ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server: Define a server-side structure for LUID_AND_ATTRIBUTES. 

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Alexandre Julliard 2022-01-25 11:55:40 +01:00
parent 83064d1500
commit 7d7322671c
8 changed files with 154 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
include/wine/server_protocol.h
View File

@ -364,11 +364,17 @@ struct filesystem_event
char name[1];
};
typedef struct
struct luid
{
unsigned int low_part;
int high_part;
} luid_t;
};
struct luid_attr
{
struct luid luid;
unsigned int attrs;
};
typedef struct
{
@ -4331,13 +4337,13 @@ struct adjust_token_privileges_request
obj_handle_t handle;
int disable_all;
int get_modified_state;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */
/* VARARG(privileges,luid_attr); */
};
struct adjust_token_privileges_reply
{
struct reply_header __header;
unsigned int len;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */
/* VARARG(privileges,luid_attr); */
char __pad_12[4];
};
@ -4351,7 +4357,7 @@ struct get_token_privileges_reply
{
struct reply_header __header;
unsigned int len;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */
/* VARARG(privileges,luid_attr); */
char __pad_12[4];
};
@ -4361,14 +4367,14 @@ struct check_token_privileges_request
struct request_header __header;
obj_handle_t handle;
int all_required;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */
/* VARARG(privileges,luid_attr); */
char __pad_20[4];
};
struct check_token_privileges_reply
{
struct reply_header __header;
int has_privileges;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */
/* VARARG(privileges,luid_attr); */
char __pad_12[4];
};
@ -4395,7 +4401,7 @@ struct filter_token_request
obj_handle_t handle;
unsigned int flags;
data_size_t privileges_size;
/* VARARG(privileges,LUID_AND_ATTRIBUTES,privileges_size); */
/* VARARG(privileges,luid_attr,privileges_size); */
/* VARARG(disable_sids,SID); */
};
struct filter_token_reply
@ -4420,7 +4426,7 @@ struct access_check_reply
unsigned int access_granted;
unsigned int access_status;
unsigned int privileges_len;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */
/* VARARG(privileges,luid_attr); */
char __pad_20[4];
};
@ -4732,7 +4738,7 @@ struct allocate_locally_unique_id_request
struct allocate_locally_unique_id_reply
{
struct reply_header __header;
luid_t luid;
struct luid luid;
};
@ -4904,8 +4910,8 @@ struct get_token_info_request
struct get_token_info_reply
{
struct reply_header __header;
luid_t token_id;
luid_t modified_id;
struct luid token_id;
struct luid modified_id;
unsigned int session_id;
int primary;
int impersonation_level;
@ -6246,7 +6252,7 @@ union generic_reply
/* ### protocol_version begin ### */
#define SERVER_PROTOCOL_VERSION 739
#define SERVER_PROTOCOL_VERSION 740
/* ### protocol_version end ### */

30
server/protocol.def
View File

@ -380,11 +380,17 @@ struct filesystem_event
char name[1];
};
typedef struct
struct luid
{
unsigned int low_part;
int high_part;
} luid_t;
};
struct luid_attr
{
struct luid luid;
unsigned int attrs;
};
typedef struct
{
@ -3084,10 +3090,10 @@ enum caret_state
obj_handle_t handle; /* handle to the token */
int disable_all; /* disable all privileges? */
int get_modified_state; /* get modified privileges? */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges to enable/disable/remove */
VARARG(privileges,luid_attr); /* privileges to enable/disable/remove */
@REPLY
unsigned int len; /* total length in bytes required to store token privileges */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* modified privileges */
VARARG(privileges,luid_attr); /* modified privileges */
@END
/* Retrieves the set of privileges held by or available to a token */
@ -3095,17 +3101,17 @@ enum caret_state
obj_handle_t handle; /* handle to the token */
@REPLY
unsigned int len; /* total length in bytes required to store token privileges */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges held by or available to a token */
VARARG(privileges,luid_attr); /* privileges held by or available to a token */
@END
/* Check the token has the required privileges */
@REQ(check_token_privileges)
obj_handle_t handle; /* handle to the token */
int all_required; /* are all the privileges required for the check to succeed? */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges to check */
VARARG(privileges,luid_attr); /* privileges to check */
@REPLY
int has_privileges; /* does the token have the required privileges? */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges held by or available to a token */
VARARG(privileges,luid_attr); /* privileges held by or available to a token */
@END
@REQ(duplicate_token)
@ -3122,7 +3128,7 @@ enum caret_state
obj_handle_t handle; /* handle to the token to duplicate */
unsigned int flags; /* flags */
data_size_t privileges_size; /* size of privileges */
VARARG(privileges,LUID_AND_ATTRIBUTES,privileges_size); /* privileges to remove from new token */
VARARG(privileges,luid_attr,privileges_size); /* privileges to remove from new token */
VARARG(disable_sids,SID); /* array of groups to remove from new token */
@REPLY
obj_handle_t new_handle; /* filtered handle */
@ -3137,7 +3143,7 @@ enum caret_state
unsigned int access_granted; /* access rights actually granted */
unsigned int access_status; /* was access granted? */
unsigned int privileges_len; /* length needed to store privileges */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges used during access check */
VARARG(privileges,luid_attr); /* privileges used during access check */
@END
@REQ(get_token_sid)
@ -3321,7 +3327,7 @@ struct handle_info
/* Allocate a locally-unique identifier */
@REQ(allocate_locally_unique_id)
@REPLY
luid_t luid;
struct luid luid;
@END
@ -3423,8 +3429,8 @@ struct handle_info
@REQ(get_token_info)
obj_handle_t handle; /* handle to the object */
@REPLY
luid_t token_id; /* locally-unique identifier of the token */
luid_t modified_id; /* locally-unique identifier of the modified version of the token */
struct luid token_id; /* locally-unique identifier of the token */
struct luid modified_id; /* locally-unique identifier of the modified version of the token */
unsigned int session_id; /* token session id */
int primary; /* is the token primary or impersonation? */
int impersonation_level; /* level of impersonation */

6
server/registry.c
View File

@ -2303,7 +2303,7 @@ DECL_HANDLER(load_registry)
if (!objattr) return;
if (!thread_single_check_privilege( current, &SeRestorePrivilege ))
if (!thread_single_check_privilege( current, SeRestorePrivilege ))
{
set_error( STATUS_PRIVILEGE_NOT_HELD );
return;
@ -2334,7 +2334,7 @@ DECL_HANDLER(unload_registry)
struct unicode_str name;
unsigned int access = 0;
if (!thread_single_check_privilege( current, &SeRestorePrivilege ))
if (!thread_single_check_privilege( current, SeRestorePrivilege ))
{
set_error( STATUS_PRIVILEGE_NOT_HELD );
return;
@ -2362,7 +2362,7 @@ DECL_HANDLER(save_registry)
{
struct key *key;
if (!thread_single_check_privilege( current, &SeBackupPrivilege ))
if (!thread_single_check_privilege( current, SeBackupPrivilege ))
{
set_error( STATUS_PRIVILEGE_NOT_HELD );
return;

2
server/request.h
View File

@ -692,13 +692,13 @@ C_ASSERT( sizeof(int) == 4 );
C_ASSERT( sizeof(ioctl_code_t) == 4 );
C_ASSERT( sizeof(irp_params_t) == 32 );
C_ASSERT( sizeof(lparam_t) == 8 );
C_ASSERT( sizeof(luid_t) == 8 );
C_ASSERT( sizeof(mem_size_t) == 8 );
C_ASSERT( sizeof(mod_handle_t) == 8 );
C_ASSERT( sizeof(obj_handle_t) == 4 );
C_ASSERT( sizeof(process_id_t) == 4 );
C_ASSERT( sizeof(rectangle_t) == 16 );
C_ASSERT( sizeof(short int) == 2 );
C_ASSERT( sizeof(struct luid) == 8 );
C_ASSERT( sizeof(thread_id_t) == 4 );
C_ASSERT( sizeof(timeout_t) == 8 );
C_ASSERT( sizeof(unsigned char) == 1 );

