[PATCH v2 0/8] MR4105: advapi32: Properly implement GetSecurityInfo(SE_WINDOW_OBJECT).

Zebediah Figura (＠zfigura)

16 Oct 2023 16 Oct '23

2:13 a.m.

-- v2: advapi32: Implement GetSecurityInfo(SE_WINDOW_OBJECT). user32/tests: Add basic tests for GetUserObjectSecurity(). advapi32: Respect object type in SetSecurityInfo(). advapi32: Respect object type in GetSecurityInfo(). advapi32/tests: Add more tests for GetSecurityInfo(). https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

Show replies by date

Zebediah Figura

16 Oct 16 Oct

2:13 a.m.

New subject: [PATCH v2 1/8] advapi32: GetNamedSecurityInfo() takes a const name argument.

From: Zebediah Figura <zfigura(a)codeweavers.com> At least in the Windows 10 SDK. --- dlls/advapi32/security.c | 12 ++++++------ dlls/advapi32/tests/security.c | 2 +- include/aclapi.h | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index c5affd14318..fd3f4b9fefc 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -185,7 +185,7 @@ static inline DWORD get_security_file( LPCWSTR full_file_name, DWORD access, HAN } /* helper function for SE_SERVICE objects in [Get|Set]NamedSecurityInfo */ -static inline DWORD get_security_service( LPWSTR full_service_name, DWORD access, HANDLE *service ) +static DWORD get_security_service( const WCHAR *full_service_name, DWORD access, HANDLE *service ) { SC_HANDLE manager = OpenSCManagerW( NULL, NULL, access ); if (manager) @@ -199,9 +199,9 @@ static inline DWORD get_security_service( LPWSTR full_service_name, DWORD access } /* helper function for SE_REGISTRY_KEY objects in [Get|Set]NamedSecurityInfo */ -static inline DWORD get_security_regkey( LPWSTR full_key_name, DWORD access, HANDLE *key ) +static DWORD get_security_regkey( const WCHAR *full_key_name, DWORD access, HANDLE *key ) { - LPWSTR p = wcschr(full_key_name, '\\'); + const WCHAR *p = wcschr(full_key_name, '\\'); int len = p-full_key_name; HKEY hParent; @@ -2676,7 +2676,7 @@ BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR app /****************************************************************************** * GetNamedSecurityInfoA [ADVAPI32.@] */ -DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, +DWORD WINAPI GetNamedSecurityInfoA(const char *pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl, PSECURITY_DESCRIPTOR* ppSecurityDescriptor) @@ -2684,7 +2684,7 @@ DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, LPWSTR wstr; DWORD r; - TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo, + TRACE("%s %d %ld %p %p %p %p %p\n", debugstr_a(pObjectName), ObjectType, SecurityInfo, ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor); wstr = strdupAW(pObjectName); @@ -2699,7 +2699,7 @@ DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, /****************************************************************************** * GetNamedSecurityInfoW [ADVAPI32.@] */ -DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type, +DWORD WINAPI GetNamedSecurityInfoW( const WCHAR *name, SE_OBJECT_TYPE type, SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl, PACL* sacl, PSECURITY_DESCRIPTOR* descriptor ) { diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 5e5000cfcb5..c1ccc30a9c9 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -87,7 +87,7 @@ static BOOL (WINAPI *pConvertSecurityDescriptorToStringSecurityDescriptorA)(PSEC SECURITY_INFORMATION, LPSTR *, PULONG ); static BOOL (WINAPI *pSetFileSecurityA)(LPCSTR, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR); -static DWORD (WINAPI *pGetNamedSecurityInfoA)(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, +static DWORD (WINAPI *pGetNamedSecurityInfoA)(const char *, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); static DWORD (WINAPI *pSetNamedSecurityInfoA)(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, diff --git a/include/aclapi.h b/include/aclapi.h index cd818bcf016..c05f2ef188c 100644 --- a/include/aclapi.h +++ b/include/aclapi.h @@ -35,8 +35,8 @@ WINADVAPI DWORD WINAPI GetSecurityInfo( HANDLE, SE_OBJECT_TYPE, SECURITY_INFORM WINADVAPI DWORD WINAPI GetSecurityInfoExA(HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION, LPCSTR, LPCSTR, PACTRL_ACCESSA*, PACTRL_AUDITA*, LPSTR*, LPSTR*); WINADVAPI DWORD WINAPI GetSecurityInfoExW(HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION, LPCWSTR, LPCWSTR, PACTRL_ACCESSW*, PACTRL_AUDITW*, LPWSTR*, LPWSTR*); #define GetSecurityInfoEx WINELIB_NAME_AW(GetSecurityInfoEx) -WINADVAPI DWORD WINAPI GetNamedSecurityInfoA(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); -WINADVAPI DWORD WINAPI GetNamedSecurityInfoW(LPWSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); +WINADVAPI DWORD WINAPI GetNamedSecurityInfoA(const char *, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); +WINADVAPI DWORD WINAPI GetNamedSecurityInfoW(const WCHAR *, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); #define GetNamedSecurityInfo WINELIB_NAME_AW(GetNamedSecurityInfo) WINADVAPI DWORD WINAPI SetNamedSecurityInfoA(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID, PSID, PACL, PACL); WINADVAPI DWORD WINAPI SetNamedSecurityInfoW(LPWSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID, PSID, PACL, PACL); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

Zebediah Figura

2:13 a.m.

New subject: [PATCH v2 2/8] advapi32/tests: Use StringFromGUID2().

From: Zebediah Figura <zfigura(a)codeweavers.com> --- dlls/advapi32/tests/Makefile.in | 2 +- dlls/advapi32/tests/lsa.c | 12 ++---------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/dlls/advapi32/tests/Makefile.in b/dlls/advapi32/tests/Makefile.in index 2e9b007a91f..c2fc7aeb954 100644 --- a/dlls/advapi32/tests/Makefile.in +++ b/dlls/advapi32/tests/Makefile.in @@ -1,5 +1,5 @@ TESTDLL = advapi32.dll -IMPORTS = ole32 advapi32 +IMPORTS = advapi32 C_SRCS = \ cred.c \ diff --git a/dlls/advapi32/tests/lsa.c b/dlls/advapi32/tests/lsa.c index c43f313d77e..e68de388002 100644 --- a/dlls/advapi32/tests/lsa.c +++ b/dlls/advapi32/tests/lsa.c @@ -119,15 +119,8 @@ static void test_lsa(void) LPSTR name = NULL; LPSTR domain = NULL; LPSTR forest = NULL; - LPSTR guidstr = NULL; - WCHAR guidstrW[64]; UINT len; - guidstrW[0] = '\0'; ConvertSidToStringSidA(dns_domain_info->Sid, &strsid); - StringFromGUID2(&dns_domain_info->DomainGuid, guidstrW, ARRAY_SIZE(guidstrW)); - len = WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, NULL, 0, NULL, NULL ); - guidstr = LocalAlloc( 0, len ); - WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, guidstr, len, NULL, NULL ); if (dns_domain_info->Name.Buffer) { len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->Name.Buffer, -1, NULL, 0, NULL, NULL ); name = LocalAlloc( 0, len ); @@ -144,12 +137,11 @@ static void test_lsa(void) WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsForestName.Buffer, -1, forest, len, NULL, NULL ); } trace(" name: %s domain: %s forest: %s guid: %s sid: %s\n", - name ? name : "NULL", domain ? domain : "NULL", - forest ? forest : "NULL", guidstr, strsid ? strsid : "NULL"); + debugstr_a(name), debugstr_a(domain), debugstr_a(forest), + debugstr_guid(&dns_domain_info->DomainGuid), debugstr_a(strsid)); LocalFree( name ); LocalFree( forest ); LocalFree( domain ); - LocalFree( guidstr ); LocalFree( strsid ); } else -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

Zebediah Figura

2:13 a.m.

New subject: [PATCH v2 3/8] advapi32: Fix rewinding the last path segment in SetSecurityInfo().

From: Zebediah Figura <zfigura(a)codeweavers.com> In particular, handle the case where an object has no name. In theory, this should not happen for regular files, but SetSecurityInfo() is almost certainly not supposed to care about that [i.e. this code probably belongs in the server, at the very least]. However, fixing that will require much more work. While we're at it, rewrite the code to be a little more idiomatic about its intent. --- dlls/advapi32/security.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index fd3f4b9fefc..d13fd65af78 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -2969,10 +2969,11 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, return RtlNtStatusToDosError(status); } - for (name_info->Name.Length-=2; name_info->Name.Length>0; name_info->Name.Length-=2) - if (name_info->Name.Buffer[name_info->Name.Length/2-1]=='\\' || - name_info->Name.Buffer[name_info->Name.Length/2-1]=='/') - break; + if (name_info->Name.Length && name_info->Name.Buffer[(name_info->Name.Length / 2) - 1] == '\\') + name_info->Name.Length -= 2; + while (name_info->Name.Length && name_info->Name.Buffer[(name_info->Name.Length / 2) - 1] != '\\') + name_info->Name.Length -= 2; + if (name_info->Name.Length) { OBJECT_ATTRIBUTES attr; -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

Zebediah Figura

2:13 a.m.

New subject: [PATCH v2 4/8] advapi32/tests: Add more tests for GetSecurityInfo().

From: Zebediah Figura <zfigura(a)codeweavers.com> --- dlls/advapi32/tests/security.c | 93 ++++++++++++++++++++++++++++++++++ include/accctrl.h | 3 +- 2 files changed, 95 insertions(+), 1 deletion(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index c1ccc30a9c9..4f3bcb917b2 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -4782,6 +4782,7 @@ static void test_GetSecurityInfo(void) SID_IDENTIFIER_AUTHORITY sia = { SECURITY_NT_AUTHORITY }; int domain_users_ace_id = -1, admins_ace_id = -1, i; DWORD sid_size = sizeof(admin_ptr), l = sizeof(b); + SECURITY_ATTRIBUTES sa = {.nLength = sizeof(sa)}; PSID admin_sid = (PSID) admin_ptr, user_sid; char sd[SECURITY_DESCRIPTOR_MIN_LENGTH]; BOOL owner_defaulted, group_defaulted; @@ -4796,6 +4797,24 @@ static void test_GetSecurityInfo(void) BYTE flags; DWORD ret; + static const SE_OBJECT_TYPE kernel_types[] = + { + SE_FILE_OBJECT, + SE_KERNEL_OBJECT, + SE_WMIGUID_OBJECT, + }; + + static const SE_OBJECT_TYPE invalid_types[] = + { + SE_UNKNOWN_OBJECT_TYPE, + SE_DS_OBJECT, + SE_DS_OBJECT_ALL, + SE_PROVIDER_DEFINED_OBJECT, + SE_REGISTRY_WOW64_32KEY, + SE_REGISTRY_WOW64_64KEY, + 0xdeadbeef, + }; + if (!pSetSecurityInfo) { win_skip("[Get|Set]SecurityInfo is not available\n"); @@ -4984,6 +5003,80 @@ static void test_GetSecurityInfo(void) "Builtin Admins ACE has unexpected mask (0x%lx != 0x%x)\n", ace->Mask, PROCESS_ALL_ACCESS); } LocalFree(pSD); + + ret = GetSecurityInfo(NULL, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = GetSecurityInfo(GetCurrentProcess(), SE_FILE_OBJECT, + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(!ret, "got error %lu\n", ret); + LocalFree(pSD); + + sa.lpSecurityDescriptor = sd; + obj = CreateEventA(&sa, TRUE, TRUE, NULL); + pDacl = (PACL)&dacl; + + for (size_t i = 0; i < ARRAY_SIZE(kernel_types); ++i) + { + winetest_push_context("Type %#x", kernel_types[i]); + + ret = GetSecurityInfo(NULL, kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = GetSecurityInfo(GetCurrentProcess(), kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(!ret, "got error %lu\n", ret); + LocalFree(pSD); + + ret = GetSecurityInfo(obj, kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(!ret, "got error %lu\n", ret); + LocalFree(pSD); + + ret = SetSecurityInfo(NULL, kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = SetSecurityInfo(obj, kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); + ok(!ret || ret == ERROR_NO_SECURITY_ON_OBJECT /* win 7 */, "got error %lu\n", ret); + + winetest_pop_context(); + } + + ret = GetSecurityInfo(GetCurrentProcess(), SE_REGISTRY_KEY, + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + todo_wine ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = GetSecurityInfo(obj, SE_REGISTRY_KEY, + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + todo_wine ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + CloseHandle(obj); + + for (size_t i = 0; i < ARRAY_SIZE(invalid_types); ++i) + { + winetest_push_context("Type %#x", invalid_types[i]); + + ret = GetSecurityInfo(NULL, invalid_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = GetSecurityInfo((HANDLE)0xdeadbeef, invalid_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + todo_wine ok(ret == ERROR_INVALID_PARAMETER, "got error %lu\n", ret); + + ret = SetSecurityInfo(NULL, invalid_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = SetSecurityInfo((HANDLE)0xdeadbeef, invalid_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); + todo_wine ok(ret == ERROR_INVALID_PARAMETER, "got error %lu\n", ret); + + winetest_pop_context(); + } } static void test_GetSidSubAuthority(void) diff --git a/include/accctrl.h b/include/accctrl.h index e71a5bb1241..8ecdd9e1bee 100644 --- a/include/accctrl.h +++ b/include/accctrl.h @@ -39,7 +39,8 @@ typedef enum _SE_OBJECT_TYPE SE_DS_OBJECT_ALL, SE_PROVIDER_DEFINED_OBJECT, SE_WMIGUID_OBJECT, - SE_REGISTRY_WOW64_32KEY + SE_REGISTRY_WOW64_32KEY, + SE_REGISTRY_WOW64_64KEY, } SE_OBJECT_TYPE; typedef enum _TRUSTEE_TYPE -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

Zebediah Figura

2:13 a.m.

New subject: [PATCH v2 5/8] advapi32: Respect object type in GetSecurityInfo().

From: Zebediah Figura <zfigura(a)codeweavers.com> Do not try to treat types which are not kernel handles as kernel handles. --- dlls/advapi32/security.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index d13fd65af78..8dfb6548588 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -1497,6 +1497,10 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR NTSTATUS status; ULONG size; BOOL present, defaulted; + HKEY key = NULL; + + if (!handle) + return ERROR_INVALID_HANDLE; /* A NULL descriptor is allowed if any one of the other pointers is not NULL */ if (!(ppsidOwner||ppsidGroup||ppDacl||ppSacl||ppSecurityDescriptor)) return ERROR_INVALID_PARAMETER; @@ -1509,8 +1513,9 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR || ((SecurityInfo & SACL_SECURITY_INFORMATION) && !ppSacl) )) return ERROR_INVALID_PARAMETER; - if (type == SE_SERVICE) + switch (type) { + case SE_SERVICE: if (!QueryServiceObjectSecurity( handle, SecurityInfo, NULL, 0, &size ) && GetLastError() != ERROR_INSUFFICIENT_BUFFER) return GetLastError(); @@ -1522,11 +1527,12 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR LocalFree(sd); return GetLastError(); } - } - else - { - HKEY key = NULL; + break; + case SE_KERNEL_OBJECT: + case SE_FILE_OBJECT: + case SE_WMIGUID_OBJECT: + case SE_REGISTRY_KEY: if (type == SE_REGISTRY_KEY && (HandleToUlong(handle) >= HandleToUlong(HKEY_SPECIAL_ROOT_FIRST)) && (HandleToUlong(handle) <= HandleToUlong(HKEY_SPECIAL_ROOT_LAST))) { @@ -1562,6 +1568,11 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR return RtlNtStatusToDosError( status ); } RegCloseKey( key ); + break; + + default: + FIXME("unimplemented type %u\n", type); + return ERROR_CALL_NOT_IMPLEMENTED; } if (ppsidOwner) -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

Zebediah Figura

2:13 a.m.

New subject: [PATCH v2 6/8] advapi32: Respect object type in SetSecurityInfo().

From: Zebediah Figura <zfigura(a)codeweavers.com> Do not try to treat types which are not kernel handles as kernel handles. --- dlls/advapi32/security.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index 8dfb6548588..82feb00a0f0 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -2925,6 +2925,9 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, PACL dacl = pDacl; NTSTATUS status; + if (!handle) + return ERROR_INVALID_HANDLE; + if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) return ERROR_INVALID_SECURITY_DESCR; @@ -3032,13 +3035,18 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, switch (ObjectType) { - case SE_SERVICE: - FIXME("stub: Service objects are not supported at this time.\n"); - status = STATUS_SUCCESS; /* Implement SetServiceObjectSecurity */ + case SE_FILE_OBJECT: + case SE_KERNEL_OBJECT: + case SE_WMIGUID_OBJECT: + case SE_REGISTRY_KEY: + status = NtSetSecurityObject(handle, SecurityInfo, &sd); break; + default: - status = NtSetSecurityObject(handle, SecurityInfo, &sd); + FIXME("unimplemented type %u, returning success\n", ObjectType); + status = STATUS_SUCCESS; break; + } if (dacl != pDacl) free(dacl); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

Zebediah Figura

2:13 a.m.

New subject: [PATCH v2 7/8] user32/tests: Add basic tests for GetUserObjectSecurity().

From: Zebediah Figura <zfigura(a)codeweavers.com> --- dlls/user32/tests/winstation.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/dlls/user32/tests/winstation.c b/dlls/user32/tests/winstation.c index 23b86443af0..805bf57ec6f 100644 --- a/dlls/user32/tests/winstation.c +++ b/dlls/user32/tests/winstation.c @@ -1093,6 +1093,31 @@ static void test_invisible_winstation(char **argv) SetProcessWindowStation(old_winstation); } +static void test_get_security(void) +{ + SECURITY_INFORMATION info = DACL_SECURITY_INFORMATION; + HDESK desktop = GetThreadDesktop(GetCurrentThreadId()); + DWORD size, expect_size; + char buffer[500]; + BOOL ret; + + size = 0xdeadbeef; + SetLastError(0xdeadbeef); + ret = GetUserObjectSecurity( desktop, &info, NULL, 0, &size ); + ok( !ret, "got %#x\n", ret ); + ok( GetLastError() == ERROR_INSUFFICIENT_BUFFER, "got error %lu\n", GetLastError() ); + ok( size && size < sizeof(buffer), "got size %lu\n", size ); + expect_size = size; + + size = 0xdeadbeef; + SetLastError(0xdeadbeef); + ret = GetUserObjectSecurity( desktop, &info, buffer, sizeof(buffer), &size ); + ok( ret == TRUE, "got %#x\n", ret ); + ok( GetLastError() == 0xdeadbeef, "got error %lu\n", GetLastError() ); + ok( size == expect_size, "got size %lu\n", size ); + ok( IsValidSecurityDescriptor(buffer), "expected valid SD\n" ); +} + START_TEST(winstation) { char **argv; @@ -1126,4 +1151,5 @@ START_TEST(winstation) test_getuserobjectinformation(); test_foregroundwindow(); test_invisible_winstation(argv); + test_get_security(); } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

Zebediah Figura

2:13 a.m.

