Erich Hoover : server: Report a default DACL for registry keys.
Alexandre Julliard
julliard at winehq.org
Tue Apr 23 13:52:23 CDT 2013
Module: wine
Branch: master
Commit: 04cd764d7688c59f88c19b25d5c6baea75a15ba1
URL: http://source.winehq.org/git/wine.git/?a=commit;h=04cd764d7688c59f88c19b25d5c6baea75a15ba1
Author: Erich Hoover <ehoover at mines.edu>
Date: Fri Apr 19 17:25:43 2013 -0600
server: Report a default DACL for registry keys.
---
dlls/advapi32/tests/security.c | 42 +++++++++++++++++++++++++++++++++++++++-
server/registry.c | 35 ++++++++++++++++++++++++--------
server/security.h | 1 +
server/token.c | 8 +++++++
4 files changed, 76 insertions(+), 10 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 86a4237..e10c1ed 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3007,7 +3007,9 @@ static void test_GetNamedSecurityInfoA(void)
{
char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
char system_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
- PSID admin_sid = (PSID) admin_ptr, system_sid = (PSID) system_ptr, user_sid;
+ char users_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
+ PSID admin_sid = (PSID) admin_ptr, users_sid = (PSID) users_ptr;
+ PSID system_sid = (PSID) system_ptr, user_sid;
DWORD sid_size = sizeof(admin_ptr), user_size;
char invalid_path[] = "/an invalid file path";
char software_key[] = "MACHINE\\Software";
@@ -3015,6 +3017,7 @@ static void test_GetNamedSecurityInfoA(void)
SECURITY_DESCRIPTOR_CONTROL control;
ACL_SIZE_INFORMATION acl_size;
CHAR windows_dir[MAX_PATH];
+ int users_ace_id = -1, i;
PSECURITY_DESCRIPTOR pSD;
ACCESS_ALLOWED_ACE *ace;
BOOL bret = TRUE, isNT4;
@@ -3022,8 +3025,10 @@ static void test_GetNamedSecurityInfoA(void)
DWORD error, revision;
BOOL owner_defaulted;
BOOL group_defaulted;
+ BOOL dacl_defaulted;
HANDLE token, hTemp;
PSID owner, group;
+ BOOL dacl_present;
PACL pDacl;
if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid)
@@ -3202,6 +3207,41 @@ static void test_GetNamedSecurityInfoA(void)
|| broken(((SID*)group)->SubAuthority[0] == SECURITY_NT_NON_UNIQUE) /* Vista */,
"MACHINE\\Software group SID != Local System SID.\n");
LocalFree(pSD);
+
+ /* Test querying the DACL of a built-in registry key */
+ sid_size = sizeof(users_ptr);
+ pCreateWellKnownSid(WinBuiltinUsersSid, NULL, users_sid, &sid_size);
+ error = pGetNamedSecurityInfoA(software_key, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
+ NULL, NULL, NULL, NULL, &pSD);
+ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+
+ bret = GetSecurityDescriptorDacl(pSD, &dacl_present, &pDacl, &dacl_defaulted);
+ ok(bret, "GetSecurityDescriptorDacl failed with error %d\n", GetLastError());
+ ok(dacl_present, "DACL should be present\n");
+ ok(pDacl && IsValidAcl(pDacl), "GetSecurityDescriptorDacl returned invalid DACL.\n");
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+ ok(bret, "GetAclInformation failed\n");
+ ok(acl_size.AceCount != 0, "GetAclInformation returned no ACLs\n");
+ for (i=0; i<acl_size.AceCount; i++)
+ {
+ bret = pGetAce(pDacl, i, (VOID **)&ace);
+ ok(bret, "Failed to get ACE %d.\n", i);
+ bret = EqualSid(&ace->SidStart, users_sid);
+ if (bret) users_ace_id = i;
+ }
+ ok(users_ace_id != -1, "Bultin Users ACE not found.\n");
+ if (users_ace_id != -1)
+ {
+ bret = pGetAce(pDacl, users_ace_id, (VOID **)&ace);
+ ok(bret, "Failed to get Builtin Users ACE.\n");
+ ok(((ACE_HEADER *)ace)->AceFlags == (INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE),
+ "Builtin Users ACE has unexpected flags (0x%x != 0x%x)\n", ((ACE_HEADER *)ace)->AceFlags,
+ INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE);
+ ok(ace->Mask == GENERIC_READ, "Builtin Users ACE has unexpected mask (0x%x != 0x%x)\n",
+ ace->Mask, GENERIC_READ);
+ }
+
+ LocalFree(pSD);
}
static void test_ConvertStringSecurityDescriptor(void)
diff --git a/server/registry.c b/server/registry.c
index efc2005..eb182f2 100644
--- a/server/registry.c
+++ b/server/registry.c
@@ -345,16 +345,33 @@ static struct security_descriptor *key_get_sd( struct object *obj )
if (!key_default_sd)
{
- size_t sid_len = security_sid_len( security_builtin_admins_sid );
-
- key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * sid_len );
- key_default_sd->control = 0;
- key_default_sd->owner_len = sid_len;
- key_default_sd->group_len = sid_len;
+ size_t users_sid_len = security_sid_len( security_builtin_users_sid );
+ size_t admins_sid_len = security_sid_len( security_builtin_admins_sid );
+ size_t dacl_len = sizeof(ACL) + offsetof( ACCESS_ALLOWED_ACE, SidStart ) + users_sid_len;
+ ACCESS_ALLOWED_ACE *aaa;
+ ACL *dacl;
+
+ key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * admins_sid_len + dacl_len );
+ key_default_sd->control = SE_DACL_PRESENT;
+ key_default_sd->owner_len = admins_sid_len;
+ key_default_sd->group_len = admins_sid_len;
key_default_sd->sacl_len = 0;
- key_default_sd->dacl_len = 0;
- memcpy( key_default_sd + 1, security_builtin_admins_sid, sid_len );
- memcpy( (char *)(key_default_sd + 1) + sid_len, security_builtin_admins_sid, sid_len );
+ key_default_sd->dacl_len = dacl_len;
+ memcpy( key_default_sd + 1, security_builtin_admins_sid, admins_sid_len );
+ memcpy( (char *)(key_default_sd + 1) + admins_sid_len, security_builtin_admins_sid, admins_sid_len );
+
+ dacl = (ACL *)((char *)(key_default_sd + 1) + 2 * admins_sid_len);
+ dacl->AclRevision = ACL_REVISION;
+ dacl->Sbz1 = 0;
+ dacl->AclSize = dacl_len;
+ dacl->AceCount = 1;
+ dacl->Sbz2 = 0;
+ aaa = (ACCESS_ALLOWED_ACE *)(dacl + 1);
+ aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+ aaa->Header.AceFlags = INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE;
+ aaa->Header.AceSize = offsetof( ACCESS_ALLOWED_ACE, SidStart ) + users_sid_len;
+ aaa->Mask = GENERIC_READ;
+ memcpy( &aaa->SidStart, security_builtin_users_sid, users_sid_len );
}
return key_default_sd;
}
diff --git a/server/security.h b/server/security.h
index 9856f96..ab5f027 100644
--- a/server/security.h
+++ b/server/security.h
@@ -42,6 +42,7 @@ extern const LUID SeCreateGlobalPrivilege;
extern const PSID security_world_sid;
extern const PSID security_local_user_sid;
extern const PSID security_local_system_sid;
+extern const PSID security_builtin_users_sid;
extern const PSID security_builtin_admins_sid;
diff --git a/server/token.c b/server/token.c
index 7d6086d..6d8961a 100644
--- a/server/token.c
+++ b/server/token.c
@@ -84,6 +84,13 @@ static const struct /* same fields as struct SID */
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
DWORD SubAuthority[2];
} builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
+static const struct /* same fields as struct SID */
+{
+ BYTE Revision;
+ BYTE SubAuthorityCount;
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+ DWORD SubAuthority[2];
+} builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
const PSID security_world_sid = (PSID)&world_sid;
static const PSID security_local_sid = (PSID)&local_sid;
@@ -92,6 +99,7 @@ static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_si
const PSID security_local_system_sid = (PSID)&local_system_sid;
const PSID security_local_user_sid = (PSID)&local_user_sid;
const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
+const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
static luid_t prev_luid_value = { 1000, 0 };
More information about the wine-cvs
mailing list