wine-commits June 2024

wine-commits@winehq.org

1 participants
613 discussions

Paul Gofman : ntdll: Add a special handling for .. in match_filename().
by Alexandre Julliard 07 Jun '24

07 Jun '24

Module: wine Branch: master Commit: bcc266b35cab4de9260ea40d958c1a9428f9b1c3 URL: https://gitlab.winehq.org/wine/wine/-/commit/bcc266b35cab4de9260ea40d958c1a… Author: Paul Gofman <pgofman(a)codeweavers.com> Date: Wed Jun 5 18:02:55 2024 -0600 ntdll: Add a special handling for .. in match_filename(). --- dlls/ntdll/tests/directory.c | 9 +++++++++ dlls/ntdll/unix/file.c | 3 +++ 2 files changed, 12 insertions(+) diff --git a/dlls/ntdll/tests/directory.c b/dlls/ntdll/tests/directory.c index 702e348b234..d4028a92519 100644 --- a/dlls/ntdll/tests/directory.c +++ b/dlls/ntdll/tests/directory.c @@ -470,7 +470,16 @@ static void test_NtQueryDirectoryFile(void) {L"*.**", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, {L"*", {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, {L"**", {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, + {L"?", {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0}}, + {L"?.", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0}}, + {L"?..", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}}, + {L"??", {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0}}, + {L"??.", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}}, {L"??.???", {0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}, + {L"..*", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0}}, + {L"*..*", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1}}, + {L"*..", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}}, + {L"..?", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0}}, }; OBJECT_ATTRIBUTES attr; diff --git a/dlls/ntdll/unix/file.c b/dlls/ntdll/unix/file.c index 724a9d99b00..ab567a63d19 100644 --- a/dlls/ntdll/unix/file.c +++ b/dlls/ntdll/unix/file.c @@ -1474,6 +1474,9 @@ static BOOLEAN match_filename_part( const WCHAR *name, const WCHAR *name_end, co */ static BOOLEAN match_filename( const WCHAR *name, int length, const UNICODE_STRING *mask_str ) { + /* Special handling for parent directory. */ + if (length == 2 && name[0] == '.' && name[1] == '.') --length; + return match_filename_part( name, name + length, mask_str->Buffer, mask_str->Buffer + mask_str->Length / sizeof(WCHAR)); }

1 0

Paul Gofman : ntdll: Match wildcard recursively in match_filename().
by Alexandre Julliard 07 Jun '24

