server: Report a default DACL for registry keys.

This commit is contained in:
Erich Hoover 2013-04-19 17:25:43 -06:00 committed by Alexandre Julliard
parent 0ae8f2daa4
commit 04cd764d76
4 changed files with 75 additions and 9 deletions

View File

@ -3007,7 +3007,9 @@ static void test_GetNamedSecurityInfoA(void)
{
char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
char system_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
PSID admin_sid = (PSID) admin_ptr, system_sid = (PSID) system_ptr, user_sid;
char users_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
PSID admin_sid = (PSID) admin_ptr, users_sid = (PSID) users_ptr;
PSID system_sid = (PSID) system_ptr, user_sid;
DWORD sid_size = sizeof(admin_ptr), user_size;
char invalid_path[] = "/an invalid file path";
char software_key[] = "MACHINE\\Software";
@ -3015,6 +3017,7 @@ static void test_GetNamedSecurityInfoA(void)
SECURITY_DESCRIPTOR_CONTROL control;
ACL_SIZE_INFORMATION acl_size;
CHAR windows_dir[MAX_PATH];
int users_ace_id = -1, i;
PSECURITY_DESCRIPTOR pSD;
ACCESS_ALLOWED_ACE *ace;
BOOL bret = TRUE, isNT4;
@ -3022,8 +3025,10 @@ static void test_GetNamedSecurityInfoA(void)
DWORD error, revision;
BOOL owner_defaulted;
BOOL group_defaulted;
BOOL dacl_defaulted;
HANDLE token, hTemp;
PSID owner, group;
BOOL dacl_present;
PACL pDacl;
if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid)
@ -3202,6 +3207,41 @@ static void test_GetNamedSecurityInfoA(void)
|| broken(((SID*)group)->SubAuthority[0] == SECURITY_NT_NON_UNIQUE) /* Vista */,
"MACHINE\\Software group SID != Local System SID.\n");
LocalFree(pSD);
/* Test querying the DACL of a built-in registry key */
sid_size = sizeof(users_ptr);
pCreateWellKnownSid(WinBuiltinUsersSid, NULL, users_sid, &sid_size);
error = pGetNamedSecurityInfoA(software_key, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
NULL, NULL, NULL, NULL, &pSD);
ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
bret = GetSecurityDescriptorDacl(pSD, &dacl_present, &pDacl, &dacl_defaulted);
ok(bret, "GetSecurityDescriptorDacl failed with error %d\n", GetLastError());
ok(dacl_present, "DACL should be present\n");
ok(pDacl && IsValidAcl(pDacl), "GetSecurityDescriptorDacl returned invalid DACL.\n");
bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
ok(bret, "GetAclInformation failed\n");
ok(acl_size.AceCount != 0, "GetAclInformation returned no ACLs\n");
for (i=0; i<acl_size.AceCount; i++)
{
bret = pGetAce(pDacl, i, (VOID **)&ace);
ok(bret, "Failed to get ACE %d.\n", i);
bret = EqualSid(&ace->SidStart, users_sid);
if (bret) users_ace_id = i;
}
ok(users_ace_id != -1, "Bultin Users ACE not found.\n");
if (users_ace_id != -1)
{
bret = pGetAce(pDacl, users_ace_id, (VOID **)&ace);
ok(bret, "Failed to get Builtin Users ACE.\n");
ok(((ACE_HEADER *)ace)->AceFlags == (INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE),
"Builtin Users ACE has unexpected flags (0x%x != 0x%x)\n", ((ACE_HEADER *)ace)->AceFlags,
INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE);
ok(ace->Mask == GENERIC_READ, "Builtin Users ACE has unexpected mask (0x%x != 0x%x)\n",
ace->Mask, GENERIC_READ);
}
LocalFree(pSD);
}
static void test_ConvertStringSecurityDescriptor(void)

View File

@ -345,16 +345,33 @@ static struct security_descriptor *key_get_sd( struct object *obj )
if (!key_default_sd)
{
size_t sid_len = security_sid_len( security_builtin_admins_sid );
size_t users_sid_len = security_sid_len( security_builtin_users_sid );
size_t admins_sid_len = security_sid_len( security_builtin_admins_sid );
size_t dacl_len = sizeof(ACL) + offsetof( ACCESS_ALLOWED_ACE, SidStart ) + users_sid_len;
ACCESS_ALLOWED_ACE *aaa;
ACL *dacl;
key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * sid_len );
key_default_sd->control = 0;
key_default_sd->owner_len = sid_len;
key_default_sd->group_len = sid_len;
key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * admins_sid_len + dacl_len );
key_default_sd->control = SE_DACL_PRESENT;
key_default_sd->owner_len = admins_sid_len;
key_default_sd->group_len = admins_sid_len;
key_default_sd->sacl_len = 0;
key_default_sd->dacl_len = 0;
memcpy( key_default_sd + 1, security_builtin_admins_sid, sid_len );
memcpy( (char *)(key_default_sd + 1) + sid_len, security_builtin_admins_sid, sid_len );
key_default_sd->dacl_len = dacl_len;
memcpy( key_default_sd + 1, security_builtin_admins_sid, admins_sid_len );
memcpy( (char *)(key_default_sd + 1) + admins_sid_len, security_builtin_admins_sid, admins_sid_len );
dacl = (ACL *)((char *)(key_default_sd + 1) + 2 * admins_sid_len);
dacl->AclRevision = ACL_REVISION;
dacl->Sbz1 = 0;
dacl->AclSize = dacl_len;
dacl->AceCount = 1;
dacl->Sbz2 = 0;
aaa = (ACCESS_ALLOWED_ACE *)(dacl + 1);
aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
aaa->Header.AceFlags = INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE;
aaa->Header.AceSize = offsetof( ACCESS_ALLOWED_ACE, SidStart ) + users_sid_len;
aaa->Mask = GENERIC_READ;
memcpy( &aaa->SidStart, security_builtin_users_sid, users_sid_len );
}
return key_default_sd;
}

View File

@ -42,6 +42,7 @@ extern const LUID SeCreateGlobalPrivilege;
extern const PSID security_world_sid;
extern const PSID security_local_user_sid;
extern const PSID security_local_system_sid;
extern const PSID security_builtin_users_sid;
extern const PSID security_builtin_admins_sid;

View File

@ -84,6 +84,13 @@ static const struct /* same fields as struct SID */
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
DWORD SubAuthority[2];
} builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
static const struct /* same fields as struct SID */
{
BYTE Revision;
BYTE SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
DWORD SubAuthority[2];
} builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
const PSID security_world_sid = (PSID)&world_sid;
static const PSID security_local_sid = (PSID)&local_sid;
@ -92,6 +99,7 @@ static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_si
const PSID security_local_system_sid = (PSID)&local_system_sid;
const PSID security_local_user_sid = (PSID)&local_user_sid;
const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
static luid_t prev_luid_value = { 1000, 0 };