server: Report a default DACL for registry keys.
This commit is contained in:
Erich Hoover
Alexandre Julliard
parent
0ae8f2daa4
commit
04cd764d76
|
|
@ -3007,7 +3007,9 @@ static void test_GetNamedSecurityInfoA(void)
|
||||||
{
|
{
|
||||||
char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
|
char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
|
||||||
char system_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
|
char system_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
|
||||||
PSID admin_sid = (PSID) admin_ptr, system_sid = (PSID) system_ptr, user_sid;
|
char users_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
|
||||||
|
PSID admin_sid = (PSID) admin_ptr, users_sid = (PSID) users_ptr;
|
||||||
|
PSID system_sid = (PSID) system_ptr, user_sid;
|
||||||
DWORD sid_size = sizeof(admin_ptr), user_size;
|
DWORD sid_size = sizeof(admin_ptr), user_size;
|
||||||
char invalid_path[] = "/an invalid file path";
|
char invalid_path[] = "/an invalid file path";
|
||||||
char software_key[] = "MACHINE\\Software";
|
char software_key[] = "MACHINE\\Software";
|
||||||
|
|
@ -3015,6 +3017,7 @@ static void test_GetNamedSecurityInfoA(void)
|
||||||
SECURITY_DESCRIPTOR_CONTROL control;
|
SECURITY_DESCRIPTOR_CONTROL control;
|
||||||
ACL_SIZE_INFORMATION acl_size;
|
ACL_SIZE_INFORMATION acl_size;
|
||||||
CHAR windows_dir[MAX_PATH];
|
CHAR windows_dir[MAX_PATH];
|
||||||
|
int users_ace_id = -1, i;
|
||||||
PSECURITY_DESCRIPTOR pSD;
|
PSECURITY_DESCRIPTOR pSD;
|
||||||
ACCESS_ALLOWED_ACE *ace;
|
ACCESS_ALLOWED_ACE *ace;
|
||||||
BOOL bret = TRUE, isNT4;
|
BOOL bret = TRUE, isNT4;
|
||||||
|
|
@ -3022,8 +3025,10 @@ static void test_GetNamedSecurityInfoA(void)
|
||||||
DWORD error, revision;
|
DWORD error, revision;
|
||||||
BOOL owner_defaulted;
|
BOOL owner_defaulted;
|
||||||
BOOL group_defaulted;
|
BOOL group_defaulted;
|
||||||
|
BOOL dacl_defaulted;
|
||||||
HANDLE token, hTemp;
|
HANDLE token, hTemp;
|
||||||
PSID owner, group;
|
PSID owner, group;
|
||||||
|
BOOL dacl_present;
|
||||||
PACL pDacl;
|
PACL pDacl;
|
||||||
|
|
||||||
if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid)
|
if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid)
|
||||||
|
|
@ -3202,6 +3207,41 @@ static void test_GetNamedSecurityInfoA(void)
|
||||||
|| broken(((SID*)group)->SubAuthority[0] == SECURITY_NT_NON_UNIQUE) /* Vista */,
|
|| broken(((SID*)group)->SubAuthority[0] == SECURITY_NT_NON_UNIQUE) /* Vista */,
|
||||||
"MACHINE\\Software group SID != Local System SID.\n");
|
"MACHINE\\Software group SID != Local System SID.\n");
|
||||||
LocalFree(pSD);
|
LocalFree(pSD);
|
||||||
|
|
||||||
|
/* Test querying the DACL of a built-in registry key */
|
||||||
|
sid_size = sizeof(users_ptr);
|
||||||
|
pCreateWellKnownSid(WinBuiltinUsersSid, NULL, users_sid, &sid_size);
|
||||||
|
error = pGetNamedSecurityInfoA(software_key, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
|
||||||
|
NULL, NULL, NULL, NULL, &pSD);
|
||||||
|
ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
|
||||||
|
|
||||||
|
bret = GetSecurityDescriptorDacl(pSD, &dacl_present, &pDacl, &dacl_defaulted);
|
||||||
|
ok(bret, "GetSecurityDescriptorDacl failed with error %d\n", GetLastError());
|
||||||
|
ok(dacl_present, "DACL should be present\n");
|
||||||
|
ok(pDacl && IsValidAcl(pDacl), "GetSecurityDescriptorDacl returned invalid DACL.\n");
|
||||||
|
bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
|
||||||
|
ok(bret, "GetAclInformation failed\n");
|
||||||
|
ok(acl_size.AceCount != 0, "GetAclInformation returned no ACLs\n");
|
||||||
|
for (i=0; i<acl_size.AceCount; i++)
|
||||||
|
{
|
||||||
|
bret = pGetAce(pDacl, i, (VOID **)&ace);
|
||||||
|
ok(bret, "Failed to get ACE %d.\n", i);
|
||||||
|
bret = EqualSid(&ace->SidStart, users_sid);
|
||||||
|
if (bret) users_ace_id = i;
|
||||||
|
}
|
||||||
|
ok(users_ace_id != -1, "Bultin Users ACE not found.\n");
|
||||||
|
if (users_ace_id != -1)
|
||||||
|
{
|
||||||
|
bret = pGetAce(pDacl, users_ace_id, (VOID **)&ace);
|
||||||
|
ok(bret, "Failed to get Builtin Users ACE.\n");
|
||||||
|
ok(((ACE_HEADER *)ace)->AceFlags == (INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE),
|
||||||
|
"Builtin Users ACE has unexpected flags (0x%x != 0x%x)\n", ((ACE_HEADER *)ace)->AceFlags,
|
||||||
|
INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE);
|
||||||
|
ok(ace->Mask == GENERIC_READ, "Builtin Users ACE has unexpected mask (0x%x != 0x%x)\n",
|
||||||
|
ace->Mask, GENERIC_READ);
|
||||||
|
}
|
||||||
|
|
||||||
|