50
server/security.h
View File

@ -23,26 +23,26 @@
#include <sys/types.h>
extern const LUID SeIncreaseQuotaPrivilege;
extern const LUID SeSecurityPrivilege;
extern const LUID SeTakeOwnershipPrivilege;
extern const LUID SeLoadDriverPrivilege;
extern const LUID SeSystemProfilePrivilege;
extern const LUID SeSystemtimePrivilege;
extern const LUID SeProfileSingleProcessPrivilege;
extern const LUID SeIncreaseBasePriorityPrivilege;
extern const LUID SeCreatePagefilePrivilege;
extern const LUID SeBackupPrivilege;
extern const LUID SeRestorePrivilege;
extern const LUID SeShutdownPrivilege;
extern const LUID SeDebugPrivilege;
extern const LUID SeSystemEnvironmentPrivilege;
extern const LUID SeChangeNotifyPrivilege;
extern const LUID SeRemoteShutdownPrivilege;
extern const LUID SeUndockPrivilege;
extern const LUID SeManageVolumePrivilege;
extern const LUID SeImpersonatePrivilege;
extern const LUID SeCreateGlobalPrivilege;
extern const struct luid SeIncreaseQuotaPrivilege;
extern const struct luid SeSecurityPrivilege;
extern const struct luid SeTakeOwnershipPrivilege;
extern const struct luid SeLoadDriverPrivilege;
extern const struct luid SeSystemProfilePrivilege;
extern const struct luid SeSystemtimePrivilege;
extern const struct luid SeProfileSingleProcessPrivilege;
extern const struct luid SeIncreaseBasePriorityPrivilege;
extern const struct luid SeCreatePagefilePrivilege;
extern const struct luid SeBackupPrivilege;
extern const struct luid SeRestorePrivilege;
extern const struct luid SeShutdownPrivilege;
extern const struct luid SeDebugPrivilege;
extern const struct luid SeSystemEnvironmentPrivilege;
extern const struct luid SeChangeNotifyPrivilege;
extern const struct luid SeRemoteShutdownPrivilege;
extern const struct luid SeUndockPrivilege;
extern const struct luid SeManageVolumePrivilege;
extern const struct luid SeImpersonatePrivilege;
extern const struct luid SeCreateGlobalPrivilege;
extern const PSID security_world_sid;
extern const PSID security_local_user_sid;
@ -60,11 +60,11 @@ extern struct token *token_create_admin( unsigned primary, int impersonation_lev
extern int token_assign_label( struct token *token, PSID label );
extern struct token *token_duplicate( struct token *src_token, unsigned primary,
int impersonation_level, const struct security_descriptor *sd,
const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count,
const struct luid_attr *remove_privs, unsigned int remove_priv_count,
const SID *remove_groups, unsigned int remove_group_count );
extern int token_check_privileges( struct token *token, int all_required,
const LUID_AND_ATTRIBUTES *reqprivs,
unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
const struct luid_attr *reqprivs,
unsigned int count, struct luid_attr *usedprivs );
extern const ACL *token_get_default_dacl( struct token *token );
extern const SID *token_get_user( struct token *token );
extern const SID *token_get_primary_group( struct token *token );
@ -91,10 +91,10 @@ extern void security_set_thread_token( struct thread *thread, obj_handle_t handl
extern const SID *security_unix_uid_to_sid( uid_t uid );
extern int check_object_access( struct token *token, struct object *obj, unsigned int *access );
static inline int thread_single_check_privilege( struct thread *thread, const LUID *priv)
static inline int thread_single_check_privilege( struct thread *thread, struct luid priv )
{
struct token *token = thread_get_impersonation_token( thread );
const LUID_AND_ATTRIBUTES privs = { *priv, 0 };
const struct luid_attr privs = { priv, 0 };
if (!token) return FALSE;

172
server/token.c
View File

@ -42,27 +42,27 @@
#define MAX_SUBAUTH_COUNT 1
const LUID SeIncreaseQuotaPrivilege = { 5, 0 };
const LUID SeTcbPrivilege = { 7, 0 };
const LUID SeSecurityPrivilege = { 8, 0 };
const LUID SeTakeOwnershipPrivilege = { 9, 0 };
const LUID SeLoadDriverPrivilege = { 10, 0 };
const LUID SeSystemProfilePrivilege = { 11, 0 };
const LUID SeSystemtimePrivilege = { 12, 0 };
const LUID SeProfileSingleProcessPrivilege = { 13, 0 };
const LUID SeIncreaseBasePriorityPrivilege = { 14, 0 };
const LUID SeCreatePagefilePrivilege = { 15, 0 };
const LUID SeBackupPrivilege = { 17, 0 };
const LUID SeRestorePrivilege = { 18, 0 };
const LUID SeShutdownPrivilege = { 19, 0 };
const LUID SeDebugPrivilege = { 20, 0 };
const LUID SeSystemEnvironmentPrivilege = { 22, 0 };
const LUID SeChangeNotifyPrivilege = { 23, 0 };
const LUID SeRemoteShutdownPrivilege = { 24, 0 };
const LUID SeUndockPrivilege = { 25, 0 };
const LUID SeManageVolumePrivilege = { 28, 0 };
const LUID SeImpersonatePrivilege = { 29, 0 };
const LUID SeCreateGlobalPrivilege = { 30, 0 };
const struct luid SeIncreaseQuotaPrivilege = { 5, 0 };
const struct luid SeTcbPrivilege = { 7, 0 };
const struct luid SeSecurityPrivilege = { 8, 0 };
const struct luid SeTakeOwnershipPrivilege = { 9, 0 };
const struct luid SeLoadDriverPrivilege = { 10, 0 };
const struct luid SeSystemProfilePrivilege = { 11, 0 };
const struct luid SeSystemtimePrivilege = { 12, 0 };
const struct luid SeProfileSingleProcessPrivilege = { 13, 0 };
const struct luid SeIncreaseBasePriorityPrivilege = { 14, 0 };
const struct luid SeCreatePagefilePrivilege = { 15, 0 };
const struct luid SeBackupPrivilege = { 17, 0 };
const struct luid SeRestorePrivilege = { 18, 0 };
const struct luid SeShutdownPrivilege = { 19, 0 };
const struct luid SeDebugPrivilege = { 20, 0 };
const struct luid SeSystemEnvironmentPrivilege = { 22, 0 };
const struct luid SeChangeNotifyPrivilege = { 23, 0 };
const struct luid SeRemoteShutdownPrivilege = { 24, 0 };
const struct luid SeUndockPrivilege = { 25, 0 };
const struct luid SeManageVolumePrivilege = { 28, 0 };
const struct luid SeImpersonatePrivilege = { 29, 0 };
const struct luid SeCreateGlobalPrivilege = { 30, 0 };
#define SID_N(n) struct /* same fields as struct SID */ \
{ \
@ -96,7 +96,7 @@ const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
const PSID security_domain_users_sid = (PSID)&domain_users_sid;
const PSID security_high_label_sid = (PSID)&high_label_sid;
static luid_t prev_luid_value = { 1000, 0 };
static struct luid prev_luid_value = { 1000, 0 };
static const WCHAR token_name[] = {'T','o','k','e','n'};
@ -116,8 +116,8 @@ struct type_descr token_type =
struct token
{
struct object obj; /* object header */
luid_t token_id; /* system-unique id of token */
luid_t modified_id; /* new id allocated every time token is modified */
struct luid token_id; /* system-unique id of token */
struct luid modified_id; /* new id allocated every time token is modified */
struct list privileges; /* privileges available to the token */
struct list groups; /* groups that the user of this token belongs to (sid_and_attributes) */
SID *user; /* SID of user this token represents */
@ -134,7 +134,7 @@ struct token
struct privilege
{
struct list entry;
LUID luid;
struct luid luid;
unsigned enabled : 1; /* is the privilege currently enabled? */
unsigned def : 1; /* is the privilege enabled by default? */
};
@ -463,12 +463,12 @@ ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl )
return replaced_acl;
}
static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 )
static inline int is_equal_luid( struct luid luid1, struct luid luid2 )
{
return (luid1->LowPart == luid2->LowPart && luid1->HighPart == luid2->HighPart);
return (luid1.low_part == luid2.low_part && luid1.high_part == luid2.high_part);
}
