From: Zebediah Figura zfigura@codeweavers.com
At least in the Windows 10 SDK. --- dlls/advapi32/security.c | 12 ++++++------ dlls/advapi32/tests/security.c | 2 +- include/aclapi.h | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index c5affd14318..fd3f4b9fefc 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -185,7 +185,7 @@ static inline DWORD get_security_file( LPCWSTR full_file_name, DWORD access, HAN }
/* helper function for SE_SERVICE objects in [Get|Set]NamedSecurityInfo */ -static inline DWORD get_security_service( LPWSTR full_service_name, DWORD access, HANDLE *service ) +static DWORD get_security_service( const WCHAR *full_service_name, DWORD access, HANDLE *service ) { SC_HANDLE manager = OpenSCManagerW( NULL, NULL, access ); if (manager) @@ -199,9 +199,9 @@ static inline DWORD get_security_service( LPWSTR full_service_name, DWORD access }
/* helper function for SE_REGISTRY_KEY objects in [Get|Set]NamedSecurityInfo */ -static inline DWORD get_security_regkey( LPWSTR full_key_name, DWORD access, HANDLE *key ) +static DWORD get_security_regkey( const WCHAR *full_key_name, DWORD access, HANDLE *key ) { - LPWSTR p = wcschr(full_key_name, '\'); + const WCHAR *p = wcschr(full_key_name, '\'); int len = p-full_key_name; HKEY hParent;
@@ -2676,7 +2676,7 @@ BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR app /****************************************************************************** * GetNamedSecurityInfoA [ADVAPI32.@] */ -DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, +DWORD WINAPI GetNamedSecurityInfoA(const char *pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl, PSECURITY_DESCRIPTOR* ppSecurityDescriptor) @@ -2684,7 +2684,7 @@ DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, LPWSTR wstr; DWORD r;
- TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo, + TRACE("%s %d %ld %p %p %p %p %p\n", debugstr_a(pObjectName), ObjectType, SecurityInfo, ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
wstr = strdupAW(pObjectName); @@ -2699,7 +2699,7 @@ DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, /****************************************************************************** * GetNamedSecurityInfoW [ADVAPI32.@] */ -DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type, +DWORD WINAPI GetNamedSecurityInfoW( const WCHAR *name, SE_OBJECT_TYPE type, SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl, PACL* sacl, PSECURITY_DESCRIPTOR* descriptor ) { diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 5e5000cfcb5..c1ccc30a9c9 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -87,7 +87,7 @@ static BOOL (WINAPI *pConvertSecurityDescriptorToStringSecurityDescriptorA)(PSEC SECURITY_INFORMATION, LPSTR *, PULONG ); static BOOL (WINAPI *pSetFileSecurityA)(LPCSTR, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR); -static DWORD (WINAPI *pGetNamedSecurityInfoA)(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, +static DWORD (WINAPI *pGetNamedSecurityInfoA)(const char *, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); static DWORD (WINAPI *pSetNamedSecurityInfoA)(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, diff --git a/include/aclapi.h b/include/aclapi.h index cd818bcf016..c05f2ef188c 100644 --- a/include/aclapi.h +++ b/include/aclapi.h @@ -35,8 +35,8 @@ WINADVAPI DWORD WINAPI GetSecurityInfo( HANDLE, SE_OBJECT_TYPE, SECURITY_INFORM WINADVAPI DWORD WINAPI GetSecurityInfoExA(HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION, LPCSTR, LPCSTR, PACTRL_ACCESSA*, PACTRL_AUDITA*, LPSTR*, LPSTR*); WINADVAPI DWORD WINAPI GetSecurityInfoExW(HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION, LPCWSTR, LPCWSTR, PACTRL_ACCESSW*, PACTRL_AUDITW*, LPWSTR*, LPWSTR*); #define GetSecurityInfoEx WINELIB_NAME_AW(GetSecurityInfoEx) -WINADVAPI DWORD WINAPI GetNamedSecurityInfoA(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); -WINADVAPI DWORD WINAPI GetNamedSecurityInfoW(LPWSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); +WINADVAPI DWORD WINAPI GetNamedSecurityInfoA(const char *, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); +WINADVAPI DWORD WINAPI GetNamedSecurityInfoW(const WCHAR *, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID*, PSID*, PACL*, PACL*, PSECURITY_DESCRIPTOR*); #define GetNamedSecurityInfo WINELIB_NAME_AW(GetNamedSecurityInfo) WINADVAPI DWORD WINAPI SetNamedSecurityInfoA(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID, PSID, PACL, PACL); WINADVAPI DWORD WINAPI SetNamedSecurityInfoW(LPWSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION, PSID, PSID, PACL, PACL);
From: Zebediah Figura zfigura@codeweavers.com
--- dlls/advapi32/tests/Makefile.in | 2 +- dlls/advapi32/tests/lsa.c | 12 ++---------- 2 files changed, 3 insertions(+), 11 deletions(-)
diff --git a/dlls/advapi32/tests/Makefile.in b/dlls/advapi32/tests/Makefile.in index 2e9b007a91f..c2fc7aeb954 100644 --- a/dlls/advapi32/tests/Makefile.in +++ b/dlls/advapi32/tests/Makefile.in @@ -1,5 +1,5 @@ TESTDLL = advapi32.dll -IMPORTS = ole32 advapi32 +IMPORTS = advapi32
C_SRCS = \ cred.c \ diff --git a/dlls/advapi32/tests/lsa.c b/dlls/advapi32/tests/lsa.c index c43f313d77e..e68de388002 100644 --- a/dlls/advapi32/tests/lsa.c +++ b/dlls/advapi32/tests/lsa.c @@ -119,15 +119,8 @@ static void test_lsa(void) LPSTR name = NULL; LPSTR domain = NULL; LPSTR forest = NULL; - LPSTR guidstr = NULL; - WCHAR guidstrW[64]; UINT len; - guidstrW[0] = '\0'; ConvertSidToStringSidA(dns_domain_info->Sid, &strsid); - StringFromGUID2(&dns_domain_info->DomainGuid, guidstrW, ARRAY_SIZE(guidstrW)); - len = WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, NULL, 0, NULL, NULL ); - guidstr = LocalAlloc( 0, len ); - WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, guidstr, len, NULL, NULL ); if (dns_domain_info->Name.Buffer) { len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->Name.Buffer, -1, NULL, 0, NULL, NULL ); name = LocalAlloc( 0, len ); @@ -144,12 +137,11 @@ static void test_lsa(void) WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsForestName.Buffer, -1, forest, len, NULL, NULL ); } trace(" name: %s domain: %s forest: %s guid: %s sid: %s\n", - name ? name : "NULL", domain ? domain : "NULL", - forest ? forest : "NULL", guidstr, strsid ? strsid : "NULL"); + debugstr_a(name), debugstr_a(domain), debugstr_a(forest), + debugstr_guid(&dns_domain_info->DomainGuid), debugstr_a(strsid)); LocalFree( name ); LocalFree( forest ); LocalFree( domain ); - LocalFree( guidstr ); LocalFree( strsid ); } else
From: Zebediah Figura zfigura@codeweavers.com
In particular, handle the case where an object has no name.
In theory, this should not happen for regular files, but SetSecurityInfo() is almost certainly not supposed to care about that [i.e. this code probably belongs in the server, at the very least]. However, fixing that will require much more work.
While we're at it, rewrite the code to be a little more idiomatic about its intent. --- dlls/advapi32/security.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index fd3f4b9fefc..d13fd65af78 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -2969,10 +2969,11 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, return RtlNtStatusToDosError(status); }
- for (name_info->Name.Length-=2; name_info->Name.Length>0; name_info->Name.Length-=2) - if (name_info->Name.Buffer[name_info->Name.Length/2-1]=='\' || - name_info->Name.Buffer[name_info->Name.Length/2-1]=='/') - break; + if (name_info->Name.Length && name_info->Name.Buffer[(name_info->Name.Length / 2) - 1] == '\') + name_info->Name.Length -= 2; + while (name_info->Name.Length && name_info->Name.Buffer[(name_info->Name.Length / 2) - 1] != '\') + name_info->Name.Length -= 2; + if (name_info->Name.Length) { OBJECT_ATTRIBUTES attr;
From: Zebediah Figura zfigura@codeweavers.com
--- dlls/advapi32/tests/security.c | 93 ++++++++++++++++++++++++++++++++++ include/accctrl.h | 3 +- 2 files changed, 95 insertions(+), 1 deletion(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index c1ccc30a9c9..221334fda67 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -4782,6 +4782,7 @@ static void test_GetSecurityInfo(void) SID_IDENTIFIER_AUTHORITY sia = { SECURITY_NT_AUTHORITY }; int domain_users_ace_id = -1, admins_ace_id = -1, i; DWORD sid_size = sizeof(admin_ptr), l = sizeof(b); + SECURITY_ATTRIBUTES sa = {.nLength = sizeof(sa)}; PSID admin_sid = (PSID) admin_ptr, user_sid; char sd[SECURITY_DESCRIPTOR_MIN_LENGTH]; BOOL owner_defaulted, group_defaulted; @@ -4796,6 +4797,24 @@ static void test_GetSecurityInfo(void) BYTE flags; DWORD ret;
+ static const SE_OBJECT_TYPE kernel_types[] = + { + SE_FILE_OBJECT, + SE_KERNEL_OBJECT, + SE_WMIGUID_OBJECT, + }; + + static const SE_OBJECT_TYPE invalid_types[] = + { + SE_UNKNOWN_OBJECT_TYPE, + SE_DS_OBJECT, + SE_DS_OBJECT_ALL, + SE_PROVIDER_DEFINED_OBJECT, + SE_REGISTRY_WOW64_32KEY, + SE_REGISTRY_WOW64_64KEY, + 0xdeadbeef, + }; + if (!pSetSecurityInfo) { win_skip("[Get|Set]SecurityInfo is not available\n"); @@ -4984,6 +5003,80 @@ static void test_GetSecurityInfo(void) "Builtin Admins ACE has unexpected mask (0x%lx != 0x%x)\n", ace->Mask, PROCESS_ALL_ACCESS); } LocalFree(pSD); + + ret = GetSecurityInfo(NULL, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = GetSecurityInfo(GetCurrentProcess(), SE_FILE_OBJECT, + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(!ret, "got error %lu\n", ret); + LocalFree(pSD); + + sa.lpSecurityDescriptor = sd; + obj = CreateEventA(&sa, TRUE, TRUE, NULL); + pDacl = (PACL)&dacl; + + for (size_t i = 0; i < ARRAY_SIZE(kernel_types); ++i) + { + winetest_push_context("Type %#x", kernel_types[i]); + + ret = GetSecurityInfo(NULL, kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = GetSecurityInfo(GetCurrentProcess(), kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(!ret, "got error %lu\n", ret); + LocalFree(pSD); + + ret = GetSecurityInfo(obj, kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(!ret, "got error %lu\n", ret); + LocalFree(pSD); + + ret = SetSecurityInfo(NULL, kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = SetSecurityInfo(obj, kernel_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); + ok(!ret, "got error %lu\n", ret); + + winetest_pop_context(); + } + + ret = GetSecurityInfo(GetCurrentProcess(), SE_REGISTRY_KEY, + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + todo_wine ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = GetSecurityInfo(obj, SE_REGISTRY_KEY, + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + todo_wine ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + CloseHandle(obj); + + for (size_t i = 0; i < ARRAY_SIZE(invalid_types); ++i) + { + winetest_push_context("Type %#x", invalid_types[i]); + + ret = GetSecurityInfo(NULL, invalid_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = GetSecurityInfo((HANDLE)0xdeadbeef, invalid_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); + todo_wine ok(ret == ERROR_INVALID_PARAMETER, "got error %lu\n", ret); + + ret = SetSecurityInfo(NULL, invalid_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); + ok(ret == ERROR_INVALID_HANDLE, "got error %lu\n", ret); + + ret = SetSecurityInfo((HANDLE)0xdeadbeef, invalid_types[i], + DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL); + todo_wine ok(ret == ERROR_INVALID_PARAMETER, "got error %lu\n", ret); + + winetest_pop_context(); + } }
static void test_GetSidSubAuthority(void) diff --git a/include/accctrl.h b/include/accctrl.h index e71a5bb1241..8ecdd9e1bee 100644 --- a/include/accctrl.h +++ b/include/accctrl.h @@ -39,7 +39,8 @@ typedef enum _SE_OBJECT_TYPE SE_DS_OBJECT_ALL, SE_PROVIDER_DEFINED_OBJECT, SE_WMIGUID_OBJECT, - SE_REGISTRY_WOW64_32KEY + SE_REGISTRY_WOW64_32KEY, + SE_REGISTRY_WOW64_64KEY, } SE_OBJECT_TYPE;
typedef enum _TRUSTEE_TYPE
From: Zebediah Figura zfigura@codeweavers.com