LocalFree(pSD);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void test_ConvertStringSecurityDescriptor(void)
|
static void test_ConvertStringSecurityDescriptor(void)
|
||||||
|
|
|
||||||
|
|
@ -345,16 +345,33 @@ static struct security_descriptor *key_get_sd( struct object *obj )
|
||||||
|
|
||||||
if (!key_default_sd)
|
if (!key_default_sd)
|
||||||
{
|
{
|
||||||
size_t sid_len = security_sid_len( security_builtin_admins_sid );
|
size_t users_sid_len = security_sid_len( security_builtin_users_sid );
|
||||||
|
size_t admins_sid_len = security_sid_len( security_builtin_admins_sid );
|
||||||
|
size_t dacl_len = sizeof(ACL) + offsetof( ACCESS_ALLOWED_ACE, SidStart ) + users_sid_len;
|
||||||
|
ACCESS_ALLOWED_ACE *aaa;
|
||||||
|
ACL *dacl;
|
||||||
|
|
||||||
key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * sid_len );
|
key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * admins_sid_len + dacl_len );
|
||||||
key_default_sd->control = 0;
|
key_default_sd->control = SE_DACL_PRESENT;
|
||||||
key_default_sd->owner_len = sid_len;
|
key_default_sd->owner_len = admins_sid_len;
|
||||||
key_default_sd->group_len = sid_len;
|
key_default_sd->group_len = admins_sid_len;
|
||||||
key_default_sd->sacl_len = 0;
|
key_default_sd->sacl_len = 0;
|
||||||
key_default_sd->dacl_len = 0;
|
key_default_sd->dacl_len = dacl_len;
|
||||||
memcpy( key_default_sd + 1, security_builtin_admins_sid, sid_len );
|
memcpy( key_default_sd + 1, security_builtin_admins_sid, admins_sid_len );
|
||||||
memcpy( (char *)(key_default_sd + 1) + sid_len, security_builtin_admins_sid, sid_len );
|
memcpy( (char *)(key_default_sd + 1) + admins_sid_len, security_builtin_admins_sid, admins_sid_len );
|
||||||
|
|
||||||
|
dacl = (ACL *)((char *)(key_default_sd + 1) + 2 * admins_sid_len);
|
||||||
|
dacl->AclRevision = ACL_REVISION;
|
||||||
|
dacl->Sbz1 = 0;
|
||||||
|
dacl->AclSize = dacl_len;
|
||||||
|
dacl->AceCount = 1;
|
||||||
|
dacl->Sbz2 = 0;
|
||||||
|
aaa = (ACCESS_ALLOWED_ACE *)(dacl + 1);
|
||||||
|
aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
|
||||||
|
aaa->Header.AceFlags = INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE;
|
||||||
|
aaa->Header.AceSize = offsetof( ACCESS_ALLOWED_ACE, SidStart ) + users_sid_len;
|
||||||
|
aaa->Mask = GENERIC_READ;
|
||||||
|
memcpy( &aaa->SidStart, security_builtin_users_sid, users_sid_len );
|
||||||
}
|
}
|
||||||
return key_default_sd;
|
return key_default_sd;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,7 @@ extern const LUID SeCreateGlobalPrivilege;
|
||||||
extern const PSID security_world_sid;
|
extern const PSID security_world_sid;
|
||||||
extern const PSID security_local_user_sid;
|
extern const PSID security_local_user_sid;
|
||||||
extern const PSID security_local_system_sid;
|
extern const PSID security_local_system_sid;
|
||||||
|
extern const PSID security_builtin_users_sid;
|
||||||
extern const PSID security_builtin_admins_sid;
|
extern const PSID security_builtin_admins_sid;
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -84,6 +84,13 @@ static const struct /* same fields as struct SID */
|
||||||
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
||||||
DWORD SubAuthority[2];
|
DWORD SubAuthority[2];
|
||||||
} builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
|
} builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
|
||||||
|
static const struct /* same fields as struct SID */
|
||||||
|
{
|
||||||
|
BYTE Revision;
|
||||||
|
BYTE SubAuthorityCount;
|
||||||
|
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
||||||
|
DWORD SubAuthority[2];
|
||||||
|
} builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
|
||||||
|
|
||||||
const PSID security_world_sid = (PSID)&world_sid;
|
const PSID security_world_sid = (PSID)&world_sid;
|
||||||
static const PSID security_local_sid = (PSID)&local_sid;
|
static const PSID security_local_sid = (PSID)&local_sid;
|
||||||
|
|
@ -92,6 +99,7 @@ static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_si
|
||||||
const PSID security_local_system_sid = (PSID)&local_system_sid;
|
const PSID security_local_system_sid = (PSID)&local_system_sid;
|
||||||
const PSID security_local_user_sid = (PSID)&local_user_sid;
|
const PSID security_local_user_sid = (PSID)&local_user_sid;
|
||||||
const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
|
const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
|
||||||
|
const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
|
||||||
|
|
||||||
static luid_t prev_luid_value = { 1000, 0 };
|
static luid_t prev_luid_value = { 1000, 0 };
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue