[PATCH 0/2] MR1151: ntdll: Add some already implemented security descriptor exports. - Wine-gitlab - list.winehq.org

newer
[PATCH 0/3] MR1152: ntdll: Fixes...

[PATCH 0/2] MR1151: ntdll: Add some already implemented security descriptor exports.

older
[PATCH 0/1] MR1146: Update Wine...

Nikolay Sivov (＠nsivov)

24 Oct 2022 24 Oct '22

4:41 p.m.

Signed-off-by: Nikolay Sivov <nsivov(a)codeweavers.com> -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1151

Reply

Sign in to reply online Use email software

Show replies by date

Nikolay Sivov

24 Oct 24 Oct

4:41 p.m.

New subject: [PATCH 1/2] ntdll: Add some already implemented security descriptor exports.

From: Nikolay Sivov <nsivov(a)codeweavers.com> Signed-off-by: Nikolay Sivov <nsivov(a)codeweavers.com> --- dlls/ntdll/ntdll.spec | 4 +- dlls/ntdll/rtl.c | 26 ------------ dlls/ntdll/sec.c | 96 +++++++++++++++++++++++++++++++++++++++++++ include/winternl.h | 3 ++ 4 files changed, 101 insertions(+), 28 deletions(-) diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec index 2432307e686..d9071bb826e 100644 --- a/dlls/ntdll/ntdll.spec +++ b/dlls/ntdll/ntdll.spec @@ -878,8 +878,8 @@ @ stub RtlNewInstanceSecurityObject @ stub RtlNewSecurityGrantedAccess @ stdcall RtlNewSecurityObject(ptr ptr ptr long ptr ptr) -# @ stub RtlNewSecurityObjectEx -# @ stub RtlNewSecurityObjectWithMultipleInheritance +@ stdcall RtlNewSecurityObjectEx(ptr ptr ptr ptr long long long ptr) +@ stdcall RtlNewSecurityObjectWithMultipleInheritance(ptr ptr ptr ptr long long long long ptr) @ stdcall RtlNormalizeProcessParams(ptr) @ stdcall RtlNormalizeString(long wstr long ptr ptr) # @ stub RtlNtPathNameToDosPathName diff --git a/dlls/ntdll/rtl.c b/dlls/ntdll/rtl.c index 11067f44941..58fe5242aa4 100644 --- a/dlls/ntdll/rtl.c +++ b/dlls/ntdll/rtl.c @@ -396,32 +396,6 @@ VOID WINAPI RtlReleasePebLock(void) RtlLeaveCriticalSection( NtCurrentTeb()->Peb->FastPebLock ); } -/****************************************************************************** - * RtlNewSecurityObject [NTDLL.@] - */ -NTSTATUS WINAPI -RtlNewSecurityObject( PSECURITY_DESCRIPTOR ParentDescriptor, - PSECURITY_DESCRIPTOR CreatorDescriptor, - PSECURITY_DESCRIPTOR *NewDescriptor, - BOOLEAN IsDirectoryObject, - HANDLE Token, - PGENERIC_MAPPING GenericMapping ) -{ - FIXME("(%p %p %p %d %p %p) stub!\n", ParentDescriptor, CreatorDescriptor, - NewDescriptor, IsDirectoryObject, Token, GenericMapping); - return STATUS_NOT_IMPLEMENTED; -} - -/****************************************************************************** - * RtlDeleteSecurityObject [NTDLL.@] - */ -NTSTATUS WINAPI -RtlDeleteSecurityObject( PSECURITY_DESCRIPTOR *ObjectDescriptor ) -{ - FIXME("(%p) stub!\n", ObjectDescriptor); - return STATUS_NOT_IMPLEMENTED; -} - /****************************************************************************** * RtlInitializeGenericTable [NTDLL.@] */ diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c index 20adc044158..ecc3ed8ba95 100644 --- a/dlls/ntdll/sec.c +++ b/dlls/ntdll/sec.c @@ -37,6 +37,25 @@ WINE_DEFAULT_DEBUG_CHANNEL(ntdll); #define SELF_RELATIVE_FIELD(sd,field) ((BYTE *)(sd) + ((SECURITY_DESCRIPTOR_RELATIVE *)(sd))->field) +static const SID world_sid = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }; +static const DWORD world_access_acl_size = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(world_sid) - sizeof(DWORD); + +static void get_world_access_acl( PACL acl ) +{ + PACCESS_ALLOWED_ACE ace = (PACCESS_ALLOWED_ACE)(acl + 1); + + acl->AclRevision = ACL_REVISION; + acl->Sbz1 = 0; + acl->AclSize = world_access_acl_size; + acl->AceCount = 1; + acl->Sbz2 = 0; + ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; + ace->Header.AceFlags = CONTAINER_INHERIT_ACE; + ace->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(world_sid) - sizeof(DWORD); + ace->Mask = 0xf3ffffff; /* Everything except reserved bits */ + memcpy( &ace->SidStart, &world_sid, sizeof(world_sid) ); +} + /* helper function to retrieve active length of an ACL */ static size_t acl_bytesInUse(PACL pAcl) { @@ -1101,6 +1120,83 @@ NTSTATUS WINAPI RtlAbsoluteToSelfRelativeSD( SelfRelativeSecurityDescriptor, BufferLength); } +/****************************************************************************** + * RtlNewSecurityObject [NTDLL.@] + */ +NTSTATUS WINAPI RtlNewSecurityObject(PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, + PSECURITY_DESCRIPTOR *descr, BOOLEAN is_container, HANDLE token, PGENERIC_MAPPING mapping) +{ + return RtlNewSecurityObjectEx(parent, creator, descr, NULL, is_container, 0, token, mapping); +} + +/****************************************************************************** + * RtlNewSecurityObjectEx [NTDLL.@] + */ +NTSTATUS WINAPI RtlNewSecurityObjectEx(PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, + PSECURITY_DESCRIPTOR *descr, GUID *type, BOOLEAN is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping ) +{ + SECURITY_DESCRIPTOR_RELATIVE *relative; + DWORD needed, offset; + NTSTATUS status; + BYTE *buffer; + + FIXME("%p, %p, %p, %p, %d, %#x, %p %p - semi-stub\n", parent, creator, descr, type, is_container, flags, token, mapping); + + needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE); + needed += sizeof(world_sid); + needed += sizeof(world_sid); + needed += world_access_acl_size; + needed += world_access_acl_size; + + if (!(buffer = RtlAllocateHeap( GetProcessHeap(), 0, needed ))) return STATUS_NO_MEMORY; + relative = (SECURITY_DESCRIPTOR_RELATIVE *)buffer; + if ((status = RtlCreateSecurityDescriptor( relative, SECURITY_DESCRIPTOR_REVISION ))) + { + RtlFreeHeap( GetProcessHeap(), 0, buffer ); + return status; + } + relative->Control |= SE_SELF_RELATIVE; + offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE); + + memcpy( buffer + offset, &world_sid, sizeof(world_sid) ); + relative->Owner = offset; + offset += sizeof(world_sid); + + memcpy( buffer + offset, &world_sid, sizeof(world_sid) ); + relative->Group = offset; + offset += sizeof(world_sid); + + get_world_access_acl( (ACL *)(buffer + offset) ); + relative->Dacl = offset; + offset += world_access_acl_size; + + get_world_access_acl( (ACL *)(buffer + offset) ); + relative->Sacl = offset; + + *descr = relative; + return STATUS_SUCCESS; +} + +/****************************************************************************** + * RtlNewSecurityObjectWithMultipleInheritance [NTDLL.@] + */ +NTSTATUS WINAPI RtlNewSecurityObjectWithMultipleInheritance(PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, + PSECURITY_DESCRIPTOR *descr, GUID **types, ULONG count, BOOLEAN is_container, ULONG flags, + HANDLE token, PGENERIC_MAPPING mapping ) +{ + FIXME("semi-stub\n"); + return RtlNewSecurityObjectEx(parent, creator, descr, NULL, is_container, flags, token, mapping); +} + +/****************************************************************************** + * RtlDeleteSecurityObject [NTDLL.@] + */ +NTSTATUS WINAPI RtlDeleteSecurityObject( PSECURITY_DESCRIPTOR *descr ) +{ + FIXME("%p stub.\n", descr); + RtlFreeHeap( GetProcessHeap(), 0, *descr ); + return STATUS_SUCCESS; +} /* * access control list's diff --git a/include/winternl.h b/include/winternl.h index fea26bf26c6..5c564373fed 100644 --- a/include/winternl.h +++ b/include/winternl.h @@ -4447,6 +4447,9 @@ NTSYSAPI void WINAPI RtlMapGenericMask(PACCESS_MASK,const GENERIC_MAPPING*) NTSYSAPI NTSTATUS WINAPI RtlMultiByteToUnicodeN(LPWSTR,DWORD,LPDWORD,LPCSTR,DWORD); NTSYSAPI NTSTATUS WINAPI RtlMultiByteToUnicodeSize(DWORD*,LPCSTR,ULONG); NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObject(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR*,BOOLEAN,HANDLE,PGENERIC_MAPPING); +NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObjectEx(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR*,GUID*,BOOLEAN,ULONG,HANDLE,PGENERIC_MAPPING); +NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObjectWithMultipleInheritance(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR*, + GUID **,ULONG,BOOLEAN,ULONG,HANDLE,PGENERIC_MAPPING); NTSYSAPI PRTL_USER_PROCESS_PARAMETERS WINAPI RtlNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS*); NTSYSAPI NTSTATUS WINAPI RtlNormalizeString(ULONG,const WCHAR*,INT,WCHAR*,INT*); NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1151

Reply

Sign in to reply online Use email software

Nikolay Sivov

4:41 p.m.

New subject: [PATCH 2/2] kernelbase: Forward some of the security descriptor functions to ntdll.

From: Nikolay Sivov <nsivov(a)codeweavers.com> Signed-off-by: Nikolay Sivov <nsivov(a)codeweavers.com> --- dlls/kernelbase/security.c | 72 +++----------------------------------- 1 file changed, 5 insertions(+), 67 deletions(-) diff --git a/dlls/kernelbase/security.c b/dlls/kernelbase/security.c index 26878982b6f..04898f81b06 100644 --- a/dlls/kernelbase/security.c +++ b/dlls/kernelbase/security.c @@ -139,26 +139,6 @@ static const WELLKNOWNRID WellKnownRids[] = { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS }, }; -static const SID world_sid = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }; -static const DWORD world_access_acl_size = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(world_sid) - sizeof(DWORD); - -static void get_world_access_acl( PACL acl ) -{ - PACCESS_ALLOWED_ACE ace = (PACCESS_ALLOWED_ACE)(acl + 1); - - acl->AclRevision = ACL_REVISION; - acl->Sbz1 = 0; - acl->AclSize = world_access_acl_size; - acl->AceCount = 1; - acl->Sbz2 = 0; - ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; - ace->Header.AceFlags = CONTAINER_INHERIT_ACE; - ace->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(world_sid) - sizeof(DWORD); - ace->Mask = 0xf3ffffff; /* Everything except reserved bits */ - memcpy( &ace->SidStart, &world_sid, sizeof(world_sid) ); -} - - static NTSTATUS open_file( LPCWSTR name, DWORD access, HANDLE *file ) { UNICODE_STRING file_nameW; @@ -938,7 +918,7 @@ BOOL WINAPI CreatePrivateObjectSecurity( PSECURITY_DESCRIPTOR parent, PSECURITY_ PSECURITY_DESCRIPTOR *descr, BOOL is_container, HANDLE token, PGENERIC_MAPPING mapping ) { - return CreatePrivateObjectSecurityEx( parent, creator, descr, NULL, is_container, 0, token, mapping ); + return set_ntstatus( RtlNewSecurityObject( parent, creator, descr, is_container, token, mapping )); } /****************************************************************************** @@ -948,46 +928,7 @@ BOOL WINAPI CreatePrivateObjectSecurityEx( PSECURITY_DESCRIPTOR parent, PSECURIT PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping ) { - SECURITY_DESCRIPTOR_RELATIVE *relative; - DWORD needed, offset; - BYTE *buffer; - - FIXME( "%p %p %p %p %d %lu %p %p - returns fake SECURITY_DESCRIPTOR\n", - parent, creator, descr, type, is_container, flags, token, mapping ); - - needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE); - needed += sizeof(world_sid); - needed += sizeof(world_sid); - needed += world_access_acl_size; - needed += world_access_acl_size; - - if (!(buffer = heap_alloc( needed ))) return FALSE; - relative = (SECURITY_DESCRIPTOR_RELATIVE *)buffer; - if (!InitializeSecurityDescriptor( relative, SECURITY_DESCRIPTOR_REVISION )) - { - heap_free( buffer ); - return FALSE; - } - relative->Control |= SE_SELF_RELATIVE; - offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE); - - memcpy( buffer + offset, &world_sid, sizeof(world_sid) ); - relative->Owner = offset; - offset += sizeof(world_sid); - - memcpy( buffer + offset, &world_sid, sizeof(world_sid) ); - relative->Group = offset; - offset += sizeof(world_sid); - - get_world_access_acl( (ACL *)(buffer + offset) ); - relative->Dacl = offset; - offset += world_access_acl_size; - - get_world_access_acl( (ACL *)(buffer + offset) ); - relative->Sacl = offset; - - *descr = relative; - return TRUE; + return set_ntstatus( RtlNewSecurityObjectEx( parent, creator, descr, type, is_container, flags, token, mapping )); } /****************************************************************************** @@ -1000,9 +941,8 @@ BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance( PSECURITY_DESCRI BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping ) { - FIXME(": semi-stub\n"); - return CreatePrivateObjectSecurityEx( parent, creator, descr, NULL, is_container, - flags, token, mapping ); + return set_ntstatus( RtlNewSecurityObjectWithMultipleInheritance( parent, creator, descr, types, count, + is_container, flags, token, mapping )); } /****************************************************************************** @@ -1010,9 +950,7 @@ BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance( PSECURITY_DESCRI */ BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR *descr ) { - FIXME("%p - stub\n", descr); - heap_free( *descr ); - return TRUE; + return set_ntstatus( RtlDeleteSecurityObject( descr )); } /****************************************************************************** -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1151

Reply

Sign in to reply online Use email software

Marvin

5:11 p.m.

New subject: [PATCH 2/2] kernelbase: Forward some of the security descriptor functions to ntdll.

Hi, It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated. The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=125361 Your paranoid android. === debian11 (build log) === Task: Could not create the win32 wineprefix: Failed to disable the crash dialogs: Task: WineTest did not produce the win32 report

Reply

Sign in to reply online Use email software

1152

Age (days ago)

1152

Last active (days ago)

Download

3 comments

3 participants

tags

participants (3)

Marvin
Nikolay Sivov
Nikolay Sivov (＠nsivov)