ok(bret, "Inherited Failed to get Administators Group ACE.\n");
bret = EqualSid(&ace->SidStart, admin_sid);
- todo_wine
ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
- todo_wine
ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
"Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
@@ -3282,7 +3277,6 @@ static void test_CreateDirectoryA(void)
ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
ok(bret, "GetAclInformation failed\n");
- todo_wine
ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
acl_size.AceCount);
if (acl_size.AceCount > 0)
@@ -3290,9 +3284,7 @@ static void test_CreateDirectoryA(void)
bret = pGetAce(pDacl, 0, (VOID **)&ace);
ok(bret, "Inherited Failed to get Current User ACE.\n");
bret = EqualSid(&ace->SidStart, user_sid);
- todo_wine
ok(bret, "Inherited Current User ACE != Current User SID.\n");
- todo_wine
ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
"Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
@@ -3303,9 +3295,7 @@ static void test_CreateDirectoryA(void)
bret = pGetAce(pDacl, 1, (VOID **)&ace);
ok(bret, "Inherited Failed to get Administators Group ACE.\n");
bret = EqualSid(&ace->SidStart, admin_sid);
- todo_wine
ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
- todo_wine
ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
"Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
diff --git a/server/file.c b/server/file.c
index 09b7811..188e352 100644
index d479440..14de2c5 100644
--- a/server/file.c
+++ b/server/file.c
@@ -71,6 +71,7 @@ struct file
};
static unsigned int generic_file_map_access( unsigned int access );
+struct security_descriptor *get_xattr_sd( int fd );
+static struct security_descriptor *get_xattr_sd( int fd );
static void file_dump( struct object *obj, int verbose );
static struct fd *file_get_fd( struct object *obj );
@@ -252,11 +253,142 @@ void set_xattr_sd( int fd, const struct security_descriptor *sd, const SID *user
@@ -220,11 +221,142 @@ static void set_xattr_sd( int fd, const struct security_descriptor *sd )
xattr_fset( fd, WINE_XATTR_SD, buffer, len );
}
+struct security_descriptor *inherit_sd( const struct security_descriptor *parent_sd, int is_dir )
+static struct security_descriptor *inherit_sd( const struct security_descriptor *parent_sd, int is_dir )
+{
+ const DWORD inheritance_mask = INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
+ struct security_descriptor *sd = NULL;
@@ -222,10 +221,10 @@ index 09b7811..188e352 100644
const struct security_descriptor *sd )
{
+ struct security_descriptor *temp_sd = NULL;
const SID *owner = NULL, *group = NULL;
struct object *obj = NULL;
struct fd *fd;
@@ -286,6 +418,10 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
int flags;
@@ -253,6 +385,10 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
default: set_error( STATUS_INVALID_PARAMETER ); goto done;
}
@@ -235,8 +234,8 @@ index 09b7811..188e352 100644
+
if (sd)
{
owner = sd_get_owner( sd );
@@ -329,6 +465,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
const SID *owner = sd_get_owner( sd );
@@ -292,6 +428,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
release_object( fd );
done:
@@ -245,5 +244,5 @@ index 09b7811..188e352 100644
return obj;
}
--
2.3.2
2.3.3

193
patches/server-Inherited_ACLs/0002-server-Inherit-security-attributes-from-parent-direc.patch
View File

@@ -1,119 +1,36 @@
From cf51d788cce57b6c5f99bfc15e81790fb5d449c4 Mon Sep 17 00:00:00 2001
From 5d79bee5c5ee1e9a17fb60a53c4ab0c489f17943 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 14:10:49 -0600
Subject: server: Inherit security attributes from parent directories on
SetSecurityInfo. (try 7)
---
dlls/advapi32/tests/security.c | 68 +++++++++++++++++++++
include/winnt.h | 7 ++-
server/fd.c | 13 +++-
server/file.c | 133 +++++++++++++++++++++++++++++++++++++++--
dlls/advapi32/tests/security.c | 2 +
server/fd.c | 13 ++++-
server/file.c | 121 +++++++++++++++++++++++++++++++++++++++++
server/file.h | 1 +
5 files changed, 213 insertions(+), 9 deletions(-)
4 files changed, 135 insertions(+), 2 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 3e88c2e..952d001 100644
index fc666f4..2bc7e56 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3440,6 +3440,74 @@ static void test_GetNamedSecurityInfoA(void)
"Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
}
LocalFree(pSD);
+ CloseHandle(hTemp);
+
+ /* Create security descriptor with no inheritance and test that it comes back the same */
+ pSD = &sd;
+ pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
+ InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
+ pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
+ bret = InitializeAcl(pDacl, 100, ACL_REVISION);
+ ok(bret, "Failed to initialize ACL.\n");
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
+ ok(bret, "Failed to add Current User to ACL.\n");
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, admin_sid);
+ ok(bret, "Failed to add Administrator Group to ACL.\n");
+ bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+ ok(bret, "Failed to add ACL to security desciptor.\n");
+ GetTempFileNameA(".", "foo", 0, tmpfile);
+ hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING,
+ FILE_FLAG_DELETE_ON_CLOSE, NULL);
+ SetLastError(0xdeadbeef);
+ error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
+ DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION,
+ NULL, NULL, pDacl, NULL);
+ HeapFree(GetProcessHeap(), 0, pDacl);
+ if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED))
+ {
+ win_skip("SetNamedSecurityInfoA is not implemented\n");
+ HeapFree(GetProcessHeap(), 0, user);
+ CloseHandle(hTemp);
+ return;
+ }
+ ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error);
+ SetLastError(0xdeadbeef);
+ error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
+ NULL, NULL, &pDacl, NULL, &pSD);
+ if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED))
+ {
+ win_skip("GetNamedSecurityInfoA is not implemented\n");
+ HeapFree(GetProcessHeap(), 0, user);
+ CloseHandle(hTemp);
+ return;
+ }
+ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ if (acl_size.AceCount > 0)
+ {
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
+ ok(bret, "Failed to get Current User ACE.\n");
+ bret = EqualSid(&ace->SidStart, user_sid);
+ ok(bret, "Current User ACE != Current User SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == 0,
+ "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
+ ace->Mask);
+ }
+ if (acl_size.AceCount > 1)
+ {
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
+ ok(bret, "Failed to get Administators Group ACE.\n");
+ bret = EqualSid(&ace->SidStart, admin_sid);
+ ok(bret || broken(!bret) /* win2k */, "Administators Group ACE != Administators Group SID.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == 0,
+ "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
+ ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */,
+ "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
+ }
+ LocalFree(pSD);
HeapFree(GetProcessHeap(), 0, user);
CloseHandle(hTemp);
diff --git a/include/winnt.h b/include/winnt.h
index 709a93f..63882bb 100644
--- a/include/winnt.h
+++ b/include/winnt.h
@@ -5078,14 +5078,15 @@ typedef struct _TAPE_GET_MEDIA_PARAMETERS {
BOOLEAN WriteProtected;
} TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS;
-/* ----------------------------- begin registry ----------------------------- */
