Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
7dfdcf30
Commit
7dfdcf30
authored
Jul 30, 2013
by
Hans Leidekker
Committed by
Alexandre Julliard
Jul 30, 2013
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
server: The token user SID must be present in the default DACL.
parent
fa0a7396
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
64 additions
and
6 deletions
+64
-6
security.c
dlls/advapi32/tests/security.c
+59
-0
token.c
server/token.c
+5
-6
No files found.
dlls/advapi32/tests/security.c
View file @
7dfdcf30
...
...
@@ -4591,6 +4591,64 @@ static void test_TokenIntegrityLevel(void)
CloseHandle
(
token
);
}
static
void
test_default_dacl_owner_sid
(
void
)
{
HANDLE
handle
;
BOOL
ret
,
defaulted
,
present
,
found
;
DWORD
size
,
index
;
SECURITY_DESCRIPTOR
*
sd
;
SECURITY_ATTRIBUTES
sa
;
PSID
owner
;
ACL
*
dacl
;
ACCESS_ALLOWED_ACE
*
ace
;
sd
=
HeapAlloc
(
GetProcessHeap
(),
0
,
SECURITY_DESCRIPTOR_MIN_LENGTH
);
ret
=
InitializeSecurityDescriptor
(
sd
,
SECURITY_DESCRIPTOR_REVISION
);
ok
(
ret
,
"error %u
\n
"
,
GetLastError
()
);
sa
.
nLength
=
sizeof
(
SECURITY_ATTRIBUTES
);
sa
.
lpSecurityDescriptor
=
sd
;
sa
.
bInheritHandle
=
FALSE
;
handle
=
CreateEvent
(
&
sa
,
TRUE
,
TRUE
,
"test_event"
);
ok
(
handle
!=
NULL
,
"error %u
\n
"
,
GetLastError
()
);
size
=
0
;
ret
=
GetKernelObjectSecurity
(
handle
,
OWNER_SECURITY_INFORMATION
|
DACL_SECURITY_INFORMATION
,
NULL
,
0
,
&
size
);
ok
(
!
ret
&&
GetLastError
()
==
ERROR_INSUFFICIENT_BUFFER
,
"error %u
\n
"
,
GetLastError
()
);
sd
=
HeapAlloc
(
GetProcessHeap
(),
0
,
size
);
ret
=
GetKernelObjectSecurity
(
handle
,
OWNER_SECURITY_INFORMATION
|
DACL_SECURITY_INFORMATION
,
sd
,
size
,
&
size
);
ok
(
ret
,
"error %u
\n
"
,
GetLastError
()
);
owner
=
(
void
*
)
0xdeadbeef
;
defaulted
=
TRUE
;
ret
=
GetSecurityDescriptorOwner
(
sd
,
&
owner
,
&
defaulted
);
ok
(
ret
,
"error %u
\n
"
,
GetLastError
()
);
ok
(
owner
!=
(
void
*
)
0xdeadbeef
,
"owner not set
\n
"
);
todo_wine
ok
(
!
defaulted
,
"owner defaulted
\n
"
);
dacl
=
(
void
*
)
0xdeadbeef
;
present
=
FALSE
;
defaulted
=
TRUE
;
ret
=
GetSecurityDescriptorDacl
(
sd
,
&
present
,
&
dacl
,
&
defaulted
);
ok
(
ret
,
"error %u
\n
"
,
GetLastError
()
);
ok
(
present
,
"dacl not present
\n
"
);
ok
(
dacl
!=
(
void
*
)
0xdeadbeef
,
"dacl not set
\n
"
);
todo_wine
ok
(
!
defaulted
,
"dacl defaulted
\n
"
);
index
=
0
;
found
=
FALSE
;
while
(
pGetAce
(
dacl
,
index
++
,
(
void
**
)
&
ace
))
{
if
(
EqualSid
(
&
ace
->
SidStart
,
owner
))
found
=
TRUE
;
}
ok
(
found
,
"owner sid not found in dacl
\n
"
);
HeapFree
(
GetProcessHeap
(),
0
,
sa
.
lpSecurityDescriptor
);
HeapFree
(
GetProcessHeap
(),
0
,
sd
);
CloseHandle
(
handle
);
}
START_TEST
(
security
)
{
init
();
...
...
@@ -4629,4 +4687,5 @@ START_TEST(security)
test_GetUserNameW
();
test_CreateRestrictedToken
();
test_TokenIntegrityLevel
();
test_default_dacl_owner_sid
();
}
server/token.c
View file @
7dfdcf30
...
...
@@ -640,8 +640,8 @@ struct token *token_create_admin( void )
PSID
alias_admins_sid
;
PSID
alias_users_sid
;
PSID
logon_sid
;
/* note: should be the owner specified in the token */
ACL
*
default_dacl
=
create_default_dacl
(
&
interactive
_sid
);
const
SID
*
user_sid
=
security_unix_uid_to_sid
(
getuid
()
);
ACL
*
default_dacl
=
create_default_dacl
(
user
_sid
);
alias_admins_sid
=
security_sid_alloc
(
&
nt_authority
,
sizeof
(
alias_admins_subauth
)
/
sizeof
(
alias_admins_subauth
[
0
]),
alias_admins_subauth
);
...
...
@@ -688,10 +688,9 @@ struct token *token_create_admin( void )
{
logon_sid
,
SE_GROUP_ENABLED
|
SE_GROUP_ENABLED_BY_DEFAULT
|
SE_GROUP_MANDATORY
|
SE_GROUP_LOGON_ID
},
};
static
const
TOKEN_SOURCE
admin_source
=
{
"SeMgr"
,
{
0
,
0
}};
token
=
create_token
(
TRUE
,
security_unix_uid_to_sid
(
getuid
()
),
admin_groups
,
sizeof
(
admin_groups
)
/
sizeof
(
admin_groups
[
0
]),
admin_privs
,
sizeof
(
admin_privs
)
/
sizeof
(
admin_privs
[
0
]),
default_dacl
,
admin_source
,
NULL
,
-
1
);
token
=
create_token
(
TRUE
,
user_sid
,
admin_groups
,
sizeof
(
admin_groups
)
/
sizeof
(
admin_groups
[
0
]),
admin_privs
,
sizeof
(
admin_privs
)
/
sizeof
(
admin_privs
[
0
]),
default_dacl
,
admin_source
,
NULL
,
-
1
);
/* we really need a primary group */
assert
(
token
->
primary_group
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment