ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server: Define a server-side structure for LUID_AND_ATTRIBUTES. 

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Alexandre Julliard 2022-01-25 11:55:40 +01:00
parent 83064d1500
commit 7d7322671c
8 changed files with 154 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
include/wine/server_protocol.h
View File

@ -364,11 +364,17 @@ struct filesystem_event
char name[1]; char name[1];
}; };
typedef struct struct luid
{ {
unsigned int low_part; unsigned int low_part;
int high_part; int high_part;
} luid_t; };
struct luid_attr
{
struct luid luid;
unsigned int attrs;
};
typedef struct typedef struct
{ {
@ -4331,13 +4337,13 @@ struct adjust_token_privileges_request
obj_handle_t handle; obj_handle_t handle;
int disable_all; int disable_all;
int get_modified_state; int get_modified_state;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */ /* VARARG(privileges,luid_attr); */
}; };
struct adjust_token_privileges_reply struct adjust_token_privileges_reply
{ {
struct reply_header __header; struct reply_header __header;
unsigned int len; unsigned int len;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */ /* VARARG(privileges,luid_attr); */
char __pad_12[4]; char __pad_12[4];
}; };
@ -4351,7 +4357,7 @@ struct get_token_privileges_reply
{ {
struct reply_header __header; struct reply_header __header;
unsigned int len; unsigned int len;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */ /* VARARG(privileges,luid_attr); */
char __pad_12[4]; char __pad_12[4];
}; };
@ -4361,14 +4367,14 @@ struct check_token_privileges_request
struct request_header __header; struct request_header __header;
obj_handle_t handle; obj_handle_t handle;
int all_required; int all_required;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */ /* VARARG(privileges,luid_attr); */
char __pad_20[4]; char __pad_20[4];
}; };
struct check_token_privileges_reply struct check_token_privileges_reply
{ {
struct reply_header __header; struct reply_header __header;
int has_privileges; int has_privileges;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */ /* VARARG(privileges,luid_attr); */
char __pad_12[4]; char __pad_12[4];
}; };
@ -4395,7 +4401,7 @@ struct filter_token_request
obj_handle_t handle; obj_handle_t handle;
unsigned int flags; unsigned int flags;
data_size_t privileges_size; data_size_t privileges_size;
/* VARARG(privileges,LUID_AND_ATTRIBUTES,privileges_size); */ /* VARARG(privileges,luid_attr,privileges_size); */
/* VARARG(disable_sids,SID); */ /* VARARG(disable_sids,SID); */
}; };
struct filter_token_reply struct filter_token_reply
@ -4420,7 +4426,7 @@ struct access_check_reply
unsigned int access_granted; unsigned int access_granted;
unsigned int access_status; unsigned int access_status;
unsigned int privileges_len; unsigned int privileges_len;
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */ /* VARARG(privileges,luid_attr); */
char __pad_20[4]; char __pad_20[4];
}; };
@ -4732,7 +4738,7 @@ struct allocate_locally_unique_id_request
struct allocate_locally_unique_id_reply struct allocate_locally_unique_id_reply
{ {
struct reply_header __header; struct reply_header __header;
luid_t luid; struct luid luid;
}; };
@ -4904,8 +4910,8 @@ struct get_token_info_request
struct get_token_info_reply struct get_token_info_reply
{ {
struct reply_header __header; struct reply_header __header;
luid_t token_id; struct luid token_id;
luid_t modified_id; struct luid modified_id;
unsigned int session_id; unsigned int session_id;
int primary; int primary;
int impersonation_level; int impersonation_level;
@ -6246,7 +6252,7 @@ union generic_reply
/* ### protocol_version begin ### */ /* ### protocol_version begin ### */
#define SERVER_PROTOCOL_VERSION 739 #define SERVER_PROTOCOL_VERSION 740
/* ### protocol_version end ### */ /* ### protocol_version end ### */

30
server/protocol.def
View File

@ -380,11 +380,17 @@ struct filesystem_event
char name[1]; char name[1];
}; };
typedef struct struct luid
{ {
unsigned int low_part; unsigned int low_part;
int high_part; int high_part;
} luid_t; };
struct luid_attr
{
struct luid luid;
unsigned int attrs;
};
typedef struct typedef struct
{ {
@ -3084,10 +3090,10 @@ enum caret_state
obj_handle_t handle; /* handle to the token */ obj_handle_t handle; /* handle to the token */
int disable_all; /* disable all privileges? */ int disable_all; /* disable all privileges? */
int get_modified_state; /* get modified privileges? */ int get_modified_state; /* get modified privileges? */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges to enable/disable/remove */ VARARG(privileges,luid_attr); /* privileges to enable/disable/remove */
@REPLY @REPLY
unsigned int len; /* total length in bytes required to store token privileges */ unsigned int len; /* total length in bytes required to store token privileges */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* modified privileges */ VARARG(privileges,luid_attr); /* modified privileges */
@END @END
/* Retrieves the set of privileges held by or available to a token */ /* Retrieves the set of privileges held by or available to a token */
@ -3095,17 +3101,17 @@ enum caret_state
obj_handle_t handle; /* handle to the token */ obj_handle_t handle; /* handle to the token */
@REPLY @REPLY
unsigned int len; /* total length in bytes required to store token privileges */ unsigned int len; /* total length in bytes required to store token privileges */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges held by or available to a token */ VARARG(privileges,luid_attr); /* privileges held by or available to a token */
@END @END
/* Check the token has the required privileges */ /* Check the token has the required privileges */
@REQ(check_token_privileges) @REQ(check_token_privileges)
obj_handle_t handle; /* handle to the token */ obj_handle_t handle; /* handle to the token */
int all_required; /* are all the privileges required for the check to succeed? */ int all_required; /* are all the privileges required for the check to succeed? */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges to check */ VARARG(privileges,luid_attr); /* privileges to check */
@REPLY @REPLY
int has_privileges; /* does the token have the required privileges? */ int has_privileges; /* does the token have the required privileges? */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges held by or available to a token */ VARARG(privileges,luid_attr); /* privileges held by or available to a token */
@END @END
@REQ(duplicate_token) @REQ(duplicate_token)
@ -3122,7 +3128,7 @@ enum caret_state
obj_handle_t handle; /* handle to the token to duplicate */ obj_handle_t handle; /* handle to the token to duplicate */
unsigned int flags; /* flags */ unsigned int flags; /* flags */
data_size_t privileges_size; /* size of privileges */ data_size_t privileges_size; /* size of privileges */
VARARG(privileges,LUID_AND_ATTRIBUTES,privileges_size); /* privileges to remove from new token */ VARARG(privileges,luid_attr,privileges_size); /* privileges to remove from new token */
VARARG(disable_sids,SID); /* array of groups to remove from new token */ VARARG(disable_sids,SID); /* array of groups to remove from new token */
@REPLY @REPLY
obj_handle_t new_handle; /* filtered handle */ obj_handle_t new_handle; /* filtered handle */
@ -3137,7 +3143,7 @@ enum caret_state
unsigned int access_granted; /* access rights actually granted */ unsigned int access_granted; /* access rights actually granted */
unsigned int access_status; /* was access granted? */ unsigned int access_status; /* was access granted? */
unsigned int privileges_len; /* length needed to store privileges */ unsigned int privileges_len; /* length needed to store privileges */
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges used during access check */ VARARG(privileges,luid_attr); /* privileges used during access check */
@END @END
@REQ(get_token_sid) @REQ(get_token_sid)
@ -3321,7 +3327,7 @@ struct handle_info
/* Allocate a locally-unique identifier */ /* Allocate a locally-unique identifier */
@REQ(allocate_locally_unique_id) @REQ(allocate_locally_unique_id)
@REPLY @REPLY
luid_t luid; struct luid luid;
@END @END
@ -3423,8 +3429,8 @@ struct handle_info
@REQ(get_token_info) @REQ(get_token_info)
obj_handle_t handle; /* handle to the object */ obj_handle_t handle; /* handle to the object */
@REPLY @REPLY
luid_t token_id; /* locally-unique identifier of the token */ struct luid token_id; /* locally-unique identifier of the token */
luid_t modified_id; /* locally-unique identifier of the modified version of the token */ struct luid modified_id; /* locally-unique identifier of the modified version of the token */
unsigned int session_id; /* token session id */ unsigned int session_id; /* token session id */
int primary; /* is the token primary or impersonation? */ int primary; /* is the token primary or impersonation? */
int impersonation_level; /* level of impersonation */ int impersonation_level; /* level of impersonation */

6
server/registry.c
View File

@ -2303,7 +2303,7 @@ DECL_HANDLER(load_registry)
if (!objattr) return; if (!objattr) return;
if (!thread_single_check_privilege( current, &SeRestorePrivilege )) if (!thread_single_check_privilege( current, SeRestorePrivilege ))
{ {
set_error( STATUS_PRIVILEGE_NOT_HELD ); set_error( STATUS_PRIVILEGE_NOT_HELD );
return; return;
@ -2334,7 +2334,7 @@ DECL_HANDLER(unload_registry)
struct unicode_str name; struct unicode_str name;
unsigned int access = 0; unsigned int access = 0;
if (!thread_single_check_privilege( current, &SeRestorePrivilege )) if (!thread_single_check_privilege( current, SeRestorePrivilege ))
{ {
set_error( STATUS_PRIVILEGE_NOT_HELD ); set_error( STATUS_PRIVILEGE_NOT_HELD );
return; return;
@ -2362,7 +2362,7 @@ DECL_HANDLER(save_registry)
{ {
struct key *key; struct key *key;
if (!thread_single_check_privilege( current, &SeBackupPrivilege )) if (!thread_single_check_privilege( current, SeBackupPrivilege ))
{ {
set_error( STATUS_PRIVILEGE_NOT_HELD ); set_error( STATUS_PRIVILEGE_NOT_HELD );
return; return;

2
server/request.h
View File

@ -692,13 +692,13 @@ C_ASSERT( sizeof(int) == 4 );
C_ASSERT( sizeof(ioctl_code_t) == 4 ); C_ASSERT( sizeof(ioctl_code_t) == 4 );
C_ASSERT( sizeof(irp_params_t) == 32 ); C_ASSERT( sizeof(irp_params_t) == 32 );
C_ASSERT( sizeof(lparam_t) == 8 ); C_ASSERT( sizeof(lparam_t) == 8 );
C_ASSERT( sizeof(luid_t) == 8 );
C_ASSERT( sizeof(mem_size_t) == 8 ); C_ASSERT( sizeof(mem_size_t) == 8 );
C_ASSERT( sizeof(mod_handle_t) == 8 ); C_ASSERT( sizeof(mod_handle_t) == 8 );
C_ASSERT( sizeof(obj_handle_t) == 4 ); C_ASSERT( sizeof(obj_handle_t) == 4 );
C_ASSERT( sizeof(process_id_t) == 4 ); C_ASSERT( sizeof(process_id_t) == 4 );
C_ASSERT( sizeof(rectangle_t) == 16 ); C_ASSERT( sizeof(rectangle_t) == 16 );
C_ASSERT( sizeof(short int) == 2 ); C_ASSERT( sizeof(short int) == 2 );
C_ASSERT( sizeof(struct luid) == 8 );
C_ASSERT( sizeof(thread_id_t) == 4 ); C_ASSERT( sizeof(thread_id_t) == 4 );
C_ASSERT( sizeof(timeout_t) == 8 ); C_ASSERT( sizeof(timeout_t) == 8 );
C_ASSERT( sizeof(unsigned char) == 1 ); C_ASSERT( sizeof(unsigned char) == 1 );

50
server/security.h
View File

@ -23,26 +23,26 @@
#include <sys/types.h> #include <sys/types.h>
extern const LUID SeIncreaseQuotaPrivilege; extern const struct luid SeIncreaseQuotaPrivilege;
extern const LUID SeSecurityPrivilege; extern const struct luid SeSecurityPrivilege;
extern const LUID SeTakeOwnershipPrivilege; extern const struct luid SeTakeOwnershipPrivilege;
extern const LUID SeLoadDriverPrivilege; extern const struct luid SeLoadDriverPrivilege;
extern const LUID SeSystemProfilePrivilege; extern const struct luid SeSystemProfilePrivilege;
extern const LUID SeSystemtimePrivilege; extern const struct luid SeSystemtimePrivilege;
extern const LUID SeProfileSingleProcessPrivilege; extern const struct luid SeProfileSingleProcessPrivilege;
extern const LUID SeIncreaseBasePriorityPrivilege; extern const struct luid SeIncreaseBasePriorityPrivilege;
extern const LUID SeCreatePagefilePrivilege; extern const struct luid SeCreatePagefilePrivilege;
extern const LUID SeBackupPrivilege; extern const struct luid SeBackupPrivilege;
extern const LUID SeRestorePrivilege; extern const struct luid SeRestorePrivilege;
extern const LUID SeShutdownPrivilege; extern const struct luid SeShutdownPrivilege;
extern const LUID SeDebugPrivilege; extern const struct luid SeDebugPrivilege;
extern const LUID SeSystemEnvironmentPrivilege; extern const struct luid SeSystemEnvironmentPrivilege;
extern const LUID SeChangeNotifyPrivilege; extern const struct luid SeChangeNotifyPrivilege;
extern const LUID SeRemoteShutdownPrivilege; extern const struct luid SeRemoteShutdownPrivilege;
extern const LUID SeUndockPrivilege; extern const struct luid SeUndockPrivilege;
extern const LUID SeManageVolumePrivilege; extern const struct luid SeManageVolumePrivilege;
extern const LUID SeImpersonatePrivilege; extern const struct luid SeImpersonatePrivilege;
extern const LUID SeCreateGlobalPrivilege; extern const struct luid SeCreateGlobalPrivilege;
extern const PSID security_world_sid; extern const PSID security_world_sid;
extern const PSID security_local_user_sid; extern const PSID security_local_user_sid;
@ -60,11 +60,11 @@ extern struct token *token_create_admin( unsigned primary, int impersonation_lev
extern int token_assign_label( struct token *token, PSID label ); extern int token_assign_label( struct token *token, PSID label );
extern struct token *token_duplicate( struct token *src_token, unsigned primary, extern struct token *token_duplicate( struct token *src_token, unsigned primary,
int impersonation_level, const struct security_descriptor *sd, int impersonation_level, const struct security_descriptor *sd,
const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count, const struct luid_attr *remove_privs, unsigned int remove_priv_count,
const SID *remove_groups, unsigned int remove_group_count ); const SID *remove_groups, unsigned int remove_group_count );
extern int token_check_privileges( struct token *token, int all_required, extern int token_check_privileges( struct token *token, int all_required,
const LUID_AND_ATTRIBUTES *reqprivs, const struct luid_attr *reqprivs,
unsigned int count, LUID_AND_ATTRIBUTES *usedprivs); unsigned int count, struct luid_attr *usedprivs );
extern const ACL *token_get_default_dacl( struct token *token ); extern const ACL *token_get_default_dacl( struct token *token );
extern const SID *token_get_user( struct token *token ); extern const SID *token_get_user( struct token *token );
extern const SID *token_get_primary_group( struct token *token ); extern const SID *token_get_primary_group( struct token *token );
@ -91,10 +91,10 @@ extern void security_set_thread_token( struct thread *thread, obj_handle_t handl
extern const SID *security_unix_uid_to_sid( uid_t uid ); extern const SID *security_unix_uid_to_sid( uid_t uid );
extern int check_object_access( struct token *token, struct object *obj, unsigned int *access ); extern int check_object_access( struct token *token, struct object *obj, unsigned int *access );
static inline int thread_single_check_privilege( struct thread *thread, const LUID *priv) static inline int thread_single_check_privilege( struct thread *thread, struct luid priv )
{ {
struct token *token = thread_get_impersonation_token( thread ); struct token *token = thread_get_impersonation_token( thread );
const LUID_AND_ATTRIBUTES privs = { *priv, 0 }; const struct luid_attr privs = { priv, 0 };
if (!token) return FALSE; if (!token) return FALSE;

172
server/token.c
View File

@ -42,27 +42,27 @@
#define MAX_SUBAUTH_COUNT 1 #define MAX_SUBAUTH_COUNT 1
const LUID SeIncreaseQuotaPrivilege = { 5, 0 }; const struct luid SeIncreaseQuotaPrivilege = { 5, 0 };
const LUID SeTcbPrivilege = { 7, 0 }; const struct luid SeTcbPrivilege = { 7, 0 };
const LUID SeSecurityPrivilege = { 8, 0 }; const struct luid SeSecurityPrivilege = { 8, 0 };
const LUID SeTakeOwnershipPrivilege = { 9, 0 }; const struct luid SeTakeOwnershipPrivilege = { 9, 0 };
const LUID SeLoadDriverPrivilege = { 10, 0 }; const struct luid SeLoadDriverPrivilege = { 10, 0 };
const LUID SeSystemProfilePrivilege = { 11, 0 }; const struct luid SeSystemProfilePrivilege = { 11, 0 };
const LUID SeSystemtimePrivilege = { 12, 0 }; const struct luid SeSystemtimePrivilege = { 12, 0 };
const LUID SeProfileSingleProcessPrivilege = { 13, 0 }; const struct luid SeProfileSingleProcessPrivilege = { 13, 0 };
const LUID SeIncreaseBasePriorityPrivilege = { 14, 0 }; const struct luid SeIncreaseBasePriorityPrivilege = { 14, 0 };
const LUID SeCreatePagefilePrivilege = { 15, 0 }; const struct luid SeCreatePagefilePrivilege = { 15, 0 };
const LUID SeBackupPrivilege = { 17, 0 }; const struct luid SeBackupPrivilege = { 17, 0 };
const LUID SeRestorePrivilege = { 18, 0 }; const struct luid SeRestorePrivilege = { 18, 0 };
const LUID SeShutdownPrivilege = { 19, 0 }; const struct luid SeShutdownPrivilege = { 19, 0 };
const LUID SeDebugPrivilege = { 20, 0 }; const struct luid SeDebugPrivilege = { 20, 0 };
const LUID SeSystemEnvironmentPrivilege = { 22, 0 }; const struct luid SeSystemEnvironmentPrivilege = { 22, 0 };
const LUID SeChangeNotifyPrivilege = { 23, 0 }; const struct luid SeChangeNotifyPrivilege = { 23, 0 };
const LUID SeRemoteShutdownPrivilege = { 24, 0 }; const struct luid SeRemoteShutdownPrivilege = { 24, 0 };
const LUID SeUndockPrivilege = { 25, 0 }; const struct luid SeUndockPrivilege = { 25, 0 };
const LUID SeManageVolumePrivilege = { 28, 0 }; const struct luid SeManageVolumePrivilege = { 28, 0 };
const LUID SeImpersonatePrivilege = { 29, 0 }; const struct luid SeImpersonatePrivilege = { 29, 0 };
const LUID SeCreateGlobalPrivilege = { 30, 0 }; const struct luid SeCreateGlobalPrivilege = { 30, 0 };
#define SID_N(n) struct /* same fields as struct SID */ \ #define SID_N(n) struct /* same fields as struct SID */ \
{ \ { \
@ -96,7 +96,7 @@ const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
const PSID security_domain_users_sid = (PSID)&domain_users_sid; const PSID security_domain_users_sid = (PSID)&domain_users_sid;
const PSID security_high_label_sid = (PSID)&high_label_sid; const PSID security_high_label_sid = (PSID)&high_label_sid;
static luid_t prev_luid_value = { 1000, 0 }; static struct luid prev_luid_value = { 1000, 0 };
static const WCHAR token_name[] = {'T','o','k','e','n'}; static const WCHAR token_name[] = {'T','o','k','e','n'};
@ -116,8 +116,8 @@ struct type_descr token_type =
struct token struct token
{ {
struct object obj; /* object header */ struct object obj; /* object header */
luid_t token_id; /* system-unique id of token */ struct luid token_id; /* system-unique id of token */
luid_t modified_id; /* new id allocated every time token is modified */ struct luid modified_id; /* new id allocated every time token is modified */
struct list privileges; /* privileges available to the token */ struct list privileges; /* privileges available to the token */
struct list groups; /* groups that the user of this token belongs to (sid_and_attributes) */ struct list groups; /* groups that the user of this token belongs to (sid_and_attributes) */
SID *user; /* SID of user this token represents */ SID *user; /* SID of user this token represents */
@ -134,7 +134,7 @@ struct token
struct privilege struct privilege
{ {
struct list entry; struct list entry;
LUID luid; struct luid luid;
unsigned enabled : 1; /* is the privilege currently enabled? */ unsigned enabled : 1; /* is the privilege currently enabled? */
unsigned def : 1; /* is the privilege enabled by default? */ unsigned def : 1; /* is the privilege enabled by default? */
}; };
@ -463,12 +463,12 @@ ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl )
return replaced_acl; return replaced_acl;
} }
static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 ) static inline int is_equal_luid( struct luid luid1, struct luid luid2 )
{ {
return (luid1->LowPart == luid2->LowPart && luid1->HighPart == luid2->HighPart); return (luid1.low_part == luid2.low_part && luid1.high_part == luid2.high_part);
} }
static inline void allocate_luid( luid_t *luid ) static inline void allocate_luid( struct luid *luid )
{ {
prev_luid_value.low_part++; prev_luid_value.low_part++;
*luid = prev_luid_value; *luid = prev_luid_value;
@ -479,20 +479,21 @@ DECL_HANDLER( allocate_locally_unique_id )
allocate_luid( &reply->luid ); allocate_luid( &reply->luid );
} }
static inline void luid_and_attr_from_privilege( LUID_AND_ATTRIBUTES *out, const struct privilege *in) static inline struct luid_attr luid_and_attr_from_privilege( const struct privilege *in )
{ {
out->Luid = in->luid; struct luid_attr ret = { in->luid };
out->Attributes =
(in->enabled ? SE_PRIVILEGE_ENABLED : 0) | ret.attrs = (in->enabled ? SE_PRIVILEGE_ENABLED : 0) |
(in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0); (in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0);
return ret;
} }
static struct privilege *privilege_add( struct token *token, const LUID *luid, int enabled ) static struct privilege *privilege_add( struct token *token, struct luid luid, int enabled )
{ {
struct privilege *privilege = mem_alloc( sizeof(*privilege) ); struct privilege *privilege = mem_alloc( sizeof(*privilege) );
if (privilege) if (privilege)
{ {
privilege->luid = *luid; privilege->luid = luid;
privilege->def = privilege->enabled = (enabled != 0); privilege->def = privilege->enabled = (enabled != 0);
list_add_tail( &token->privileges, &privilege->entry ); list_add_tail( &token->privileges, &privilege->entry );
} }
@ -541,9 +542,9 @@ static void token_destroy( struct object *obj )
*/ */
static struct token *create_token( unsigned int primary, unsigned int session_id, const SID *user, static struct token *create_token( unsigned int primary, unsigned int session_id, const SID *user,
const SID_AND_ATTRIBUTES *groups, unsigned int group_count, const SID_AND_ATTRIBUTES *groups, unsigned int group_count,
const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count, const struct luid_attr *privs, unsigned int priv_count,
const ACL *default_dacl, TOKEN_SOURCE source, const ACL *default_dacl, TOKEN_SOURCE source,
const luid_t *modified_id, const struct luid *modified_id,
int impersonation_level, int elevation ) int impersonation_level, int elevation )
{ {
struct token *token = alloc_object( &token_ops ); struct token *token = alloc_object( &token_ops );
@ -610,8 +611,7 @@ static struct token *create_token( unsigned int primary, unsigned int session_id
{ {
/* note: we don't check uniqueness: the caller must make sure /* note: we don't check uniqueness: the caller must make sure
* privs doesn't contain any duplicate luids */ * privs doesn't contain any duplicate luids */
if (!privilege_add( token, &privs[i].Luid, if (!privilege_add( token, privs[i].luid, privs[i].attrs & SE_PRIVILEGE_ENABLED ))
privs[i].Attributes & SE_PRIVILEGE_ENABLED ))
{ {
release_object( token ); release_object( token );
return NULL; return NULL;
@ -646,25 +646,22 @@ static int filter_group( struct group *group, const SID *filter, unsigned int co
return 0; return 0;
} }
static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBUTES *filter, unsigned int count ) static int filter_privilege( struct privilege *privilege, const struct luid_attr *filter, unsigned int count )
{ {
unsigned int i; unsigned int i;
for (i = 0; i < count; i++) for (i = 0; i < count; i++)
{ if (is_equal_luid( privilege->luid, filter[i].luid )) return 1;
if (!memcmp( &privilege->luid, &filter[i].Luid, sizeof(LUID) ))
return 1;
}
return 0; return 0;
} }
struct token *token_duplicate( struct token *src_token, unsigned primary, struct token *token_duplicate( struct token *src_token, unsigned primary,
int impersonation_level, const struct security_descriptor *sd, int impersonation_level, const struct security_descriptor *sd,
const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count, const struct luid_attr *remove_privs, unsigned int remove_priv_count,
const SID *remove_groups, unsigned int remove_group_count) const SID *remove_groups, unsigned int remove_group_count)
{ {
const luid_t *modified_id = const struct luid *modified_id =
primary || (impersonation_level == src_token->impersonation_level) ? primary || (impersonation_level == src_token->impersonation_level) ?
&src_token->modified_id : NULL; &src_token->modified_id : NULL;
struct token *token = NULL; struct token *token = NULL;
@ -717,7 +714,7 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry ) LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
{ {
if (filter_privilege( privilege, remove_privs, remove_priv_count )) continue; if (filter_privilege( privilege, remove_privs, remove_priv_count )) continue;
if (!privilege_add( token, &privilege->luid, privilege->enabled )) if (!privilege_add( token, privilege->luid, privilege->enabled ))
{ {
release_object( token ); release_object( token );
return NULL; return NULL;
@ -855,7 +852,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl) if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl)
{ {
const LUID_AND_ATTRIBUTES admin_privs[] = const struct luid_attr admin_privs[] =
{ {
{ SeChangeNotifyPrivilege , SE_PRIVILEGE_ENABLED }, { SeChangeNotifyPrivilege , SE_PRIVILEGE_ENABLED },
{ SeTcbPrivilege , 0 }, { SeTcbPrivilege , 0 },
@ -908,12 +905,12 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
return token; return token;
} }
static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only ) static struct privilege *token_find_privilege( struct token *token, struct luid luid, int enabled_only )
{ {
struct privilege *privilege; struct privilege *privilege;
LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry ) LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
{ {
if (is_equal_luid( luid, &privilege->luid )) if (is_equal_luid( luid, privilege->luid ))
{ {
if (enabled_only && !privilege->enabled) if (enabled_only && !privilege->enabled)
return NULL; return NULL;
@ -923,8 +920,8 @@ static struct privilege *token_find_privilege( struct token *token, const LUID *
return NULL; return NULL;
} }
static unsigned int token_adjust_privileges( struct token *token, const LUID_AND_ATTRIBUTES *privs, static unsigned int token_adjust_privileges( struct token *token, const struct luid_attr *privs,
unsigned int count, LUID_AND_ATTRIBUTES *mod_privs, unsigned int count, struct luid_attr *mod_privs,
unsigned int mod_privs_count ) unsigned int mod_privs_count )
{ {
unsigned int i, modified_count = 0; unsigned int i, modified_count = 0;
@ -934,31 +931,24 @@ static unsigned int token_adjust_privileges( struct token *token, const LUID_AND
for (i = 0; i < count; i++) for (i = 0; i < count; i++)
{ {
struct privilege *privilege = struct privilege *privilege = token_find_privilege( token, privs[i].luid, FALSE );
token_find_privilege( token, &privs[i].Luid, FALSE );
if (!privilege) if (!privilege)
{ {
set_error( STATUS_NOT_ALL_ASSIGNED ); set_error( STATUS_NOT_ALL_ASSIGNED );
continue; continue;
} }
if (privs[i].Attributes & SE_PRIVILEGE_REMOVED) if (privs[i].attrs & SE_PRIVILEGE_REMOVED) privilege_remove( privilege );
privilege_remove( privilege );
else else
{ {
/* save previous state for caller */ /* save previous state for caller */
if (mod_privs_count) if (mod_privs_count)
{ {
luid_and_attr_from_privilege(mod_privs, privilege); *mod_privs++ = luid_and_attr_from_privilege( privilege );
mod_privs++;
mod_privs_count--; mod_privs_count--;
modified_count++; modified_count++;
} }
privilege->enabled = !!(privs[i].attrs & SE_PRIVILEGE_ENABLED);
if (privs[i].Attributes & SE_PRIVILEGE_ENABLED)
privilege->enabled = TRUE;
else
privilege->enabled = FALSE;
} }
} }
return modified_count; return modified_count;
@ -975,16 +965,14 @@ static void token_disable_privileges( struct token *token )
privilege->enabled = FALSE; privilege->enabled = FALSE;
} }
int token_check_privileges( struct token *token, int all_required, int token_check_privileges( struct token *token, int all_required, const struct luid_attr *reqprivs,
const LUID_AND_ATTRIBUTES *reqprivs, unsigned int count, struct luid_attr *usedprivs)
unsigned int count, LUID_AND_ATTRIBUTES *usedprivs)
{ {
unsigned int i, enabled_count = 0; unsigned int i, enabled_count = 0;
for (i = 0; i < count; i++) for (i = 0; i < count; i++)
{ {
struct privilege *privilege = struct privilege *privilege = token_find_privilege( token, reqprivs[i].luid, TRUE );
token_find_privilege( token, &reqprivs[i].Luid, TRUE );
if (usedprivs) if (usedprivs)
usedprivs[i] = reqprivs[i]; usedprivs[i] = reqprivs[i];
@ -992,8 +980,7 @@ int token_check_privileges( struct token *token, int all_required,
if (privilege && privilege->enabled) if (privilege && privilege->enabled)
{ {
enabled_count++; enabled_count++;
if (usedprivs) if (usedprivs) usedprivs[i].attrs |= SE_PRIVILEGE_USED_FOR_ACCESS;
usedprivs[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
} }
} }
@ -1029,7 +1016,7 @@ int token_sid_present( struct token *token, const SID *sid, int deny )
static unsigned int token_access_check( struct token *token, static unsigned int token_access_check( struct token *token,
const struct security_descriptor *sd, const struct security_descriptor *sd,
unsigned int desired_access, unsigned int desired_access,
LUID_AND_ATTRIBUTES *privs, struct luid_attr *privs,
unsigned int *priv_count, unsigned int *priv_count,
const generic_map_t *mapping, const generic_map_t *mapping,
unsigned int *granted_access, unsigned int *granted_access,
@ -1076,8 +1063,8 @@ static unsigned int token_access_check( struct token *token,
* is only granted if specifically asked for */ * is only granted if specifically asked for */
if (desired_access & ACCESS_SYSTEM_SECURITY) if (desired_access & ACCESS_SYSTEM_SECURITY)
{ {
const LUID_AND_ATTRIBUTES security_priv = { SeSecurityPrivilege, 0 }; const struct luid_attr security_priv = { SeSecurityPrivilege, 0 };
LUID_AND_ATTRIBUTES retpriv = security_priv; struct luid_attr retpriv = security_priv;
if (token_check_privileges( token, TRUE, &security_priv, 1, &retpriv )) if (token_check_privileges( token, TRUE, &security_priv, 1, &retpriv ))
{ {
if (priv_count) if (priv_count)
@ -1282,9 +1269,9 @@ DECL_HANDLER(adjust_token_privileges)
if ((token = (struct token *)get_handle_obj( current->process, req->handle, if ((token = (struct token *)get_handle_obj( current->process, req->handle,
access, &token_ops ))) access, &token_ops )))
{ {
const LUID_AND_ATTRIBUTES *privs = get_req_data(); const struct luid_attr *privs = get_req_data();
LUID_AND_ATTRIBUTES *modified_privs = NULL; struct luid_attr *modified_privs = NULL;
unsigned int priv_count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES); unsigned int priv_count = get_req_data_size() / sizeof(*privs);
unsigned int modified_priv_count = 0; unsigned int modified_priv_count = 0;
if (req->get_modified_state && !req->disable_all) if (req->get_modified_state && !req->disable_all)
@ -1293,8 +1280,7 @@ DECL_HANDLER(adjust_token_privileges)
/* count modified privs */ /* count modified privs */
for (i = 0; i < priv_count; i++) for (i = 0; i < priv_count; i++)
{ {
struct privilege *privilege = struct privilege *privilege = token_find_privilege( token, privs[i].luid, FALSE );
token_find_privilege( token, &privs[i].Luid, FALSE );
if (privilege && req->get_modified_state) if (privilege && req->get_modified_state)
modified_priv_count++; modified_priv_count++;
} }
@ -1324,7 +1310,7 @@ DECL_HANDLER(get_token_privileges)
&token_ops ))) &token_ops )))
{ {
int priv_count = 0; int priv_count = 0;
LUID_AND_ATTRIBUTES *privs; struct luid_attr *privs;
struct privilege *privilege; struct privilege *privilege;
LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry ) LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
@ -1335,14 +1321,8 @@ DECL_HANDLER(get_token_privileges)
{ {
privs = set_reply_data_size( priv_count * sizeof(*privs) ); privs = set_reply_data_size( priv_count * sizeof(*privs) );
if (privs) if (privs)
{
int i = 0;
LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry ) LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
{ *privs++ = luid_and_attr_from_privilege( privilege );
luid_and_attr_from_privilege( &privs[i], privilege );
i++;
}
}
} }
else else
set_error(STATUS_BUFFER_TOO_SMALL); set_error(STATUS_BUFFER_TOO_SMALL);
@ -1383,14 +1363,14 @@ DECL_HANDLER(filter_token)
if ((src_token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_DUPLICATE, &token_ops ))) if ((src_token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_DUPLICATE, &token_ops )))
{ {
const LUID_AND_ATTRIBUTES *filter_privileges = get_req_data(); const struct luid_attr *filter_privileges = get_req_data();
unsigned int priv_count, group_count; unsigned int priv_count, group_count;
const SID *filter_groups; const SID *filter_groups;
struct token *token; struct token *token;
priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(LUID_AND_ATTRIBUTES); priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(struct luid_attr);
filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(LUID_AND_ATTRIBUTES)); filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(struct luid_attr));
group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) ); group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(struct luid_attr) );
token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL, token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
filter_privileges, priv_count, filter_groups, group_count ); filter_privileges, priv_count, filter_groups, group_count );
@ -1413,13 +1393,13 @@ DECL_HANDLER(check_token_privileges)
TOKEN_QUERY, TOKEN_QUERY,
&token_ops ))) &token_ops )))
{ {
unsigned int count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES); unsigned int count = get_req_data_size() / sizeof(struct luid_attr);
if (!token->primary && token->impersonation_level <= SecurityAnonymous) if (!token->primary && token->impersonation_level <= SecurityAnonymous)
set_error( STATUS_BAD_IMPERSONATION_LEVEL ); set_error( STATUS_BAD_IMPERSONATION_LEVEL );
else if (get_reply_max_size() >= count * sizeof(LUID_AND_ATTRIBUTES)) else if (get_reply_max_size() >= count * sizeof(struct luid_attr))
{ {
LUID_AND_ATTRIBUTES *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) ); struct luid_attr *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) );
reply->has_privileges = token_check_privileges( token, req->all_required, get_req_data(), count, usedprivs ); reply->has_privileges = token_check_privileges( token, req->all_required, get_req_data(), count, usedprivs );
} }
else else
@ -1447,7 +1427,7 @@ DECL_HANDLER(access_check)
&token_ops ))) &token_ops )))
{ {
unsigned int status; unsigned int status;
LUID_AND_ATTRIBUTES priv; struct luid_attr priv;
unsigned int priv_count = 1; unsigned int priv_count = 1;
memset(&priv, 0, sizeof(priv)); memset(&priv, 0, sizeof(priv));
@ -1470,11 +1450,11 @@ DECL_HANDLER(access_check)
status = token_access_check( token, sd, req->desired_access, &priv, &priv_count, &req->mapping, status = token_access_check( token, sd, req->desired_access, &priv, &priv_count, &req->mapping,
&reply->access_granted, &reply->access_status ); &reply->access_granted, &reply->access_status );
reply->privileges_len = priv_count*sizeof(LUID_AND_ATTRIBUTES); reply->privileges_len = priv_count*sizeof(struct luid_attr);
if ((priv_count > 0) && (reply->privileges_len <= get_reply_max_size())) if ((priv_count > 0) && (reply->privileges_len <= get_reply_max_size()))
{ {
LUID_AND_ATTRIBUTES *privs = set_reply_data_size( priv_count * sizeof(*privs) ); struct luid_attr *privs = set_reply_data_size( priv_count * sizeof(*privs) );
memcpy( privs, &priv, sizeof(priv) ); memcpy( privs, &priv, sizeof(priv) );
} }

23
server/trace.c
View File

@ -457,7 +457,7 @@ static void dump_hw_input( const char *prefix, const hw_input_t *input )
} }
} }
static void dump_luid( const char *prefix, const luid_t *luid ) static void dump_luid( const char *prefix, const struct luid *luid )
{ {
fprintf( stderr, "%s%d.%u", prefix, luid->high_part, luid->low_part ); fprintf( stderr, "%s%d.%u", prefix, luid->high_part, luid->low_part );
} }
@ -999,16 +999,15 @@ static void dump_varargs_properties( const char *prefix, data_size_t size )
remove_data( size ); remove_data( size );
} }
static void dump_varargs_LUID_AND_ATTRIBUTES( const char *prefix, data_size_t size ) static void dump_varargs_luid_attr( const char *prefix, data_size_t size )
{ {
const LUID_AND_ATTRIBUTES *lat = cur_data; const struct luid_attr *lat = cur_data;
data_size_t len = size / sizeof(*lat); data_size_t len = size / sizeof(*lat);
fprintf( stderr,"%s{", prefix ); fprintf( stderr,"%s{", prefix );
while (len > 0) while (len > 0)
{ {
fprintf( stderr, "{luid=%08x%08x,attr=%x}", fprintf( stderr, "{luid=%08x%08x,attrs=%x}", lat->luid.high_part, lat->luid.low_part, lat->attrs );
lat->Luid.HighPart, lat->Luid.LowPart, lat->Attributes );
lat++; lat++;
if (--len) fputc( ',', stderr ); if (--len) fputc( ',', stderr );
} }
@ -3807,13 +3806,13 @@ static void dump_adjust_token_privileges_request( const struct adjust_token_priv
fprintf( stderr, " handle=%04x", req->handle ); fprintf( stderr, " handle=%04x", req->handle );
fprintf( stderr, ", disable_all=%d", req->disable_all ); fprintf( stderr, ", disable_all=%d", req->disable_all );
fprintf( stderr, ", get_modified_state=%d", req->get_modified_state ); fprintf( stderr, ", get_modified_state=%d", req->get_modified_state );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); dump_varargs_luid_attr( ", privileges=", cur_size );
} }
static void dump_adjust_token_privileges_reply( const struct adjust_token_privileges_reply *req ) static void dump_adjust_token_privileges_reply( const struct adjust_token_privileges_reply *req )
{ {
fprintf( stderr, " len=%08x", req->len ); fprintf( stderr, " len=%08x", req->len );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); dump_varargs_luid_attr( ", privileges=", cur_size );
} }
static void dump_get_token_privileges_request( const struct get_token_privileges_request *req ) static void dump_get_token_privileges_request( const struct get_token_privileges_request *req )
@ -3824,20 +3823,20 @@ static void dump_get_token_privileges_request( const struct get_token_privileges
static void dump_get_token_privileges_reply( const struct get_token_privileges_reply *req ) static void dump_get_token_privileges_reply( const struct get_token_privileges_reply *req )
{ {
fprintf( stderr, " len=%08x", req->len ); fprintf( stderr, " len=%08x", req->len );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); dump_varargs_luid_attr( ", privileges=", cur_size );
} }
static void dump_check_token_privileges_request( const struct check_token_privileges_request *req ) static void dump_check_token_privileges_request( const struct check_token_privileges_request *req )
{ {
fprintf( stderr, " handle=%04x", req->handle ); fprintf( stderr, " handle=%04x", req->handle );
fprintf( stderr, ", all_required=%d", req->all_required ); fprintf( stderr, ", all_required=%d", req->all_required );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); dump_varargs_luid_attr( ", privileges=", cur_size );
} }
static void dump_check_token_privileges_reply( const struct check_token_privileges_reply *req ) static void dump_check_token_privileges_reply( const struct check_token_privileges_reply *req )
{ {
fprintf( stderr, " has_privileges=%d", req->has_privileges ); fprintf( stderr, " has_privileges=%d", req->has_privileges );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); dump_varargs_luid_attr( ", privileges=", cur_size );
} }
static void dump_duplicate_token_request( const struct duplicate_token_request *req ) static void dump_duplicate_token_request( const struct duplicate_token_request *req )
@ -3859,7 +3858,7 @@ static void dump_filter_token_request( const struct filter_token_request *req )
fprintf( stderr, " handle=%04x", req->handle ); fprintf( stderr, " handle=%04x", req->handle );
fprintf( stderr, ", flags=%08x", req->flags ); fprintf( stderr, ", flags=%08x", req->flags );
fprintf( stderr, ", privileges_size=%u", req->privileges_size ); fprintf( stderr, ", privileges_size=%u", req->privileges_size );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", min(cur_size,req->privileges_size) ); dump_varargs_luid_attr( ", privileges=", min(cur_size,req->privileges_size) );
dump_varargs_SID( ", disable_sids=", cur_size ); dump_varargs_SID( ", disable_sids=", cur_size );
} }
@ -3881,7 +3880,7 @@ static void dump_access_check_reply( const struct access_check_reply *req )
fprintf( stderr, " access_granted=%08x", req->access_granted ); fprintf( stderr, " access_granted=%08x", req->access_granted );
fprintf( stderr, ", access_status=%08x", req->access_status ); fprintf( stderr, ", access_status=%08x", req->access_status );
fprintf( stderr, ", privileges_len=%08x", req->privileges_len ); fprintf( stderr, ", privileges_len=%08x", req->privileges_len );
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size ); dump_varargs_luid_attr( ", privileges=", cur_size );
} }
static void dump_get_token_sid_request( const struct get_token_sid_request *req ) static void dump_get_token_sid_request( const struct get_token_sid_request *req )

2
tools/make_requests
View File

@ -49,7 +49,7 @@ my %formats =
"apc_result_t" => [ 40, 8, "&dump_apc_result" ], "apc_result_t" => [ 40, 8, "&dump_apc_result" ],
"async_data_t" => [ 40, 8, "&dump_async_data" ], "async_data_t" => [ 40, 8, "&dump_async_data" ],
"irp_params_t" => [ 32, 8, "&dump_irp_params" ], "irp_params_t" => [ 32, 8, "&dump_irp_params" ],
"luid_t" => [ 8, 4, "&dump_luid" ], "struct luid" => [ 8, 4, "&dump_luid" ],
"generic_map_t" => [ 16, 4, "&dump_generic_map" ], "generic_map_t" => [ 16, 4, "&dump_generic_map" ],
"ioctl_code_t" => [ 4, 4, "&dump_ioctl_code" ], "ioctl_code_t" => [ 4, 4, "&dump_ioctl_code" ],
"hw_input_t" => [ 40, 8, "&dump_hw_input" ], "hw_input_t" => [ 40, 8, "&dump_hw_input" ],