static inline void allocate_luid( luid_t *luid )
static inline void allocate_luid( struct luid *luid )
{
prev_luid_value.low_part++;
*luid = prev_luid_value;
@ -479,20 +479,21 @@ DECL_HANDLER( allocate_locally_unique_id )
allocate_luid( &reply->luid );
}
static inline void luid_and_attr_from_privilege( LUID_AND_ATTRIBUTES *out, const struct privilege *in)
static inline struct luid_attr luid_and_attr_from_privilege( const struct privilege *in )
{
out->Luid = in->luid;
out->Attributes =
(in->enabled ? SE_PRIVILEGE_ENABLED : 0) |
(in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0);
struct luid_attr ret = { in->luid };
ret.attrs = (in->enabled ? SE_PRIVILEGE_ENABLED : 0) |
(in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0);
return ret;
}
static struct privilege *privilege_add( struct token *token, const LUID *luid, int enabled )
static struct privilege *privilege_add( struct token *token, struct luid luid, int enabled )
{
struct privilege *privilege = mem_alloc( sizeof(*privilege) );
if (privilege)
{
privilege->luid = *luid;
privilege->luid = luid;
privilege->def = privilege->enabled = (enabled != 0);
list_add_tail( &token->privileges, &privilege->entry );
}
@ -541,9 +542,9 @@ static void token_destroy( struct object *obj )
*/
static struct token *create_token( unsigned int primary, unsigned int session_id, const SID *user,
const SID_AND_ATTRIBUTES *groups, unsigned int group_count,
const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
const struct luid_attr *privs, unsigned int priv_count,
const ACL *default_dacl, TOKEN_SOURCE source,
const luid_t *modified_id,
const struct luid *modified_id,
int impersonation_level, int elevation )
{
struct token *token = alloc_object( &token_ops );
@ -610,8 +611,7 @@ static struct token *create_token( unsigned int primary, unsigned int session_id
{
/* note: we don't check uniqueness: the caller must make sure
* privs doesn't contain any duplicate luids */
if (!privilege_add( token, &privs[i].Luid,
privs[i].Attributes & SE_PRIVILEGE_ENABLED ))
if (!privilege_add( token, privs[i].luid, privs[i].attrs & SE_PRIVILEGE_ENABLED ))
{
release_object( token );
return NULL;
@ -646,25 +646,22 @@ static int filter_group( struct group *group, const SID *filter, unsigned int co
return 0;
}
static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBUTES *filter, unsigned int count )
static int filter_privilege( struct privilege *privilege, const struct luid_attr *filter, unsigned int count )
{
unsigned int i;
for (i = 0; i < count; i++)
{
if (!memcmp( &privilege->luid, &filter[i].Luid, sizeof(LUID) ))
return 1;
}
if (is_equal_luid( privilege->luid, filter[i].luid )) return 1;
return 0;
}
struct token *token_duplicate( struct token *src_token, unsigned primary,
int impersonation_level, const struct security_descriptor *sd,
const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count,
const struct luid_attr *remove_privs, unsigned int remove_priv_count,
const SID *remove_groups, unsigned int remove_group_count)
{
const luid_t *modified_id =
const struct luid *modified_id =
primary || (impersonation_level == src_token->impersonation_level) ?
&src_token->modified_id : NULL;
struct token *token = NULL;
@ -717,7 +714,7 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
{
if (filter_privilege( privilege, remove_privs, remove_priv_count )) continue;
if (!privilege_add( token, &privilege->luid, privilege->enabled ))
if (!privilege_add( token, privilege->luid, privilege->enabled ))
{
release_object( token );
return NULL;
@ -855,7 +852,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl)
{
const LUID_AND_ATTRIBUTES admin_privs[] =
const struct luid_attr admin_privs[] =
{
{ SeChangeNotifyPrivilege , SE_PRIVILEGE_ENABLED },
{ SeTcbPrivilege , 0 },
@ -908,12 +905,12 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