07 Jun '24

Module: wine Branch: master Commit: 5f31aacbe8c86f431e8bd7fcf962e829dce74e38 URL: https://gitlab.winehq.org/wine/wine/-/commit/5f31aacbe8c86f431e8bd7fcf962e8… Author: Paul Gofman <pgofman(a)codeweavers.com> Date: Wed Jun 5 17:34:48 2024 -0600 ntdll: Match wildcard recursively in match_filename(). --- dlls/ntdll/unix/file.c | 82 ++++++++++++++++++-------------------------------- 1 file changed, 29 insertions(+), 53 deletions(-) diff --git a/dlls/ntdll/unix/file.c b/dlls/ntdll/unix/file.c index b5bf6f9801d..724a9d99b00 100644 --- a/dlls/ntdll/unix/file.c +++ b/dlls/ntdll/unix/file.c @@ -1421,30 +1421,13 @@ static ULONG hash_short_file_name( const WCHAR *name, int length, LPWSTR buffer /*********************************************************************** - * match_filename + * match_filename_part * - * Check a long file name against a mask. + * Recursive helper for match_filename(). * - * Tests (done in W95 DOS shell - case insensitive): - * *.txt test1.test.txt * - * *st1* test1.txt * - * *.t??????.t* test1.ta.tornado.txt * - * *tornado* test1.ta.tornado.txt * - * t*t test1.ta.tornado.txt * - * ?est* test1.txt * - * ?est??? test1.txt - - * *test1.txt* test1.txt * - * h?l?o*t.dat hellothisisatest.dat * */ -static BOOLEAN match_filename( const WCHAR *name, int length, const UNICODE_STRING *mask_str ) +static BOOLEAN match_filename_part( const WCHAR *name, const WCHAR *name_end, const WCHAR *mask, const WCHAR *mask_end ) { - BOOL mismatch; - const WCHAR *mask = mask_str->Buffer; - const WCHAR *name_end = name + length; - const WCHAR *mask_end = mask + mask_str->Length / sizeof(WCHAR); - const WCHAR *lastjoker = NULL; - const WCHAR *next_to_retry = NULL; - while (name < name_end && mask < mask_end) { switch(*mask) @@ -1453,14 +1436,16 @@ static BOOLEAN match_filename( const WCHAR *name, int length, const UNICODE_STRI mask++; while (mask < mask_end && *mask == '*') mask++; /* Skip consecutive '*' */ if (mask == mask_end) return TRUE; /* end of mask is all '*', so match */ - lastjoker = mask; - /* skip to the next match after the joker(s) */ - if (is_case_sensitive) - while (name < name_end && (*name != *mask)) name++; - else - while (name < name_end && (towupper(*name) != towupper(*mask))) name++; - next_to_retry = name; + while (name < name_end) + { + if (is_case_sensitive) + while (name < name_end && (*name != *mask)) name++; + else + while (name < name_end && (towupper(*name) != towupper(*mask))) name++; + if (match_filename_part( name, name_end, mask, mask_end )) return TRUE; + ++name; + } break; case '?': case '>': @@ -1468,32 +1453,10 @@ static BOOLEAN match_filename( const WCHAR *name, int length, const UNICODE_STRI name++; break; default: - if (is_case_sensitive) mismatch = (*mask != *name); - else mismatch = (towupper(*mask) != towupper(*name)); - - if (!mismatch) - { - mask++; - name++; - if (mask == mask_end) - { - if (name == name_end) return TRUE; - if (lastjoker) mask = lastjoker; - } - } - else /* mismatch ! */ - { - if (lastjoker) /* we had an '*', so we can try unlimitedly */ - { - mask = lastjoker; - - /* this scan sequence was a mismatch, so restart - * 1 char after the first char we checked last time */ - next_to_retry++; - name = next_to_retry; - } - else return FALSE; /* bad luck */ - } + if (is_case_sensitive && *mask != *name) return FALSE; + if (!is_case_sensitive && towupper(*mask) != towupper(*name)) return FALSE; + mask++; + name++; break; } } @@ -1503,6 +1466,19 @@ static BOOLEAN match_filename( const WCHAR *name, int length, const UNICODE_STRI } +/*********************************************************************** + * match_filename + * + * Check a file name against a mask. + * + */ +static BOOLEAN match_filename( const WCHAR *name, int length, const UNICODE_STRING *mask_str ) +{ + return match_filename_part( name, name + length, mask_str->Buffer, + mask_str->Buffer + mask_str->Length / sizeof(WCHAR)); +} + + /*********************************************************************** * is_legal_8dot3_name *

1 0

Paul Gofman : ntdll: Mind all the wildcards in has_wildcard().
by Alexandre Julliard 07 Jun '24

07 Jun '24

Module: wine Branch: master Commit: 6edcd67775503169974bf9432b2f8d5f9a60da44 URL: https://gitlab.winehq.org/wine/wine/-/commit/6edcd67775503169974bf9432b2f8d… Author: Paul Gofman <pgofman(a)codeweavers.com> Date: Tue Jun 4 11:48:20 2024 -0600 ntdll: Mind all the wildcards in has_wildcard(). --- dlls/ntdll/unix/file.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dlls/ntdll/unix/file.c b/dlls/ntdll/unix/file.c index 89fd942ea3b..b5bf6f9801d 100644 --- a/dlls/ntdll/unix/file.c +++ b/dlls/ntdll/unix/file.c @@ -320,13 +320,19 @@ static inline unsigned int dir_info_size( FILE_INFORMATION_CLASS class, unsigned } } +static BOOL is_wildcard( WCHAR c ) +{ + return c == '*' || c == '?' || c == '>' || c == '<' || c == '\"'; +} + static inline BOOL has_wildcard( const UNICODE_STRING *mask ) { int i; if (!mask) return TRUE; for (i = 0; i < mask->Length / sizeof(WCHAR); i++) - if (mask->Buffer[i] == '*' || mask->Buffer[i] == '?') return TRUE; + if (is_wildcard( mask->Buffer[i] )) return TRUE; + return FALSE; }

1 0

Paul Gofman : ntdll: Ignore leading dots in hash_short_file_name().
by Alexandre Julliard 07 Jun '24

07 Jun '24

Module: wine Branch: master Commit: 0a2ebadf243d7cf53d04c1dd0cae6f22f78bdcc5 URL: https://gitlab.winehq.org/wine/wine/-/commit/0a2ebadf243d7cf53d04c1dd0cae6f… Author: Paul Gofman <pgofman(a)codeweavers.com> Date: Mon Jun 3 19:41:55 2024 -0600 ntdll: Ignore leading dots in hash_short_file_name(). --- dlls/kernel32/tests/file.c | 6 ++---- dlls/ntdll/unix/file.c | 8 ++++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/dlls/kernel32/tests/file.c b/dlls/kernel32/tests/file.c index 940b1441e19..dc9f67e2f03 100644 --- a/dlls/kernel32/tests/file.c +++ b/dlls/kernel32/tests/file.c @@ -3063,11 +3063,9 @@ static void test_FindFirstFile_wildcards(void) {0, "* ..", ", '.', '..', 'a', '.a', '..a', 'aa', 'aaa', 'aaaa', '.aaa'"}, {0, " *..", ""}, {0, "..* ", ", '.', '..', '..a', '..a.a'"}, - {1, "a*.", ", '..a', '.a', '.aaa', 'a', 'aa', 'aaa', 'aaaa'"}, + {0, "a*.", ", '..a', '.a', '.aaa', 'a', 'aa', 'aaa', 'aaaa'"}, {0, "*a ", ", '..a', '..a.a', '.a', '.a..a', '.a.a', '.aaa', 'a', 'a..a', 'a.a', 'a.a.a', 'aa', 'aaa', 'aaaa', ' .a'"}, - - /* a.a.a not found due to short name mismatch, a.a.a -> "AA6BF5~1.A on Windows. */ - {1, "*aa*", ", '.aaa', 'a.a.a', 'aa', 'aaa', 'aaaa'"}, + {0, "*aa*", ", '.aaa', 'a.a.a', 'aa', 'aaa', 'aaaa'"}, {1, "<.<.<", ", '..a', '..a.a', '.a..a', '.a.a', 'a..a', 'a.a.a'"}, {1, "<.<.", ", '.', '..', '..a', '..a.a', '.a', '.a..a', '.a.a', '.aaa', 'a..a', 'a.a', 'a.a.a', ' .a'"}, diff --git a/dlls/ntdll/unix/file.c b/dlls/ntdll/unix/file.c index ce3bc24c5f4..89fd942ea3b 100644 --- a/dlls/ntdll/unix/file.c +++ b/dlls/ntdll/unix/file.c @@ -1383,13 +1383,17 @@ static ULONG hash_short_file_name( const WCHAR *name, int length, LPWSTR buffer } /* Find last dot for start of the extension */ - for (p = name + 1, ext = NULL; p < end - 1; p++) if (*p == '.') ext = p; + p = name; + while (*p == '.') ++p; + for (p = p + 1, ext = NULL; p < end - 1; p++) if (*p == '.') ext = p; /* Copy first 4 chars, replacing invalid chars with '_' */ - for (i = 4, p = name, dst = buffer; i > 0; i--, p++) + for (i = 4, p = name, dst = buffer; i > 0; p++) { if (p == end || p == ext) break; + if (*p == '.') continue; *dst++ = is_invalid_dos_char(*p) ? '_' : *p; + i--; } /* Pad to 5 chars with '~' */ while (i-- >= 0) *dst++ = '~';

1 0

Paul Gofman : ntdll/tests: Test NtQueryDirectoryFile() masks with more files.
by Alexandre Julliard 07 Jun '24

