[Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Oct 15 14:02:57 CDT 2011


http://bugs.winehq.org/show_bug.cgi?id=28729

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                URL|                            |http://neosmart.net/dl.php?
                   |                            |id=1
           Keywords|                            |download
          Component|-unknown                    |wineserver
                 CC|                            |focht at gmx.net
     Ever Confirmed|0                           |1
            Summary|EasyBCD: bcdedit complains  |EasyBCD: bcdedit complains
                   |about lack of privileges    |about lack of privileges
                   |                            |(import of registry hive
                   |                            |using native API
                   |                            |fails/wineserver token
                   |                            |privilege check)

--- Comment #2 from Anastasius Focht <focht at gmx.net> 2011-10-15 14:02:57 CDT ---
Hello,

BCD tool usage:

http://technet.microsoft.com/en-us/library/cc731245.aspx

You can reproduce the problem without .NET gui, just call "bcdedit" (located in
app "bin" folder) directly on your saved hive.

$ wine ./bcdedit.exe /store <your_bcd_store> /enum all

The tool uses native API to load and store binary registry hives.

Now we can stop right here ...
Wine doesn't support the binary hive format of Windows.

Anyway, it might be still a valid bug regarding token privileges.

Relevant trace log:

--- snip ---
...
0009:Call ntdll.NtOpenThreadToken(fffffffe,00000028,00000001,0032fc94)
ret=0101c1b2
0009: open_token( handle=fffffffe, access=00000028, attributes=00000000,
flags=00000003 )
0009: open_token() = NO_TOKEN { token=0000 }
0009:Ret  ntdll.NtOpenThreadToken() retval=c000007c ret=0101c1b2
0009:Call ntdll.NtOpenThreadToken(fffffffe,00000028,00000000,0032fc94)
ret=0101c1c1
0009: open_token( handle=fffffffe, access=00000028, attributes=00000000,
flags=00000001 )
0009: open_token() = NO_TOKEN { token=0000 }
0009:Ret  ntdll.NtOpenThreadToken() retval=c000007c ret=0101c1c1
0009:Call ntdll.NtOpenProcessToken(ffffffff,00000028,0032fc94) ret=0101c1cd
0009: open_token( handle=ffffffff, access=00000028, attributes=00000000,
flags=00000000 )
0009: open_token() = 0 { token=0034 }
0009:Ret  ntdll.NtOpenProcessToken() retval=00000000 ret=0101c1cd
0009:Call
ntdll.NtAdjustPrivilegesToken(00000034,00000000,0032fc84,00000010,0032fc74,0032fca8)
ret=0101c214
0009: adjust_token_privileges( handle=0034, disable_all=0,
get_modified_state=1, privileges={{luid=0000000000000012,attr=2}} )
0009: adjust_token_privileges() = 0 { len=0000000c,
privileges={{luid=0000000000000012,attr=2}} }
0009:Ret  ntdll.NtAdjustPrivilegesToken() retval=00000000 ret=0101c214
0009:Call ntdll.NtClose(00000034) ret=0101c24e
0009: close_handle( handle=0034 )
0009: close_handle() = 0
0009:Ret  ntdll.NtClose() retval=00000000 ret=0101c24e
0009:Call ntdll.RtlInitUnicodeString(0032fc94,01023934 L"ntdll.dll")
ret=0101d0d5
0009:Ret  ntdll.RtlInitUnicodeString() retval=00000012 ret=0101d0d5
0009:Call ntdll.LdrGetDllHandle(00000000,00000000,0032fc94,0032fca0)
ret=0101d0e7
0009:Ret  ntdll.LdrGetDllHandle() retval=00000000 ret=0101d0e7
0009:Call ntdll.RtlInitAnsiString(0032fc8c,010238f6 "NtLoadKey2") ret=0101d0f8
0009:Ret  ntdll.RtlInitAnsiString() retval=0000000b ret=0101d0f8
0009:Call ntdll.LdrGetProcedureAddress(7ef40000,0032fc8c,00000000,0032fc9c)
ret=0101d10b
0009:Ret  ntdll.LdrGetProcedureAddress() retval=c000007a ret=0101d10b
0009:Call ntdll.NtLoadKey(0032fcf0,0032fcd8) ret=0101c182
0009:trace:reg:NtLoadKey (0x32fcf0,0x32fcd8)
0009: create_file( access=80000000, attributes=00000040, sharing=00000000,
create=1, options=00000000, attrs=00000080,
objattr={rootdir=0000,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/Program Files/NeoSmart
Technologies/EasyBCD/bin/bcd" )
0009: create_file() = 0 { handle=0034 }
0009: load_registry( hkey=0030, file=0034, name=L"BCD00000000" )
0009: load_registry() = PRIVILEGE_NOT_HELD
0009: close_handle( handle=0034 )
0009: close_handle() = 0
0009:Ret  ntdll.NtLoadKey() retval=c0000061 ret=0101c182
0009:Call ntdll.NtClose(00000030) ret=0101ca15
0009: close_handle( handle=0030 )
0009: close_handle() = 0
0009:Ret  ntdll.NtClose() retval=00000000 ret=0101ca15
...
0009:Call KERNEL32.WideCharToMultiByte(000001b5,00000000,00119e50 L"The boot
configuration data store could not be
opened.\r\n",ffffffff,00000000,00000000,00000000,00000000) ret=01010ab5 
...
0009:Call
KERNEL32.FormatMessageW(00001300,01000000,00000522,00000000,0032fdd8,00000000,00000000)
ret=01012127 
...
0009:Call KERNEL32.WideCharToMultiByte(000001b5,00000000,00119e10 L"Privilege
not held\r\n",ffffffff,00000000,00000000,00000000,00000000) ret=01010ab5 
...
--- snip ---

Although the tool adds SeRestorePrivilege token (luid=0000000000000012) using
NtOpenProcessToken -> NtAdjustPrivilegesToken before the registry import
operation it fails.

For some reason wineserver expects _both_, SeBackupPrivilege and
SeRestorePrivilege present in process token.
I don't know why SeBackupPrivilege is required for importing hives.

See:
http://source.winehq.org/git/wine.git/blob/c65bcce5899ba81226295303ed3df73a7be86c09:/server/registry.c#l2077

(second parameter of token_check_privileges() -> all_required = TRUE)

$ sha1sum EasyBCD\ 2.1.exe 
e8f1654b913aed4af6aacf09e7a44252217a7fe5  EasyBCD 2.1.exe

$ wine --version
wine-1.3.30-152-g0096373

As already said above: even if the bug is fixed regarding token privs - the BCD
tool won't work with Wine by design.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list