diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index b8908b2b136..a368460c1de 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -6025,7 +6025,6 @@ static void test_thread_security(void) "%d: expected %#x, got %#x\n", i, map[i].mapped, access); break; case GENERIC_WRITE: -todo_wine ok(access == map[i].mapped || access == (map[i].mapped | THREAD_SET_LIMITED_INFORMATION) /* Vista+ */ || access == (map[i].mapped | THREAD_SET_LIMITED_INFORMATION | THREAD_RESUME) /* win8 */, diff --git a/server/async.c b/server/async.c index b6133928ac9..6da61fd502c 100644 --- a/server/async.c +++ b/server/async.c @@ -73,7 +73,7 @@ static const struct object_ops async_ops = async_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -487,7 +487,7 @@ static const struct object_ops iosb_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/atom.c b/server/atom.c index b64d13a1f43..0d45f439e86 100644 --- a/server/atom.c +++ b/server/atom.c @@ -83,7 +83,7 @@ static const struct object_ops atom_table_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/change.c b/server/change.c index d4f4c543f11..ff8c3ad1037 100644 --- a/server/change.c +++ b/server/change.c @@ -117,7 +117,7 @@ static const struct object_ops dir_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ dir_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ dir_get_sd, /* get_sd */ dir_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/clipboard.c b/server/clipboard.c index 36cbd954c1f..1c4875ff726 100644 --- a/server/clipboard.c +++ b/server/clipboard.c @@ -80,7 +80,7 @@ static const struct object_ops clipboard_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/completion.c b/server/completion.c index b5e1e66c4c5..eb0d256ad09 100644 --- a/server/completion.c +++ b/server/completion.c @@ -66,7 +66,6 @@ struct completion static void completion_dump( struct object*, int ); static int completion_signaled( struct object *obj, struct wait_queue_entry *entry ); -static unsigned int completion_map_access( struct object *obj, unsigned int access ); static void completion_destroy( struct object * ); static const struct object_ops completion_ops = @@ -80,7 +79,7 @@ static const struct object_ops completion_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - completion_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -128,15 +127,6 @@ static int completion_signaled( struct object *obj, struct wait_queue_entry *ent return !list_empty( &completion->queue ); } -static unsigned int completion_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SYNCHRONIZE | IO_COMPLETION_QUERY_STATE; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE; - if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | IO_COMPLETION_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static struct completion *create_completion( struct object *root, const struct unicode_str *name, unsigned int attr, unsigned int concurrent, const struct security_descriptor *sd ) diff --git a/server/console.c b/server/console.c index 70040bf8531..cd6076f0033 100644 --- a/server/console.c +++ b/server/console.c @@ -84,7 +84,7 @@ static const struct object_ops console_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ console_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -159,7 +159,7 @@ static const struct object_ops console_server_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ console_server_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -227,7 +227,7 @@ static const struct object_ops screen_buffer_ops = NULL, /* satisfied */ no_signal, /* signal */ screen_buffer_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -275,7 +275,7 @@ static const struct object_ops console_device_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -312,7 +312,7 @@ static const struct object_ops console_input_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ console_input_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -368,7 +368,7 @@ static const struct object_ops console_output_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ console_output_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -425,7 +425,7 @@ static const struct object_ops console_connection_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ console_connection_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -1296,7 +1296,7 @@ static struct object *console_device_open_file( struct object *obj, unsigned int unsigned int sharing, unsigned int options ) { int is_output; - access = default_fd_map_access( obj, access ); + access = default_map_access( obj, access ); is_output = access & FILE_WRITE_DATA; if (!current->process->console || (is_output && !current->process->console)) { diff --git a/server/debugger.c b/server/debugger.c index 1f9a541ff9d..2e3de0d41ab 