[Bug 33576] Paint Tool SAI won't start

http://bugs.winehq.org/show_bug.cgi?id=33576

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download CC| |focht@gmx.net Component|kernel32 |wineserver Platform|Other |x86-64

--- Comment #4 from Anastasius Focht focht@gmx.net 2013-05-12 17:56:08 CDT --- Hello folks,

confirming too. The issue you are seeing is indeed the result of the newly added FILE_PERSISTENT_ACLS flag, the app hits a different code path now. NTFS is the 'default' case for GetVolumeInformationW() hence any newly added flag might have an impact.

It seems wineserver doesn't support returning proper ACE control flags (inheritance) for the file/directory object yet.

The app adds "S-1-1-0" (world/everyone) ACE to directory object and verifies by reading object security again.

set -> {AceType=ACCESS_ALLOWED_ACE_TYPE,Mask=1f01ff,AceFlags=3,Sid={S-1-1-0}}

--- snip --- $ WINEDEBUG=+tid,+seh,+relay,+advapi,+server wine ./sai.exe ... 0009:Call KERNEL32.GetVolumeInformationA(0032f0c4 "C:\",00000000,00000000,00000000,0032f0c0,0032f108,00000000,00000000) ret=0045e296 ... 0009:Ret KERNEL32.GetVolumeInformationA() retval=00000001 ret=0045e296 0009:Call KERNEL32.GetFileAttributesA(008ba000 "C:\users\Public\Application Data\SYSTEMAX Software Development\SAI") ret=0045e3fb 0009:Ret KERNEL32.GetFileAttributesA() retval=00000010 ret=0045e3fb 0009:Call advapi32.ConvertStringSidToSidA(004ce138,0032f0c8) ret=0045e579 0009:trace:advapi:ConvertStringSidToSidA "S-1-1-0", 0x32f0c8 0009:trace:advapi:ConvertStringSidToSidW L"S-1-1-0", 0x32f0c8 0009:trace:advapi:ParseStringSidToSid L"S-1-1-0", (nil), 0x32ef84 0009:trace:advapi:ParseStringSidToSid only size requested, returning TRUE with 12 0009:trace:advapi:ParseStringSidToSid L"S-1-1-0", 0x13fab0, 0x32ef84 0009:trace:advapi:ParseStringSidToSid returning TRUE 0009:Ret advapi32.ConvertStringSidToSidA() retval=00000001 ret=0045e579 0009:Call advapi32.GetLengthSid(0013fab0) ret=0045e43c 0009:Ret advapi32.GetLengthSid() retval=0000000c ret=0045e43c 0009:Call KERNEL32.LocalAlloc(00000000,0000001c) ret=0045e44a 0009:Ret KERNEL32.LocalAlloc() retval=0013fac8 ret=0045e44a 0009:Call advapi32.InitializeAcl(0013fac8,0000001c,00000002) ret=0045e473 0009:Ret advapi32.InitializeAcl() retval=00000001 ret=0045e473 0009:Call advapi32.AddAccessAllowedAceEx(0013fac8,00000002,00000003,001f01ff,0013fab0) ret=0045e4a0 0009:Ret advapi32.AddAccessAllowedAceEx() retval=00000001 ret=0045e4a0 0009:Call advapi32.InitializeSecurityDescriptor(0032f0e8,00000001) ret=0045e4ca 0009:Ret advapi32.InitializeSecurityDescriptor() retval=00000001 ret=0045e4ca 0009:Call advapi32.SetSecurityDescriptorDacl(0032f0e8,00000001,0013fac8,00000000) ret=0045e4f4 0009:Ret advapi32.SetSecurityDescriptorDacl() retval=00000001 ret=0045e4f4 0009:Call advapi32.SetFileSecurityA(008ba000 "C:\users\Public\Application Data\SYSTEMAX Software Development\SAI",00000004,0032f0e8) ret=0045e520 0009:trace:advapi:SetFileSecurityW (L"C:\users\Public\Application Data\SYSTEMAX Software Development\SAI", 0x4, 0x32f0e8) 0009: create_file( access=00040000, attributes=00000040, sharing=00000007, create=1, options=00004020, attrs=00000000, objattr={rootdir=0000,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/users/Public/Application Data/SYSTEMAX Software Development/SAI" ) 0009: create_file() = 0 { handle=006c } 0009: set_security_object( handle=006c, security_info=00000004, sd={control=00000004,owner=<not present>,group=<not present>,sacl={},dacl={{AceType=ACCESS_ALLOWED_ACE_TYPE,Mask=1f01ff,AceFlags=3,Sid={S-1-1-0}}}} ) 0009: set_security_object() = 0 0009: close_handle( handle=006c ) 0009: close_handle() = 0 0009:Ret advapi32.SetFileSecurityA() retval=00000001 ret=0045e520 --- snip ---

reading back:

--- snip --- 0009:Call KERNEL32.GetVolumeInformationA(0032f1d8 "C:\",00000000,00000000,00000000,0032f1d4,0032f21c,00000000,00000000) ret=0045e296 ... 0009:Ret KERNEL32.GetVolumeInformationA() retval=00000001 ret=0045e296 0009:Call KERNEL32.GetFileAttributesA(008ba000 "C:\users\Public\Application Data\SYSTEMAX Software Development\SAI") ret=0045e5aa 0009:Ret KERNEL32.GetFileAttributesA() retval=00000010 ret=0045e5aa 0009:Call advapi32.ConvertStringSidToSidA(004ce138,0032f1d8) ret=0045e579 0009:trace:advapi:ConvertStringSidToSidA "S-1-1-0", 0x32f1d8 0009:trace:advapi:ConvertStringSidToSidW L"S-1-1-0", 0x32f1d8 0009:trace:advapi:ParseStringSidToSid L"S-1-1-0", (nil), 0x32f094 0009:trace:advapi:ParseStringSidToSid only size requested, returning TRUE with 12 0009:trace:advapi:ParseStringSidToSid L"S-1-1-0", 0x13fab0, 0x32f094 0009:trace:advapi:ParseStringSidToSid returning TRUE 0009:Ret advapi32.ConvertStringSidToSidA() retval=00000001 ret=0045e579 0009:Call advapi32.GetNamedSecurityInfoA(008ba000 "C:\users\Public\Application Data\SYSTEMAX Software Development\SAI",00000001,00000004,00000000,00000000,0032f1f0,00000000,0032f1fc) ret=0045e5fd 0009:trace:advapi:GetNamedSecurityInfoA C:\users\Public\Application Data\SYSTEMAX Software Development\SAI 1 4 (nil) (nil) 0x32f1f0 (nil) 0x32f1fc 0009:trace:advapi:GetNamedSecurityInfoW L"C:\users\Public\Application Data\SYSTEMAX Software Development\SAI" 1 4 (nil) (nil) 0x32f1f0 (nil) 0x32f1fc 0009: create_file( access=00020000, attributes=00000040, sharing=00000007, create=1, options=00004000, attrs=02000000, objattr={rootdir=0000,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/users/Public/Application Data/SYSTEMAX Software Development/SAI" ) 0009: create_file() = 0 { handle=006c } 0009: get_security_object( handle=006c, security_info=00000004 ) 0009: get_security_object() = 0 { sd_len=00000068, sd={control=00000014,owner=<not present>,group=<not present>,sacl={},dacl={{AceType=ACCESS_ALLOWED_ACE_TYPE,Mask=1f01ff,AceFlags=0,Sid={S-1-5-18}},{AceType=ACCESS_ALLOWED_ACE_TYPE,Mask=1f01ff,AceFlags=0,Sid={S-1-5-21-0-0-0-1000}},{AceType=ACCESS_ALLOWED_ACE_TYPE,Mask=1301ff,AceFlags=0,Sid={S-1-1-0}}}} } 0009: get_security_object( handle=006c, security_info=00000004 ) 0009: get_security_object() = 0 { sd_len=00000068, sd={control=00000014,owner=<not present>,group=<not present>,sacl={},dacl={{AceType=ACCESS_ALLOWED_ACE_TYPE,Mask=1f01ff,AceFlags=0,Sid={S-1-5-18}},{AceType=ACCESS_ALLOWED_ACE_TYPE,Mask=1f01ff,AceFlags=0,Sid={S-1-5-21-0-0-0-1000}},{AceType=ACCESS_ALLOWED_ACE_TYPE,Mask=1301ff,AceFlags=0,Sid={S-1-1-0}}}} } 0009: close_handle( handle=006c ) 0009: close_handle() = 0 0009:Ret advapi32.GetNamedSecurityInfoA() retval=00000000 ret=0045e5fd 0009:Call advapi32.GetAclInformation(0013e6ec,0032f204,0000000c,00000002) ret=0045e65e 0009:Ret advapi32.GetAclInformation() retval=00000001 ret=0045e65e 0009:Call advapi32.GetAce(0013e6ec,00000000,0032f1f4) ret=0045e6b8 0009:Ret advapi32.GetAce() retval=00000001 ret=0045e6b8 0009:Call advapi32.EqualSid(0013fab0,0013e6fc) ret=0045e6cb 0009:Ret advapi32.EqualSid() retval=00000000 ret=0045e6cb 0009:Call advapi32.GetAce(0013e6ec,00000001,0032f1f4) ret=0045e6b8 0009:Ret advapi32.GetAce() retval=00000001 ret=0045e6b8 0009:Call advapi32.EqualSid(0013fab0,0013e710) ret=0045e6cb 0009:Ret advapi32.EqualSid() retval=00000000 ret=0045e6cb 0009:Call advapi32.GetAce(0013e6ec,00000002,0032f1f4) ret=0045e6b8 0009:Ret advapi32.GetAce() retval=00000001 ret=0045e6b8 0009:Call advapi32.EqualSid(0013fab0,0013e734) ret=0045e6cb 0009:Ret advapi32.EqualSid() retval=00000001 ret=0045e6cb 0009:Call KERNEL32.LocalFree(0013fab0) ret=0045e754 0009:Ret KERNEL32.LocalFree() retval=00000000 ret=0045e754 0009:Call KERNEL32.LocalFree(0013e6d8) ret=0045e768 0009:Ret KERNEL32.LocalFree() retval=00000000 ret=0045e768 0009:Call msvcrt._vsnprintf(0032ee1c,000003ff,004dec98 "Error: Directory not have access rights. (%d) [%s]\n",0032f224) ret=0047d682 0009:Ret msvcrt._vsnprintf() retval=00000072 ret=0047d682 --- snip ---

The last EqualSid() call is a match (+server trace on get_security_object gives us a nice list). What is not visible and only gathered through debugging is the mismatch on ACE control flags field hence the failure.

In: AceFlags=3 (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE) Out: AceFlags=0

Grep wineserver security descriptor code for file object with "Header.AceFlags =". For registry objects it's supported (and returned) but not for file objects. See test_GetNamedSecurityInfoA security function test(s) for file/directory object, AceFlags is always tested == 0.

Regards