07 Jun '24

Module: wine Branch: master Commit: 6300beb28cc5a6b4c76abe102c5bdd18b48c0d8a URL: https://gitlab.winehq.org/wine/wine/-/commit/6300beb28cc5a6b4c76abe102c5bdd… Author: Paul Gofman <pgofman(a)codeweavers.com> Date: Wed Jun 5 16:57:02 2024 -0600 ntdll/tests: Test NtQueryDirectoryFile() masks with more files. --- dlls/ntdll/tests/directory.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/dlls/ntdll/tests/directory.c b/dlls/ntdll/tests/directory.c index f02a95bc391..702e348b234 100644 --- a/dlls/ntdll/tests/directory.c +++ b/dlls/ntdll/tests/directory.c @@ -72,7 +72,14 @@ static struct testfile_s { { 0, FILE_ATTRIBUTE_NORMAL, {'e','a','.','t','m','p'}, "normal" }, { 0, FILE_ATTRIBUTE_NORMAL, {'e','a'}, "normal" }, { 0, FILE_ATTRIBUTE_DIRECTORY, {'.'}, ". directory" }, - { 0, FILE_ATTRIBUTE_DIRECTORY, {'.','.'}, ".. directory" } + { 0, FILE_ATTRIBUTE_DIRECTORY, {'.','.'}, ".. directory" }, + { 0, FILE_ATTRIBUTE_NORMAL, {'e','a','.','t','m','p','.','t','m','p'}, "normal" }, + { 0, FILE_ATTRIBUTE_NORMAL, {'.','a'}, "normal" }, + { 0, FILE_ATTRIBUTE_NORMAL, {'.','a','.','a'}, "normal" }, + { 0, FILE_ATTRIBUTE_NORMAL, {'a','.'}, "normal" }, + { 0, FILE_ATTRIBUTE_NORMAL, {'.','.','a'}, "normal" }, + { 0, FILE_ATTRIBUTE_NORMAL, {'.','a','a'}, "normal" }, + { 0, FILE_ATTRIBUTE_NORMAL, {'a','.', '.'}, "normal" }, }; static const int test_dir_count = ARRAY_SIZE(testfiles); static const int max_test_dir_size = ARRAY_SIZE(testfiles) + 5; /* size of above plus some for .. etc */ @@ -96,7 +103,8 @@ static void set_up_attribute_test(const WCHAR *testdir) if (lstrcmpW(testfiles[i].name, dotW) == 0 || lstrcmpW(testfiles[i].name, dotdotW) == 0) continue; - lstrcpyW( buf, testdir ); + lstrcpyW( buf, L"\\\\?\\" ); + lstrcatW( buf, testdir ); lstrcatW( buf, backslashW ); lstrcatW( buf, testfiles[i].name ); if (testfiles[i].attr & FILE_ATTRIBUTE_DIRECTORY) { @@ -131,7 +139,8 @@ static void tear_down_attribute_test(const WCHAR *testdir) WCHAR buf[MAX_PATH]; if (lstrcmpW(testfiles[i].name, dotW) == 0 || lstrcmpW(testfiles[i].name, dotdotW) == 0) continue; - lstrcpyW( buf, testdir ); + lstrcpyW( buf, L"\\\\?\\" ); + lstrcatW( buf, testdir ); lstrcatW( buf, backslashW ); lstrcatW( buf, testfiles[i].name ); if (testfiles[i].attr & FILE_ATTRIBUTE_DIRECTORY) { @@ -456,12 +465,12 @@ static void test_NtQueryDirectoryFile(void) } mask_tests[] = { - {L"*.", {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1}}, - {L"*.*", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1}}, - {L"*.**", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1}}, - {L"*", {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, - {L"**", {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, - {L"??.???", {0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0}}, + {L"*.", {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1}}, + {L"*.*", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, + {L"*.**", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, + {L"*", {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, + {L"**", {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, + {L"??.???", {0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}, }; OBJECT_ATTRIBUTES attr;

1 0

Paul Gofman : ntdll: Do not ignore trailing dots in match_filename().
by Alexandre Julliard 07 Jun '24

