Object ACEs are supported starting from Revision 4, the current code checks
if the revision is above Revision 4. An Object ACE has to be strictly set on that revision,
whereas Object ACLs can be of any revision starting from ACL_REVISION4.
Write the necessary ACL validation code for ACEs whose types are ACCESS_ALLOWED_OBJECT_ACE_TYPE
or ACCESS_DENIED_OBJECT_ACE_TYPE. This ensures each created object type ACL has valid ACE
contents.
ACCESS_DENIED_ACE_TYPE, ACCESS_ALLOWED_ACE_TYPE, SYSTEM_AUDIT_ACE_TYPE and
SYSTEM_ALARM_ACE_TYPE belong to the same commonly internal ACE type, aka KNOWN_ACE,
as each of these ACEs have the same structure field offsets.
The only difference are ACCESS_DENIED_OBJECT_ACE_TYPE and ACCESS_ALLOWED_OBJECT_ACE_TYPE
as they have their own internal ACE type variant, the KNOWN_OBJECT_ACE structure.
The general guideline is that public ACE structure variants have to be used elsehwere
such as in UM whilst the kernel has to use the internal known ACE type variants when possible.
- Implement SepDenyAccessObjectTypeResultList, SepAllowAccessObjectTypeResultList,
SepDenyAccessObjectTypeList and SepAllowAccessObjectTypeList. These routines will
be used to grant or deny access to sub-objects of an object in the list.
- Refactor SepAnalyzeAcesFromDacl and SepAccessCheck to accomodate the newly
implemented access check by type mechanism.
- SepAccessCheck will now be SepAccessCheckWorker, a worker helper function that further
abstracts the access check mechanism in the kernel. Whereas the SepAccessCheck name will be
used as a centralized function used by the access check NT system calls.
- Deprecate SepGetSDOwner and SepGetSDGroup in favor of SepGetOwnerFromDescriptor and
SepGetGroupFromDescriptor. The former functions were buggy as they might potentially
return garbage data if either the owner or group were passed as NULL to a security
descriptor, hence a second chance exception fault. This was caught when writing tests
for NtAccessCheckByType.
- Shorten the debug prints by removing the name of the functions, the person who reads
the debugger output has to look at the source code anyway.
This implements various private kernel routines for object type list management
needed for access check code infrastructure. In addition, update the code documentation
and add missing comments.
This function will dump all the access status and granted access rights
of each object list of a list whenever an access check by type (or by type
result list) fails. This is for debugging purposes.
OBJECT_TYPE_LIST_INTERNAL will serve as an internal kernel data structure
to hold validated object type contents that are copied from UM.
The difference between the public and the internal one is that the internal structure has
an additional member for access check rights that have been granted on each
object element in the list.
The newly updated SAL2 annotations reflect those from Process Hacker.
Also these syscalls must have their function's status code checked, as
most of other Native syscalls have them checked.
* [KMTEST:TcpIp] Use 10 second timeout value instead of INFINITE
On x64 the test sometimes fails to connect and then times out on the testbot, causing the system to be rebooted.
Co-authored-by: Stanislav Motylkov <x86corez@gmail.com>
I just can't stand that whitespace-diff at those 2 if-conditions any longer,
which was introduced into co_WinPosSetWindowPos() by
0.4.13-dev-8-g cfdf36e442
Everytime I port something back, I don't know where to put that diff temporarily.
And I don't want to make the older branches worse as well.
So finally squeeze it out at right-hand-side in master head.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=48335
Signed-off-by: Piotr Caban <piotr@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
wine commit id 6babdb5508bd2f1b659218483f5df76859898712 by Piotr Caban <piotr@codeweavers.com>
Signed-off-by: Piotr Caban <piotr@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
wine commit id 48a447c5eb238d673ce5db4eeacf3ba4c1a9da90 by Piotr Caban <piotr@codeweavers.com>
Signed-off-by: Piotr Caban <piotr@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
wine commit id ea20974cdd7457715bf4d758818d03bff664f62b by Piotr Caban <piotr@codeweavers.com>
Currently ReactOS' winsock2 implementation lacks of non-blocking sockets support for recv() apicall, this causes that applications that make use of this feature can lead to unexpected behaviors, one of them is Nginx web server, which uses non-blocking sockets when serving pages through Https protocol.
CORE-14486
It also brings us significantly closer in master head to running Firefox 52, Mypal 29.3.0 and New Moon 28 browser, where the latter allows to connect to mattermost from within ReactOS.
In master head an additional reg file is needed to stop us from exporting specific NT6+ APIs, but in older releases all that should work out of the box with this brilliant patch.
Co-authored-by: Julio Carchi Ruiz <julcar@informaticos.com>
Co-authored-by: Stanislav Motylkov <x86corez@gmail.com>
Implement NTFS boot sector that loads FreeLdr from a NTFS partition.
CORE-17474
- Able to find/parse root directory;
- Handle fixups in FILE MFT record;
- Implement directory tree search;
- Implement loading found file from disk;
- Handle fixups in INDX records;
- Fail if compressed or sparse;
- Attempt to support 64-bit disks.
Some TO-DOs for later:
- Handle "weird" NTFS partition with uncommon sector sizes / sectors per cluster / sectors per index record;
- Better implementation for file loading;
- 64-bit LCN support.
This works similarly to how our shell stores its settings from a software design standpoint.
- Add settings.cpp file and ShellSettings structure to load and save settings.
- Add a registry value to hivedef.inf for the locked toolbar state.
This prevents a bug where the associated registry key cannot be opened or saved to.
- Add new BWM_SETTINGCHANGE window message to refresh the UI on setting changes
and send it to every open window when saving settings to the registry.
- Add new BWM_GETSETTINGSPTR window message to share the shellbrowser settings
structure pointer with child windows and toolbars.
When creating a new process the monster function CreateProcessInternalW calls BaseInitializeContext to set up the context for the initial thread. One of the parameters is the PEB pointer. Instead of passing the pointer to the newly created process' PEB, the function was passing it's own PEB address, leading to test failures. How this is not an issue otherwise is a mystery to be resolved by someone else.
Also remove ros_skip_flaky marks in kernel32_winetest:process (yes, flaky, because sometimes the PEB addresses actually match)
IS_SYSTEM_MENU():
"moved" to ntuser on 6dfa71c (r68904).
IS_SYSTEM_POPUP():
uselessly added on 6fc29cc (r8195).
IS_BITMAP_ITEM():
uses removed on 07b6ddc (r23221).
uselessly copied to ntuser on 6dfa71c (r68904).
GitHub is starting to discontinue Actions V2 (the date was postponed).
Once they enforce Actions V3, builds will likely fail to run, so it's
better to change this sooner rather than later.
- Update GitHub Actions to V3
- Replace deprecated set-output with $GITHUB_OUTPUT
This also fixes the warnings on the builds/artifacts page.