-
-/* Registry security values */
#define OWNER_SECURITY_INFORMATION 0x00000001
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
+#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
+/* ----------------------------- begin registry ----------------------------- */
+
+/* Registry security values */
#define REG_OPTION_RESERVED 0x00000000
#define REG_OPTION_NON_VOLATILE 0x00000000
#define REG_OPTION_VOLATILE 0x00000001
@@ -3230,6 +3230,7 @@ static void test_CreateDirectoryA(void)
ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
ok(bret, "GetAclInformation failed\n");
+ todo_wine
ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
acl_size.AceCount);
if (acl_size.AceCount > 0)
@@ -3277,6 +3278,7 @@ static void test_CreateDirectoryA(void)
ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
ok(bret, "GetAclInformation failed\n");
+ todo_wine
ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
acl_size.AceCount);
if (acl_size.AceCount > 0)
diff --git a/server/fd.c b/server/fd.c
index e3b722c..e6ec90a 100644
--- a/server/fd.c
@@ -146,10 +63,10 @@ index e3b722c..e6ec90a 100644
if (orig->inode)
diff --git a/server/file.c b/server/file.c
index 431b8a1..a5d2de3 100644
index 14de2c5..9031de3 100644
--- a/server/file.c
+++ b/server/file.c
@@ -329,6 +329,106 @@ struct security_descriptor *inherit_sd( const struct security_descriptor *parent
@@ -301,6 +301,106 @@ static struct security_descriptor *inherit_sd( const struct security_descriptor
return sd;
}
@@ -256,18 +173,17 @@ index 431b8a1..a5d2de3 100644
static struct security_descriptor *file_get_parent_sd( struct fd *root, const char *child_name,
int child_len, int is_dir )
{
@@ -800,20 +900,41 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
int set_file_sd( struct object *obj, struct fd *fd, const struct security_descriptor *sd,
unsigned int set_info )
@@ -770,6 +870,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid,
const struct security_descriptor *sd, unsigned int set_info )
{
+ struct security_descriptor *tmp_sd = NULL;
struct security_descriptor *new_sd;
int unix_fd = get_unix_fd( fd );
const SID *owner, *group;
struct stat st;
mode_t mode;
+ int ret = 1;
if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) return 1;
@@ -779,8 +880,28 @@ int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid,
if (!set_info || unix_fd == -1 || fstat( unix_fd, &st ) == -1) return 1;
if (!obj->sd) get_file_sd( obj, fd, mode, uid );
+ if (!(set_info & PROTECTED_DACL_SECURITY_INFORMATION))
+ {
@@ -287,46 +203,15 @@ index 431b8a1..a5d2de3 100644
+ }
+ }
+
if (set_info & OWNER_SECURITY_INFORMATION)
{
owner = sd_get_owner( sd );
if (!owner)
{
set_error( STATUS_INVALID_SECURITY_DESCR );
- return 0;
+ ret = 0;
+ goto err;
}
if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) ))
{
@@ -831,7 +952,8 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
if (!group)
{
set_error( STATUS_INVALID_SECURITY_DESCR );
- return 0;
+ ret = 0;
+ goto err;
}
if (!obj->sd || !security_equal_sid( group, sd_get_group( obj->sd ) ))
{
@@ -856,10 +978,13 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
if (((st.st_mode ^ mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, mode ) == -1)
{
file_set_error();
- return 0;
+ ret = 0;
}
}
- return 1;
+
+err:
/* calculate the new sd, save to a temporary variable before assigning */
new_sd = set_sd_from_token_internal( sd, obj->sd, set_info, current->process->token );
+ free( tmp_sd );
+ return ret;
}
static int file_set_sd( struct object *obj, const struct security_descriptor *sd,
+
if (new_sd)
{
/* convert generic rights into standard access rights */
diff --git a/server/file.h b/server/file.h
index be25fb6..b43f329 100644
index 16883b2..cf49b08 100644
--- a/server/file.h
+++ b/server/file.h
@@ -79,6 +79,7 @@ extern void allow_fd_caching( struct fd *fd );
@@ -338,5 +223,5 @@ index be25fb6..b43f329 100644
extern unsigned int default_fd_map_access( struct object *obj, unsigned int access );
extern int default_fd_get_poll_events( struct fd *fd );
--
2.1.0
2.3.3

2
patches/server-Inherited_ACLs/definition
View File

@@ -1,2 +1,2 @@
Depends: server-Stored_ACLs
Depends: advapi32-Revert_DACL
Fixes: [34406] Support for inherited file ACLs

59
patches/server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch
View File

@@ -1,24 +1,23 @@
From f2866f1d9f575eab3034f71128c9e68c81e0138a Mon Sep 17 00:00:00 2001
From 22b353ef160d234b8f73e9e9c36136181561a743 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Thu, 17 Apr 2014 16:07:46 -0600
Subject: server: Unify the storage of security attributes for files and
directories. (try 7)
---
server/change.c | 46 ++++++----------------------------------------
server/file.c | 25 +++++++++++++++++--------
server/file.h | 2 ++
3 files changed, 25 insertions(+), 48 deletions(-)
server/change.c | 45 ++++++---------------------------------------
server/file.c | 34 ++++++++++++++++++++++------------
server/file.h | 2 ++
3 files changed, 30 insertions(+), 51 deletions(-)
diff --git a/server/change.c b/server/change.c
index 3ac70a4..4f6ce81 100644
index 3ac70a4..c2fe428 100644
--- a/server/change.c
+++ b/server/change.c
@@ -320,49 +320,15 @@ static struct security_descriptor *dir_get_sd( struct object *obj )
static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
@@ -321,48 +321,15 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
unsigned int set_info )
{
- struct dir *dir = (struct dir *)obj;
struct dir *dir = (struct dir *)obj;
- const SID *owner;
- struct stat st;
- mode_t mode;
@@ -64,52 +63,68 @@ index 3ac70a4..4f6ce81 100644
- }
- return 1;
+ fd = dir_get_fd( obj );
+ ret = set_file_sd( obj, fd, sd, set_info );
+ ret = set_file_sd( obj, fd, &dir->mode, &dir->uid, sd, set_info );
+ release_object( fd );
+ return ret;
}
static struct change_record *get_first_change_record( struct dir *dir )
diff --git a/server/file.c b/server/file.c
index cceb8ad..fb89272 100644
index f565f5a..f841b32 100644
--- a/server/file.c
+++ b/server/file.c
@@ -534,18 +534,13 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
@@ -538,18 +538,13 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
return new_mode & ~denied_mode;
}
-static int file_set_sd( struct object *obj, const struct security_descriptor *sd,
- unsigned int set_info )
+int set_file_sd( struct object *obj, struct fd *fd, const struct security_descriptor *sd,
+ unsigned int set_info )
+int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid,
+ const struct security_descriptor *sd, unsigned int set_info )
{
- struct file *file = (struct file *)obj;
+ int unix_fd = get_unix_fd( fd );
const SID *owner;
struct stat st;
mode_t mode;
- mode_t mode;
- int unix_fd;
-
- assert( obj->ops == &file_ops );
-
- unix_fd = get_file_unix_fd( file );
+ mode_t new_mode;
if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) return 1;
@@ -584,6 +579,20 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
@@ -576,10 +571,10 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
if (set_info & DACL_SECURITY_INFORMATION)
{
/* keep the bits that we don't map to access rights in the ACL */
- mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX);
- mode |= sd_to_mode( sd, owner );
+ new_mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX);
+ new_mode |= sd_to_mode( sd, owner );
- if (((st.st_mode ^ mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, mode ) == -1)
+ if (((st.st_mode ^ new_mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, new_mode ) == -1)
{
file_set_error();
return 0;
@@ -588,6 +583,21 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
return 1;
}
+static int file_set_sd( struct object *obj, const struct security_descriptor *sd,
+ unsigned int set_info )
+{
+ struct file *file = (struct file *)obj;
+ struct fd *fd;
+ int ret;
+
+ assert( obj->ops == &file_ops );
+
+ fd = file_get_fd( obj );
+ ret = set_file_sd( obj, fd, sd, set_info );
+ ret = set_file_sd( obj, fd, &file->mode, &file->uid, sd, set_info );
+ release_object( fd );
+ return ret;
+}
@@ -118,18 +133,18 @@ index cceb8ad..fb89272 100644
{
struct file *file = (struct file *)obj;
diff --git a/server/file.h b/server/file.h
index 493d30b..76cb383 100644
index 85e4257..d1365b0 100644
--- a/server/file.h
+++ b/server/file.h
@@ -122,6 +122,8 @@ extern struct file *create_file_for_fd_obj( struct fd *fd, unsigned int access,
@@ -124,6 +124,8 @@ extern struct file *create_file_for_fd_obj( struct fd *fd, unsigned int access,
extern void file_set_error(void);
extern struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID *group );
extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner );
+extern int set_file_sd( struct object *obj, struct fd *fd, const struct security_descriptor *sd,
+ unsigned int set_info );
+extern int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid,
+ const struct security_descriptor *sd, unsigned int set_info );
/* file mapping functions */
--
1.7.9.5
2.3.3

26
patches/server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch
View File

@@ -1,17 +1,17 @@
From ba94c25ed29ed6d3fc1c49a13ddb5257f5b3f385 Mon Sep 17 00:00:00 2001
From d28df1000aad8383a83cea9c18934be47f02f151 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Thu, 17 Apr 2014 16:07:50 -0600
Subject: server: Unify the retrieval of security attributes for files and
directories. (try 7)
---
server/change.c | 32 +++++---------------------------
server/file.c | 32 +++++++++++++++++++++-----------
server/file.h | 2 ++
server/change.c | 32 +++++---------------------------
server/file.c | 32 +++++++++++++++++++++-----------
server/file.h | 2 ++
3 files changed, 28 insertions(+), 38 deletions(-)
diff --git a/server/change.c b/server/change.c
index 4f6ce81..27dbe25 100644
index c2fe428..29a48b3 100644
--- a/server/change.c
+++ b/server/change.c
@@ -281,39 +281,17 @@ static struct fd *dir_get_fd( struct object *obj )
@@ -60,10 +60,10 @@ index 4f6ce81..27dbe25 100644
}
diff --git a/server/file.c b/server/file.c
index fb89272..1f008ea 100644
index f841b32..932c036 100644
--- a/server/file.c
+++ b/server/file.c
@@ -424,23 +424,19 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
@@ -428,23 +428,19 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
return sd;
}
@@ -92,7 +92,7 @@ index fb89272..1f008ea 100644
return obj->sd;
sd = mode_to_sd( st.st_mode,
@@ -448,13 +444,27 @@ static struct security_descriptor *file_get_sd( struct object *obj )
@@ -452,13 +448,27 @@ static struct security_descriptor *file_get_sd( struct object *obj )
token_get_primary_group( current->process->token ));
if (!sd) return obj->sd;
@@ -123,18 +123,18 @@ index fb89272..1f008ea 100644
{
mode_t mode = 0;
diff --git a/server/file.h b/server/file.h
index 76cb383..43a234f 100644
index d1365b0..c866312 100644
--- a/server/file.h
+++ b/server/file.h
@@ -124,6 +124,8 @@ extern struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, con
@@ -126,6 +126,8 @@ extern struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, con
extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner );
extern int set_file_sd( struct object *obj, struct fd *fd, const struct security_descriptor *sd,
unsigned int set_info );
extern int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid,
const struct security_descriptor *sd, unsigned int set_info );
+extern struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode_t *mode,
+ uid_t *uid );
/* file mapping functions */
--
1.7.9.5
2.3.3

