[PATCH 2/2] advapi32: Support GetSecurityInfo() with special root HKEY constants.
Zebediah Figura (she/her)
zfigura at codeweavers.com
Sun Jan 24 10:42:22 CST 2021
On 1/24/21 2:47 AM, Dmitry Timoshkov wrote:
> Zebediah Figura <z.figura12 at gmail.com> wrote:
>
>
>> @@ -1522,17 +1525,43 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR
>> }
>> else
>> {
>> + HKEY key = NULL;
>> +
>> + if (type == SE_REGISTRY_KEY && (HandleToUlong(handle) >= HandleToUlong(HKEY_SPECIAL_ROOT_FIRST))
>> + && (HandleToUlong(handle) <= HandleToUlong(HKEY_SPECIAL_ROOT_LAST)))
>> + {
>> + REGSAM access = READ_CONTROL;
>> + DWORD ret;
>> +
>> + if (SecurityInfo & SACL_SECURITY_INFORMATION)
>> + access |= ACCESS_SYSTEM_SECURITY;
>> +
>> + if ((ret = RegOpenKeyExW( handle, L"\\", 0, access, &key )))
>> + return ret;
>> +
>> + handle = key;
>> + }
>> +
>> status = NtQuerySecurityObject( handle, SecurityInfo, NULL, 0, &size );
>> if (status != STATUS_SUCCESS && status != STATUS_BUFFER_TOO_SMALL)
>> + {
>> + RegCloseKey( key );
>> return RtlNtStatusToDosError( status );
>> + }
>
> It would be helpful to test whether NtQuerySecurityObject() is supposed to
> handle such case on its own, without hacks on GetSecurityInfo() side.
>
That GetKernelObjectSecurity() and SE_KERNEL_OBJECT both fail is a
pretty good indicator, I think, but sure, there's no harm in adding
extra tests.
More information about the wine-devel
mailing list