From 2b5cefc92e1bc78b9e5d73a54454a3cba771b19f Mon Sep 17 00:00:00 2001 From: Alexandre Julliard Date: Thu, 1 Jul 2021 16:20:08 +0200 Subject: [PATCH] server: Store the session id in the process token. Signed-off-by: Alexandre Julliard --- server/process.c | 4 ++-- server/security.h | 3 ++- server/token.c | 19 +++++++++++++------ 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/server/process.c b/server/process.c index c2131a2d7e2..15387a2affa 100644 --- a/server/process.c +++ b/server/process.c @@ -664,7 +664,7 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla if (!parent) { process->handles = alloc_handle_table( process, 0 ); - process->token = token_create_admin( TRUE, -1, TokenElevationTypeFull ); + process->token = token_create_admin( TRUE, -1, TokenElevationTypeFull, default_session_id ); process->affinity = ~0; } else @@ -686,7 +686,7 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla process->affinity = parent->affinity; } if (!process->handles || !process->token) goto error; - process->session_id = default_session_id; + process->session_id = token_get_session_id( process->token ); /* Assign a high security label to the token. The default would be medium * but Wine provides admin access to all applications right now so high diff --git a/server/security.h b/server/security.h index f7e644aa1b7..5388bc9c419 100644 --- a/server/security.h +++ b/server/security.h @@ -54,7 +54,7 @@ extern const PSID security_high_label_sid; /* token functions */ extern struct token *get_token_obj( struct process *process, obj_handle_t handle, unsigned int access ); -extern struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation ); +extern struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation, unsigned int session_id ); extern int token_assign_label( struct token *token, PSID label ); extern struct token *token_duplicate( struct token *src_token, unsigned primary, int impersonation_level, const struct security_descriptor *sd, @@ -66,6 +66,7 @@ extern int token_check_privileges( struct token *token, int all_required, extern const ACL *token_get_default_dacl( struct token *token ); extern const SID *token_get_user( struct token *token ); extern const SID *token_get_primary_group( struct token *token ); +extern unsigned int token_get_session_id( struct token *token ); extern int token_sid_present( struct token *token, const SID *sid, int deny); static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace ) diff --git a/server/token.c b/server/token.c index fed7d93753e..9c72c2a6bed 100644 --- a/server/token.c +++ b/server/token.c @@ -122,7 +122,8 @@ struct token SID *user; /* SID of user this token represents */ SID *owner; /* SID of owner (points to user or one of groups) */ SID *primary_group; /* SID of user's primary group (points to one of groups) */ - unsigned primary; /* is this a primary or impersonation token? */ + unsigned int primary; /* is this a primary or impersonation token? */ + unsigned int session_id; /* token session id */ ACL *default_dacl; /* the default DACL to assign to objects created by this user */ TOKEN_SOURCE source; /* source of the token */ int impersonation_level; /* impersonation level this token is capable of if non-primary token */ @@ -537,7 +538,7 @@ static void token_destroy( struct object *obj ) * modified_id may be NULL, indicating that a new modified_id luid should be * allocated. */ -static struct token *create_token( unsigned primary, const SID *user, +static struct token *create_token( unsigned int primary, unsigned int session_id, const SID *user, const SID_AND_ATTRIBUTES *groups, unsigned int group_count, const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count, const ACL *default_dacl, TOKEN_SOURCE source, @@ -557,6 +558,7 @@ static struct token *create_token( unsigned primary, const SID *user, list_init( &token->privileges ); list_init( &token->groups ); token->primary = primary; + token->session_id = session_id; /* primary tokens don't have impersonation levels */ if (primary) token->impersonation_level = -1; @@ -677,7 +679,7 @@ struct token *token_duplicate( struct token *src_token, unsigned primary, return NULL; } - token = create_token( primary, src_token->user, NULL, 0, + token = create_token( primary, src_token->session_id, src_token->user, NULL, 0, NULL, 0, src_token->default_dacl, src_token->source, modified_id, impersonation_level, src_token->elevation ); @@ -830,7 +832,7 @@ struct token *get_token_obj( struct process *process, obj_handle_t handle, unsig return (struct token *)get_handle_obj( process, handle, access, &token_ops ); } -struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation ) +struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation, unsigned int session_id ) { struct token *token = NULL; static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY }; @@ -890,7 +892,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID }, }; static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}}; - token = create_token( primary, user_sid, admin_groups, ARRAY_SIZE( admin_groups ), + token = create_token( primary, session_id, user_sid, admin_groups, ARRAY_SIZE( admin_groups ), admin_privs, ARRAY_SIZE( admin_privs ), default_dacl, admin_source, NULL, impersonation_level, elevation ); /* we really need a primary group */ @@ -1197,6 +1199,11 @@ const SID *token_get_primary_group( struct token *token ) return token->primary_group; } +unsigned int token_get_session_id( struct token *token ) +{ + return token->session_id; +} + int check_object_access(struct token *token, struct object *obj, unsigned int *access) { generic_map_t mapping; @@ -1669,7 +1676,7 @@ DECL_HANDLER(create_linked_token) release_object( token ); return; } - if ((linked = token_create_admin( FALSE, SecurityIdentification, elevation ))) + if ((linked = token_create_admin( FALSE, SecurityIdentification, elevation, token->session_id ))) { reply->linked = alloc_handle( current->process, linked, TOKEN_ALL_ACCESS, 0 ); release_object( linked );