Adam Gashlin : advapi32: Don't revoke ACCESS_DENIED_ACE.
Alexandre Julliard
julliard at winehq.org
Mon Mar 15 16:59:14 CDT 2021
Module: wine
Branch: master
Commit: 23ffd0a7986421958c23cffce138afa389209920
URL: https://source.winehq.org/git/wine.git/?a=commit;h=23ffd0a7986421958c23cffce138afa389209920
Author: Adam Gashlin <agashlin at gmail.com>
Date: Mon Mar 1 21:18:01 2021 -0800
advapi32: Don't revoke ACCESS_DENIED_ACE.
REVOKE_ACCESS is only documented to remove ACCESS_ALLOWED_ACE and
SYSTEM_AUDIT_ACE.
Signed-off-by: Adam Gashlin <agashlin at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/advapi32/security.c | 3 +--
dlls/advapi32/tests/security.c | 26 ++++++++++++++++++++++++++
2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 9f80a846966..6246cd21a62 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -2314,8 +2314,7 @@ DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
add = FALSE;
break;
case ACCESS_DENIED_ACE_TYPE:
- if (EqualSid(ppsid[j], &((ACCESS_DENIED_ACE *)old_ace_header)->SidStart))
- add = FALSE;
+ /* REVOKE_ACCESS does not affect ACCESS_DENIED_ACE. */
break;
case SYSTEM_AUDIT_ACE_TYPE:
if (EqualSid(ppsid[j], &((SYSTEM_AUDIT_ACE *)old_ace_header)->SidStart))
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index a8c1a80e419..ce9c26d238e 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -7437,6 +7437,32 @@ static void test_GetExplicitEntriesFromAclW(void)
ok(access2 == NULL, "access2 was not NULL\n");
LocalFree(new_acl);
+ /* Make the ACL both Allow and Deny Everyone. */
+ res = AddAccessAllowedAce(old_acl, ACL_REVISION, KEY_READ, everyone_sid);
+ ok(res, "AddAccessAllowedAce failed with error %d\n", GetLastError());
+ res = AddAccessDeniedAce(old_acl, ACL_REVISION, KEY_WRITE, everyone_sid);
+ ok(res, "AddAccessDeniedAce failed with error %d\n", GetLastError());
+ /* Revoke Everyone. */
+ access.Trustee.ptstrName = everyone_sid;
+ access.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
+ access.grfAccessPermissions = 0;
+ new_acl = NULL;
+ res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
+ ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
+ ok(new_acl != NULL, "returned acl was NULL\n");
+ /* Deny Everyone should remain (along with Grant Users from earlier). */
+ access2 = NULL;
+ res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
+ ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
+ ok(count == 2, "Expected count == 2, got %d\n", count);
+ ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
+ ok(access2[0].grfAccessPermissions == KEY_READ , "Expected KEY_READ, got %d\n", access2[0].grfAccessPermissions);
+ ok(EqualSid(access2[0].Trustee.ptstrName, users_sid), "Expected equal SIDs\n");
+ ok(access2[1].grfAccessMode == DENY_ACCESS, "Expected DENY_ACCESS, got %d\n", access2[1].grfAccessMode);
+ ok(access2[1].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[1].grfAccessPermissions);
+ ok(EqualSid(access2[1].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
+ LocalFree(access2);
+
FreeSid(users_sid);
FreeSid(everyone_sid);
HeapFree(GetProcessHeap(), 0, old_acl);
More information about the wine-cvs
mailing list