07 Jun '24

Module: wine Branch: master Commit: 31ab5ec2d7ea977e2649b8402822776c2e1540c9 URL: https://gitlab.winehq.org/wine/wine/-/commit/31ab5ec2d7ea977e2649b840282277… Author: Paul Gofman <pgofman(a)codeweavers.com> Date: Mon Jun 3 16:46:51 2024 -0600 ntdll: Do not ignore trailing dots in match_filename(). --- dlls/ntdll/tests/directory.c | 10 +++------- dlls/ntdll/unix/file.c | 4 ++-- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/dlls/ntdll/tests/directory.c b/dlls/ntdll/tests/directory.c index b2484609689..f02a95bc391 100644 --- a/dlls/ntdll/tests/directory.c +++ b/dlls/ntdll/tests/directory.c @@ -453,13 +453,12 @@ static void test_NtQueryDirectoryFile(void) { const WCHAR *mask; int found[ARRAY_SIZE(testfiles)]; - BOOL todo_missing; } mask_tests[] = { - {L"*.", {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1}, TRUE}, - {L"*.*", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1}, TRUE}, - {L"*.**", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1}, TRUE}, + {L"*.", {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1}}, + {L"*.*", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1}}, + {L"*.**", {1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1}}, {L"*", {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, {L"**", {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}}, {L"??.???", {0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0}}, @@ -517,10 +516,7 @@ static void test_NtQueryDirectoryFile(void) RtlInitUnicodeString(&mask, mask_tests[i].mask); test_flags_NtQueryDirectoryFile(&attr, testdirA, &mask, FALSE, TRUE); for (j = 0; j < test_dir_count; j++) - { - todo_wine_if(mask_tests[i].todo_missing && !mask_tests[i].found[j]) ok(testfiles[j].nfound == mask_tests[i].found[j], "%S, got %d.\n", testfiles[j].name, testfiles[j].nfound); - } winetest_pop_context(); } diff --git a/dlls/ntdll/unix/file.c b/dlls/ntdll/unix/file.c index 1cafe7aa8b7..ce3bc24c5f4 100644 --- a/dlls/ntdll/unix/file.c +++ b/dlls/ntdll/unix/file.c @@ -1487,8 +1487,8 @@ static BOOLEAN match_filename( const WCHAR *name, int length, const UNICODE_STRI break; } } - while (mask < mask_end && ((*mask == '.') || (*mask == '*'))) - mask++; /* Ignore trailing '.' or '*' in mask */ + while (mask < mask_end && *mask == '*') + mask++; return (name == name_end && mask == mask_end); }

1 0

Paul Gofman : ntdll: Fix test_NtQueryDirectoryFile() on Win11.
by Alexandre Julliard 07 Jun '24

07 Jun '24

Module: wine Branch: master Commit: 5b061122f38eae96d4586314b1a8df385ffc4245 URL: https://gitlab.winehq.org/wine/wine/-/commit/5b061122f38eae96d4586314b1a8df… Author: Paul Gofman <pgofman(a)codeweavers.com> Date: Mon Jun 3 16:44:57 2024 -0600 ntdll: Fix test_NtQueryDirectoryFile() on Win11. --- dlls/ntdll/tests/directory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/ntdll/tests/directory.c b/dlls/ntdll/tests/directory.c index 0ace8097352..b2484609689 100644 --- a/dlls/ntdll/tests/directory.c +++ b/dlls/ntdll/tests/directory.c @@ -683,7 +683,7 @@ static void test_NtQueryDirectoryFile(void) memset( data, 0x55, data_size ); io.Status = 0xdeadbeef; io.Information = 0xdeadbeef; - status = pNtQueryDirectoryFile( dirh, 0, NULL, NULL, &io, data, data_size + 16, + status = pNtQueryDirectoryFile( dirh, 0, NULL, NULL, &io, data, data_size + 32, FileBothDirectoryInformation, FALSE, NULL, TRUE ); ok( status == STATUS_SUCCESS, "wrong status %lx\n", status ); ok( io.Status == STATUS_SUCCESS, "wrong status %lx\n", io.Status );

1 0

Elizabeth Figura : advapi32/tests: Test token label inheritance.
by Alexandre Julliard 06 Jun '24

06 Jun '24

Module: wine Branch: master Commit: 9f6e44fd9ca7d39258f2772c3f44013142702ca4 URL: https://gitlab.winehq.org/wine/wine/-/commit/9f6e44fd9ca7d39258f2772c3f4401… Author: Elizabeth Figura <zfigura(a)codeweavers.com> Date: Tue Jun 4 19:27:24 2024 -0500 advapi32/tests: Test token label inheritance. --- dlls/advapi32/tests/security.c | 104 +++++++++++++++++++++++++++++++++++------ 1 file changed, 91 insertions(+), 13 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 43709352560..77a6c747916 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -7198,7 +7198,7 @@ static void test_maximum_allowed(void) CloseHandle(handle); } -static void test_token_label(void) +static void check_token_label(HANDLE token, DWORD *level, BOOL sacl_inherited) { static SID medium_sid = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY}, {SECURITY_MANDATORY_MEDIUM_RID}}; @@ -7210,19 +7210,9 @@ static void test_token_label(void) SECURITY_DESCRIPTOR *sd; ACL *sacl = NULL, *dacl; DWORD size, revision; - HANDLE token; char *str; SID *sid; - if (!pAddMandatoryAce) - { - win_skip("Mandatory integrity control is not supported.\n"); - return; - } - - ret = OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, &token); - ok(ret, "OpenProcessToken failed with error %lu\n", GetLastError()); - ret = GetKernelObjectSecurity(token, LABEL_SECURITY_INFORMATION, NULL, 0, &size); ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Unexpected GetKernelObjectSecurity return value %d, error %lu\n", ret, GetLastError()); @@ -7233,8 +7223,12 @@ static void test_token_label(void) ret = GetSecurityDescriptorControl(sd, &control, &revision); ok(ret, "GetSecurityDescriptorControl failed with error %lu\n", GetLastError()); - todo_wine ok(control == (SE_SELF_RELATIVE | SE_SACL_AUTO_INHERITED | SE_SACL_PRESENT), - "Unexpected security descriptor control %#x\n", control); + if (sacl_inherited) + todo_wine ok(control == (SE_SELF_RELATIVE | SE_SACL_AUTO_INHERITED | SE_SACL_PRESENT), + "Unexpected security descriptor control %#x\n", control); + else + todo_wine ok(control == (SE_SELF_RELATIVE | SE_SACL_PRESENT), + "Unexpected security descriptor control %#x\n", control); ok(revision == 1, "Unexpected security descriptor revision %lu\n", revision); sid = (void *)0xdeadbeef; @@ -7270,6 +7264,7 @@ static void test_token_label(void) sid = (SID *)&ace->SidStart; ConvertSidToStringSidA(sid, &str); ok(EqualSid(sid, &medium_sid) || EqualSid(sid, &high_sid), "Got unexpected SID %s\n", str); + *level = sid->SubAuthority[0]; LocalFree(str); ret = GetSecurityDescriptorDacl(sd, &present, &dacl, &defaulted); @@ -7277,6 +7272,89 @@ static void test_token_label(void) todo_wine ok(!present, "DACL present\n"); free(sd); +} + +static void test_token_label(void) +{ + SID low_sid = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY}, + {SECURITY_MANDATORY_LOW_RID}}; + char sacl_buffer[50]; + SECURITY_ATTRIBUTES attr = {.nLength = sizeof(SECURITY_ATTRIBUTES)}; + ACL *sacl = (ACL *)sacl_buffer; + TOKEN_LINKED_TOKEN linked; + DWORD level, level2, size; + PSECURITY_DESCRIPTOR sd; + HANDLE token, token2; + BOOL ret; + + if (!pAddMandatoryAce) + { + win_skip("Mandatory integrity control is not supported.\n"); + return; + } + + ret = OpenProcessToken(GetCurrentProcess(), READ_CONTROL | TOKEN_QUERY | TOKEN_DUPLICATE, &token); + ok(ret, "OpenProcessToken failed with error %lu\n", GetLastError()); + + check_token_label(token, &level, TRUE); + + ret = DuplicateTokenEx(token, READ_CONTROL, NULL, SecurityAnonymous, TokenPrimary, &token2); + ok(ret, "Failed to duplicate token, error %lu\n", GetLastError()); + + check_token_label(token2, &level2, TRUE); + ok(level2 == level, "Expected level %#lx, got %#lx.\n", level, level2); + + CloseHandle(token2); + + ret = DuplicateTokenEx(token, READ_CONTROL, NULL, SecurityImpersonation, TokenImpersonation, &token2); + ok(ret, "Failed to duplicate token, error %lu\n", GetLastError()); + + check_token_label(token2, &level2, TRUE); + ok(level2 == level, "Expected level %#lx, got %#lx.\n", level, level2); + + CloseHandle(token2); + + /* Any label set in the SD when calling DuplicateTokenEx() is ignored. */ + + ret = GetKernelObjectSecurity(token, LABEL_SECURITY_INFORMATION, NULL, 0, &size); + ok(!ret, "expected failure\n"); + ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "got error %lu\n", GetLastError()); + + sd = malloc(size); + ret = GetKernelObjectSecurity(token, LABEL_SECURITY_INFORMATION, sd, size, &size); + ok(ret, "GetKernelObjectSecurity failed with error %lu\n", GetLastError()); + + InitializeAcl(sacl, sizeof(sacl_buffer), ACL_REVISION); + AddMandatoryAce(sacl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, &low_sid); + SetSecurityDescriptorSacl(sd, TRUE, sacl, FALSE); + + attr.lpSecurityDescriptor = sd; + ret = DuplicateTokenEx(token, TOKEN_ALL_ACCESS, &attr, SecurityImpersonation, TokenImpersonation, &token2); + ok(ret, "Failed to duplicate token, error %lu\n", GetLastError()); + + check_token_label(token2, &level2, TRUE); + ok(level2 == level, "Expected level %#lx, got %#lx.\n", level, level2); + + /* Trying to set a SD on the token also claims success but has no effect. */ + + ret = SetKernelObjectSecurity(token2, LABEL_SECURITY_INFORMATION, sd); + ok(ret, "Failed to set SD, error %lu\n", GetLastError()); + + check_token_label(token2, &level2, FALSE); + ok(level2 == level, "Expected level %#lx, got %#lx.\n", level, level2); + + free(sd); + + /* Test the linked token. */ + + ret = GetTokenInformation(token, TokenLinkedToken, &linked, sizeof(linked), &size); + ok(ret, "Failed to get linked token, error %lu\n", GetLastError()); + + check_token_label(linked.LinkedToken, &level2, TRUE); + ok(level2 == level, "Expected level %#lx, got %#lx.\n", level, level2); + + CloseHandle(linked.LinkedToken); + CloseHandle(token); }

