server: Extend get_token_user server call to also retrieve SIDs for the token's owner or primary group.

This commit is contained in:
Rob Shearman 2009-11-16 20:11:06 +00:00 committed by Alexandre Julliard
parent 184f1fe331
commit bd56916f90
6 changed files with 89 additions and 56 deletions

View File

@ -257,12 +257,6 @@ NTSTATUS WINAPI NtQueryInformationToken(
switch (tokeninfoclass)
{
case TokenOwner:
len = sizeof(TOKEN_OWNER) + sizeof(SID);
break;
case TokenPrimaryGroup:
len = sizeof(TOKEN_PRIMARY_GROUP);
break;
case TokenSource:
len = sizeof(TOKEN_SOURCE);
break;
@ -287,16 +281,17 @@ NTSTATUS WINAPI NtQueryInformationToken(
switch (tokeninfoclass)
{
case TokenUser:
SERVER_START_REQ( get_token_user )
SERVER_START_REQ( get_token_sid )
{
TOKEN_USER * tuser = tokeninfo;
PSID sid = tuser + 1;
DWORD sid_len = tokeninfolength < sizeof(TOKEN_USER) ? 0 : tokeninfolength - sizeof(TOKEN_USER);
req->handle = wine_server_obj_handle( token );
req->which_sid = tokeninfoclass;
wine_server_set_reply( req, sid, sid_len );
status = wine_server_call( req );
if (retlen) *retlen = reply->user_len + sizeof(TOKEN_USER);
if (retlen) *retlen = reply->sid_len + sizeof(TOKEN_USER);
if (status == STATUS_SUCCESS)
{
tuser->User.Sid = sid;
@ -372,17 +367,21 @@ NTSTATUS WINAPI NtQueryInformationToken(
break;
}
case TokenPrimaryGroup:
if (tokeninfo)
SERVER_START_REQ( get_token_sid )
{
TOKEN_PRIMARY_GROUP *tgroup = tokeninfo;
SID_IDENTIFIER_AUTHORITY sid = {SECURITY_NT_AUTHORITY};
RtlAllocateAndInitializeSid( &sid,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&(tgroup->PrimaryGroup));
PSID sid = tgroup + 1;
DWORD sid_len = tokeninfolength < sizeof(TOKEN_PRIMARY_GROUP) ? 0 : tokeninfolength - sizeof(TOKEN_PRIMARY_GROUP);
req->handle = wine_server_obj_handle( token );
req->which_sid = tokeninfoclass;
wine_server_set_reply( req, sid, sid_len );
status = wine_server_call( req );
if (retlen) *retlen = reply->sid_len + sizeof(TOKEN_PRIMARY_GROUP);
if (status == STATUS_SUCCESS)
tgroup->PrimaryGroup = sid;
}
SERVER_END_REQ;
break;
case TokenPrivileges:
SERVER_START_REQ( get_token_privileges )
@ -398,15 +397,21 @@ NTSTATUS WINAPI NtQueryInformationToken(
SERVER_END_REQ;
break;
case TokenOwner:
if (tokeninfo)
SERVER_START_REQ( get_token_sid )
{
TOKEN_OWNER *owner = tokeninfo;
PSID sid = owner + 1;
SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY};
RtlInitializeSid(sid, &localSidAuthority, 1);
*(RtlSubAuthoritySid(sid, 0)) = SECURITY_INTERACTIVE_RID;
owner->Owner = sid;
TOKEN_OWNER *towner = tokeninfo;
PSID sid = towner + 1;
DWORD sid_len = tokeninfolength < sizeof(TOKEN_OWNER) ? 0 : tokeninfolength - sizeof(TOKEN_OWNER);
req->handle = wine_server_obj_handle( token );
req->which_sid = tokeninfoclass;
wine_server_set_reply( req, sid, sid_len );
status = wine_server_call( req );
if (retlen) *retlen = reply->sid_len + sizeof(TOKEN_OWNER);
if (status == STATUS_SUCCESS)
towner->Owner = sid;
}
SERVER_END_REQ;
break;
case TokenImpersonationLevel:
SERVER_START_REQ( get_token_impersonation_level )