New subject: [PATCH v2 8/8] advapi32: Implement GetSecurityInfo(SE_WINDOW_OBJECT).

From: Zebediah Figura <zfigura(a)codeweavers.com> Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=55763 --- dlls/advapi32/Makefile.in | 2 +- dlls/advapi32/security.c | 15 +++++++++++++++ dlls/advapi32/tests/Makefile.in | 2 +- dlls/advapi32/tests/security.c | 23 +++++++++++++++++++++++ 4 files changed, 40 insertions(+), 2 deletions(-) diff --git a/dlls/advapi32/Makefile.in b/dlls/advapi32/Makefile.in index f791e497a74..8ed0754ca9c 100644 --- a/dlls/advapi32/Makefile.in +++ b/dlls/advapi32/Makefile.in @@ -2,7 +2,7 @@ EXTRADEFS = -D_ADVAPI32_ MODULE = advapi32.dll IMPORTLIB = advapi32 IMPORTS = kernelbase sechost msvcrt -DELAYIMPORTS = rpcrt4 +DELAYIMPORTS = rpcrt4 user32 C_SRCS = \ advapi.c \ diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index 82feb00a0f0..8d0c6977d72 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -1529,6 +1529,21 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR } break; + case SE_WINDOW_OBJECT: + if (!GetUserObjectSecurity( handle, &SecurityInfo, NULL, 0, &size ) + && GetLastError() != ERROR_INSUFFICIENT_BUFFER) + return GetLastError(); + + if (!(sd = LocalAlloc( 0, size ))) + return ERROR_NOT_ENOUGH_MEMORY; + + if (!GetUserObjectSecurity( handle, &SecurityInfo, sd, size, &size )) + { + LocalFree( sd ); + return GetLastError(); + } + break; + case SE_KERNEL_OBJECT: case SE_FILE_OBJECT: case SE_WMIGUID_OBJECT: diff --git a/dlls/advapi32/tests/Makefile.in b/dlls/advapi32/tests/Makefile.in index c2fc7aeb954..3dec3cbabeb 100644 --- a/dlls/advapi32/tests/Makefile.in +++ b/dlls/advapi32/tests/Makefile.in @@ -1,5 +1,5 @@ TESTDLL = advapi32.dll -IMPORTS = advapi32 +IMPORTS = advapi32 user32 C_SRCS = \ cred.c \ diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 4f3bcb917b2..2840f6bd75a 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -8780,6 +8780,28 @@ static void test_IsValidSecurityDescriptor(void) free(sd); } +static void test_window_security(void) +{ + PSECURITY_DESCRIPTOR sd; + BOOL present, defaulted; + HDESK desktop; + DWORD ret; + ACL *dacl; + + desktop = GetThreadDesktop(GetCurrentThreadId()); + + ret = GetSecurityInfo(desktop, SE_WINDOW_OBJECT, + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &sd); + ok(!ret, "got error %lu\n", ret); + + ret = GetSecurityDescriptorDacl(sd, &present, &dacl, &defaulted); + ok(ret == TRUE, "got error %lu\n", GetLastError()); + todo_wine ok(present == TRUE, "got present %d\n", present); + ok(defaulted == FALSE, "got defaulted %d\n", defaulted); + + LocalFree(sd); +} + START_TEST(security) { init(); @@ -8850,6 +8872,7 @@ START_TEST(security) test_elevation(); test_group_as_file_owner(); test_IsValidSecurityDescriptor(); + test_window_security(); /* Must be the last test, modifies process token */ test_token_security_descriptor(); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4105

871

Age (days ago)

871

Last active (days ago)

List overview

Download

8 comments

2 participants

participants (2)

Zebediah Figura
Zebediah Figura (＠zfigura)

[PATCH v2 0/8] MR4105: advapi32: Properly implement GetSecurityInfo(SE_WINDOW_OBJECT).

tags

participants (2)