[PATCH] kernel32: CreateDirectory shouldn't return ERROR_ACCESS_DENIED for the root of the drive.
According to the testbot results CreateDirectory("C:\", NULL) fails with ERROR_ACCESS_DENIED for not administrators. However with UAC enabled and not and administrator account I get ERROR_ALREADY_EXISTS in that case with Windows 7 64-bit running on real hardware. Moreover, Wine doesn't really perform any access checks in that case and blindly assumes that returning STATUS_ACCESS_DENIED is correct behaviour for the drive's root: dlls/ntdll/directory.c,lookup_unix_name().
This patch fixes an application that can't find its data files because after it receives ERROR_ACCESS_DENIED it stops further directory traversing.
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/kernel32/tests/directory.c | 43 +++++++++++++++++++++++++++++++++ dlls/ntdll/directory.c | 3 +-- 2 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/dlls/kernel32/tests/directory.c b/dlls/kernel32/tests/directory.c index 512dc6d22a..de78c61681 100644 --- a/dlls/kernel32/tests/directory.c +++ b/dlls/kernel32/tests/directory.c @@ -541,10 +541,53 @@ static void test_SetCurrentDirectoryA(void) ok( GetLastError() == ERROR_PATH_NOT_FOUND, "wrong error %d\n", GetLastError() ); }
+static void test_CreateDirectory_root(void) +{ + static const WCHAR drive_c_root[] = { 'C',':','\',0 }; + static const WCHAR drive_c[] = { 'C',':',0 }; + char curdir[MAX_PATH]; + BOOL ret; + + GetCurrentDirectoryA(sizeof(curdir), curdir); + + ret = SetCurrentDirectoryA("C:\"); + ok(ret, "SetCurrentDirectory error %u\n", GetLastError()); + + SetLastError(0xdeadbeef); + ret = CreateDirectoryA("C:\", NULL); + ok(!ret, "CreateDirectory should fail\n"); + if (GetLastError() == ERROR_ACCESS_DENIED) + { + win_skip("not an administrator\n"); + SetCurrentDirectoryA(curdir); + return; + } + ok(GetLastError() == ERROR_ALREADY_EXISTS, "got %u\n", GetLastError()); + + SetLastError(0xdeadbeef); + ret = CreateDirectoryA("C:", NULL); + ok(!ret, "CreateDirectory should fail\n"); + ok(GetLastError() == ERROR_ALREADY_EXISTS, "got %u\n", GetLastError()); + + SetLastError(0xdeadbeef); + ret = CreateDirectoryW(drive_c_root, NULL); + ok(!ret, "CreateDirectory should fail\n"); + ok(GetLastError() == ERROR_ALREADY_EXISTS, "got %u\n", GetLastError()); + + SetLastError(0xdeadbeef); + ret = CreateDirectoryW(drive_c, NULL); + ok(!ret, "CreateDirectory should fail\n"); + ok(GetLastError() == ERROR_ALREADY_EXISTS, "got %u\n", GetLastError()); + + SetCurrentDirectoryA(curdir); +} + START_TEST(directory) { init();
+ test_CreateDirectory_root(); + test_GetWindowsDirectoryA(); test_GetWindowsDirectoryW();
diff --git a/dlls/ntdll/directory.c b/dlls/ntdll/directory.c index c48b9e97ea..2719958f67 100644 --- a/dlls/ntdll/directory.c +++ b/dlls/ntdll/directory.c @@ -2650,9 +2650,8 @@ static NTSTATUS lookup_unix_name( const WCHAR *name, int name_len, char **buffer { if (!stat( unix_name, &st )) { - /* creation fails with STATUS_ACCESS_DENIED for the root of the drive */ if (disposition == FILE_CREATE) - return name_len ? STATUS_OBJECT_NAME_COLLISION : STATUS_ACCESS_DENIED; + return STATUS_OBJECT_NAME_COLLISION; return STATUS_SUCCESS; } }
Dmitry Timoshkov dmitry@baikal.ru writes:
What app is that? Does it fail on Windows when not administrator?
Alexandre Julliard julliard@winehq.org wrote:
The application doesn't fail on Windows, and as I mentioned above under a not administrator account and UAC enabled I don't get ERROR_ACCESS_DENIED error with the tests included in the patch.
Dmitry Timoshkov dmitry@baikal.ru writes:
Your tests get ERROR_ACCESS_DENIED on every single testbot vm except w8adm, so that's not very convincing... Is the app going to fail on all these vms?
Alexandre Julliard julliard@winehq.org wrote:
I'd guess if the CreateDirectory("C:") returns ERROR_ACCESS_DENIED then the app would fail. It's not clear how the VMs are configured and why I don't get ERROR_ACCESS_DENIED on real hardware under a not admin account, but it should be pretty obvious that since Wine doesn't perform any real administrator access checks, and if it would the checks should be done on the server side, ntdll checks shouldn't return access denied error.
Dmitry Timoshkov dmitry@baikal.ru writes:
It's also pretty obvious that this check was added for a reason, so it would need a more convincing argument to remove it.
Alexandre Julliard julliard@winehq.org wrote:
Do you recall the reason why that check was added? I can't find any specific test case for this behaviour either.
Dmitry Timoshkov dmitry@baikal.ru writes:
As far as I can tell, you added it ;-)
https://source.winehq.org/git/wine.git/commit/d75aed2c92435e8ae4d5c260e31e81...
Alexandre Julliard julliard@winehq.org wrote:
This doesn't look right, especially without any reasonable explanation. Considering that now we have an application that depends on this, can that change be reverted?
Dmitry Timoshkov dmitry@baikal.ru writes:
I'd like to see some more convincing test cases.
Alexandre Julliard julliard@winehq.org wrote:
Sure, I can add more tests. Do you have a suggestion what kind of checks they should perform? I tried to find an existing test that somehow elevates privileges and then executes CreateDirecory tests, but couldn't find such a test.
Dmitry Timoshkov dmitry@baikal.ru writes:
It's possible that elevating privileges would avoid the access denied error, but that doesn't explain why the app would work on Windows, unless it also elevates privileges itself. Does it?
And FWIW I'm getting access denied on Vista even running as administrator. If the behavior changed in recent Windows that would also need specific tests.
Alexandre Julliard julliard@winehq.org wrote:
According to the log the doesn't elevate the privileges.
I just tested it under XP in a VM and I also get the access denied errors for both an ordinal user and an administrator. So it looks like the behaviour has changed (unless running in a VirtualBox changes the behaviour of a file system).
On Tue, 11 Dec 2018 at 13:13, Dmitry Timoshkov dmitry@baikal.ru wrote:
I also found this commit, which adds the check as it most recently existed. https://source.winehq.org/git/wine.git/commitdiff/cf67839bc4094678772858727b...
-
Alexandre Julliard -
Dmitry Timoshkov -
Mathew Hodson