[PATCH] wbemprox: Return WBEM_E_ACCESS_DENIED from IEnumWbemClassObject::Next() if the object is empty.
Dmitry Timoshkov
dmitry at baikal.ru
Tue Jul 9 06:35:36 CDT 2019
Hans Leidekker <hans at codeweavers.com> wrote:
> > > > > > > Could you suggest a place in Wine where a permission check could be added?
> > > > > >
> > > > > > It's not clear to me if this is a general WMI thing or if it depends on the
> > > > > > object being queried.
> > > > >
> > > > > I'll copy WMI tests from dlls/wbemprox/tests to the MSI custom action tests
> > > > > to get a picture how it works under Windows.
> > > >
> > > > I've ported dlls/wbemprox/query.c to run from the MSI custom action,
> > > > added strict checks for ::Next() return values everywhere, and while
> > > > some of the queries fail ::Next() never returns WBEM_E_ACCESS_DENIED.
> > > > It turned out that commenting out CoSetProxyBlanket() made the ::Next()
> > > > calls for empty objects always return WBEM_E_ACCESS_DENIED instead of
> > > > WBEM_S_FALSE/WBEM_S_TIMEDOUT. It's not obvious to me where the proposed
> > > > access check should be added. Hans, do the test results add any clue to you?
> > >
> > > Commenting out the CoSetProxyBlanket call in the wbemprox tests doesn't change
> > > anything however.
> >
> > Yes, sorry for not mentioning that, since I'm testing on both sides.
> >
> > > We still don't know what's different when running as a custom
> > > action.
> >
> > What exactly you would like to know? Also if you have suggestions for
> > further tests and things to examine that would help a lot.
>
> Check the process token, for example, and compare properties/privileges.
According to my tests and investigation using Process Explorer the call
to CoSetProxyBlanket() doesn't change anything in the process token. On
the other hand MSDN description
https://docs.microsoft.com/en-us/windows/win32/wmisdk/setting-the-security-levels-on-a-wmi-connection
implies that CoSetProxyBlanket() changes the COM security for the specified
proxy, so it has nothing to do with process security.
It's not clear what else could be done, any suggestions Hans?
--
Dmitry.
More information about the wine-devel
mailing list