return token;
}
static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
static struct privilege *token_find_privilege( struct token *token, struct luid luid, int enabled_only )
{
struct privilege *privilege;
LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
{
if (is_equal_luid( luid, &privilege->luid ))
if (is_equal_luid( luid, privilege->luid ))
{
if (enabled_only && !privilege->enabled)
return NULL;
@ -923,8 +920,8 @@ static struct privilege *token_find_privilege( struct token *token, const LUID *
return NULL;
}
static unsigned int token_adjust_privileges( struct token *token, const LUID_AND_ATTRIBUTES *privs,
unsigned int count, LUID_AND_ATTRIBUTES *mod_privs,
static unsigned int token_adjust_privileges( struct token *token, const struct luid_attr *privs,
unsigned int count, struct luid_attr *mod_privs,
unsigned int mod_privs_count )
{
unsigned int i, modified_count = 0;
@ -934,31 +931,24 @@ static unsigned int token_adjust_privileges( struct token *token, const LUID_AND
for (i = 0; i < count; i++)
{
struct privilege *privilege =
token_find_privilege( token, &privs[i].Luid, FALSE );
struct privilege *privilege = token_find_privilege( token, privs[i].luid, FALSE );
if (!privilege)
{
set_error( STATUS_NOT_ALL_ASSIGNED );
continue;
}
if (privs[i].Attributes & SE_PRIVILEGE_REMOVED)
privilege_remove( privilege );
if (privs[i].attrs & SE_PRIVILEGE_REMOVED) privilege_remove( privilege );
else
{
/* save previous state for caller */
if (mod_privs_count)
{
luid_and_attr_from_privilege(mod_privs, privilege);
mod_privs++;
*mod_privs++ = luid_and_attr_from_privilege( privilege );
mod_privs_count--;
modified_count++;
}
if (privs[i].Attributes & SE_PRIVILEGE_ENABLED)
privilege->enabled = TRUE;
else
privilege->enabled = FALSE;
privilege->enabled = !!(privs[i].attrs & SE_PRIVILEGE_ENABLED);
}
}
return modified_count;
@ -975,16 +965,14 @@ static void token_disable_privileges( struct token *token )
privilege->enabled = FALSE;
}
int token_check_privileges( struct token *token, int all_required,
const LUID_AND_ATTRIBUTES *reqprivs,
unsigned int count, LUID_AND_ATTRIBUTES *usedprivs)
int token_check_privileges( struct token *token, int all_required, const struct luid_attr *reqprivs,
unsigned int count, struct luid_attr *usedprivs)
{
unsigned int i, enabled_count = 0;
for (i = 0; i < count; i++)
{
struct privilege *privilege =
token_find_privilege( token, &reqprivs[i].Luid, TRUE );
struct privilege *privilege = token_find_privilege( token, reqprivs[i].luid, TRUE );
if (usedprivs)
usedprivs[i] = reqprivs[i];
@ -992,8 +980,7 @@ int token_check_privileges( struct token *token, int all_required,
if (privilege && privilege->enabled)
{
enabled_count++;
if (usedprivs)
usedprivs[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
if (usedprivs) usedprivs[i].attrs |= SE_PRIVILEGE_USED_FOR_ACCESS;
}
}
@ -1029,7 +1016,7 @@ int token_sid_present( struct token *token, const SID *sid, int deny )
static unsigned int token_access_check( struct token *token,
const struct security_descriptor *sd,
unsigned int desired_access,
LUID_AND_ATTRIBUTES *privs,
struct luid_attr *privs,
unsigned int *priv_count,
const generic_map_t *mapping,
unsigned int *granted_access,
@ -1076,8 +1063,8 @@ static unsigned int token_access_check( struct token *token,
* is only granted if specifically asked for */
if (desired_access & ACCESS_SYSTEM_SECURITY)
{
const LUID_AND_ATTRIBUTES security_priv = { SeSecurityPrivilege, 0 };
LUID_AND_ATTRIBUTES retpriv = security_priv;
const struct luid_attr security_priv = { SeSecurityPrivilege, 0 };
struct luid_attr retpriv = security_priv;
if (token_check_privileges( token, TRUE, &security_priv, 1, &retpriv ))
{
if (priv_count)
@ -1282,9 +1269,9 @@ DECL_HANDLER(adjust_token_privileges)
if ((token = (struct token *)get_handle_obj( current->process, req->handle,
access, &token_ops )))
{
const LUID_AND_ATTRIBUTES *privs = get_req_data();
LUID_AND_ATTRIBUTES *modified_privs = NULL;
unsigned int priv_count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES);
const struct luid_attr *privs = get_req_data();
struct luid_attr *modified_privs = NULL;
unsigned int priv_count = get_req_data_size() / sizeof(*privs);
unsigned int modified_priv_count = 0;
if (req->get_modified_state && !req->disable_all)
@ -1293,8 +1280,7 @@ DECL_HANDLER(adjust_token_privileges)
/* count modified privs */
for (i = 0; i < priv_count; i++)
{
struct privilege *privilege =
token_find_privilege( token, &privs[i].Luid, FALSE );
struct privilege *privilege = token_find_privilege( token, privs[i].luid, FALSE );
if (privilege && req->get_modified_state)
modified_priv_count++;
}
@ -1324,7 +1310,7 @@ DECL_HANDLER(get_token_privileges)
&token_ops )))
{
int priv_count = 0;
LUID_AND_ATTRIBUTES *privs;
struct luid_attr *privs;
struct privilege *privilege;
LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
@ -1335,14 +1321,8 @@ DECL_HANDLER(get_token_privileges)
{
privs = set_reply_data_size( priv_count * sizeof(*privs) );
if (privs)
{
int i = 0;
LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
{
luid_and_attr_from_privilege( &privs[i], privilege );
i++;
}
}
*privs++ = luid_and_attr_from_privilege( privilege );
}
else
set_error(STATUS_BUFFER_TOO_SMALL);
@ -1383,14 +1363,14 @@ DECL_HANDLER(filter_token)
if ((src_token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_DUPLICATE, &token_ops )))
{
const LUID_AND_ATTRIBUTES *filter_privileges = get_req_data();
const struct luid_attr *filter_privileges = get_req_data();
unsigned int priv_count, group_count;
const SID *filter_groups;
struct token *token;
priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(LUID_AND_ATTRIBUTES);
filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(LUID_AND_ATTRIBUTES));
group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(struct luid_attr);
filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(struct luid_attr));
group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(struct luid_attr) );
token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
filter_privileges, priv_count, filter_groups, group_count );
@ -1413,13 +1393,13 @@ DECL_HANDLER(check_token_privileges)
TOKEN_QUERY,
&token_ops )))
{
unsigned int count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES);
unsigned int count = get_req_data_size() / sizeof(struct luid_attr);
if (!token->primary && token->impersonation_level <= SecurityAnonymous)
set_error( STATUS_BAD_IMPERSONATION_LEVEL );
else if (get_reply_max_size() >= count * sizeof(LUID_AND_ATTRIBUTES))
else if (get_reply_max_size() >= count * sizeof(struct luid_attr))
{
LUID_AND_ATTRIBUTES *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) );
struct luid_attr *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) );
reply->has_privileges = token_check_privileges( token, req->all_required, get_req_data(), count, usedprivs );
}
else
@ -1447,7 +1427,7 @@ DECL_HANDLER(access_check)
&token_ops )))
{
unsigned int status;
LUID_AND_ATTRIBUTES priv;
struct luid_attr priv;
unsigned int priv_count = 1;
memset(&priv, 0, sizeof(priv));
@ -1470,11 +1450,11 @@ DECL_HANDLER(access_check)
status = token_access_check( token, sd, req->desired_access, &priv, &priv_count, &req->mapping,
&reply->access_granted, &reply->access_status );
reply->privileges_len = priv_count*sizeof(LUID_AND_ATTRIBUTES);
reply->privileges_len = priv_count*sizeof(struct luid_attr);
if ((priv_count > 0) && (reply->privileges_len <= get_reply_max_size()))
{
LUID_AND_ATTRIBUTES *privs = set_reply_data_size( priv_count * sizeof(*privs) );
struct luid_attr *privs = set_reply_data_size( priv_count * sizeof(*privs) );
memcpy( privs, &priv, sizeof(priv) );
}

23
server/trace.c
View File

@ -457,7 +457,7 @@ static void dump_hw_input( const char *prefix, const hw_input_t *input )
}
}
static void dump_luid( const char *prefix, const luid_t *luid )
static void dump_luid( const char *prefix, const struct luid *luid )
{
fprintf( stderr, "%s%d.%u", prefix, luid->high_part, luid->low_part );
}
@ -999,16 +999,15 @@ static void dump_varargs_properties( const char *prefix, data_size_t size )
remove_data( size );
}
static void dump_varargs_LUID_AND_ATTRIBUTES( const char *prefix, data_size_t size )
static void dump_varargs_luid_attr( const char *prefix, data_size_t size )
{
const LUID_AND_ATTRIBUTES *lat = cur_data;
const struct luid_attr *lat = cur_data;
data_size_t len = size / sizeof(*lat);
fprintf( stderr,"%s{", prefix );
while (len > 0)
{
fprintf( stderr, "{luid=%08x%08x,attr=%x}",
lat->Luid.HighPart, lat->Luid.LowPart, lat->Attributes );
fprintf( stderr, "{luid=%08x%08x,attrs=%x}", lat->luid.high_part, lat->luid.low_part, lat->attrs );
lat++;
if (--len) fputc( ',', stderr );
}
@ -3807,13 +3806,13 @@ static void dump_adjust_token_privileges_request( const struct adjust_token_priv
fprintf( stderr, " handle=%04x", req->handle );
fprintf( stderr, ", disable_all=%d", req->disable_all );
fprintf( stderr, ", get_modified_state=%d", req->get_modified_state );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size );
dump_varargs_luid_attr( ", privileges=", cur_size );
}
static void dump_adjust_token_privileges_reply( const struct adjust_token_privileges_reply *req )
{
fprintf( stderr, " len=%08x", req->len );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size );
dump_varargs_luid_attr( ", privileges=", cur_size );
}
static void dump_get_token_privileges_request( const struct get_token_privileges_request *req )
@ -3824,20 +3823,20 @@ static void dump_get_token_privileges_request( const struct get_token_privileges
static void dump_get_token_privileges_reply( const struct get_token_privileges_reply *req )
{
fprintf( stderr, " len=%08x", req->len );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size );
dump_varargs_luid_attr( ", privileges=", cur_size );
}
static void dump_check_token_privileges_request( const struct check_token_privileges_request *req )
{
fprintf( stderr, " handle=%04x", req->handle );
fprintf( stderr, ", all_required=%d", req->all_required );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size );
dump_varargs_luid_attr( ", privileges=", cur_size );
}
static void dump_check_token_privileges_reply( const struct check_token_privileges_reply *req )
{
fprintf( stderr, " has_privileges=%d", req->has_privileges );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size );
dump_varargs_luid_attr( ", privileges=", cur_size );
}
static void dump_duplicate_token_request( const struct duplicate_token_request *req )
@ -3859,7 +3858,7 @@ static void dump_filter_token_request( const struct filter_token_request *req )
fprintf( stderr, " handle=%04x", req->handle );
fprintf( stderr, ", flags=%08x", req->flags );
fprintf( stderr, ", privileges_size=%u", req->privileges_size );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", min(cur_size,req->privileges_size) );
dump_varargs_luid_attr( ", privileges=", min(cur_size,req->privileges_size) );
dump_varargs_SID( ", disable_sids=", cur_size );
}
@ -3881,7 +3880,7 @@ static void dump_access_check_reply( const struct access_check_reply *req )
fprintf( stderr, " access_granted=%08x", req->access_granted );
fprintf( stderr, ", access_status=%08x", req->access_status );
fprintf( stderr, ", privileges_len=%08x", req->privileges_len );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size );
dump_varargs_luid_attr( ", privileges=", cur_size );
}
static void dump_get_token_sid_request( const struct get_token_sid_request *req )

2
tools/make_requests
View File

@ -49,7 +49,7 @@ my %formats =
"apc_result_t" => [ 40, 8, "&dump_apc_result" ],
"async_data_t" => [ 40, 8, "&dump_async_data" ],
"irp_params_t" => [ 32, 8, "&dump_irp_params" ],
"luid_t" => [ 8, 4, "&dump_luid" ],
"struct luid" => [ 8, 4, "&dump_luid" ],
"generic_map_t" => [ 16, 4, "&dump_generic_map" ],
"ioctl_code_t" => [ 4, 4, "&dump_ioctl_code" ],
"hw_input_t" => [ 40, 8, "&dump_hw_input" ],