From 05f7fe0a393c6e5695f78b2fe9f0f26d125e1362 Mon Sep 17 00:00:00 2001
From: Mikolaj Zalewski <mikolaj@zalewski.pl>
Date: Thu, 27 Sep 2007 12:01:49 -0700
Subject: [PATCH] advapi32: implement GetPrivateObjectSecurity (with test)
---
 dlls/advapi32/security.c       |   44 +++++++++++++++++++++++++++++--
 dlls/advapi32/tests/security.c |   57 +++++++++++++++++++++++++++++++++++++++-
 2 files changed, 98 insertions(+), 3 deletions(-)

diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 5b2f7dd..69f9ec4 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -1123,11 +1123,51 @@ BOOL WINAPI GetPrivateObjectSecurity(
         DWORD DescriptorLength,
         PDWORD ReturnLength )
 {
+    SECURITY_DESCRIPTOR desc;
+    BOOL defaulted, present;
+    PACL pacl;
+    PSID psid;
+
     TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation,
           ResultantDescriptor, DescriptorLength, ReturnLength);
 
-    return set_ntstatus( NtQuerySecurityObject(ObjectDescriptor, SecurityInformation,
-                                               ResultantDescriptor, DescriptorLength, ReturnLength ));
+    if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION))
+        return FALSE;
+
+    if (SecurityInformation & OWNER_SECURITY_INFORMATION)
+    {
+        if (!GetSecurityDescriptorOwner(ObjectDescriptor, &psid, &defaulted))
+            return FALSE;
+        SetSecurityDescriptorOwner(&desc, psid, defaulted);
+    }
+    
+    if (SecurityInformation & GROUP_SECURITY_INFORMATION)
+    {
+        if (!GetSecurityDescriptorGroup(ObjectDescriptor, &psid, &defaulted))
+            return FALSE;
+        SetSecurityDescriptorGroup(&desc, psid, defaulted);
+    }
+
+    if (SecurityInformation & DACL_SECURITY_INFORMATION)
+    {
+        if (!GetSecurityDescriptorDacl(ObjectDescriptor, &present, &pacl, &defaulted))
+            return FALSE;
+        SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
+    }
+
+    if (SecurityInformation & SACL_SECURITY_INFORMATION)
+    {
+        if (!GetSecurityDescriptorSacl(ObjectDescriptor, &present, &pacl, &defaulted))
+            return FALSE;
+        SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
+    }
+
+    *ReturnLength = DescriptorLength;
+    if (!MakeSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength))
+        return FALSE;
+    GetSecurityDescriptorOwner(ResultantDescriptor, &psid, &defaulted);
+    FIXME("%p, sid=%p\n", &desc, psid);
+    return TRUE;
 }
 
 /******************************************************************************
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index b364774..c8c0b6d 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -2044,10 +2044,64 @@ #define CHECK_RESULT_AND_FREE(exp_str) \
     AddAuditAccessAceEx(pacl, ACL_REVISION, NO_PROPAGATE_INHERIT_ACE, FILE_GENERIC_READ|FILE_GENERIC_WRITE, psid2, TRUE, FALSE);
     ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Convertion failed\n");
     CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)");
+}
+
+void test_PrivateObjectSecurity()
+{
+    SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION;
+    SECURITY_DESCRIPTOR_CONTROL ctrl;
+    PSECURITY_DESCRIPTOR sec;
+    DWORD dwDescSize;
+    DWORD dwRevision;
+    DWORD retSize;
+    LPSTR string;
+    ULONG len;
+    PSECURITY_DESCRIPTOR buf;
+
+    ok(ConvertStringSecurityDescriptorToSecurityDescriptorA(
+        "O:SY"
+        "G:S-1-5-21-93476-23408-4576"
+        "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
+        "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)", SDDL_REVISION_1, &sec, &dwDescSize), "Creating descriptor failed\n");
+    buf = HeapAlloc(GetProcessHeap(), 0, dwDescSize);
+    SetSecurityDescriptorControl(sec, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
+    GetSecurityDescriptorControl(sec, &ctrl, &dwRevision);
+    todo_wine expect_eq(ctrl, 0x9014, int, "%x");
+
+    ok(GetPrivateObjectSecurity(sec, GROUP_SECURITY_INFORMATION, buf, dwDescSize, &retSize),
+        "GetPrivateObjectSecurity failed (err=%u)\n", GetLastError());
+    ok(retSize <= dwDescSize, "Buffer too small (%d vs %d)\n", retSize, dwDescSize);
+    ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Convertion failed\n");
+    CHECK_RESULT_AND_FREE("G:S-1-5-21-93476-23408-4576");
+    GetSecurityDescriptorControl(buf, &ctrl, &dwRevision);
+    expect_eq(ctrl, 0x8000, int, "%x");
+
+    ok(GetPrivateObjectSecurity(sec, GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, buf, dwDescSize, &retSize),
+        "GetPrivateObjectSecurity failed (err=%u)\n", GetLastError());
+    ok(retSize <= dwDescSize, "Buffer too small (%d vs %d)\n", retSize, dwDescSize);
+    ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Convertion failed err=%u\n", GetLastError());
+    CHECK_RESULT_AND_FREE("G:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)");
+    GetSecurityDescriptorControl(buf, &ctrl, &dwRevision);
+    expect_eq(ctrl, 0x8004, int, "%x");
+
+    ok(GetPrivateObjectSecurity(sec, sec_info, buf, dwDescSize, &retSize),
+        "GetPrivateObjectSecurity failed (err=%u)\n", GetLastError());
+    ok(retSize == dwDescSize, "Buffer too small (%d vs %d)\n", retSize, dwDescSize);
+    ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Convertion failed\n");
+    CHECK_RESULT_AND_FREE("O:SY"
+        "G:S-1-5-21-93476-23408-4576"
+        "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
+        "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)");
+    GetSecurityDescriptorControl(buf, &ctrl, &dwRevision);
+    expect_eq(ctrl, 0x8014, int, "%x");
 
+    SetLastError(0xdeadbeef);
+    ok(GetPrivateObjectSecurity(sec, sec_info, buf, 5, &retSize) == FALSE, "GetPrivateObjectSecurity should have failed\n");
+    ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected error ERROR_INSUFFICIENT_BUFFER, got %u\n", GetLastError());
 
-#undef CHECK_RESULT_AND_FREE
+    LocalFree(sec);
 }
+#undef CHECK_RESULT_AND_FREE
 
 START_TEST(security)
 {
@@ -2074,4 +2128,5 @@ START_TEST(security)
     test_GetNamedSecurityInfoA();
     test_ConvertStringSecurityDescriptor();
     test_ConvertSecurityDescriptorToString();
+    test_PrivateObjectSecurity();
 }
-- 
1.4.1