147
patches/server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch Normal file
View File

@@ -0,0 +1,147 @@
From 539af3804249e08ae39b6d6abb9f08dbe711a8a8 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 30 Mar 2015 12:32:34 +0200
Subject: server: Add a helper function set_sd_from_token_internal to merge two
security descriptors.
---
server/object.c | 55 +++++++++++++++++++++++++++++++++++--------------------
server/object.h | 3 +++
2 files changed, 38 insertions(+), 20 deletions(-)
diff --git a/server/object.c b/server/object.c
index d4afefd..1a7e16a 100644
--- a/server/object.c
+++ b/server/object.c
@@ -423,8 +423,9 @@ struct security_descriptor *default_get_sd( struct object *obj )
return obj->sd;
}
-int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd,
- unsigned int set_info, struct token *token )
+struct security_descriptor *set_sd_from_token_internal( const struct security_descriptor *sd,
+ const struct security_descriptor *old_sd,
+ unsigned int set_info, struct token *token )
{
struct security_descriptor new_sd, *new_sd_ptr;
int present;
@@ -432,8 +433,6 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
const ACL *sacl, *dacl;
char *ptr;
- if (!set_info) return 1;
-
new_sd.control = sd->control & ~SE_SELF_RELATIVE;
if (set_info & OWNER_SECURITY_INFORMATION && sd->owner_len)
@@ -441,10 +440,10 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
owner = sd_get_owner( sd );
new_sd.owner_len = sd->owner_len;
}
- else if (obj->sd && obj->sd->owner_len)
+ else if (old_sd && old_sd->owner_len)
{
- owner = sd_get_owner( obj->sd );
- new_sd.owner_len = obj->sd->owner_len;
+ owner = sd_get_owner( old_sd );
+ new_sd.owner_len = old_sd->owner_len;
}
else if (token)
{
@@ -458,10 +457,10 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
group = sd_get_group( sd );
new_sd.group_len = sd->group_len;
}
- else if (obj->sd && obj->sd->group_len)
+ else if (old_sd && old_sd->group_len)
{
- group = sd_get_group( obj->sd );
- new_sd.group_len = obj->sd->group_len;
+ group = sd_get_group( old_sd );
+ new_sd.group_len = old_sd->group_len;
}
else if (token)
{
@@ -476,10 +475,10 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
new_sd.sacl_len = sd->sacl_len;
else
{
- if (obj->sd) sacl = sd_get_sacl( obj->sd, &present );
+ if (old_sd) sacl = sd_get_sacl( old_sd, &present );
- if (obj->sd && present)
- new_sd.sacl_len = obj->sd->sacl_len;
+ if (old_sd && present)
+ new_sd.sacl_len = old_sd->sacl_len;
else
new_sd.sacl_len = 0;
}
@@ -490,10 +489,10 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
new_sd.dacl_len = sd->dacl_len;
else
{
- if (obj->sd) dacl = sd_get_dacl( obj->sd, &present );
+ if (old_sd) dacl = sd_get_dacl( old_sd, &present );
- if (obj->sd && present)
- new_sd.dacl_len = obj->sd->dacl_len;
+ if (old_sd && present)
+ new_sd.dacl_len = old_sd->dacl_len;
else if (token)
{
dacl = token_get_default_dacl( token );
@@ -504,7 +503,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
ptr = mem_alloc( sizeof(new_sd) + new_sd.owner_len + new_sd.group_len +
new_sd.sacl_len + new_sd.dacl_len );
- if (!ptr) return 0;
+ if (!ptr) return NULL;
new_sd_ptr = (struct security_descriptor*)ptr;
memcpy( ptr, &new_sd, sizeof(new_sd) );
@@ -517,9 +516,25 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
ptr += new_sd.sacl_len;
memcpy( ptr, dacl, new_sd.dacl_len );
- free( obj->sd );
- obj->sd = new_sd_ptr;
- return 1;
+ return new_sd_ptr;
+}
+
+int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd,
+ unsigned int set_info, struct token *token )
+{
+ struct security_descriptor *new_sd;
+
+ if (!set_info) return 1;
+
+ new_sd = set_sd_from_token_internal( sd, obj->sd, set_info, token );
+ if (new_sd)
+ {
+ free( obj->sd );
+ obj->sd = new_sd;
+ return 1;
+ }
+
+ return 0;
}
/** Set the security descriptor using the current primary token for defaults. */
diff --git a/server/object.h b/server/object.h
index 3817c75..c2c38b7 100644
--- a/server/object.h
+++ b/server/object.h
@@ -139,6 +139,9 @@ extern struct fd *no_get_fd( struct object *obj );
extern unsigned int no_map_access( struct object *obj, unsigned int access );
extern struct security_descriptor *default_get_sd( struct object *obj );
extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info );
+extern struct security_descriptor *set_sd_from_token_internal( const struct security_descriptor *sd,
+ const struct security_descriptor *old_sd,
+ unsigned int set_info, struct token *token );
extern int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd,
unsigned int set_info, struct token *token );
extern struct object *no_lookup_name( struct object *obj, struct unicode_str *name, unsigned int attributes );
--
2.3.3

161
patches/server-Stored_ACLs/0004-server-Store-user-and-group-inside-stored-extended-f.patch
View File

@@ -1,161 +0,0 @@
From cd48ef93da9c34e4757d878403374edd0e616b64 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Fri, 18 Apr 2014 15:35:24 -0600
Subject: server: Store user and group inside stored extended file attribute
information. (try 7)
---
server/file.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 70 insertions(+), 9 deletions(-)
diff --git a/server/file.c b/server/file.c
index 502951c..72d6d95 100644
--- a/server/file.c
+++ b/server/file.c
@@ -187,10 +187,11 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_
return &file->obj;
}
-void set_xattr_sd( int fd, const struct security_descriptor *sd )
+void set_xattr_sd( int fd, const struct security_descriptor *sd, const SID *user, const SID *group )
{
- char buffer[XATTR_SIZE_MAX];
- int present, len;
+ char buffer[XATTR_SIZE_MAX], *dst_ptr = &buffer[2], *src_ptr = (char *)sd;
+ int present, len, owner_len, group_len;
+ struct security_descriptor *dst_sd;
const ACL *dacl;
/* there's no point in storing the security descriptor if there's no DACL */
@@ -198,14 +199,52 @@ void set_xattr_sd( int fd, const struct security_descriptor *sd )
dacl = sd_get_dacl( sd, &present );
if (!present || !dacl) return;
- len = 2 + sizeof(struct security_descriptor) + sd->owner_len + sd->group_len + sd->sacl_len
+ /* make sure that we always store the ownership information */
+ if (!sd->owner_len)
+ owner_len = FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]);
+ else
+ owner_len = sd->owner_len;
+ if (!sd->group_len)
+ group_len = FIELD_OFFSET(SID, SubAuthority[group->SubAuthorityCount]);
+ else
+ group_len = sd->group_len;
+ len = 2 + sizeof(struct security_descriptor) + owner_len + group_len + sd->sacl_len
+ sd->dacl_len;
if (len > XATTR_SIZE_MAX) return;
/* include the descriptor revision and resource manager control bits */
buffer[0] = SECURITY_DESCRIPTOR_REVISION;
buffer[1] = 0;
- memcpy( &buffer[2], sd, len - 2 );
+ memcpy( dst_ptr, sd, sizeof(struct security_descriptor) );
+ dst_sd = (struct security_descriptor *)dst_ptr;
+ dst_sd->owner_len = owner_len;
+ dst_sd->group_len = group_len;
+ src_ptr += sizeof(struct security_descriptor);
+ dst_ptr += sizeof(struct security_descriptor);
+ /* copy the appropriate ownership information (explicit or inferred) */
+ if (sd->owner_len)
+ {
+ memcpy( dst_ptr, src_ptr, sd->owner_len );
+ src_ptr += sd->owner_len;
+ }
+ else
+ memcpy( dst_ptr, user, owner_len );
+ dst_ptr += owner_len;
+ if (sd->group_len)
+ {
+ memcpy( dst_ptr, src_ptr, sd->group_len );
+ src_ptr += sd->group_len;
+ }
+ else
+ memcpy( dst_ptr, group, group_len );
+ dst_ptr += group_len;
+ /* copy the ACL information (explicit only) */
+ memcpy( dst_ptr, src_ptr, sd->sacl_len );
+ src_ptr += sd->sacl_len;
+ dst_ptr += sd->sacl_len;
+ memcpy( dst_ptr, src_ptr, sd->dacl_len );
+ src_ptr += sd->dacl_len;
+ dst_ptr += sd->dacl_len;
xattr_fset( fd, WINE_XATTR_SD, buffer, len );
}
@@ -214,6 +253,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
unsigned int options, unsigned int attrs,
const struct security_descriptor *sd )
{
+ const SID *owner = NULL, *group = NULL;
struct object *obj = NULL;
struct fd *fd;
int flags;
@@ -244,9 +284,12 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
if (sd)
{
- const SID *owner = sd_get_owner( sd );
+ owner = sd_get_owner( sd );
if (!owner)
owner = token_get_user( current->process->token );
+ group = sd_get_group( sd );
+ if (!group)
+ group = token_get_primary_group( current->process->token );
mode = sd_to_mode( sd, owner );
}
else if (options & FILE_DIRECTORY_FILE)
@@ -270,7 +313,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
/* FIXME: should set error to STATUS_OBJECT_NAME_COLLISION if file existed before */
fd = open_fd( root, name, flags | O_NONBLOCK | O_LARGEFILE, &mode, access, sharing, options );
if (!fd) goto done;
- set_xattr_sd( get_unix_fd( fd ), sd );
+ set_xattr_sd( get_unix_fd( fd ), sd, owner, group );
if (S_ISDIR(mode))
obj = create_dir_obj( fd, access, mode );
@@ -580,7 +623,7 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
unsigned int set_info )
{
int unix_fd = get_unix_fd( fd );
- const SID *owner;
+ const SID *owner, *group;
struct stat st;
mode_t mode;
@@ -604,6 +647,24 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
else
owner = token_get_user( current->process->token );
+ if (set_info & GROUP_SECURITY_INFORMATION)
+ {
+ group = sd_get_group( sd );
+ if (!group)
+ {
+ set_error( STATUS_INVALID_SECURITY_DESCR );
+ return 0;
+ }
+ if (!obj->sd || !security_equal_sid( group, sd_get_group( obj->sd ) ))
+ {
+ /* FIXME: get Unix uid and call fchown */
+ }
+ }
+ else if (obj->sd)
+ group = sd_get_group( obj->sd );
+ else
+ group = token_get_primary_group( current->process->token );
+
/* group and sacl not supported */
if (set_info & DACL_SECURITY_INFORMATION)
@@ -612,7 +673,7 @@ int set_file_sd( struct object *obj, struct fd *fd, const struct security_descri
mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX);
mode |= sd_to_mode( sd, owner );
- set_xattr_sd( unix_fd, sd );
+ set_xattr_sd( unix_fd, sd, owner, group );
if (((st.st_mode ^ mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, mode ) == -1)
{
--
1.7.9.5