Do not try to treat types which are not kernel handles as kernel handles. --- dlls/advapi32/security.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index d13fd65af78..8dfb6548588 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -1497,6 +1497,10 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR NTSTATUS status; ULONG size; BOOL present, defaulted; + HKEY key = NULL; + + if (!handle) + return ERROR_INVALID_HANDLE;
/* A NULL descriptor is allowed if any one of the other pointers is not NULL */ if (!(ppsidOwner||ppsidGroup||ppDacl||ppSacl||ppSecurityDescriptor)) return ERROR_INVALID_PARAMETER; @@ -1509,8 +1513,9 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR || ((SecurityInfo & SACL_SECURITY_INFORMATION) && !ppSacl) )) return ERROR_INVALID_PARAMETER;
- if (type == SE_SERVICE) + switch (type) { + case SE_SERVICE: if (!QueryServiceObjectSecurity( handle, SecurityInfo, NULL, 0, &size ) && GetLastError() != ERROR_INSUFFICIENT_BUFFER) return GetLastError(); @@ -1522,11 +1527,12 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR LocalFree(sd); return GetLastError(); } - } - else - { - HKEY key = NULL; + break;
+ case SE_KERNEL_OBJECT: + case SE_FILE_OBJECT: + case SE_WMIGUID_OBJECT: + case SE_REGISTRY_KEY: if (type == SE_REGISTRY_KEY && (HandleToUlong(handle) >= HandleToUlong(HKEY_SPECIAL_ROOT_FIRST)) && (HandleToUlong(handle) <= HandleToUlong(HKEY_SPECIAL_ROOT_LAST))) { @@ -1562,6 +1568,11 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR return RtlNtStatusToDosError( status ); } RegCloseKey( key ); + break; + + default: + FIXME("unimplemented type %u\n", type); + return ERROR_CALL_NOT_IMPLEMENTED; }
if (ppsidOwner)
From: Zebediah Figura zfigura@codeweavers.com
Do not try to treat types which are not kernel handles as kernel handles. --- dlls/advapi32/security.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index 8dfb6548588..82feb00a0f0 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -2925,6 +2925,9 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, PACL dacl = pDacl; NTSTATUS status;
+ if (!handle) + return ERROR_INVALID_HANDLE; + if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) return ERROR_INVALID_SECURITY_DESCR;
@@ -3032,13 +3035,18 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
switch (ObjectType) { - case SE_SERVICE: - FIXME("stub: Service objects are not supported at this time.\n"); - status = STATUS_SUCCESS; /* Implement SetServiceObjectSecurity */ + case SE_FILE_OBJECT: + case SE_KERNEL_OBJECT: + case SE_WMIGUID_OBJECT: + case SE_REGISTRY_KEY: + status = NtSetSecurityObject(handle, SecurityInfo, &sd); break; + default: - status = NtSetSecurityObject(handle, SecurityInfo, &sd); + FIXME("unimplemented type %u, returning success\n", ObjectType); + status = STATUS_SUCCESS; break; + } if (dacl != pDacl) free(dacl);
From: Zebediah Figura zfigura@codeweavers.com
--- dlls/user32/tests/winstation.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
diff --git a/dlls/user32/tests/winstation.c b/dlls/user32/tests/winstation.c index 23b86443af0..805bf57ec6f 100644 --- a/dlls/user32/tests/winstation.c +++ b/dlls/user32/tests/winstation.c @@ -1093,6 +1093,31 @@ static void test_invisible_winstation(char **argv) SetProcessWindowStation(old_winstation); }
+static void test_get_security(void) +{ + SECURITY_INFORMATION info = DACL_SECURITY_INFORMATION; + HDESK desktop = GetThreadDesktop(GetCurrentThreadId()); + DWORD size, expect_size; + char buffer[500]; + BOOL ret; + + size = 0xdeadbeef; + SetLastError(0xdeadbeef); + ret = GetUserObjectSecurity( desktop, &info, NULL, 0, &size ); + ok( !ret, "got %#x\n", ret ); + ok( GetLastError() == ERROR_INSUFFICIENT_BUFFER, "got error %lu\n", GetLastError() ); + ok( size && size < sizeof(buffer), "got size %lu\n", size ); + expect_size = size; + + size = 0xdeadbeef; + SetLastError(0xdeadbeef); + ret = GetUserObjectSecurity( desktop, &info, buffer, sizeof(buffer), &size ); + ok( ret == TRUE, "got %#x\n", ret ); + ok( GetLastError() == 0xdeadbeef, "got error %lu\n", GetLastError() ); + ok( size == expect_size, "got size %lu\n", size ); + ok( IsValidSecurityDescriptor(buffer), "expected valid SD\n" ); +} + START_TEST(winstation) { char **argv; @@ -1126,4 +1151,5 @@ START_TEST(winstation) test_getuserobjectinformation(); test_foregroundwindow(); test_invisible_winstation(argv); + test_get_security(); }
From: Zebediah Figura zfigura@codeweavers.com
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=55763 --- dlls/advapi32/Makefile.in | 2 +- dlls/advapi32/security.c | 15 +++++++++++++++ dlls/advapi32/tests/Makefile.in | 2 +- dlls/advapi32/tests/security.c | 23 +++++++++++++++++++++++ 4 files changed, 40 insertions(+), 2 deletions(-)
diff --git a/dlls/advapi32/Makefile.in b/dlls/advapi32/Makefile.in index f791e497a74..8ed0754ca9c 100644 --- a/dlls/advapi32/Makefile.in +++ b/dlls/advapi32/Makefile.in @@ -2,7 +2,7 @@ EXTRADEFS = -D_ADVAPI32_ MODULE = advapi32.dll IMPORTLIB = advapi32 IMPORTS = kernelbase sechost msvcrt -DELAYIMPORTS = rpcrt4 +DELAYIMPORTS = rpcrt4 user32
C_SRCS = \ advapi.c \ diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index 82feb00a0f0..8d0c6977d72 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -1529,6 +1529,21 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR } break;
+ case SE_WINDOW_OBJECT: + if (!GetUserObjectSecurity( handle, &SecurityInfo, NULL, 0, &size ) + && GetLastError() != ERROR_INSUFFICIENT_BUFFER) + return GetLastError(); + + if (!(sd = LocalAlloc( 0, size ))) + return ERROR_NOT_ENOUGH_MEMORY; + + if (!GetUserObjectSecurity( handle, &SecurityInfo, sd, size, &size )) + { + LocalFree( sd ); + return GetLastError(); + } + break; + case SE_KERNEL_OBJECT: case SE_FILE_OBJECT: case SE_WMIGUID_OBJECT: diff --git a/dlls/advapi32/tests/Makefile.in b/dlls/advapi32/tests/Makefile.in index c2fc7aeb954..3dec3cbabeb 100644 --- a/dlls/advapi32/tests/Makefile.in +++ b/dlls/advapi32/tests/Makefile.in @@ -1,5 +1,5 @@ TESTDLL = advapi32.dll -IMPORTS = advapi32 +IMPORTS = advapi32 user32
C_SRCS = \ cred.c \ diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 221334fda67..c4a21ccc105 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -8780,6 +8780,28 @@ static void test_IsValidSecurityDescriptor(void) free(sd); }
+static void test_window_security(void) +{ + PSECURITY_DESCRIPTOR sd; + BOOL present, defaulted; + HDESK desktop; + DWORD ret; + ACL *dacl; + + desktop = GetThreadDesktop(GetCurrentThreadId()); + + ret = GetSecurityInfo(desktop, SE_WINDOW_OBJECT, + DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &sd); + ok(!ret, "got error %lu\n", ret); + + ret = GetSecurityDescriptorDacl(sd, &present, &dacl, &defaulted); + ok(ret == TRUE, "got error %lu\n", GetLastError()); + todo_wine ok(present == TRUE, "got present %d\n", present); + ok(defaulted == FALSE, "got defaulted %d\n", defaulted); + + LocalFree(sd); +} + START_TEST(security) { init(); @@ -8850,6 +8872,7 @@ START_TEST(security) test_elevation(); test_group_as_file_owner(); test_IsValidSecurityDescriptor(); + test_window_security();
/* Must be the last test, modifies process token */ test_token_security_descriptor();
Hi,
It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.
The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:
The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=138765
Your paranoid android.
=== w7u_2qxl (32 bit report) ===
advapi32: security.c:5043: Test failed: Type 0x1: got error 1350 security.c:5043: Test failed: Type 0x6: got error 1350 security.c:5043: Test failed: Type 0xb: got error 1350
=== w7u_adm (32 bit report) ===
advapi32: security.c:5043: Test failed: Type 0x1: got error 1350 security.c:5043: Test failed: Type 0x6: got error 1350 security.c:5043: Test failed: Type 0xb: got error 1350
=== w7u_el (32 bit report) ===
advapi32: security.c:5043: Test failed: Type 0x1: got error 1350 security.c:5043: Test failed: Type 0x6: got error 1350 security.c:5043: Test failed: Type 0xb: got error 1350
=== w7pro64 (64 bit report) ===
advapi32: security.c:5043: Test failed: Type 0x1: got error 1350 security.c:5043: Test failed: Type 0x6: got error 1350 security.c:5043: Test failed: Type 0xb: got error 1350
-
Marvin -
Zebediah Figura -
Zebediah Figura (@zfigura)