View File

@ -4123,16 +4123,17 @@ struct access_check_reply
char __pad_20[4];
};
struct get_token_user_request
struct get_token_sid_request
{
struct request_header __header;
obj_handle_t handle;
unsigned int which_sid;
};
struct get_token_user_reply
struct get_token_sid_reply
{
struct reply_header __header;
data_size_t user_len;
/* VARARG(user,SID); */
data_size_t sid_len;
/* VARARG(sid,SID); */
char __pad_12[4];
};
@ -4862,7 +4863,7 @@ enum request
REQ_check_token_privileges,
REQ_duplicate_token,
REQ_access_check,
REQ_get_token_user,
REQ_get_token_sid,
REQ_get_token_groups,
REQ_get_token_default_dacl,
REQ_set_token_default_dacl,
@ -5110,7 +5111,7 @@ union generic_request
struct check_token_privileges_request check_token_privileges_request;
struct duplicate_token_request duplicate_token_request;
struct access_check_request access_check_request;
struct get_token_user_request get_token_user_request;
struct get_token_sid_request get_token_sid_request;
struct get_token_groups_request get_token_groups_request;
struct get_token_default_dacl_request get_token_default_dacl_request;
struct set_token_default_dacl_request set_token_default_dacl_request;
@ -5356,7 +5357,7 @@ union generic_reply
struct check_token_privileges_reply check_token_privileges_reply;
struct duplicate_token_reply duplicate_token_reply;
struct access_check_reply access_check_reply;
struct get_token_user_reply get_token_user_reply;
struct get_token_sid_reply get_token_sid_reply;
struct get_token_groups_reply get_token_groups_reply;
struct get_token_default_dacl_reply get_token_default_dacl_reply;
struct set_token_default_dacl_reply set_token_default_dacl_reply;
@ -5393,6 +5394,6 @@ union generic_reply
struct free_user_handle_reply free_user_handle_reply;
};
#define SERVER_PROTOCOL_VERSION 393
#define SERVER_PROTOCOL_VERSION 394
#endif /* __WINE_WINE_SERVER_PROTOCOL_H */

View File

@ -2924,18 +2924,19 @@ enum message_type
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges used during access check */
@END
@REQ(get_token_user)
@REQ(get_token_sid)
obj_handle_t handle; /* handle to the token */
unsigned int which_sid; /* which SID to retrieve from the token */
@REPLY
data_size_t user_len; /* length needed to store user */
VARARG(user,SID); /* sid of the user the token represents */
data_size_t sid_len; /* length needed to store sid */
VARARG(sid,SID); /* the sid specified by which_sid from the token */
@END
@REQ(get_token_groups)
obj_handle_t handle; /* handle to the token */
@REPLY
data_size_t user_len; /* length needed to store user */
VARARG(user,token_groups); /* groups the token's user belongs to */
VARARG(user,token_groups); /* groups the token's user belongs to */
@END
@REQ(get_token_default_dacl)

View File

@ -317,7 +317,7 @@ DECL_HANDLER(get_token_privileges);
DECL_HANDLER(check_token_privileges);
DECL_HANDLER(duplicate_token);
DECL_HANDLER(access_check);
DECL_HANDLER(get_token_user);
DECL_HANDLER(get_token_sid);
DECL_HANDLER(get_token_groups);
DECL_HANDLER(get_token_default_dacl);
DECL_HANDLER(set_token_default_dacl);
@ -564,7 +564,7 @@ static const req_handler req_handlers[REQ_NB_REQUESTS] =
(req_handler)req_check_token_privileges,
(req_handler)req_duplicate_token,
(req_handler)req_access_check,
(req_handler)req_get_token_user,
(req_handler)req_get_token_sid,
(req_handler)req_get_token_groups,
(req_handler)req_get_token_default_dacl,
(req_handler)req_set_token_default_dacl,
@ -1755,9 +1755,10 @@ C_ASSERT( FIELD_OFFSET(struct access_check_reply, access_granted) == 8 );
C_ASSERT( FIELD_OFFSET(struct access_check_reply, access_status) == 12 );
C_ASSERT( FIELD_OFFSET(struct access_check_reply, privileges_len) == 16 );
C_ASSERT( sizeof(struct access_check_reply) == 24 );
C_ASSERT( FIELD_OFFSET(struct get_token_user_request, handle) == 12 );
C_ASSERT( FIELD_OFFSET(struct get_token_user_reply, user_len) == 8 );
C_ASSERT( sizeof(struct get_token_user_reply) == 16 );
C_ASSERT( FIELD_OFFSET(struct get_token_sid_request, handle) == 12 );
C_ASSERT( FIELD_OFFSET(struct get_token_sid_request, which_sid) == 16 );
C_ASSERT( FIELD_OFFSET(struct get_token_sid_reply, sid_len) == 8 );
C_ASSERT( sizeof(struct get_token_sid_reply) == 16 );
C_ASSERT( FIELD_OFFSET(struct get_token_groups_request, handle) == 12 );
C_ASSERT( FIELD_OFFSET(struct get_token_groups_reply, user_len) == 8 );
C_ASSERT( sizeof(struct get_token_groups_reply) == 16 );

View File

@ -1225,27 +1225,51 @@ DECL_HANDLER(access_check)
}
/* retrieves the SID of the user that the token represents */
DECL_HANDLER(get_token_user)
DECL_HANDLER(get_token_sid)
{
struct token *token;
reply->user_len = 0;
reply->sid_len = 0;
if ((token = (struct token *)get_handle_obj( current->process, req->handle,
TOKEN_QUERY,
&token_ops )))
{
const SID *user = token->user;
const SID *sid = NULL;
reply->user_len = FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]);
if (reply->user_len <= get_reply_max_size())
switch (req->which_sid)
{
SID *user_reply = set_reply_data_size( reply->user_len );
if (user_reply)
memcpy( user_reply, user, reply->user_len );
case TokenUser:
assert(token->user);
sid = token->user;
break;
case TokenPrimaryGroup:
sid = token->primary_group;
break;
case TokenOwner:
{
struct group *group;
LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
{
if (group->owner)
{
sid = &group->sid;
break;
}
}
break;
}
default:
set_error( STATUS_INVALID_PARAMETER );
break;
}
else set_error( STATUS_BUFFER_TOO_SMALL );
if (sid)
{
reply->sid_len = FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]);
if (reply->sid_len <= get_reply_max_size()) set_reply_data( sid, reply->sid_len );
else set_error( STATUS_BUFFER_TOO_SMALL );
}
release_object( token );
}
}

View File

@ -3426,15 +3426,16 @@ static void dump_access_check_reply( const struct access_check_reply *req )
dump_varargs_LUID_AND_ATTRIBUTES( ", privileges=", cur_size );
}
static void dump_get_token_user_request( const struct get_token_user_request *req )
static void dump_get_token_sid_request( const struct get_token_sid_request *req )
{
fprintf( stderr, " handle=%04x", req->handle );
fprintf( stderr, ", which_sid=%08x", req->which_sid );
}
static void dump_get_token_user_reply( const struct get_token_user_reply *req )
static void dump_get_token_sid_reply( const struct get_token_sid_reply *req )
{
fprintf( stderr, " user_len=%u", req->user_len );
dump_varargs_SID( ", user=", cur_size );
fprintf( stderr, " sid_len=%u", req->sid_len );
dump_varargs_SID( ", sid=", cur_size );
}
static void dump_get_token_groups_request( const struct get_token_groups_request *req )
@ -4012,7 +4013,7 @@ static const dump_func req_dumpers[REQ_NB_REQUESTS] = {
(dump_func)dump_check_token_privileges_request,
(dump_func)dump_duplicate_token_request,
(dump_func)dump_access_check_request,
(dump_func)dump_get_token_user_request,
(dump_func)dump_get_token_sid_request,
(dump_func)dump_get_token_groups_request,
(dump_func)dump_get_token_default_dacl_request,
(dump_func)dump_set_token_default_dacl_request,
@ -4256,7 +4257,7 @@ static const dump_func reply_dumpers[REQ_NB_REQUESTS] = {
(dump_func)dump_check_token_privileges_reply,
(dump_func)dump_duplicate_token_reply,
(dump_func)dump_access_check_reply,
(dump_func)dump_get_token_user_reply,
(dump_func)dump_get_token_sid_reply,
(dump_func)dump_get_token_groups_reply,
(dump_func)dump_get_token_default_dacl_reply,
NULL,
@ -4500,7 +4501,7 @@ static const char * const req_names[REQ_NB_REQUESTS] = {
"check_token_privileges",
"duplicate_token",
"access_check",
"get_token_user",
"get_token_sid",
"get_token_groups",
"get_token_default_dacl",
"set_token_default_dacl",