222
patches/server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch Normal file
View File

@@ -0,0 +1,222 @@
From 556b2f79dc0f03bd9e7bba04003f2071b21baa08 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 30 Mar 2015 12:50:21 +0200
Subject: server: Temporarily store the full security descriptor for file
objects.
---
dlls/advapi32/tests/security.c | 12 +++---
server/change.c | 8 +++-
server/file.c | 83 ++++++++++++++++++++++++++++--------------
server/file.h | 3 +-
4 files changed, 70 insertions(+), 36 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 15c3b1d..0392add 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -4148,22 +4148,22 @@ static void test_GetSecurityInfo(void)
bret = pGetAce(pDacl, 0, (VOID **)&ace);
ok(bret, "Failed to get Current User ACE.\n");
bret = EqualSid(&ace->SidStart, user_sid);
- todo_wine ok(bret, "Current User ACE != Current User SID.\n");
+ ok(bret, "Current User ACE != Current User SID.\n");
ok(((ACE_HEADER *)ace)->AceFlags == 0,
"Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
- ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
- ace->Mask);
+ todo_wine ok(ace->Mask == 0x1f01ff,
+ "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
}
if (acl_size.AceCount > 1)
{
bret = pGetAce(pDacl, 1, (VOID **)&ace);
ok(bret, "Failed to get Administators Group ACE.\n");
bret = EqualSid(&ace->SidStart, admin_sid);
- todo_wine ok(bret, "Administators Group ACE != Administators Group SID.\n");
+ ok(bret, "Administators Group ACE != Administators Group SID.\n");
ok(((ACE_HEADER *)ace)->AceFlags == 0,
"Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
- ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
- ace->Mask);
+ todo_wine ok(ace->Mask == 0x1f01ff,
+ "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
}
LocalFree(pSD);
CloseHandle(obj);
diff --git a/server/change.c b/server/change.c
index 29a48b3..87b45f8 100644
--- a/server/change.c
+++ b/server/change.c
@@ -1020,7 +1020,8 @@ static int dir_add_to_existing_notify( struct dir *dir )
#endif /* USE_INOTIFY */
-struct object *create_dir_obj( struct fd *fd, unsigned int access, mode_t mode )
+struct object *create_dir_obj( struct fd *fd, unsigned int access, mode_t mode,
+ const struct security_descriptor *sd )
{
struct dir *dir;
@@ -1039,6 +1040,11 @@ struct object *create_dir_obj( struct fd *fd, unsigned int access, mode_t mode )
dir->uid = ~(uid_t)0;
set_fd_user( fd, &dir_fd_ops, &dir->obj );
+ if (sd) dir_set_sd( &dir->obj, sd, OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION |
+ SACL_SECURITY_INFORMATION );
+
dir_add_to_existing_notify( dir );
return &dir->obj;
diff --git a/server/file.c b/server/file.c
index 932c036..7493735 100644
--- a/server/file.c
+++ b/server/file.c
@@ -168,7 +168,8 @@ struct file *create_file_for_fd_obj( struct fd *fd, unsigned int access, unsigne
return file;
}
-static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_t mode )
+static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_t mode,
+ const struct security_descriptor *sd )
{
struct file *file = alloc_object( &file_ops );
@@ -179,6 +180,12 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_
file->fd = fd;
grab_object( fd );
set_fd_user( fd, &file_fd_ops, &file->obj );
+
+ if (sd) file_set_sd( &file->obj, sd, OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION |
+ SACL_SECURITY_INFORMATION );
+
return &file->obj;
}
@@ -245,11 +252,11 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
if (!fd) goto done;
if (S_ISDIR(mode))
- obj = create_dir_obj( fd, access, mode );
+ obj = create_dir_obj( fd, access, mode, sd );
else if (S_ISCHR(mode) && is_serial_fd( fd ))
obj = create_serial( fd );
else
- obj = create_file_obj( fd, access, mode );
+ obj = create_file_obj( fd, access, mode, sd );
release_object( fd );
@@ -551,46 +558,66 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
int set_file_sd( struct object *obj, struct fd *fd, mode_t *mode, uid_t *uid,
const struct security_descriptor *sd, unsigned int set_info )
{
+ struct security_descriptor *new_sd;
int unix_fd = get_unix_fd( fd );
- const SID *owner;
+ const SID *owner, *group;
struct stat st;
mode_t new_mode;
- if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) return 1;
+ if (!set_info || unix_fd == -1 || fstat( unix_fd, &st ) == -1) return 1;
+ if (!obj->sd) get_file_sd( obj, fd, mode, uid );
- if (set_info & OWNER_SECURITY_INFORMATION)
+ /* calculate the new sd, save to a temporary variable before assigning */
+ new_sd = set_sd_from_token_internal( sd, obj->sd, set_info, current->process->token );
+ if (new_sd)
{
- owner = sd_get_owner( sd );
- if (!owner)
+ if (set_info & OWNER_SECURITY_INFORMATION)
{
- set_error( STATUS_INVALID_SECURITY_DESCR );
- return 0;
+ owner = sd_get_owner( new_sd );
+ assert( owner );
+
+ if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) ))
+ {
+ /* FIXME: get Unix uid and call fchown */
+ }
}
- if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) ))
+
+ if (set_info & GROUP_SECURITY_INFORMATION)
{
- /* FIXME: get Unix uid and call fchown */
+ group = sd_get_group( new_sd );
+ assert( group );
+
+ if (!obj->sd || !security_equal_sid( group, sd_get_group( obj->sd ) ))
+ {
+ /* FIXME: get Unix uid and call fchown */
+ }
}
- }
- else if (obj->sd)
- owner = sd_get_owner( obj->sd );
- else
- owner = token_get_user( current->process->token );
- /* group and sacl not supported */
+ if (set_info & DACL_SECURITY_INFORMATION)
+ {
+ owner = sd_get_owner( new_sd );
+ assert( owner );
- if (set_info & DACL_SECURITY_INFORMATION)
- {
- /* keep the bits that we don't map to access rights in the ACL */
- new_mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX);
- new_mode |= sd_to_mode( sd, owner );
+ /* keep the bits that we don't map to access rights in the ACL */
+ new_mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX);
+ new_mode |= sd_to_mode( new_sd, owner );
- if (((st.st_mode ^ new_mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, new_mode ) == -1)
- {
- file_set_error();
- return 0;
+ if (((st.st_mode ^ new_mode) & (S_IRWXU|S_IRWXG|S_IRWXO)) && fchmod( unix_fd, new_mode ) == -1)
+ {
+ free( new_sd );
+ file_set_error();
+ return 0;
+ }
+
+ *mode = new_mode;
}
+
+ free( obj->sd );
+ obj->sd = new_sd;
+ return 1;
}
- return 1;
+
+ return 0;
}
static int file_set_sd( struct object *obj, const struct security_descriptor *sd,
diff --git a/server/file.h b/server/file.h
index c866312..16883b2 100644
--- a/server/file.h
+++ b/server/file.h
@@ -142,7 +142,8 @@ extern int get_page_size(void);
extern void do_change_notify( int unix_fd );
extern void sigio_callback(void);
-extern struct object *create_dir_obj( struct fd *fd, unsigned int access, mode_t mode );
+extern struct object *create_dir_obj( struct fd *fd, unsigned int access, mode_t mode,
+ const struct security_descriptor *sd );
extern struct dir *get_dir_obj( struct process *process, obj_handle_t handle, unsigned int access );
/* completion */
--
2.3.3

Some files were not shown because too many files have changed in this diff Show More