server: Add a data type for generic access mappings.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
parent
4d483cd855
commit
928a22cd02
|
@ -723,10 +723,10 @@ NTSTATUS WINAPI NtAccessCheck( PSECURITY_DESCRIPTOR descr, HANDLE token, ACCESS_
|
|||
{
|
||||
req->handle = wine_server_obj_handle( token );
|
||||
req->desired_access = access;
|
||||
req->mapping_read = mapping->GenericRead;
|
||||
req->mapping_write = mapping->GenericWrite;
|
||||
req->mapping_execute = mapping->GenericExecute;
|
||||
req->mapping_all = mapping->GenericAll;
|
||||
req->mapping.read = mapping->GenericRead;
|
||||
req->mapping.write = mapping->GenericWrite;
|
||||
req->mapping.exec = mapping->GenericExecute;
|
||||
req->mapping.all = mapping->GenericAll;
|
||||
wine_server_add_data( req, objattr + 1, objattr->sd_len );
|
||||
wine_server_set_reply( req, privs->Privilege, *retlen - offsetof( PRIVILEGE_SET, Privilege ) );
|
||||
|
||||
|
|
|
@ -366,6 +366,14 @@ typedef struct
|
|||
int high_part;
|
||||
} luid_t;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned int read;
|
||||
unsigned int write;
|
||||
unsigned int exec;
|
||||
unsigned int all;
|
||||
} generic_map_t;
|
||||
|
||||
#define MAX_ACL_LEN 65535
|
||||
|
||||
struct security_descriptor
|
||||
|
@ -4454,10 +4462,7 @@ struct access_check_request
|
|||
struct request_header __header;
|
||||
obj_handle_t handle;
|
||||
unsigned int desired_access;
|
||||
unsigned int mapping_read;
|
||||
unsigned int mapping_write;
|
||||
unsigned int mapping_execute;
|
||||
unsigned int mapping_all;
|
||||
generic_map_t mapping;
|
||||
/* VARARG(sd,security_descriptor); */
|
||||
char __pad_36[4];
|
||||
};
|
||||
|
@ -6229,7 +6234,7 @@ union generic_reply
|
|||
|
||||
/* ### protocol_version begin ### */
|
||||
|
||||
#define SERVER_PROTOCOL_VERSION 664
|
||||
#define SERVER_PROTOCOL_VERSION 665
|
||||
|
||||
/* ### protocol_version end ### */
|
||||
|
||||
|
|
|
@ -382,6 +382,14 @@ typedef struct
|
|||
int high_part;
|
||||
} luid_t;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned int read;
|
||||
unsigned int write;
|
||||
unsigned int exec;
|
||||
unsigned int all;
|
||||
} generic_map_t;
|
||||
|
||||
#define MAX_ACL_LEN 65535
|
||||
|
||||
struct security_descriptor
|
||||
|
@ -3135,10 +3143,7 @@ enum caret_state
|
|||
@REQ(access_check)
|
||||
obj_handle_t handle; /* handle to the token */
|
||||
unsigned int desired_access; /* desired access to the object */
|
||||
unsigned int mapping_read; /* mapping from generic read to specific rights */
|
||||
unsigned int mapping_write; /* mapping from generic write to specific rights */
|
||||
unsigned int mapping_execute; /* mapping from generic execute to specific rights */
|
||||
unsigned int mapping_all; /* mapping from generic all to specific rights */
|
||||
generic_map_t mapping; /* mapping to specific rights */
|
||||
VARARG(sd,security_descriptor); /* security descriptor to check */
|
||||
@REPLY
|
||||
unsigned int access_granted; /* access rights actually granted */
|
||||
|
|
|
@ -691,6 +691,7 @@ C_ASSERT( sizeof(client_cpu_t) == 4 );
|
|||
C_ASSERT( sizeof(client_ptr_t) == 8 );
|
||||
C_ASSERT( sizeof(data_size_t) == 4 );
|
||||
C_ASSERT( sizeof(file_pos_t) == 8 );
|
||||
C_ASSERT( sizeof(generic_map_t) == 16 );
|
||||
C_ASSERT( sizeof(hw_input_t) == 32 );
|
||||
C_ASSERT( sizeof(int) == 4 );
|
||||
C_ASSERT( sizeof(ioctl_code_t) == 4 );
|
||||
|
@ -1971,10 +1972,7 @@ C_ASSERT( FIELD_OFFSET(struct filter_token_reply, new_handle) == 8 );
|
|||
C_ASSERT( sizeof(struct filter_token_reply) == 16 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_request, handle) == 12 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_request, desired_access) == 16 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping_read) == 20 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping_write) == 24 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping_execute) == 28 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping_all) == 32 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping) == 20 );
|
||||
C_ASSERT( sizeof(struct access_check_request) == 40 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_reply, access_granted) == 8 );
|
||||
C_ASSERT( FIELD_OFFSET(struct access_check_reply, access_status) == 12 );
|
||||
|
|
|
@ -464,13 +464,13 @@ ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl )
|
|||
}
|
||||
|
||||
/* maps from generic rights to specific rights as given by a mapping */
|
||||
static inline void map_generic_mask(unsigned int *mask, const GENERIC_MAPPING *mapping)
|
||||
static inline void map_generic_mask( unsigned int *mask, const generic_map_t *mapping )
|
||||
{
|
||||
if (*mask & GENERIC_READ) *mask |= mapping->GenericRead;
|
||||
if (*mask & GENERIC_WRITE) *mask |= mapping->GenericWrite;
|
||||
if (*mask & GENERIC_EXECUTE) *mask |= mapping->GenericExecute;
|
||||
if (*mask & GENERIC_ALL) *mask |= mapping->GenericAll;
|
||||
*mask &= 0x0FFFFFFF;
|
||||
if (*mask & GENERIC_READ) *mask |= mapping->read;
|
||||
if (*mask & GENERIC_WRITE) *mask |= mapping->write;
|
||||
if (*mask & GENERIC_EXECUTE) *mask |= mapping->exec;
|
||||
if (*mask & GENERIC_ALL) *mask |= mapping->all;
|
||||
*mask &= ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
|
||||
}
|
||||
|
||||
static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 )
|
||||
|
@ -1039,7 +1039,7 @@ static unsigned int token_access_check( struct token *token,
|
|||
unsigned int desired_access,
|
||||
LUID_AND_ATTRIBUTES *privs,
|
||||
unsigned int *priv_count,
|
||||
const GENERIC_MAPPING *mapping,
|
||||
const generic_map_t *mapping,
|
||||
unsigned int *granted_access,
|
||||
unsigned int *status )
|
||||
{
|
||||
|
@ -1074,7 +1074,7 @@ static unsigned int token_access_check( struct token *token,
|
|||
{
|
||||
if (priv_count) *priv_count = 0;
|
||||
if (desired_access & MAXIMUM_ALLOWED)
|
||||
*granted_access = mapping->GenericAll;
|
||||
*granted_access = mapping->all;
|
||||
else
|
||||
*granted_access = desired_access;
|
||||
return *status = STATUS_SUCCESS;
|
||||
|
@ -1212,25 +1212,24 @@ const SID *token_get_primary_group( struct token *token )
|
|||
|
||||
int check_object_access(struct token *token, struct object *obj, unsigned int *access)
|
||||
{
|
||||
GENERIC_MAPPING mapping;
|
||||
generic_map_t mapping;
|
||||
unsigned int status;
|
||||
int res;
|
||||
|
||||
if (!token)
|
||||
token = current->token ? current->token : current->process->token;
|
||||
|
||||
mapping.GenericAll = obj->ops->map_access( obj, GENERIC_ALL );
|
||||
mapping.all = obj->ops->map_access( obj, GENERIC_ALL );
|
||||
|
||||
if (!obj->sd)
|
||||
{
|
||||
if (*access & MAXIMUM_ALLOWED)
|
||||
*access = mapping.GenericAll;
|
||||
if (*access & MAXIMUM_ALLOWED) *access = mapping.all;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
mapping.GenericRead = obj->ops->map_access( obj, GENERIC_READ );
|
||||
mapping.GenericWrite = obj->ops->map_access( obj, GENERIC_WRITE );
|
||||
mapping.GenericExecute = obj->ops->map_access( obj, GENERIC_EXECUTE );
|
||||
mapping.read = obj->ops->map_access( obj, GENERIC_READ );
|
||||
mapping.write = obj->ops->map_access( obj, GENERIC_WRITE );
|
||||
mapping.exec = obj->ops->map_access( obj, GENERIC_EXECUTE );
|
||||
|
||||
res = token_access_check( token, obj->sd, *access, NULL, NULL,
|
||||
&mapping, access, &status ) == STATUS_SUCCESS &&
|
||||
|
@ -1451,7 +1450,6 @@ DECL_HANDLER(access_check)
|
|||
TOKEN_QUERY,
|
||||
&token_ops )))
|
||||
{
|
||||
GENERIC_MAPPING mapping;
|
||||
unsigned int status;
|
||||
LUID_AND_ATTRIBUTES priv;
|
||||
unsigned int priv_count = 1;
|
||||
|
@ -1473,14 +1471,8 @@ DECL_HANDLER(access_check)
|
|||
return;
|
||||
}
|
||||
|
||||
mapping.GenericRead = req->mapping_read;
|
||||
mapping.GenericWrite = req->mapping_write;
|
||||
mapping.GenericExecute = req->mapping_execute;
|
||||
mapping.GenericAll = req->mapping_all;
|
||||
|
||||
status = token_access_check(
|
||||
token, sd, req->desired_access, &priv, &priv_count, &mapping,
|
||||
&reply->access_granted, &reply->access_status );
|
||||
status = token_access_check( token, sd, req->desired_access, &priv, &priv_count, &req->mapping,
|
||||
&reply->access_granted, &reply->access_status );
|
||||
|
||||
reply->privileges_len = priv_count*sizeof(LUID_AND_ATTRIBUTES);
|
||||
|
||||
|
|
|
@ -427,6 +427,12 @@ static void dump_luid( const char *prefix, const luid_t *luid )
|
|||
fprintf( stderr, "%s%d.%u", prefix, luid->high_part, luid->low_part );
|
||||
}
|
||||
|
||||
static void dump_generic_map( const char *prefix, const generic_map_t *map )
|
||||
{
|
||||
fprintf( stderr, "%s{r=%08x,w=%08x,x=%08x,a=%08x}",
|
||||
prefix, map->read, map->write, map->exec, map->all );
|
||||
}
|
||||
|
||||
static void dump_varargs_ints( const char *prefix, data_size_t size )
|
||||
{
|
||||
const int *data = cur_data;
|
||||
|
@ -3814,10 +3820,7 @@ static void dump_access_check_request( const struct access_check_request *req )
|
|||
{
|
||||
fprintf( stderr, " handle=%04x", req->handle );
|
||||
fprintf( stderr, ", desired_access=%08x", req->desired_access );
|
||||
fprintf( stderr, ", mapping_read=%08x", req->mapping_read );
|
||||
fprintf( stderr, ", mapping_write=%08x", req->mapping_write );
|
||||
fprintf( stderr, ", mapping_execute=%08x", req->mapping_execute );
|
||||
fprintf( stderr, ", mapping_all=%08x", req->mapping_all );
|
||||
dump_generic_map( ", mapping=", &req->mapping );
|
||||
dump_varargs_security_descriptor( ", sd=", cur_size );
|
||||
}
|
||||
|
||||
|
|
|
@ -50,6 +50,7 @@ my %formats =
|
|||
"async_data_t" => [ 40, 8, "&dump_async_data" ],
|
||||
"irp_params_t" => [ 32, 8, "&dump_irp_params" ],
|
||||
"luid_t" => [ 8, 4, "&dump_luid" ],
|
||||
"generic_map_t" => [ 16, 4, "&dump_generic_map" ],
|
||||
"ioctl_code_t" => [ 4, 4, "&dump_ioctl_code" ],
|
||||
"client_cpu_t" => [ 4, 4, "&dump_client_cpu" ],
|
||||
"hw_input_t" => [ 32, 8, "&dump_hw_input" ],
|
||||
|
|
Loading…
Reference in New Issue