diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index 5b2f7dde7a..cfe73f4010 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -1123,11 +1123,51 @@ BOOL WINAPI GetPrivateObjectSecurity( DWORD DescriptorLength, PDWORD ReturnLength ) { + SECURITY_DESCRIPTOR desc; + BOOL defaulted, present; + PACL pacl; + PSID psid; + TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation, ResultantDescriptor, DescriptorLength, ReturnLength); - return set_ntstatus( NtQuerySecurityObject(ObjectDescriptor, SecurityInformation, - ResultantDescriptor, DescriptorLength, ReturnLength )); + if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION)) + return FALSE; + + if (SecurityInformation & OWNER_SECURITY_INFORMATION) + { + if (!GetSecurityDescriptorOwner(ObjectDescriptor, &psid, &defaulted)) + return FALSE; + SetSecurityDescriptorOwner(&desc, psid, defaulted); + } + + if (SecurityInformation & GROUP_SECURITY_INFORMATION) + { + if (!GetSecurityDescriptorGroup(ObjectDescriptor, &psid, &defaulted)) + return FALSE; + SetSecurityDescriptorGroup(&desc, psid, defaulted); + } + + if (SecurityInformation & DACL_SECURITY_INFORMATION) + { + if (!GetSecurityDescriptorDacl(ObjectDescriptor, &present, &pacl, &defaulted)) + return FALSE; + SetSecurityDescriptorDacl(&desc, present, pacl, defaulted); + } + + if (SecurityInformation & SACL_SECURITY_INFORMATION) + { + if (!GetSecurityDescriptorSacl(ObjectDescriptor, &present, &pacl, &defaulted)) + return FALSE; + SetSecurityDescriptorSacl(&desc, present, pacl, defaulted); + } + + *ReturnLength = DescriptorLength; + if (!MakeSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength)) + return FALSE; + GetSecurityDescriptorOwner(ResultantDescriptor, &psid, &defaulted); + FIXME("%p, sid=%p\n", &desc, psid); + return TRUE; } /****************************************************************************** diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 9c98f09878..6426f84f03 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -2044,11 +2044,65 @@ static void test_ConvertSecurityDescriptorToString() AddAuditAccessAceEx(pacl, ACL_REVISION, NO_PROPAGATE_INHERIT_ACE, FILE_GENERIC_READ|FILE_GENERIC_WRITE, psid2, TRUE, FALSE); ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Convertion failed\n"); CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)"); - - -#undef CHECK_RESULT_AND_FREE } +static void test_PrivateObjectSecurity(void) +{ + SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION; + SECURITY_DESCRIPTOR_CONTROL ctrl; + PSECURITY_DESCRIPTOR sec; + DWORD dwDescSize; + DWORD dwRevision; + DWORD retSize; + LPSTR string; + ULONG len; + PSECURITY_DESCRIPTOR buf; + + ok(ConvertStringSecurityDescriptorToSecurityDescriptorA( + "O:SY" + "G:S-1-5-21-93476-23408-4576" + "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)" + "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)", SDDL_REVISION_1, &sec, &dwDescSize), "Creating descriptor failed\n"); + buf = HeapAlloc(GetProcessHeap(), 0, dwDescSize); + SetSecurityDescriptorControl(sec, SE_DACL_PROTECTED, SE_DACL_PROTECTED); + GetSecurityDescriptorControl(sec, &ctrl, &dwRevision); + todo_wine expect_eq(ctrl, 0x9014, int, "%x"); + + ok(GetPrivateObjectSecurity(sec, GROUP_SECURITY_INFORMATION, buf, dwDescSize, &retSize), + "GetPrivateObjectSecurity failed (err=%u)\n", GetLastError()); + ok(retSize <= dwDescSize, "Buffer too small (%d vs %d)\n", retSize, dwDescSize); + ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Convertion failed\n"); + CHECK_RESULT_AND_FREE("G:S-1-5-21-93476-23408-4576"); + GetSecurityDescriptorControl(buf, &ctrl, &dwRevision); + expect_eq(ctrl, 0x8000, int, "%x"); + + ok(GetPrivateObjectSecurity(sec, GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, buf, dwDescSize, &retSize), + "GetPrivateObjectSecurity failed (err=%u)\n", GetLastError()); + ok(retSize <= dwDescSize, "Buffer too small (%d vs %d)\n", retSize, dwDescSize); + ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Convertion failed err=%u\n", GetLastError()); + CHECK_RESULT_AND_FREE("G:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"); + GetSecurityDescriptorControl(buf, &ctrl, &dwRevision); + expect_eq(ctrl, 0x8004, int, "%x"); + + ok(GetPrivateObjectSecurity(sec, sec_info, buf, dwDescSize, &retSize), + "GetPrivateObjectSecurity failed (err=%u)\n", GetLastError()); + ok(retSize == dwDescSize, "Buffer too small (%d vs %d)\n", retSize, dwDescSize); + ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Convertion failed\n"); + CHECK_RESULT_AND_FREE("O:SY" + "G:S-1-5-21-93476-23408-4576" + "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)" + "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)"); + GetSecurityDescriptorControl(buf, &ctrl, &dwRevision); + expect_eq(ctrl, 0x8014, int, "%x"); + + SetLastError(0xdeadbeef); + ok(GetPrivateObjectSecurity(sec, sec_info, buf, 5, &retSize) == FALSE, "GetPrivateObjectSecurity should have failed\n"); + ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected error ERROR_INSUFFICIENT_BUFFER, got %u\n", GetLastError()); + + LocalFree(sec); +} +#undef CHECK_RESULT_AND_FREE + START_TEST(security) { init(); @@ -2074,4 +2128,5 @@ START_TEST(security) test_GetNamedSecurityInfoA(); test_ConvertStringSecurityDescriptor(); test_ConvertSecurityDescriptorToString(); + test_PrivateObjectSecurity(); }