diff --git a/include/wine/server_protocol.h b/include/wine/server_protocol.h index 1d17a40530f..aebeebb877e 100644 --- a/include/wine/server_protocol.h +++ b/include/wine/server_protocol.h @@ -364,11 +364,17 @@ struct filesystem_event char name[1]; }; -typedef struct +struct luid { unsigned int low_part; int high_part; -} luid_t; +}; + +struct luid_attr +{ + struct luid luid; + unsigned int attrs; +}; typedef struct { @@ -4331,13 +4337,13 @@ struct adjust_token_privileges_request obj_handle_t handle; int disable_all; int get_modified_state; - /* VARARG(privileges,LUID_AND_ATTRIBUTES); */ + /* VARARG(privileges,luid_attr); */ }; struct adjust_token_privileges_reply { struct reply_header __header; unsigned int len; - /* VARARG(privileges,LUID_AND_ATTRIBUTES); */ + /* VARARG(privileges,luid_attr); */ char __pad_12[4]; }; @@ -4351,7 +4357,7 @@ struct get_token_privileges_reply { struct reply_header __header; unsigned int len; - /* VARARG(privileges,LUID_AND_ATTRIBUTES); */ + /* VARARG(privileges,luid_attr); */ char __pad_12[4]; }; @@ -4361,14 +4367,14 @@ struct check_token_privileges_request struct request_header __header; obj_handle_t handle; int all_required; - /* VARARG(privileges,LUID_AND_ATTRIBUTES); */ + /* VARARG(privileges,luid_attr); */ char __pad_20[4]; }; struct check_token_privileges_reply { struct reply_header __header; int has_privileges; - /* VARARG(privileges,LUID_AND_ATTRIBUTES); */ + /* VARARG(privileges,luid_attr); */ char __pad_12[4]; }; @@ -4395,7 +4401,7 @@ struct filter_token_request obj_handle_t handle; unsigned int flags; data_size_t privileges_size; - /* VARARG(privileges,LUID_AND_ATTRIBUTES,privileges_size); */ + /* VARARG(privileges,luid_attr,privileges_size); */ /* VARARG(disable_sids,SID); */ }; struct filter_token_reply @@ -4420,7 +4426,7 @@ struct access_check_reply unsigned int access_granted; unsigned int access_status; unsigned int privileges_len; - /* VARARG(privileges,LUID_AND_ATTRIBUTES); */ + /* VARARG(privileges,luid_attr); */ char __pad_20[4]; }; @@ -4732,7 +4738,7 @@ struct allocate_locally_unique_id_request struct allocate_locally_unique_id_reply { struct reply_header __header; - luid_t luid; + struct luid luid; }; @@ -4904,8 +4910,8 @@ struct get_token_info_request struct get_token_info_reply { struct reply_header __header; - luid_t token_id; - luid_t modified_id; + struct luid token_id; + struct luid modified_id; unsigned int session_id; int primary; int impersonation_level; @@ -6246,7 +6252,7 @@ union generic_reply /* ### protocol_version begin ### */ -#define SERVER_PROTOCOL_VERSION 739 +#define SERVER_PROTOCOL_VERSION 740 /* ### protocol_version end ### */ diff --git a/server/protocol.def b/server/protocol.def index db73f0418a9..b9e4eec1340 100644 --- a/server/protocol.def +++ b/server/protocol.def @@ -380,11 +380,17 @@ struct filesystem_event char name[1]; }; -typedef struct +struct luid { unsigned int low_part; int high_part; -} luid_t; +}; + +struct luid_attr +{ + struct luid luid; + unsigned int attrs; +}; typedef struct { @@ -3084,10 +3090,10 @@ enum caret_state obj_handle_t handle; /* handle to the token */ int disable_all; /* disable all privileges? */ int get_modified_state; /* get modified privileges? */ - VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges to enable/disable/remove */ + VARARG(privileges,luid_attr); /* privileges to enable/disable/remove */ @REPLY unsigned int len; /* total length in bytes required to store token privileges */ - VARARG(privileges,LUID_AND_ATTRIBUTES); /* modified privileges */ + VARARG(privileges,luid_attr); /* modified privileges */ @END /* Retrieves the set of privileges held by or available to a token */ @@ -3095,17 +3101,17 @@ enum caret_state obj_handle_t handle; /* handle to the token */ @REPLY unsigned int len; /* total length in bytes required to store token privileges */ - VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges held by or available to a token */ + VARARG(privileges,luid_attr); /* privileges held by or available to a token */ @END /* Check the token has the required privileges */ @REQ(check_token_privileges) obj_handle_t handle; /* handle to the token */ int all_required; /* are all the privileges required for the check to succeed? */ - VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges to check */ + VARARG(privileges,luid_attr); /* privileges to check */ @REPLY int has_privileges; /* does the token have the required privileges? */ - VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges held by or available to a token */ + VARARG(privileges,luid_attr); /* privileges held by or available to a token */ @END @REQ(duplicate_token) @@ -3122,7 +3128,7 @@ enum caret_state obj_handle_t handle; /* handle to the token to duplicate */ unsigned int flags; /* flags */ data_size_t privileges_size; /* size of privileges */ - VARARG(privileges,LUID_AND_ATTRIBUTES,privileges_size); /* privileges to remove from new token */ + VARARG(privileges,luid_attr,privileges_size); /* privileges to remove from new token */ VARARG(disable_sids,SID); /* array of groups to remove from new token */ @REPLY obj_handle_t new_handle; /* filtered handle */ @@ -3137,7 +3143,7 @@ enum caret_state unsigned int access_granted; /* access rights actually granted */ unsigned int access_status; /* was access granted? */ unsigned int privileges_len; /* length needed to store privileges */ - VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges used during access check */ + VARARG(privileges,luid_attr); /* privileges used during access check */ @END @REQ(get_token_sid) @@ -3321,7 +3327,7 @@ struct handle_info /* Allocate a locally-unique identifier */ @REQ(allocate_locally_unique_id) @REPLY - luid_t luid; + struct luid luid; @END @@ -3423,8 +3429,8 @@ struct handle_info @REQ(get_token_info) obj_handle_t handle; /* handle to the object */ @REPLY - luid_t token_id; /* locally-unique identifier of the token */ - luid_t modified_id; /* locally-unique identifier of the modified version of the token */ + struct luid token_id; /* locally-unique identifier of the token */ + struct luid modified_id; /* locally-unique identifier of the modified version of the token */ unsigned int session_id; /* token session id */ int primary; /* is the token primary or impersonation? */ int impersonation_level; /* level of impersonation */ diff --git a/server/registry.c b/server/registry.c index b00abdbc004..6036dfbd41a 100644 --- a/server/registry.c +++ b/server/registry.c @@ -2303,7 +2303,7 @@ DECL_HANDLER(load_registry) if (!objattr) return; - if (!thread_single_check_privilege( current, &SeRestorePrivilege )) + if (!thread_single_check_privilege( current, SeRestorePrivilege )) { set_error( STATUS_PRIVILEGE_NOT_HELD ); return; @@ -2334,7 +2334,7 @@ DECL_HANDLER(unload_registry) struct unicode_str name; unsigned int access = 0; - if (!thread_single_check_privilege( current, &SeRestorePrivilege )) + if (!thread_single_check_privilege( current, SeRestorePrivilege )) { set_error( STATUS_PRIVILEGE_NOT_HELD ); return; @@ -2362,7 +2362,7 @@ DECL_HANDLER(save_registry) { struct key *key; - if (!thread_single_check_privilege( current, &SeBackupPrivilege )) + if (!thread_single_check_privilege( current, SeBackupPrivilege )) { set_error( STATUS_PRIVILEGE_NOT_HELD ); return; diff --git a/server/request.h b/server/request.h index 3c455799d54..2b89fc1786d 100644 --- a/server/request.h +++ b/server/request.h @@ -692,13 +692,13 @@ C_ASSERT( sizeof(int) == 4 ); C_ASSERT( sizeof(ioctl_code_t) == 4 ); C_ASSERT( sizeof(irp_params_t) == 32 ); C_ASSERT( sizeof(lparam_t) == 8 ); -C_ASSERT( sizeof(luid_t) == 8 ); C_ASSERT( sizeof(mem_size_t) == 8 ); C_ASSERT( sizeof(mod_handle_t) == 8 ); C_ASSERT( sizeof(obj_handle_t) == 4 ); C_ASSERT( sizeof(process_id_t) == 4 ); C_ASSERT( sizeof(rectangle_t) == 16 ); C_ASSERT( sizeof(short int) == 2 ); +C_ASSERT( sizeof(struct luid) == 8 ); C_ASSERT( sizeof(thread_id_t) == 4 ); C_ASSERT( sizeof(timeout_t) == 8 ); C_ASSERT( sizeof(unsigned char) == 1 ); diff --git