server: Report administrator ownership by default for registry objects.
This commit is contained in:
Erich Hoover
Alexandre Julliard
parent
62beef5a72
commit
56c1a8b062
|
|
@ -3005,10 +3005,12 @@ static void test_SetEntriesInAclA(void)
|
|||
|
||||
static void test_GetNamedSecurityInfoA(void)
|
||||
{
|
||||
char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], dacl[100], *user;
|
||||
char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
|
||||
char system_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES];
|
||||
PSID admin_sid = (PSID) admin_ptr, system_sid = (PSID) system_ptr, user_sid;
|
||||
DWORD sid_size = sizeof(admin_ptr), user_size;
|
||||
char invalid_path[] = "/an invalid file path";
|
||||
PSID admin_sid = (PSID) admin_ptr, user_sid;
|
||||
char software_key[] = "MACHINE\\Software";
|
||||
char sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
|
||||
SECURITY_DESCRIPTOR_CONTROL control;
|
||||
ACL_SIZE_INFORMATION acl_size;
|
||||
|
|
@ -3113,10 +3115,10 @@ static void test_GetNamedSecurityInfoA(void)
|
|||
|
||||
/* Create security descriptor information and test that it comes back the same */
|
||||
pSD = &sd;
|
||||
pDacl = (PACL)&dacl;
|
||||
pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
|
||||
InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
|
||||
pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
|
||||
bret = InitializeAcl(pDacl, sizeof(dacl), ACL_REVISION);
|
||||
bret = InitializeAcl(pDacl, 100, ACL_REVISION);
|
||||
ok(bret, "Failed to initialize ACL.\n");
|
||||
bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
|
||||
ok(bret, "Failed to add Current User to ACL.\n");
|
||||
|
|
@ -3130,6 +3132,7 @@ static void test_GetNamedSecurityInfoA(void)
|
|||
SetLastError(0xdeadbeef);
|
||||
error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL,
|
||||
NULL, pDacl, NULL);
|
||||
HeapFree(GetProcessHeap(), 0, pDacl);
|
||||
if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED))
|
||||
{
|
||||
win_skip("SetNamedSecurityInfoA is not implemented\n");
|
||||
|
|
@ -3178,6 +3181,26 @@ static void test_GetNamedSecurityInfoA(void)
|
|||
LocalFree(pSD);
|
||||
HeapFree(GetProcessHeap(), 0, user);
|
||||
CloseHandle(hTemp);
|
||||
|
||||
/* Test querying the ownership of a built-in registry key */
|
||||
sid_size = sizeof(system_ptr);
|
||||
pCreateWellKnownSid(WinLocalSystemSid, NULL, system_sid, &sid_size);
|
||||
error = pGetNamedSecurityInfoA(software_key, SE_REGISTRY_KEY,
|
||||
OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION,
|
||||
NULL, NULL, NULL, NULL, &pSD);
|
||||
ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
|
||||
|
||||
bret = GetSecurityDescriptorOwner(pSD, &owner, &owner_defaulted);
|
||||
ok(bret, "GetSecurityDescriptorOwner failed with error %d\n", GetLastError());
|
||||
ok(owner != NULL, "owner should not be NULL\n");
|
||||
ok(EqualSid(owner, admin_sid), "MACHINE\\Software owner SID != Administrators SID.\n");
|
||||
|
||||
bret = GetSecurityDescriptorGroup(pSD, &group, &group_defaulted);
|
||||
ok(bret, "GetSecurityDescriptorGroup failed with error %d\n", GetLastError());
|
||||
ok(group != NULL, "group should not be NULL\n");
|
||||
ok(EqualSid(group, admin_sid) || broken(EqualSid(group, system_sid)) /* before Win7 */,
|
||||
"MACHINE\\Software group SID != Local System SID.\n");
|
||||
LocalFree(pSD);
|
||||
}
|
||||
|
||||
static void test_ConvertStringSecurityDescriptor(void)
|
||||
|
|
|
|||
|
|
@ -147,6 +147,7 @@ struct file_load_info
|
|||
|
||||
static void key_dump( struct object *obj, int verbose );
|
||||
static unsigned int key_map_access( struct object *obj, unsigned int access );
|
||||
static struct security_descriptor *key_get_sd( struct object *obj );
|
||||
static int key_close_handle( struct object *obj, struct process *process, obj_handle_t handle );
|
||||
static void key_destroy( struct object *obj );
|
||||
|
||||
|
|
@ -162,7 +163,7 @@ static const struct object_ops key_ops =
|
|||
no_signal, /* signal */
|
||||
no_get_fd, /* get_fd */
|
||||
key_map_access, /* map_access */
|
||||
default_get_sd, /* get_sd */
|
||||
key_get_sd, /* get_sd */
|
||||
default_set_sd, /* set_sd */
|
||||
no_lookup_name, /* lookup_name */
|
||||
no_open_file, /* open_file */
|
||||
|
|
@ -336,6 +337,28 @@ static unsigned int key_map_access( struct object *obj, unsigned int access )
|
|||
KEY_WOW64_64KEY | KEY_WOW64_32KEY);
|
||||
}
|
||||
|
||||
static struct security_descriptor *key_get_sd( struct object *obj )
|
||||
{
|
||||
static struct security_descriptor *key_default_sd;
|
||||
|
||||
if (obj->sd) return obj->sd;
|
||||
|
||||
if (!key_default_sd)
|
||||
{
|
||||
size_t sid_len = security_sid_len( security_builtin_admins_sid );
|
||||
|
||||
key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * sid_len );
|
||||
key_default_sd->control = 0;
|
||||
key_default_sd->owner_len = sid_len;
|
||||
key_default_sd->group_len = sid_len;
|
||||
key_default_sd->sacl_len = 0;
|
||||
key_default_sd->dacl_len = 0;
|
||||
memcpy( key_default_sd + 1, security_builtin_admins_sid, sid_len );
|
||||
memcpy( (char *)(key_default_sd + 1) + sid_len, security_builtin_admins_sid, sid_len );
|
||||
}
|
||||
return key_default_sd;
|
||||
}
|
||||
|
||||
/* close the notification associated with a handle */
|
||||
static int key_close_handle( struct object *obj, struct process *process, obj_handle_t handle )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ extern const LUID SeCreateGlobalPrivilege;
|
|||
extern const PSID security_world_sid;
|
||||
extern const PSID security_local_user_sid;
|
||||
extern const PSID security_local_system_sid;
|
||||
extern const PSID security_builtin_admins_sid;
|
||||
|
||||
|
||||
/* token functions */
|
||||
|
|
|
|||
|
|
@ -77,6 +77,13 @@ static const struct /* same fields as struct SID */
|
|||
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
||||
DWORD SubAuthority[5];
|
||||
} local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
|
||||
static const struct /* same fields as struct SID */
|
||||
{
|
||||
BYTE Revision;
|
||||
BYTE SubAuthorityCount;
|
||||
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
||||
DWORD SubAuthority[2];
|
||||
} builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
|
||||
|
||||
const PSID security_world_sid = (PSID)&world_sid;
|
||||
static const PSID security_local_sid = (PSID)&local_sid;
|
||||
|
|
@ -84,6 +91,7 @@ static const PSID security_interactive_sid = (PSID)&interactive_sid;
|
|||
static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid;
|
||||
const PSID security_local_system_sid = (PSID)&local_system_sid;
|
||||
const PSID security_local_user_sid = (PSID)&local_user_sid;
|
||||
const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
|
||||
|
||||
static luid_t prev_luid_value = { 1000, 0 };
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue