1
From ed8e4e5270a4576f38d8bf7ff2833e2c3a5d4528 Mon Sep 17 00:00:00 2001
2
From: Erich Hoover <ehoover@mines.edu>
3
Date: Fri, 7 Dec 2012 12:55:40 -0700
4
Subject: server: Create directories with the specified security attributes.
7
dlls/kernel32/tests/directory.c | 131 +++++++++++++++++++++++++++++++++++++++
10
3 files changed, 138 insertions(+), 2 deletions(-)
12
diff --git a/dlls/kernel32/tests/directory.c b/dlls/kernel32/tests/directory.c
13
index 9baae47..0d286d2 100644
14
--- a/dlls/kernel32/tests/directory.c
15
+++ b/dlls/kernel32/tests/directory.c
22
+static DWORD (WINAPI *pGetNamedSecurityInfoA)(LPSTR, SE_OBJECT_TYPE, SECURITY_INFORMATION,
23
+ PSID*, PSID*, PACL*, PACL*,
24
+ PSECURITY_DESCRIPTOR*);
25
+static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
26
+static BOOL (WINAPI *pCreateWellKnownSid)(WELL_KNOWN_SID_TYPE,PSID,PSID,DWORD*);
27
+static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
28
+static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*);
30
/* If you change something in these tests, please do the same
31
* for GetSystemDirectory tests.
32
@@ -486,8 +495,128 @@ static void test_SetCurrentDirectoryA(void)
33
ok( GetLastError() == ERROR_PATH_NOT_FOUND, "wrong error %d\n", GetLastError() );
36
+static void test_security_attributes(void)
38
+ char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], dacl[100], *user;
39
+ DWORD sid_size = sizeof(admin_ptr), user_size;
40
+ PSID admin_sid = (PSID) admin_ptr, user_sid;
41
+ char sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
42
+ PSECURITY_DESCRIPTOR pSD = &sd;
43
+ ACL_SIZE_INFORMATION acl_size;
44
+ PACL pDacl = (PACL) &dacl;
45
+ ACCESS_ALLOWED_ACE *ace;
46
+ SECURITY_ATTRIBUTES sa;
47
+ char tmpdir[MAX_PATH];
53
+ if (!pGetNamedSecurityInfoA || !pCreateWellKnownSid)
55
+ win_skip("Required functions are not available\n");
59
+ if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token))
61
+ if (GetLastError() != ERROR_NO_TOKEN) bret = FALSE;
62
+ else if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) bret = FALSE;
66
+ win_skip("Failed to get current user token\n");
69
+ bret = GetTokenInformation(token, TokenUser, NULL, 0, &user_size);
70
+ ok(!bret && (GetLastError() == ERROR_INSUFFICIENT_BUFFER),
71
+ "GetTokenInformation(TokenUser) failed with error %d\n", GetLastError());
72
+ user = HeapAlloc(GetProcessHeap(), 0, user_size);
73
+ bret = GetTokenInformation(token, TokenUser, user, user_size, &user_size);
74
+ ok(bret, "GetTokenInformation(TokenUser) failed with error %d\n", GetLastError());
75
+ CloseHandle( token );
76
+ user_sid = ((TOKEN_USER *)user)->User.Sid;
78
+ sa.nLength = sizeof(sa);
79
+ sa.lpSecurityDescriptor = pSD;
80
+ sa.bInheritHandle = TRUE;
81
+ InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
82
+ pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
83
+ bret = InitializeAcl(pDacl, sizeof(dacl), ACL_REVISION);
84
+ ok(bret, "Failed to initialize ACL.\n");
85
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE,
86
+ GENERIC_ALL, user_sid);
87
+ ok(bret, "Failed to add Current User to ACL.\n");
88
+ bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE,
89
+ GENERIC_ALL, admin_sid);
90
+ ok(bret, "Failed to add Administrator Group to ACL.\n");
91
+ bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
92
+ ok(bret, "Failed to add ACL to security desciptor.\n");
94
+ GetTempPathA(MAX_PATH, tmpdir);
95
+ lstrcatA(tmpdir, "Please Remove Me");
96
+ bret = CreateDirectoryA(tmpdir, &sa);
97
+ ok(bret == TRUE, "CreateDirectoryA(%s) failed err=%d\n", tmpdir, GetLastError());
99
+ SetLastError(0xdeadbeef);
100
+ error = pGetNamedSecurityInfoA(tmpdir, SE_FILE_OBJECT,
101
+ OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
102
+ NULL, &pDacl, NULL, &pSD);
103
+ if (error != ERROR_SUCCESS && (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED))
105
+ win_skip("GetNamedSecurityInfoA is not implemented\n");
108
+ ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
110
+ bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
111
+ ok(bret, "GetAclInformation failed\n");
112
+ ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
113
+ acl_size.AceCount);
114
+ if (acl_size.AceCount > 0)
116
+ bret = pGetAce(pDacl, 0, (VOID **)&ace);
117
+ ok(bret, "Failed to get Current User ACE.\n");
118
+ bret = EqualSid(&ace->SidStart, user_sid);
119
+ todo_wine ok(bret, "Current User ACE != Current User SID.\n");
120
+ ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
121
+ "Current User ACE has unexpected flags (0x%x != 0x03)\n", ((ACE_HEADER *)ace)->AceFlags);
122
+ ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
125
+ if (acl_size.AceCount > 1)
127
+ bret = pGetAce(pDacl, 1, (VOID **)&ace);
128
+ ok(bret, "Failed to get Administators Group ACE.\n");
129
+ bret = EqualSid(&ace->SidStart, admin_sid);
130
+ todo_wine ok(bret, "Administators Group ACE != Administators Group SID.\n");
131
+ ok(((ACE_HEADER *)ace)->AceFlags == (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE),
132
+ "Administators Group ACE has unexpected flags (0x%x != 0x03)\n", ((ACE_HEADER *)ace)->AceFlags);
133
+ ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
138
+ HeapFree(GetProcessHeap(), 0, user);
139
+ bret = RemoveDirectoryA(tmpdir);
140
+ ok(bret == TRUE, "RemoveDirectoryA should always succeed\n");
145
+ HMODULE hmod = GetModuleHandle("advapi32.dll");
147
+ pGetNamedSecurityInfoA = (void *)GetProcAddress(hmod, "GetNamedSecurityInfoA");
148
+ pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
149
+ pCreateWellKnownSid = (void *)GetProcAddress(hmod, "CreateWellKnownSid");
150
+ pGetAclInformation = (void *)GetProcAddress(hmod, "GetAclInformation");
151
+ pGetAce = (void *)GetProcAddress(hmod, "GetAce");
154
START_TEST(directory)
158
test_GetWindowsDirectoryA();
159
test_GetWindowsDirectoryW();
161
@@ -501,4 +630,6 @@ START_TEST(directory)
162
test_RemoveDirectoryW();
164
test_SetCurrentDirectoryA();
166
+ test_security_attributes();
168
diff --git a/server/fd.c b/server/fd.c
169
index f3e42bd..248f15a 100644
172
@@ -1765,7 +1765,7 @@ struct fd *open_fd( struct fd *root, const char *name, int flags, mode_t *mode,
173
/* create the directory if needed */
174
if ((options & FILE_DIRECTORY_FILE) && (flags & O_CREAT))
176
- if (mkdir( name, 0777 ) == -1)
177
+ if (mkdir( name, *mode ) == -1)
179
if (errno != EEXIST || (flags & O_EXCL))
181
diff --git a/server/file.c b/server/file.c
182
index 02a1e37..3a8c964 100644
185
@@ -219,7 +219,12 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
186
mode = sd_to_mode( sd, owner );
189
- mode = (attrs & FILE_ATTRIBUTE_READONLY) ? 0444 : 0666;
191
+ if (options & FILE_NON_DIRECTORY_FILE)
192
+ mode = (attrs & FILE_ATTRIBUTE_READONLY) ? 0444 : 0666;
194
+ mode = (attrs & FILE_ATTRIBUTE_READONLY) ? 0555 : 0777;
198
(!strcasecmp( name + len - 4, ".exe" ) || !strcasecmp( name + len - 4, ".com" )))