server: Add a data type for generic access mappings.

Signed-off-by: Alexandre Julliard <julliard@winehq.org>

dlls/ntdll/unix/security.c

@@ -723,10 +723,10 @@ NTSTATUS WINAPI NtAccessCheck( PSECURITY_DESCRIPTOR descr, HANDLE token, ACCESS_
     {
         req->handle = wine_server_obj_handle( token );
         req->desired_access = access;
-        req->mapping_read = mapping->GenericRead;
-        req->mapping_write = mapping->GenericWrite;
-        req->mapping_execute = mapping->GenericExecute;
-        req->mapping_all = mapping->GenericAll;
+        req->mapping.read = mapping->GenericRead;
+        req->mapping.write = mapping->GenericWrite;
+        req->mapping.exec = mapping->GenericExecute;
+        req->mapping.all = mapping->GenericAll;
         wine_server_add_data( req, objattr + 1, objattr->sd_len );
         wine_server_set_reply( req, privs->Privilege, *retlen - offsetof( PRIVILEGE_SET, Privilege ) );
 

include/wine/server_protocol.h

@@ -366,6 +366,14 @@ typedef struct
     int          high_part;
 } luid_t;
 
+typedef struct
+{
+    unsigned int read;
+    unsigned int write;
+    unsigned int exec;
+    unsigned int all;
+} generic_map_t;
+
 #define MAX_ACL_LEN 65535
 
 struct security_descriptor
@@ -4454,10 +4462,7 @@ struct access_check_request
     struct request_header __header;
     obj_handle_t    handle;
     unsigned int    desired_access;
-    unsigned int    mapping_read;
-    unsigned int    mapping_write;
-    unsigned int    mapping_execute;
-    unsigned int    mapping_all;
+    generic_map_t   mapping;
     /* VARARG(sd,security_descriptor); */
     char __pad_36[4];
 };
@@ -6229,7 +6234,7 @@ union generic_reply
 
 /* ### protocol_version begin ### */
 
-#define SERVER_PROTOCOL_VERSION 664
+#define SERVER_PROTOCOL_VERSION 665
 
 /* ### protocol_version end ### */
 

server/protocol.def

@@ -382,6 +382,14 @@ typedef struct
     int          high_part;
 } luid_t;
 
+typedef struct
+{
+    unsigned int read;
+    unsigned int write;
+    unsigned int exec;
+    unsigned int all;
+} generic_map_t;
+
 #define MAX_ACL_LEN 65535
 
 struct security_descriptor
@@ -3135,10 +3143,7 @@ enum caret_state
 @REQ(access_check)
     obj_handle_t    handle; /* handle to the token */
     unsigned int    desired_access; /* desired access to the object */
-    unsigned int    mapping_read; /* mapping from generic read to specific rights */
-    unsigned int    mapping_write; /* mapping from generic write to specific rights */
-    unsigned int    mapping_execute; /* mapping from generic execute to specific rights */
-    unsigned int    mapping_all; /* mapping from generic all to specific rights */
+    generic_map_t   mapping;        /* mapping to specific rights */
     VARARG(sd,security_descriptor); /* security descriptor to check */
 @REPLY
     unsigned int    access_granted; /* access rights actually granted */

server/request.h

@@ -691,6 +691,7 @@ C_ASSERT( sizeof(client_cpu_t) == 4 );
 C_ASSERT( sizeof(client_ptr_t) == 8 );
 C_ASSERT( sizeof(data_size_t) == 4 );
 C_ASSERT( sizeof(file_pos_t) == 8 );
+C_ASSERT( sizeof(generic_map_t) == 16 );
 C_ASSERT( sizeof(hw_input_t) == 32 );
 C_ASSERT( sizeof(int) == 4 );
 C_ASSERT( sizeof(ioctl_code_t) == 4 );
@@ -1971,10 +1972,7 @@ C_ASSERT( FIELD_OFFSET(struct filter_token_reply, new_handle) == 8 );
 C_ASSERT( sizeof(struct filter_token_reply) == 16 );
 C_ASSERT( FIELD_OFFSET(struct access_check_request, handle) == 12 );
 C_ASSERT( FIELD_OFFSET(struct access_check_request, desired_access) == 16 );
-C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping_read) == 20 );
-C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping_write) == 24 );
-C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping_execute) == 28 );
-C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping_all) == 32 );
+C_ASSERT( FIELD_OFFSET(struct access_check_request, mapping) == 20 );
 C_ASSERT( sizeof(struct access_check_request) == 40 );
 C_ASSERT( FIELD_OFFSET(struct access_check_reply, access_granted) == 8 );
 C_ASSERT( FIELD_OFFSET(struct access_check_reply, access_status) == 12 );

server/token.c

@@ -464,13 +464,13 @@ ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl )
 }
 
 /* maps from generic rights to specific rights as given by a mapping */
-static inline void map_generic_mask(unsigned int *mask, const GENERIC_MAPPING *mapping)
+static inline void map_generic_mask( unsigned int *mask, const generic_map_t *mapping )
 {
-    if (*mask & GENERIC_READ) *mask |= mapping->GenericRead;
-    if (*mask & GENERIC_WRITE) *mask |= mapping->GenericWrite;
-    if (*mask & GENERIC_EXECUTE) *mask |= mapping->GenericExecute;
-    if (*mask & GENERIC_ALL) *mask |= mapping->GenericAll;
-    *mask &= 0x0FFFFFFF;
+    if (*mask & GENERIC_READ)    *mask |= mapping->read;
+    if (*mask & GENERIC_WRITE)   *mask |= mapping->write;
+    if (*mask & GENERIC_EXECUTE) *mask |= mapping->exec;
+    if (*mask & GENERIC_ALL)     *mask |= mapping->all;
+    *mask &= ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
 }
 
 static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 )
@@ -1039,7 +1039,7 @@ static unsigned int token_access_check( struct token *token,
                                  unsigned int desired_access,
                                  LUID_AND_ATTRIBUTES *privs,
                                  unsigned int *priv_count,
-                                 const GENERIC_MAPPING *mapping,
+                                 const generic_map_t *mapping,
                                  unsigned int *granted_access,
                                  unsigned int *status )
 {
@@ -1074,7 +1074,7 @@ static unsigned int token_access_check( struct token *token,
     {
         if (priv_count) *priv_count = 0;
         if (desired_access & MAXIMUM_ALLOWED)
-            *granted_access = mapping->GenericAll;
+            *granted_access = mapping->all;
         else
             *granted_access = desired_access;
         return *status = STATUS_SUCCESS;
@@ -1212,25 +1212,24 @@ const SID *token_get_primary_group( struct token *token )
 
 int check_object_access(struct token *token, struct object *obj, unsigned int *access)
 {
-    GENERIC_MAPPING mapping;
+    generic_map_t mapping;
     unsigned int status;
     int res;
 
     if (!token)
         token = current->token ? current->token : current->process->token;
 
-    mapping.GenericAll = obj->ops->map_access( obj, GENERIC_ALL );
+    mapping.all = obj->ops->map_access( obj, GENERIC_ALL );
 
     if (!obj->sd)
     {
-        if (*access & MAXIMUM_ALLOWED)
-            *access = mapping.GenericAll;
+        if (*access & MAXIMUM_ALLOWED) *access = mapping.all;
         return TRUE;
     }
 
-    mapping.GenericRead  = obj->ops->map_access( obj, GENERIC_READ );
-    mapping.GenericWrite = obj->ops->map_access( obj, GENERIC_WRITE );
-    mapping.GenericExecute = obj->ops->map_access( obj, GENERIC_EXECUTE );
+    mapping.read  = obj->ops->map_access( obj, GENERIC_READ );
+    mapping.write = obj->ops->map_access( obj, GENERIC_WRITE );
+    mapping.exec = obj->ops->map_access( obj, GENERIC_EXECUTE );
 
     res = token_access_check( token, obj->sd, *access, NULL, NULL,
                               &mapping, access, &status ) == STATUS_SUCCESS &&
@@ -1451,7 +1450,6 @@ DECL_HANDLER(access_check)
                                                  TOKEN_QUERY,
                                                  &token_ops )))
     {
-        GENERIC_MAPPING mapping;
         unsigned int status;
         LUID_AND_ATTRIBUTES priv;
         unsigned int priv_count = 1;
@@ -1473,13 +1471,7 @@ DECL_HANDLER(access_check)
             return;
         }
 
-        mapping.GenericRead = req->mapping_read;
-        mapping.GenericWrite = req->mapping_write;
-        mapping.GenericExecute = req->mapping_execute;
-        mapping.GenericAll = req->mapping_all;
-
-        status = token_access_check(
-            token, sd, req->desired_access, &priv, &priv_count, &mapping,
+        status = token_access_check( token, sd, req->desired_access, &priv, &priv_count, &req->mapping,
                                      &reply->access_granted, &reply->access_status );
 
         reply->privileges_len = priv_count*sizeof(LUID_AND_ATTRIBUTES);

server/trace.c

@@ -427,6 +427,12 @@ static void dump_luid( const char *prefix, const luid_t *luid )
     fprintf( stderr, "%s%d.%u", prefix, luid->high_part, luid->low_part );
 }
 
+static void dump_generic_map( const char *prefix, const generic_map_t *map )
+{
+    fprintf( stderr, "%s{r=%08x,w=%08x,x=%08x,a=%08x}",
+             prefix, map->read, map->write, map->exec, map->all );
+}
+
 static void dump_varargs_ints( const char *prefix, data_size_t size )
 {
     const int *data = cur_data;
@@ -3814,10 +3820,7 @@ static void dump_access_check_request( const struct access_check_request *req )
 {
     fprintf( stderr, " handle=%04x", req->handle );
     fprintf( stderr, ", desired_access=%08x", req->desired_access );
-    fprintf( stderr, ", mapping_read=%08x", req->mapping_read );
-    fprintf( stderr, ", mapping_write=%08x", req->mapping_write );
-    fprintf( stderr, ", mapping_execute=%08x", req->mapping_execute );
-    fprintf( stderr, ", mapping_all=%08x", req->mapping_all );
+    dump_generic_map( ", mapping=", &req->mapping );
     dump_varargs_security_descriptor( ", sd=", cur_size );
 }
 

tools/make_requests

@@ -50,6 +50,7 @@ my %formats =
     "async_data_t"  => [  40,  8,  "&dump_async_data" ],
     "irp_params_t"  => [  32,  8,  "&dump_irp_params" ],
     "luid_t"        => [  8,   4,  "&dump_luid" ],
+    "generic_map_t" => [  16,  4,  "&dump_generic_map" ],
     "ioctl_code_t"  => [  4,   4,  "&dump_ioctl_code" ],
     "client_cpu_t"  => [  4,   4,  "&dump_client_cpu" ],
     "hw_input_t"    => [  32,  8,  "&dump_hw_input" ],