Erich Hoover : server: Report administrator ownership by default for registry objects.
Alexandre Julliard
julliard at winehq.org
Thu Apr 11 13:32:20 CDT 2013
Module: wine
Branch: master
Commit: 56c1a8b06293cfef2cb39e1f04e9e725d81982e2
URL: http://source.winehq.org/git/wine.git/?a=commit;h=56c1a8b06293cfef2cb39e1f04e9e725d81982e2
Author: Erich Hoover <ehoover at mines.edu>
Date: Tue Mar 5 09:52:38 2013 -0700
server: Report administrator ownership by default for registry objects.
---
dlls/advapi32/tests/security.c | 31 +++++++++++++++++++++++++++----
server/registry.c | 25 ++++++++++++++++++++++++-
server/security.h | 1 +
server/token.c | 8 ++++++++
4 files changed, 60 insertions(+), 5 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index e4adab1..7dd0501 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3005,10 +3005,12 @@ static void test_SetEntriesInAclA(void)
static void test_GetNamedSecurityInfoA(void)
{
- char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], dacl[100], *user;
+ char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
+ char system_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
+ PSID admin_sid = (PSID) admin_ptr, system_sid = (PSID) system_ptr, user_sid;
DWORD sid_size = sizeof(admin_ptr), user_size;
char invalid_path[] = "/an invalid file path";
- PSID admin_sid = (PSID) admin_ptr, user_sid;
+ char software_key[] = "MACHINE\\Software";
char sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
SECURITY_DESCRIPTOR_CONTROL control;
ACL_SIZE_INFORMATION acl_size;
@@ -3113,10 +3115,10 @@ static void test_GetNamedSecurityInfoA(void)
/* Create security descriptor information and test that it comes back the same */
pSD = &sd;
- pDacl = (PACL)&dacl;
+ pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
- bret = InitializeAcl(pDacl, sizeof(dacl), ACL_REVISION);
+ bret = InitializeAcl(pDacl, 100, ACL_REVISION);
ok(bret, "Failed to initialize ACL.\n");
bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
ok(bret, "Failed to add Current User to ACL.\n");
@@ -3130,6 +3132,7 @@ static void test_GetNamedSecurityInfoA(void)
SetLastError(0xdeadbeef);
error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL,
NULL, pDacl, NULL);
+ HeapFree(GetProcessHeap(), 0, pDacl);
if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED))
{
win_skip("SetNamedSecurityInfoA is not implemented\n");
@@ -3178,6 +3181,26 @@ static void test_GetNamedSecurityInfoA(void)
LocalFree(pSD);
HeapFree(GetProcessHeap(), 0, user);
CloseHandle(hTemp);
+
+ /* Test querying the ownership of a built-in registry key */
+ sid_size = sizeof(system_ptr);
+ pCreateWellKnownSid(WinLocalSystemSid, NULL, system_sid, &sid_size);
+ error = pGetNamedSecurityInfoA(software_key, SE_REGISTRY_KEY,
+ OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION,
+ NULL, NULL, NULL, NULL, &pSD);
+ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+
+ bret = GetSecurityDescriptorOwner(pSD, &owner, &owner_defaulted);
+ ok(bret, "GetSecurityDescriptorOwner failed with error %d\n", GetLastError());
+ ok(owner != NULL, "owner should not be NULL\n");
+ ok(EqualSid(owner, admin_sid), "MACHINE\\Software owner SID != Administrators SID.\n");
+
+ bret = GetSecurityDescriptorGroup(pSD, &group, &group_defaulted);
+ ok(bret, "GetSecurityDescriptorGroup failed with error %d\n", GetLastError());
+ ok(group != NULL, "group should not be NULL\n");
+ ok(EqualSid(group, admin_sid) || broken(EqualSid(group, system_sid)) /* before Win7 */,
+ "MACHINE\\Software group SID != Local System SID.\n");
+ LocalFree(pSD);
}
static void test_ConvertStringSecurityDescriptor(void)
diff --git a/server/registry.c b/server/registry.c
index a144c26..efc2005 100644
--- a/server/registry.c
+++ b/server/registry.c
@@ -147,6 +147,7 @@ struct file_load_info
static void key_dump( struct object *obj, int verbose );
static unsigned int key_map_access( struct object *obj, unsigned int access );
+static struct security_descriptor *key_get_sd( struct object *obj );
static int key_close_handle( struct object *obj, struct process *process, obj_handle_t handle );
static void key_destroy( struct object *obj );
@@ -162,7 +163,7 @@ static const struct object_ops key_ops =
no_signal, /* signal */
no_get_fd, /* get_fd */
key_map_access, /* map_access */
- default_get_sd, /* get_sd */
+ key_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
@@ -336,6 +337,28 @@ static unsigned int key_map_access( struct object *obj, unsigned int access )
KEY_WOW64_64KEY | KEY_WOW64_32KEY);
}
+static struct security_descriptor *key_get_sd( struct object *obj )
+{
+ static struct security_descriptor *key_default_sd;
+
+ if (obj->sd) return obj->sd;
+
+ if (!key_default_sd)
+ {
+ size_t sid_len = security_sid_len( security_builtin_admins_sid );
+
+ key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * sid_len );
+ key_default_sd->control = 0;
+ key_default_sd->owner_len = sid_len;
+ key_default_sd->group_len = sid_len;
+ key_default_sd->sacl_len = 0;
+ key_default_sd->dacl_len = 0;
+ memcpy( key_default_sd + 1, security_builtin_admins_sid, sid_len );
+ memcpy( (char *)(key_default_sd + 1) + sid_len, security_builtin_admins_sid, sid_len );
+ }
+ return key_default_sd;
+}
+
/* close the notification associated with a handle */
static int key_close_handle( struct object *obj, struct process *process, obj_handle_t handle )
{
diff --git a/server/security.h b/server/security.h
index 03fd74e..9856f96 100644
--- a/server/security.h
+++ b/server/security.h
@@ -42,6 +42,7 @@ extern const LUID SeCreateGlobalPrivilege;
extern const PSID security_world_sid;
extern const PSID security_local_user_sid;
extern const PSID security_local_system_sid;
+extern const PSID security_builtin_admins_sid;
/* token functions */
diff --git a/server/token.c b/server/token.c
index 5e0493a..7d6086d 100644
--- a/server/token.c
+++ b/server/token.c
@@ -77,6 +77,13 @@ static const struct /* same fields as struct SID */
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
DWORD SubAuthority[5];
} local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
+static const struct /* same fields as struct SID */
+{
+ BYTE Revision;
+ BYTE SubAuthorityCount;
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+ DWORD SubAuthority[2];
+} builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
const PSID security_world_sid = (PSID)&world_sid;
static const PSID security_local_sid = (PSID)&local_sid;
@@ -84,6 +91,7 @@ static const PSID security_interactive_sid = (PSID)&interactive_sid;
static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid;
const PSID security_local_system_sid = (PSID)&local_system_sid;
const PSID security_local_user_sid = (PSID)&local_user_sid;
+const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
static luid_t prev_luid_value = { 1000, 0 };
More information about the wine-cvs
mailing list