1 0

Elizabeth Figura : server: Inherit the source token's label in token_duplicate().
by Alexandre Julliard 06 Jun '24

06 Jun '24

Module: wine Branch: master Commit: ed297ecba5e3e379df0edfbfbc8afaed7bb88dba URL: https://gitlab.winehq.org/wine/wine/-/commit/ed297ecba5e3e379df0edfbfbc8afa… Author: Elizabeth Figura <zfigura(a)codeweavers.com> Date: Tue Jun 4 19:25:45 2024 -0500 server: Inherit the source token's label in token_duplicate(). And assign it in token_create_admin(). Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=56640 --- dlls/advapi32/tests/security.c | 22 +++++++++------------- server/process.c | 6 ------ server/security.h | 1 - server/token.c | 29 ++++++++++++++++++++++++++++- 4 files changed, 37 insertions(+), 21 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 2669c13748b..43709352560 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -7376,23 +7376,19 @@ static void test_token_security_descriptor(void) defaulted = TRUE; ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted); ok(ret, "GetSecurityDescriptorDacl failed with error %lu\n", GetLastError()); - todo_wine ok(present, "DACL not present\n"); - if (present) - { - ok(acl2 != (void *)0xdeadbeef, "DACL not set\n"); - ok(!defaulted, "DACL defaulted\n"); + ok(acl2 != (void *)0xdeadbeef, "DACL not set\n"); + ok(!defaulted, "DACL defaulted\n"); - index = 0; - found = FALSE; - while (GetAce(acl2, index++, (void **)&ace)) - { - if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE && EqualSid(&ace->SidStart, psid)) - found = TRUE; - } - ok(!found, "Access allowed ACE was inherited\n"); + index = 0; + found = FALSE; + while (GetAce(acl2, index++, (void **)&ace)) + { + if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE && EqualSid(&ace->SidStart, psid)) + found = TRUE; } + ok(!found, "Access allowed ACE was inherited\n"); free(sd2); diff --git a/server/process.c b/server/process.c index 733b0288f72..66f90fb80c4 100644 --- a/server/process.c +++ b/server/process.c @@ -735,12 +735,6 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla if (!process->handles || !process->token) goto error; process->session_id = token_get_session_id( process->token ); - /* Assign a high security label to the token. The default would be medium - * but Wine provides admin access to all applications right now so high - * makes more sense for the time being. */ - if (!token_assign_label( process->token, &high_label_sid )) - goto error; - set_fd_events( process->msg_fd, POLLIN ); /* start listening to events */ return process; diff --git a/server/security.h b/server/security.h index 58ab1594eae..f4dff679179 100644 --- a/server/security.h +++ b/server/security.h @@ -50,7 +50,6 @@ extern const struct sid local_system_sid; extern const struct sid builtin_users_sid; extern const struct sid builtin_admins_sid; extern const struct sid domain_users_sid; -extern const struct sid high_label_sid; struct ace { diff --git a/server/token.c b/server/token.c index f23013103dd..da7f0bb7ff2 100644 --- a/server/token.c +++ b/server/token.c @@ -72,7 +72,6 @@ struct sid_attrs const struct sid world_sid = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY, { SECURITY_WORLD_RID } }; const struct sid local_system_sid = { SID_REVISION, 1, SECURITY_NT_AUTHORITY, { SECURITY_LOCAL_SYSTEM_RID } }; -const struct sid high_label_sid = { SID_REVISION, 1, SECURITY_MANDATORY_LABEL_AUTHORITY, { SECURITY_MANDATORY_HIGH_RID } }; const struct sid local_user_sid = { SID_REVISION, 5, SECURITY_NT_AUTHORITY, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } }; const struct sid builtin_admins_sid = { SID_REVISION, 2, SECURITY_NT_AUTHORITY, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } }; const struct sid builtin_users_sid = { SID_REVISION, 2, SECURITY_NT_AUTHORITY, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } }; @@ -82,6 +81,7 @@ static const struct sid local_sid = { SID_REVISION, 1, SECURITY_LOCAL_SID_AUTHOR static const struct sid interactive_sid = { SID_REVISION, 1, SECURITY_NT_AUTHORITY, { SECURITY_INTERACTIVE_RID } }; static const struct sid anonymous_logon_sid = { SID_REVISION, 1, SECURITY_NT_AUTHORITY, { SECURITY_ANONYMOUS_LOGON_RID } }; static const struct sid authenticated_user_sid = { SID_REVISION, 1, SECURITY_NT_AUTHORITY, { SECURITY_AUTHENTICATED_USER_RID } }; +static const struct sid high_label_sid = { SID_REVISION, 1, SECURITY_MANDATORY_LABEL_AUTHORITY, { SECURITY_MANDATORY_HIGH_RID } }; static struct luid prev_luid_value = { 1000, 0 }; @@ -649,6 +649,24 @@ struct token *token_duplicate( struct token *src_token, unsigned primary, if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION ); + if (src_token->obj.sd) + { + const struct acl *sacl; + const struct ace *ace; + unsigned int i; + int present; + + sacl = sd_get_sacl( src_token->obj.sd, &present ); + if (present) + { + for (i = 0, ace = ace_first( sacl ); i < sacl->count; i++, ace = ace_next( ace )) + { + if (ace->type != SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue; + token_assign_label( token, (const struct sid *)(ace + 1) ); + } + } + } + return token; } @@ -785,6 +803,15 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int /* we really need a primary group */ assert( token->primary_group ); + /* Assign a high security label to the token. The default would be medium + * but Wine provides admin access to all applications right now so high + * makes more sense for the time being. */ + if (!token_assign_label( token, &high_label_sid )) + { + release_object( token ); + return NULL; + } + free( default_dacl ); return token; }

1 0

Elizabeth Figura : server: Ignore attempts to set a mandatory label on a token.
by Alexandre Julliard 06 Jun '24

06 Jun '24

Module: wine Branch: master Commit: 524b43112371d5c5b6323a1d66fd57da98986cd2 URL: https://gitlab.winehq.org/wine/wine/-/commit/524b43112371d5c5b6323a1d66fd57… Author: Elizabeth Figura <zfigura(a)codeweavers.com> Date: Tue Jun 4 20:42:56 2024 -0500 server: Ignore attempts to set a mandatory label on a token. --- server/token.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/server/token.c b/server/token.c index 4df8d2e0c6e..f23013103dd 100644 --- a/server/token.c +++ b/server/token.c @@ -134,6 +134,8 @@ struct group static void token_dump( struct object *obj, int verbose ); static void token_destroy( struct object *obj ); +static int token_set_sd( struct object *obj, const struct security_descriptor *sd, + unsigned int set_info ); static const struct object_ops token_ops = { @@ -148,7 +150,7 @@ static const struct object_ops token_ops = no_get_fd, /* get_fd */ default_map_access, /* map_access */ default_get_sd, /* get_sd */ - default_set_sd, /* set_sd */ + token_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ no_lookup_name, /* lookup_name */ no_link_name, /* link_name */ @@ -167,6 +169,12 @@ static void token_dump( struct object *obj, int verbose ) token->token_id.low_part, token->primary, token->impersonation_level ); } +static int token_set_sd( struct object *obj, const struct security_descriptor *sd, + unsigned int set_info ) +{ + return default_set_sd( obj, sd, set_info & ~LABEL_SECURITY_INFORMATION ); +} + void security_set_thread_token( struct thread *thread, obj_handle_t handle ) { if (!handle)

1 0

← Newer
1
...
46
47
48
49
50
51
52
...
62
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

wine-commits June 2024