Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
04cd764d
Commit
04cd764d
authored
Apr 19, 2013
by
Erich Hoover
Committed by
Alexandre Julliard
Apr 23, 2013
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
server: Report a default DACL for registry keys.
parent
0ae8f2da
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
76 additions
and
10 deletions
+76
-10
security.c
dlls/advapi32/tests/security.c
+41
-1
registry.c
server/registry.c
+26
-9
security.h
server/security.h
+1
-0
token.c
server/token.c
+8
-0
No files found.
dlls/advapi32/tests/security.c
View file @
04cd764d
...
...
@@ -3007,7 +3007,9 @@ static void test_GetNamedSecurityInfoA(void)
{
char
admin_ptr
[
sizeof
(
SID
)
+
sizeof
(
ULONG
)
*
SID_MAX_SUB_AUTHORITIES
],
*
user
;
char
system_ptr
[
sizeof
(
SID
)
+
sizeof
(
ULONG
)
*
SID_MAX_SUB_AUTHORITIES
];
PSID
admin_sid
=
(
PSID
)
admin_ptr
,
system_sid
=
(
PSID
)
system_ptr
,
user_sid
;
char
users_ptr
[
sizeof
(
SID
)
+
sizeof
(
ULONG
)
*
SID_MAX_SUB_AUTHORITIES
];
PSID
admin_sid
=
(
PSID
)
admin_ptr
,
users_sid
=
(
PSID
)
users_ptr
;
PSID
system_sid
=
(
PSID
)
system_ptr
,
user_sid
;
DWORD
sid_size
=
sizeof
(
admin_ptr
),
user_size
;
char
invalid_path
[]
=
"/an invalid file path"
;
char
software_key
[]
=
"MACHINE
\\
Software"
;
...
...
@@ -3015,6 +3017,7 @@ static void test_GetNamedSecurityInfoA(void)
SECURITY_DESCRIPTOR_CONTROL
control
;
ACL_SIZE_INFORMATION
acl_size
;
CHAR
windows_dir
[
MAX_PATH
];
int
users_ace_id
=
-
1
,
i
;
PSECURITY_DESCRIPTOR
pSD
;
ACCESS_ALLOWED_ACE
*
ace
;
BOOL
bret
=
TRUE
,
isNT4
;
...
...
@@ -3022,8 +3025,10 @@ static void test_GetNamedSecurityInfoA(void)
DWORD
error
,
revision
;
BOOL
owner_defaulted
;
BOOL
group_defaulted
;
BOOL
dacl_defaulted
;
HANDLE
token
,
hTemp
;
PSID
owner
,
group
;
BOOL
dacl_present
;
PACL
pDacl
;
if
(
!
pSetNamedSecurityInfoA
||
!
pGetNamedSecurityInfoA
||
!
pCreateWellKnownSid
)
...
...
@@ -3202,6 +3207,41 @@ static void test_GetNamedSecurityInfoA(void)
||
broken
(((
SID
*
)
group
)
->
SubAuthority
[
0
]
==
SECURITY_NT_NON_UNIQUE
)
/* Vista */
,
"MACHINE
\\
Software group SID != Local System SID.
\n
"
);
LocalFree
(
pSD
);
/* Test querying the DACL of a built-in registry key */
sid_size
=
sizeof
(
users_ptr
);
pCreateWellKnownSid
(
WinBuiltinUsersSid
,
NULL
,
users_sid
,
&
sid_size
);
error
=
pGetNamedSecurityInfoA
(
software_key
,
SE_REGISTRY_KEY
,
DACL_SECURITY_INFORMATION
,
NULL
,
NULL
,
NULL
,
NULL
,
&
pSD
);
ok
(
!
error
,
"GetNamedSecurityInfo failed with error %d
\n
"
,
error
);
bret
=
GetSecurityDescriptorDacl
(
pSD
,
&
dacl_present
,
&
pDacl
,
&
dacl_defaulted
);
ok
(
bret
,
"GetSecurityDescriptorDacl failed with error %d
\n
"
,
GetLastError
());
ok
(
dacl_present
,
"DACL should be present
\n
"
);
ok
(
pDacl
&&
IsValidAcl
(
pDacl
),
"GetSecurityDescriptorDacl returned invalid DACL.
\n
"
);
bret
=
pGetAclInformation
(
pDacl
,
&
acl_size
,
sizeof
(
acl_size
),
AclSizeInformation
);
ok
(
bret
,
"GetAclInformation failed
\n
"
);
ok
(
acl_size
.
AceCount
!=
0
,
"GetAclInformation returned no ACLs
\n
"
);
for
(
i
=
0
;
i
<
acl_size
.
AceCount
;
i
++
)
{
bret
=
pGetAce
(
pDacl
,
i
,
(
VOID
**
)
&
ace
);
ok
(
bret
,
"Failed to get ACE %d.
\n
"
,
i
);
bret
=
EqualSid
(
&
ace
->
SidStart
,
users_sid
);
if
(
bret
)
users_ace_id
=
i
;
}
ok
(
users_ace_id
!=
-
1
,
"Bultin Users ACE not found.
\n
"
);
if
(
users_ace_id
!=
-
1
)
{
bret
=
pGetAce
(
pDacl
,
users_ace_id
,
(
VOID
**
)
&
ace
);
ok
(
bret
,
"Failed to get Builtin Users ACE.
