ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server: Create linked tokens as impersonation tokens. 

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=51347
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Zebediah Figura 2021-06-30 00:01:06 -05:00 committed by Alexandre Julliard
parent 2cbed06609
commit 4cca8b67d0
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dlls/advapi32/tests/security.c
View File

@ -8202,9 +8202,9 @@ static void test_elevation(void)
ok(elevation.TokenIsElevated == FALSE, "got elevation %#x\n", elevation.TokenIsElevated); ok(elevation.TokenIsElevated == FALSE, "got elevation %#x\n", elevation.TokenIsElevated);
ret = GetTokenInformation(linked.LinkedToken, TokenType, &type, sizeof(type), &size); ret = GetTokenInformation(linked.LinkedToken, TokenType, &type, sizeof(type), &size);
ok(ret, "got error %u\n", GetLastError()); ok(ret, "got error %u\n", GetLastError());
todo_wine ok(type == TokenImpersonation, "got type %#x\n", type); ok(type == TokenImpersonation, "got type %#x\n", type);
ret = GetTokenInformation(linked.LinkedToken, TokenImpersonationLevel, &type, sizeof(type), &size); ret = GetTokenInformation(linked.LinkedToken, TokenImpersonationLevel, &type, sizeof(type), &size);
todo_wine ok(ret, "got error %u\n", GetLastError()); ok(ret, "got error %u\n", GetLastError());
ok(type == SecurityIdentification, "got impersonation level %#x\n", type); ok(type == SecurityIdentification, "got impersonation level %#x\n", type);
/* Asking for the linked token again gives us a different token. */ /* Asking for the linked token again gives us a different token. */

2
server/process.c
View File

@ -664,7 +664,7 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla
if (!parent) if (!parent)
{ {
process->handles = alloc_handle_table( process, 0 ); process->handles = alloc_handle_table( process, 0 );
process->token = token_create_admin( TokenElevationTypeFull ); process->token = token_create_admin( TRUE, -1, TokenElevationTypeFull );
process->affinity = ~0; process->affinity = ~0;
} }
else else

2
server/security.h
View File

@ -54,7 +54,7 @@ extern const PSID security_high_label_sid;
/* token functions */ /* token functions */
extern struct token *get_token_obj( struct process *process, obj_handle_t handle, unsigned int access ); extern struct token *get_token_obj( struct process *process, obj_handle_t handle, unsigned int access );
extern struct token *token_create_admin( int elevation ); extern struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation );
extern int token_assign_label( struct token *token, PSID label ); extern int token_assign_label( struct token *token, PSID label );
extern struct token *token_duplicate( struct token *src_token, unsigned primary, extern struct token *token_duplicate( struct token *src_token, unsigned primary,
int impersonation_level, const struct security_descriptor *sd, int impersonation_level, const struct security_descriptor *sd,

8
server/token.c
View File

@ -830,7 +830,7 @@ struct token *get_token_obj( struct process *process, obj_handle_t handle, unsig
return (struct token *)get_handle_obj( process, handle, access, &token_ops ); return (struct token *)get_handle_obj( process, handle, access, &token_ops );
} }
struct token *token_create_admin( int elevation ) struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation )
{ {
struct token *token = NULL; struct token *token = NULL;
static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY }; static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };
@ -890,9 +890,9 @@ struct token *token_create_admin( int elevation )
{ logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID }, { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
}; };
static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}}; static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ), token = create_token( primary, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
admin_privs, ARRAY_SIZE( admin_privs ), default_dacl, admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
admin_source, NULL, -1, elevation ); admin_source, NULL, impersonation_level, elevation );
/* we really need a primary group */ /* we really need a primary group */
assert( token->primary_group ); assert( token->primary_group );
} }
@ -1669,7 +1669,7 @@ DECL_HANDLER(create_linked_token)
release_object( token ); release_object( token );
return; return;
} }
if ((linked = token_create_admin( elevation ))) if ((linked = token_create_admin( FALSE, SecurityIdentification, elevation )))
{ {
reply->linked = alloc_handle( current->process, linked, TOKEN_ALL_ACCESS, 0 ); reply->linked = alloc_handle( current->process, linked, TOKEN_ALL_ACCESS, 0 );
release_object( linked ); release_object( linked );