a/server/security.h b/server/security.h index 2f5c2b0c694..54f57f309e3 100644 --- a/server/security.h +++ b/server/security.h @@ -23,26 +23,26 @@ #include -extern const LUID SeIncreaseQuotaPrivilege; -extern const LUID SeSecurityPrivilege; -extern const LUID SeTakeOwnershipPrivilege; -extern const LUID SeLoadDriverPrivilege; -extern const LUID SeSystemProfilePrivilege; -extern const LUID SeSystemtimePrivilege; -extern const LUID SeProfileSingleProcessPrivilege; -extern const LUID SeIncreaseBasePriorityPrivilege; -extern const LUID SeCreatePagefilePrivilege; -extern const LUID SeBackupPrivilege; -extern const LUID SeRestorePrivilege; -extern const LUID SeShutdownPrivilege; -extern const LUID SeDebugPrivilege; -extern const LUID SeSystemEnvironmentPrivilege; -extern const LUID SeChangeNotifyPrivilege; -extern const LUID SeRemoteShutdownPrivilege; -extern const LUID SeUndockPrivilege; -extern const LUID SeManageVolumePrivilege; -extern const LUID SeImpersonatePrivilege; -extern const LUID SeCreateGlobalPrivilege; +extern const struct luid SeIncreaseQuotaPrivilege; +extern const struct luid SeSecurityPrivilege; +extern const struct luid SeTakeOwnershipPrivilege; +extern const struct luid SeLoadDriverPrivilege; +extern const struct luid SeSystemProfilePrivilege; +extern const struct luid SeSystemtimePrivilege; +extern const struct luid SeProfileSingleProcessPrivilege; +extern const struct luid SeIncreaseBasePriorityPrivilege; +extern const struct luid SeCreatePagefilePrivilege; +extern const struct luid SeBackupPrivilege; +extern const struct luid SeRestorePrivilege; +extern const struct luid SeShutdownPrivilege; +extern const struct luid SeDebugPrivilege; +extern const struct luid SeSystemEnvironmentPrivilege; +extern const struct luid SeChangeNotifyPrivilege; +extern const struct luid SeRemoteShutdownPrivilege; +extern const struct luid SeUndockPrivilege; +extern const struct luid SeManageVolumePrivilege; +extern const struct luid SeImpersonatePrivilege; +extern const struct luid SeCreateGlobalPrivilege; extern const PSID security_world_sid; extern const PSID security_local_user_sid; @@ -60,11 +60,11 @@ extern struct token *token_create_admin( unsigned primary, int impersonation_lev extern int token_assign_label( struct token *token, PSID label ); extern struct token *token_duplicate( struct token *src_token, unsigned primary, int impersonation_level, const struct security_descriptor *sd, - const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count, + const struct luid_attr *remove_privs, unsigned int remove_priv_count, const SID *remove_groups, unsigned int remove_group_count ); extern int token_check_privileges( struct token *token, int all_required, - const LUID_AND_ATTRIBUTES *reqprivs, - unsigned int count, LUID_AND_ATTRIBUTES *usedprivs); + const struct luid_attr *reqprivs, + unsigned int count, struct luid_attr *usedprivs ); extern const ACL *token_get_default_dacl( struct token *token ); extern const SID *token_get_user( struct token *token ); extern const SID *token_get_primary_group( struct token *token ); @@ -91,10 +91,10 @@ extern void security_set_thread_token( struct thread *thread, obj_handle_t handl extern const SID *security_unix_uid_to_sid( uid_t uid ); extern int check_object_access( struct token *token, struct object *obj, unsigned int *access ); -static inline int thread_single_check_privilege( struct thread *thread, const LUID *priv) +static inline int thread_single_check_privilege( struct thread *thread, struct luid priv ) { struct token *token = thread_get_impersonation_token( thread ); - const LUID_AND_ATTRIBUTES privs = { *priv, 0 }; + const struct luid_attr privs = { priv, 0 }; if (!token) return FALSE; diff --git a/server/token.c b/server/token.c index 820a7a0e07d..f9aea331329 100644 --- a/server/token.c +++ b/server/token.c @@ -42,27 +42,27 @@ #define MAX_SUBAUTH_COUNT 1 -const LUID SeIncreaseQuotaPrivilege = { 5, 0 }; -const LUID SeTcbPrivilege = { 7, 0 }; -const LUID SeSecurityPrivilege = { 8, 0 }; -const LUID SeTakeOwnershipPrivilege = { 9, 0 }; -const LUID SeLoadDriverPrivilege = { 10, 0 }; -const LUID SeSystemProfilePrivilege = { 11, 0 }; -const LUID SeSystemtimePrivilege = { 12, 0 }; -const LUID SeProfileSingleProcessPrivilege = { 13, 0 }; -const LUID SeIncreaseBasePriorityPrivilege = { 14, 0 }; -const LUID SeCreatePagefilePrivilege = { 15, 0 }; -const LUID SeBackupPrivilege = { 17, 0 }; -const LUID SeRestorePrivilege = { 18, 0 }; -const LUID SeShutdownPrivilege = { 19, 0 }; -const LUID SeDebugPrivilege = { 20, 0 }; -const LUID SeSystemEnvironmentPrivilege = { 22, 0 }; -const LUID SeChangeNotifyPrivilege = { 23, 0 }; -const LUID SeRemoteShutdownPrivilege = { 24, 0 }; -const LUID SeUndockPrivilege = { 25, 0 }; -const LUID SeManageVolumePrivilege = { 28, 0 }; -const LUID SeImpersonatePrivilege = { 29, 0 }; -const LUID SeCreateGlobalPrivilege = { 30, 0 }; +const struct luid SeIncreaseQuotaPrivilege = { 5, 0 }; +const struct luid SeTcbPrivilege = { 7, 0 }; +const struct luid SeSecurityPrivilege = { 8, 0 }; +const struct luid SeTakeOwnershipPrivilege = { 9, 0 }; +const struct luid SeLoadDriverPrivilege = { 10, 0 }; +const struct luid SeSystemProfilePrivilege = { 11, 0 }; +const struct luid SeSystemtimePrivilege = { 12, 0 }; +const struct luid SeProfileSingleProcessPrivilege = { 13, 0 }; +const struct luid SeIncreaseBasePriorityPrivilege = { 14, 0 }; +const struct luid SeCreatePagefilePrivilege = { 15, 0 }; +const struct luid SeBackupPrivilege = { 17, 0 }; +const struct luid SeRestorePrivilege = { 18, 0 }; +const struct luid SeShutdownPrivilege = { 19, 0 }; +const struct luid SeDebugPrivilege = { 20, 0 }; +const struct luid SeSystemEnvironmentPrivilege = { 22, 0 }; +const struct luid SeChangeNotifyPrivilege = { 23, 0 }; +const struct luid SeRemoteShutdownPrivilege = { 24, 0 }; +const struct luid SeUndockPrivilege = { 25, 0 }; +const struct luid SeManageVolumePrivilege = { 28, 0 }; +const struct luid SeImpersonatePrivilege = { 29, 0 }; +const struct luid SeCreateGlobalPrivilege = { 30, 0 }; #define SID_N(n) struct /* same fields as struct SID */ \ { \ @@ -96,7 +96,7 @@ const PSID security_builtin_users_sid = (PSID)&builtin_users_sid; const PSID security_domain_users_sid = (PSID)&domain_users_sid; const PSID security_high_label_sid = (PSID)&high_label_sid; -static luid_t prev_luid_value = { 1000, 0 }; +static struct luid prev_luid_value = { 1000, 0 }; static const WCHAR token_name[] = {'T','o','k','e','n'}; @@ -116,8 +116,8 @@ struct type_descr token_type = struct token { struct object obj; /* object header */ - luid_t token_id; /* system-unique id of token */ - luid_t modified_id; /* new id allocated every time token is modified */ + struct luid token_id; /* system-unique id of token */ + struct luid modified_id; /* new id allocated every time token is modified */ struct list privileges; /* privileges available to the token */ struct list groups; /* groups that the user of this token belongs to (sid_and_attributes) */ SID *user; /* SID of user this token represents */ @@ -134,7 +134,7 @@ struct token struct privilege { struct list entry; - LUID luid; + struct luid luid; unsigned enabled : 1; /* is the privilege currently enabled? */ unsigned def : 1; /* is the privilege enabled by default? */ }; @@ -463,12 +463,12 @@ ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl ) return replaced_acl; } -static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 ) +static inline int is_equal_luid( struct luid luid1, struct luid luid2 ) { - return (luid1->LowPart == luid2->LowPart && luid1->HighPart == luid2->HighPart); + return (luid1.low_part == luid2.low_part && luid1.high_part == luid2.high_part); } -static inline void allocate_luid( luid_t *luid ) +static inline void allocate_luid( struct luid *luid ) { prev_luid_value.low_part++; *luid = prev_luid_value; @@ -479,20 +479,21 @@ DECL_HANDLER( allocate_locally_unique_id ) allocate_luid( &reply->luid ); } -static inline void luid_and_attr_from_privilege( LUID_AND_ATTRIBUTES *out, const struct privilege *in) +static inline struct luid_attr luid_and_attr_from_privilege( const struct privilege *in ) { - out->Luid = in->luid; - out->Attributes = - (in->enabled ? SE_PRIVILEGE_ENABLED : 0) | - (in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0); + struct luid_attr ret = { in->luid }; + + ret.attrs = (in->enabled ? SE_PRIVILEGE_ENABLED : 0) | + (in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0); + return ret; } -static struct privilege *privilege_add( struct token *token, const LUID *luid, int enabled ) +static struct privilege *privilege_add( struct token *token, struct luid luid, int enabled ) { struct privilege *privilege = mem_alloc( sizeof(*privilege) ); if (privilege) { - privilege->luid = *luid; + privilege->luid = luid; privilege->def = privilege->enabled = (enabled != 0); list_add_tail( &token->privileges, &privilege->entry ); } @@ -541,9 +542,9 @@ static void token_destroy( struct object *obj ) */ static struct token *create_token( unsigned int primary, unsigned int session_id, const SID *user, const SID_AND_ATTRIBUTES *groups, unsigned int group_count, - const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count, + const struct luid_attr *privs, unsigned int priv_count, const ACL *default_dacl, TOKEN_SOURCE source, - const luid_t *modified_id, + const struct luid *modified_id, int impersonation_level, int elevation ) { struct token *token = alloc_object( &token_ops ); @@ -610,8 +611,7 @@ static struct token *create_token( unsigned int primary, unsigned int session_id { /* note: we don't check uniqueness: the caller must make sure * privs doesn't contain any duplicate luids */ - if (!privilege_add( token, &privs[i].Luid, - privs[i].Attributes & SE_PRIVILEGE_ENABLED )) + if (!privilege_add( token, privs[i].luid, privs[i].attrs & SE_PRIVILEGE_ENABLED )) { release_object( token ); return NULL; @@ -646,25 +646,22 @@ static int filter_group( struct group *group, const SID *filter, unsigned int co return 0; } -static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBUTES *filter, unsigned int count ) +static int filter_privilege( struct privilege *privilege, const struct luid_attr *filter, unsigned int count ) { unsigned int i; for (i = 0; i < count; i++) - { - if (!memcmp( &privilege->luid, &filter[i].Luid, sizeof(LUID) )) - return 1; - } + if (is_equal_luid( privilege->luid, filter[i].luid )) return 1; return 0; } struct token *token_duplicate( struct token *src_token, unsigned primary, int impersonation_level, const struct security_descriptor *sd, - const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count, + const struct luid_attr *remove_privs, unsigned int remove_priv_count, const SID *remove_groups, unsigned int remove_group_count) { - const luid_t *modified_id = + const struct luid *modified_id = primary || (impersonation_level == src_token->impersonation_level) ? &src_token->modified_id : NULL; struct token *token = NULL; @@ -717,7 +714,7 @@ struct token *token_duplicate( struct token *src_token, unsigned primary, LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry ) { if (filter_privilege( privilege, remove_privs, remove_priv_count )) continue; - if (!privilege_add( token, &privilege->luid, privilege->enabled )) + if (!privilege_add( token, privilege->luid, privilege->enabled )) { release_object( token ); return NULL; @@ -855,7 +852,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl) { - const LUID_AND_ATTRIBUTES admin_privs[] = + const struct luid_attr admin_privs[] = { { SeChangeNotifyPrivilege , SE_PRIVILEGE_ENABLED }, { SeTcbPrivilege , 0 }, @@ -908,12 +905,12 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int return token; } -static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only ) +static struct privilege *token_find_privilege( struct token *token, struct luid luid, int enabled_only ) { struct privilege *privilege; LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry ) { - if (is_equal_luid( luid, &privilege->luid )) + if (is_equal_luid( luid, privilege->luid )) { if (enabled_only && !privilege->enabled) return NULL; @@ -923,8 +920,8 @@ static struct privilege *token_find_privilege( struct token *token, const LUID * return NULL; } -static unsigned int token_adjust_privileges( struct token *token, const LUID_AND_ATTRIBUTES *privs, - unsigned int count, LUID_AND_ATTRIBUTES *mod_privs, +static unsigned int token_adjust_privileges( struct token *token, const struct luid_attr *privs, + unsigned int count, struct luid_attr *mod_privs, unsigned int mod_privs_count ) { unsigned int i, modified_count = 0; @@ -934,31 +931,24 @@ static unsigned int token_adjust_privileges( struct token *token, const LUID_AND for (i = 0; i < count; i++) { - struct privilege *privilege = - token_find_privilege( token, &privs[i].Luid, FALSE ); + struct privilege *privilege = token_find_privilege( token, privs[i].luid, FALSE ); if (!privilege) { set_error( STATUS_NOT_ALL_ASSIGNED ); continue; } - if (privs[i].Attributes & SE_PRIVILEGE_REMOVED) - privilege_remove( privilege ); + if (privs[i].attrs & SE_PRIVILEGE_REMOVED) privilege_remove( privilege ); else { /* save previous state for caller */ if (mod_privs_count) { - luid_and_attr_from_privilege(mod_privs, privilege); - mod_privs++; + *mod_privs++ = luid_and_attr_from_privilege( privilege ); mod_privs_count--; modified_count++; } - - if (privs[i].Attributes & SE_PRIVILEGE_ENABLED) - privilege->enabled = TRUE; - else - privilege->enabled = FALSE; + privilege->enabled = !!(privs[i].attrs & SE_PRIVILEGE_ENABLED); } } return modified_count; @@ -975,16 +965,14 @@ static void token_disable_privileges( struct token *token ) privilege->enabled = FALSE; } -int token_check_privileges( struct token *token, int all_required, - const LUID_AND_ATTRIBUTES *reqprivs, - unsigned int count, LUID_AND_ATTRIBUTES *usedprivs) +int token_check_privileges( struct token *token, int all_required, const struct luid_attr *reqprivs, + unsigned int count, struct luid_attr *usedprivs) { unsigned int i, enabled_count = 0; for (i = 0; i < count; i++) { - struct privilege *privilege = - token_find_privilege( token, &reqprivs[i].Luid, TRUE ); + struct privilege *privilege = token_find_privilege( token, reqprivs[i].luid, TRUE ); if (usedprivs) usedprivs[i] = reqprivs[i]; @@ -992,8 +980,7 @@ int token_check_privileges( struct token *token, int all_required, if (privilege && privilege->enabled) { enabled_count++; - if (usedprivs) - usedprivs[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS; + if (usedprivs) usedprivs[i].attrs |= SE_PRIVILEGE_USED_FOR_ACCESS; } } @@ -1029,7 +1016,7 @@ int token_sid_present( struct token *token, const SID *sid, int deny ) static unsigned int token_access_check( struct token *token, const struct security_descriptor *sd, unsigned int desired_access, - LUID_AND_ATTRIBUTES *privs, + struct luid_attr *privs, unsigned int *priv_count, const generic_map_t *mapping, unsigned int *granted_access, @@ -1076,8 +1063,8 @@ static unsigned int token_access_check( struct token *token, * is only granted if specifically asked for */ if (desired_access & ACCESS_SYSTEM_SECURITY) { - const LUID_AND_ATTRIBUTES security_priv = { SeSecurityPrivilege, 0 }; - LUID_AND_ATTRIBUTES retpriv = security_priv; + const struct luid_attr security_priv = { SeSecurityPrivilege, 0 }; + struct luid_attr retpriv = security_priv; if (token_check_privileges( token, TRUE, &security_priv, 1, &retpriv )) { if (priv_count) @@ -1282,9 +1269,9 @@ DECL_HANDLER(adjust_token_privileges) if ((token = (struct token *)get_handle_obj( current->process, req->handle, access, &token_ops ))) { - const LUID_AND_ATTRIBUTES *privs = get_req_data(); - LUID_AND_ATTRIBUTES *modified_privs = NULL; - unsigned int priv_count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES); + const struct luid_attr *privs = get_req_data(); + struct luid_attr *modified_privs = NULL; + unsigned int priv_count = get_req_data_size() / sizeof(*privs); unsigned int modified_priv_count = 0; if (req->get_modified_state && !req->disable_all) @@ -1293,8 +1280,7 @@ DECL_HANDLER(adjust_token_privileges) /* count modified privs */ for (i = 0; i < priv_count; i++) { - struct privilege *privilege = - token_find_privilege( token, &privs[i].Luid, FALSE ); + struct privilege *privilege = token_find_privilege( token, privs[i].luid, FALSE ); if (privilege && req->get_modified_state) modified_priv_count++; } @@ -1324,7 +1310,7 @@ DECL_HANDLER(get_token_privileges) &token_ops ))) { int priv_count = 0; - LUID_AND_ATTRIBUTES *privs; + struct luid_attr *privs; struct privilege *privilege; LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry ) @@ -1335,14 +1321,8 @@ DECL_HANDLER(get_token_privileges) { privs = set_reply_data_size( priv_count * sizeof(*privs) ); if (privs) - { - int i = 0; LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry ) - { - luid_and_attr_from_privilege( &privs[i], privilege ); - i++; - } - } + *privs++ = luid_and_attr_from_privilege( privilege ); } else set_error(STATUS_BUFFER_TOO_SMALL); @@ -1383,14 +1363,14 @@ DECL_HANDLER(filter_token) if ((src_token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_DUPLICATE, &token_ops ))) { - const LUID_AND_ATTRIBUTES *filter_privileges = get_req_data(); + const struct luid_attr *filter_privileges = get_req_data(); unsigned int priv_count, group_count; const SID *filter_groups; struct token *token; - priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(LUID_AND_ATTRIBUTES); - filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(LUID_AND_ATTRIBUTES)); - group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) ); + priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(struct luid_attr); + filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(struct luid_attr)); + group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(struct luid_attr) ); token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL, filter_privileges, priv_count, filter_groups, group_count ); @@ -1413,13 +1393,13 @@ DECL_HANDLER(check_token_privileges) TOKEN_QUERY, &token_ops ))) { - unsigned int count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES); + unsigned int count = get_req_data_size() / sizeof(struct luid_attr); if (!token->primary && token->impersonation_level <= SecurityAnonymous) set_error( STATUS_BAD_IMPERSONATION_LEVEL ); - else if (get_reply_max_size() >= count * sizeof(LUID_AND_ATTRIBUTES)) + else if (get_reply_max_size() >= count * sizeof(struct luid_attr)) { - LUID_AND_ATTRIBUTES *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) ); + struct luid_attr *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) ); reply->has_privileges = token_check_privileges( token, req->all_required, get_req_data(), count, usedprivs ); } else @@ -1447,7 +1427,7 @@ DECL_HANDLER(access_check) &token_ops ))) { unsigned int status; - LUID_AND_ATTRIBUTES priv; + struct luid_attr priv; unsigned int priv_count = 1; memset(&priv, 0, sizeof(priv)); @@ -1470,11 +1450,11 @@ DECL_HANDLER(access_check) status = token_access_check( token, sd, req->desired_access, &priv, &priv_count, &req->mapping, &reply->access_granted, &reply->access_status ); - reply->privileges_len = priv_count*sizeof(LUID_AND_ATTRIBUTES); + reply->privileges_len = priv_count*sizeof(struct luid_attr); if ((priv_count > 0) && (reply->privileges_len <= get_reply_max_size())) { - LUID_AND_ATTRIBUTES *privs = set_reply_data_size( priv_count * sizeof(*privs) ); + struct luid_attr *privs = set_reply_data_size( priv_count * sizeof(*privs) ); memcpy( privs, &priv, sizeof(priv) ); } diff --git a/server/trace.c b/server/trace.c index a48f00258fe..42c0e2bd5e1 100644 --- a/server/trace.c +++ b/server/trace.c @@ -457,7 +457,7 @@ static void dump_hw_input( const char *prefix, const hw_input_t *input ) } } -static void dump_luid( const char *prefix, const luid_t *luid ) +static void dump_luid( const char *prefix, const struct luid *luid ) { fprintf( stderr, "%s%d.%u", prefix, luid->high_part, luid->low_part ); } @@ -999,16 +999,15 @@ static void dump_varargs_properties( const char *prefix, data_size_t size ) remove_data( size ); } -static void dump_varargs_LUID_AND_ATTRIBUTES( const char *prefix, data_size_t size ) +static void dump_varargs_luid_attr( const char *prefix, data_size_t size ) { - const LUID_AND_ATTRIBUTES *lat = cur_data; + const struct luid_attr *lat = cur_data; data_size_t len = size / sizeof(*lat); fprintf( stderr,"%s{", prefix ); while (len > 0) { - fprintf( stderr, "{luid=%08x%08x,attr=%x}", - lat->Luid.HighPart, lat->Luid.LowPart, lat->Attributes ); + fprintf( stderr, "{luid=%08x%08x,attrs=%x}", lat->luid.high_part, lat->luid.low_part, lat->attrs ); lat++; if (--len) fputc( ',', stderr ); } @@ -3807,13 +3806,13 @@ static void dump_adjust_token_privileges_request( const struct adjust_token_priv fprintf( stderr, " handle=%04x", req->handle ); fprintf( stderr, ", disable_all=%d", req->disable_all ); fprintf( stderr, ", get_modified_state=%d", req->get_modified_state ); - dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); + dump_varargs_luid_attr( ", privileges=", cur_size ); } static void dump_adjust_token_privileges_reply( const struct adjust_token_privileges_reply *req ) { fprintf( stderr, " len=%08x", req->len ); - dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); + dump_varargs_luid_attr( ", privileges=", cur_size ); } static void dump_get_token_privileges_request( const struct get_token_privileges_request *req ) @@ -3824,20 +3823,20 @@ static void dump_get_token_privileges_request( const struct get_token_privileges static void dump_get_token_privileges_reply( const struct get_token_privileges_reply *req ) { fprintf( stderr, " len=%08x", req->len ); - dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); + dump_varargs_luid_attr( ", privileges=", cur_size ); } static void dump_check_token_privileges_request( const struct check_token_privileges_request *req ) { fprintf( stderr, " handle=%04x", req->handle ); fprintf( stderr, ", all_required=%d", req->all_required ); - dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); + dump_varargs_luid_attr( ", privileges=", cur_size ); } static void dump_check_token_privileges_reply( const struct check_token_privileges_reply *req ) { fprintf( stderr, " has_privileges=%d", req->has_privileges ); - dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); + dump_varargs_luid_attr( ", privileges=", cur_size ); } static void dump_duplicate_token_request( const struct duplicate_token_request *req ) @@ -3859,7 +3858,7 @@ static void dump_filter_token_request( const struct filter_token_request *req ) fprintf( stderr, " handle=%04x", req->handle ); fprintf( stderr, ", flags=%08x", req->flags ); fprintf( stderr, ", privileges_size=%u", req->privileges_size ); - dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", min(cur_size,req->privileges_size) ); + dump_varargs_luid_attr( ", privileges=", min(cur_size,req->privileges_size) ); dump_varargs_SID( ", disable_sids=", cur_size ); } @@ -3881,7 +3880,7 @@ static void dump_access_check_reply( const struct access_check_reply *req ) fprintf( stderr, " access_granted=%08x", req->access_granted ); fprintf( stderr, ", access_status=%08x", req->access_status ); fprintf( stderr, ", privileges_len=%08x", req->privileges_len ); - dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); + dump_varargs_luid_attr( ", privileges=", cur_size ); } static void dump_get_token_sid_request( const struct get_token_sid_request *req ) diff --git a/tools/make_requests b/tools/make_requests index 1c4e5977c8b..158b2006ae5 100755 --- a/tools/make_requests +++ b/tools/make_requests @@ -49,7 +49,7 @@ my %formats = "apc_result_t" => [ 40, 8, "&dump_apc_result" ], "async_data_t" => [ 40, 8, "&dump_async_data" ], "irp_params_t" => [ 32, 8, "&dump_irp_params" ], - "luid_t" => [ 8, 4, "&dump_luid" ], + "struct luid" => [ 8, 4, "&dump_luid" ], "generic_map_t" => [ 16, 4, "&dump_generic_map" ], "ioctl_code_t" => [ 4, 4, "&dump_ioctl_code" ], "hw_input_t" => [ 40, 8, "&dump_hw_input" ],