\n
"
);
ok
(((
ACE_HEADER
*
)
ace
)
->
AceFlags
==
(
INHERIT_ONLY_ACE
|
CONTAINER_INHERIT_ACE
),
"Builtin Users ACE has unexpected flags (0x%x != 0x%x)
\n
"
,
((
ACE_HEADER
*
)
ace
)
->
AceFlags
,
INHERIT_ONLY_ACE
|
CONTAINER_INHERIT_ACE
);
ok
(
ace
->
Mask
==
GENERIC_READ
,
"Builtin Users ACE has unexpected mask (0x%x != 0x%x)
\n
"
,
ace
->
Mask
,
GENERIC_READ
);
}
LocalFree
(
pSD
);
}
static
void
test_ConvertStringSecurityDescriptor
(
void
)
...
...
server/registry.c
View file @
04cd764d
...
...
@@ -345,16 +345,33 @@ static struct security_descriptor *key_get_sd( struct object *obj )
if
(
!
key_default_sd
)
{
size_t
sid_len
=
security_sid_len
(
security_builtin_admins_sid
);
key_default_sd
=
mem_alloc
(
sizeof
(
*
key_default_sd
)
+
2
*
sid_len
);
key_default_sd
->
control
=
0
;
key_default_sd
->
owner_len
=
sid_len
;
key_default_sd
->
group_len
=
sid_len
;
size_t
users_sid_len
=
security_sid_len
(
security_builtin_users_sid
);
size_t
admins_sid_len
=
security_sid_len
(
security_builtin_admins_sid
);
size_t
dacl_len
=
sizeof
(
ACL
)
+
offsetof
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
users_sid_len
;
ACCESS_ALLOWED_ACE
*
aaa
;
ACL
*
dacl
;
key_default_sd
=
mem_alloc
(
sizeof
(
*
key_default_sd
)
+
2
*
admins_sid_len
+
dacl_len
);
key_default_sd
->
control
=
SE_DACL_PRESENT
;
key_default_sd
->
owner_len
=
admins_sid_len
;
key_default_sd
->
group_len
=
admins_sid_len
;
key_default_sd
->
sacl_len
=
0
;
key_default_sd
->
dacl_len
=
0
;
memcpy
(
key_default_sd
+
1
,
security_builtin_admins_sid
,
sid_len
);
memcpy
(
(
char
*
)(
key_default_sd
+
1
)
+
sid_len
,
security_builtin_admins_sid
,
sid_len
);
key_default_sd
->
dacl_len
=
dacl_len
;
memcpy
(
key_default_sd
+
1
,
security_builtin_admins_sid
,
admins_sid_len
);
memcpy
(
(
char
*
)(
key_default_sd
+
1
)
+
admins_sid_len
,
security_builtin_admins_sid
,
admins_sid_len
);
dacl
=
(
ACL
*
)((
char
*
)(
key_default_sd
+
1
)
+
2
*
admins_sid_len
);
dacl
->
AclRevision
=
ACL_REVISION
;
dacl
->
Sbz1
=
0
;
dacl
->
AclSize
=
dacl_len
;
dacl
->
AceCount
=
1
;
dacl
->
Sbz2
=
0
;
aaa
=
(
ACCESS_ALLOWED_ACE
*
)(
dacl
+
1
);
aaa
->
Header
.
AceType
=
ACCESS_ALLOWED_ACE_TYPE
;
aaa
->
Header
.
AceFlags
=
INHERIT_ONLY_ACE
|
CONTAINER_INHERIT_ACE
;
aaa
->
Header
.
AceSize
=
offsetof
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
users_sid_len
;
aaa
->
Mask
=
GENERIC_READ
;
memcpy
(
&
aaa
->
SidStart
,
security_builtin_users_sid
,
users_sid_len
);
}
return
key_default_sd
;
}
...
...
server/security.h
View file @
04cd764d
...
...
@@ -42,6 +42,7 @@ extern const LUID SeCreateGlobalPrivilege;
extern
const
PSID
security_world_sid
;
extern
const
PSID
security_local_user_sid
;
extern
const
PSID
security_local_system_sid
;
extern
const
PSID
security_builtin_users_sid
;
extern
const
PSID
security_builtin_admins_sid
;
...
...
server/token.c
View file @
04cd764d
...
...
@@ -84,6 +84,13 @@ static const struct /* same fields as struct SID */
SID_IDENTIFIER_AUTHORITY
IdentifierAuthority
;
DWORD
SubAuthority
[
2
];
}
builtin_admins_sid
=
{
SID_REVISION
,
2
,
{
SECURITY_NT_AUTHORITY
},
{
SECURITY_BUILTIN_DOMAIN_RID
,
DOMAIN_ALIAS_RID_ADMINS
}
};
static
const
struct
/* same fields as struct SID */
{
BYTE
Revision
;
BYTE
SubAuthorityCount
;
SID_IDENTIFIER_AUTHORITY
IdentifierAuthority
;
DWORD
SubAuthority
[
2
];
}
builtin_users_sid
=
{
SID_REVISION
,
2
,
{
SECURITY_NT_AUTHORITY
},
{
SECURITY_BUILTIN_DOMAIN_RID
,
DOMAIN_ALIAS_RID_USERS
}
};
const
PSID
security_world_sid
=
(
PSID
)
&
world_sid
;
static
const
PSID
security_local_sid
=
(
PSID
)
&
local_sid
;
...
...
@@ -92,6 +99,7 @@ static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_si
const
PSID
security_local_system_sid
=
(
PSID
)
&
local_system_sid
;
const
PSID
security_local_user_sid
=
(
PSID
)
&
local_user_sid
;
const
PSID
security_builtin_admins_sid
=
(
PSID
)
&
builtin_admins_sid
;
const
PSID
security_builtin_users_sid
=
(
PSID
)
&
builtin_users_sid
;
static
luid_t
prev_luid_value
=
{
1000
,
0
};
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment