From: Hans Leidekker Subject: Re: [PATCH] wbemprox: Return WBEM_E_ACCESS_DENIED from IEnumWbemClassObject::Next() if the object is empty. Message-Id: <7bca5a82c631ba4af4a93aea93276b8bf8307822.camel@codeweavers.com> Date: Mon, 08 Jul 2019 11:29:44 +0200 In-Reply-To: <20190708170411.c58c4005590d2389c858ff82@baikal.ru> References: <20190708130718.675b6fbc701cdbb0ea932f2d@baikal.ru> <2ee08af8b40c9d679d65527d4f272d40238c1cba.camel@codeweavers.com> <20190708170411.c58c4005590d2389c858ff82@baikal.ru> On Mon, 2019-07-08 at 17:04 +0800, Dmitry Timoshkov wrote: > Hans Leidekker wrote: > > > On Mon, 2019-07-08 at 13:07 +0800, Dmitry Timoshkov wrote: > > > +static void test_Win32_QuickFixEngineering( IWbemServices *services ) > > > +{ > > > + static const WCHAR queryW[] = > > > + {'S','E','L','E','C','T',' ','*',' ','F','R','O','M',' ', > > > + 'W','i','n','3','2','_','Q','u','i','c','k','F','i','x','E','n','g','i','n','e','e','r','i','n','g',' ', > > > + 'W','H','E','R','E',' ','H','o','t','F','i','x','I','D','=','\"','0','x','d','e','a','d','b','e','e','f','\"',0}; > > > + BSTR wql = SysAllocString( wqlW ), query = SysAllocString( queryW ); > > > + HRESULT hr; > > > + IEnumWbemClassObject *result; > > > + IWbemClassObject *obj; > > > + ULONG count; > > > + > > > + hr = IWbemServices_ExecQuery( services, wql, query, 0, NULL, &result ); > > > + ok( hr == S_OK, "got %08x\n", hr ); > > > + > > > + count = 0xdeadbeef; > > > + hr = IEnumWbemClassObject_Next( result, 1000, 1, &obj, &count ); > > > + ok( hr == WBEM_E_ACCESS_DENIED || broken(hr == WBEM_S_FALSE || hr == WBEM_S_TIMEDOUT) /* before Win7 SP1 */, "got %08x\n", hr ); > > > + ok( !count, "got %u\n", count ); > > > > I don't see this. Even up-to-date Windows 10 returns WBEM_S_FALSE here. > > Looks like this is a result of executing from an MSI custom action. > Is there a way to detect such a case and return an appropriate error > value? The error code suggests that the custom action is run with insufficient permissions. If that's the case we'd need to do the same and add a permission check somewhere.