100644 --- a/server/debugger.c +++ b/server/debugger.c @@ -90,7 +90,7 @@ static const struct object_ops debug_event_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -105,7 +105,6 @@ static const struct object_ops debug_event_ops = static void debug_obj_dump( struct object *obj, int verbose ); static int debug_obj_signaled( struct object *obj, struct wait_queue_entry *entry ); -static unsigned int debug_obj_map_access( struct object *obj, unsigned int access ); static void debug_obj_destroy( struct object *obj ); static const struct object_ops debug_obj_ops = @@ -119,7 +118,7 @@ static const struct object_ops debug_obj_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - debug_obj_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -327,15 +326,6 @@ static int debug_obj_signaled( struct object *obj, struct wait_queue_entry *entr return find_event_to_send( debug_obj ) != NULL; } -static unsigned int debug_obj_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | DEBUG_READ_EVENT | DEBUG_QUERY_INFORMATION; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | DEBUG_SET_INFORMATION; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | DEBUG_PROCESS_ASSIGN; - if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | EVENT_QUERY_STATE | EVENT_MODIFY_STATE; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static void debug_obj_destroy( struct object *obj ) { struct list *ptr; diff --git a/server/device.c b/server/device.c index 31acc15ef1d..843ba3423ca 100644 --- a/server/device.c +++ b/server/device.c @@ -71,7 +71,7 @@ static const struct object_ops irp_call_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -111,7 +111,7 @@ static const struct object_ops device_manager_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -168,7 +168,7 @@ static const struct object_ops device_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -219,7 +219,7 @@ static const struct object_ops device_file_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ device_file_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ device_file_get_full_name, /* get_full_name */ diff --git a/server/directory.c b/server/directory.c index c6954c515ed..63f9a10ba53 100644 --- a/server/directory.c +++ b/server/directory.c @@ -73,7 +73,7 @@ static const struct object_ops object_type_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -123,7 +123,7 @@ static const struct object_ops directory_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ diff --git a/server/event.c b/server/event.c index fe04cb6cde3..c45c093e9d3 100644 --- a/server/event.c +++ b/server/event.c @@ -61,7 +61,6 @@ struct event static void event_dump( struct object *obj, int verbose ); static int event_signaled( struct object *obj, struct wait_queue_entry *entry ); static void event_satisfied( struct object *obj, struct wait_queue_entry *entry ); -static unsigned int event_map_access( struct object *obj, unsigned int access ); static int event_signal( struct object *obj, unsigned int access); static struct list *event_get_kernel_obj_list( struct object *obj ); @@ -76,7 +75,7 @@ static const struct object_ops event_ops = event_satisfied, /* satisfied */ event_signal, /* signal */ no_get_fd, /* get_fd */ - event_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -111,7 +110,6 @@ struct keyed_event static void keyed_event_dump( struct object *obj, int verbose ); static int keyed_event_signaled( struct object *obj, struct wait_queue_entry *entry ); -static unsigned int keyed_event_map_access( struct object *obj, unsigned int access ); static const struct object_ops keyed_event_ops = { @@ -124,7 +122,7 @@ static const struct object_ops keyed_event_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - keyed_event_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -205,15 +203,6 @@ static void event_satisfied( struct object *obj, struct wait_queue_entry *entry if (!event->manual_reset) event->signaled = 0; } -static unsigned int event_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | EVENT_QUERY_STATE; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | EVENT_MODIFY_STATE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE; - if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | EVENT_QUERY_STATE | EVENT_MODIFY_STATE; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static int event_signal( struct object *obj, unsigned int access ) { struct event *event = (struct event *)obj; @@ -287,15 +276,6 @@ static int keyed_event_signaled( struct object *obj, struct wait_queue_entry *en return 0; } -static unsigned int keyed_event_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | KEYEDEVENT_WAIT; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | KEYEDEVENT_WAKE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE; - if (access & GENERIC_ALL) access |= KEYEDEVENT_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - /* create an event */ DECL_HANDLER(create_event) { diff --git a/server/fd.c b/server/fd.c index 1b21583fe7c..848203f31ec 100644 --- a/server/fd.c +++ b/server/fd.c @@ -213,7 +213,7 @@ static const struct object_ops fd_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -254,7 +254,7 @@ static const struct object_ops device_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -294,7 +294,7 @@ static const struct object_ops inode_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -336,7 +336,7 @@ static const struct object_ops file_lock_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -2092,16 +2092,6 @@ int default_fd_signaled( struct object *obj, struct wait_queue_entry *entry ) return ret; } -/* default map_access() routine for objects that behave like an fd */ -unsigned int default_fd_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= FILE_GENERIC_READ; - if (access & GENERIC_WRITE) access |= FILE_GENERIC_WRITE; - if (access & GENERIC_EXECUTE) access |= FILE_GENERIC_EXECUTE; - if (access & GENERIC_ALL) access |= FILE_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - int default_fd_get_poll_events( struct fd *fd ) { int events = 0; diff --git a/server/file.c b/server/file.c index 5b12ef2d127..1e901e8edd5 100644 --- a/server/file.c +++ b/server/file.c @@ -76,8 +76,6 @@ struct file struct list kernel_object; /* list of kernel object pointers */ }; -static unsigned int generic_file_map_access( unsigned int access ); - static void file_dump( struct object *obj, int verbose ); static struct fd *file_get_fd( struct object *obj ); static struct security_descriptor *file_get_sd( struct object *obj ); @@ -102,7 +100,7 @@ static const struct object_ops file_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ file_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ file_get_sd, /* get_sd */ file_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -151,7 +149,7 @@ struct file *create_file_for_fd( int fd, unsigned int access, unsigned int shari } file->mode = st.st_mode; - file->access = default_fd_map_access( &file->obj, access ); + file->access = default_map_access( &file->obj, access ); list_init( &file->kernel_object ); if (!(file->fd = create_anonymous_fd( &file_fd_ops, fd, &file->obj, FILE_SYNCHRONOUS_IO_NONALERT ))) @@ -178,7 +176,7 @@ struct file *create_file_for_fd_obj( struct fd *fd, unsigned int access, unsigne if ((file = alloc_object( &file_ops ))) { file->mode = st.st_mode; - file->access = default_fd_map_access( &file->obj, access ); + file->access = default_map_access( &file->obj, access ); list_init( &file->kernel_object ); if (!(file->fd = dup_fd_object( fd, access, sharing, FILE_SYNCHRONOUS_IO_NONALERT ))) { @@ -266,7 +264,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si mode |= S_IXOTH; } - access = generic_file_map_access( access ); + access = map_access( access, &file_type.mapping ); /* FIXME: should set error to STATUS_OBJECT_NAME_COLLISION if file existed before */ fd = open_fd( root, name, flags | O_NONBLOCK | O_LARGEFILE, &mode, access, sharing, options ); @@ -309,15 +307,6 @@ static struct fd *file_get_fd( struct object *obj ) return (struct fd *)grab_object( file->fd ); } -static unsigned int generic_file_map_access( unsigned int access ) -{ - if (access & GENERIC_READ) access |= FILE_GENERIC_READ; - if (access & GENERIC_WRITE) access |= FILE_GENERIC_WRITE; - if (access & GENERIC_EXECUTE) access |= FILE_GENERIC_EXECUTE; - if (access & GENERIC_ALL) access |= FILE_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID *group ) { struct security_descriptor *sd; @@ -469,7 +458,7 @@ static mode_t file_access_to_mode( unsigned int access ) { mode_t mode = 0; - access = generic_file_map_access( access ); + access = map_access( access, &file_type.mapping ); if (access & FILE_READ_DATA) mode |= 4; if (access & (FILE_WRITE_DATA|FILE_APPEND_DATA)) mode |= 2; if (access & FILE_EXECUTE) mode |= 1; diff --git a/server/file.h b/server/file.h index 21aa8e467e2..686bae084c5 100644 --- a/server/file.h +++ b/server/file.h @@ -102,7 +102,6 @@ extern void set_fd_signaled( struct fd *fd, int signaled ); extern char *dup_fd_name( struct fd *root, const char *name ); extern int default_fd_signaled( struct object *obj, struct wait_queue_entry *entry ); -extern unsigned int default_fd_map_access( struct object *obj, unsigned int access ); extern int default_fd_get_poll_events( struct fd *fd ); extern void default_poll_event( struct fd *fd, int event ); extern void fd_queue_async( struct fd *fd, struct async *async, int type ); diff --git a/server/handle.c b/server/handle.c index da04d03ad7f..a6fcb871e2d 100644 --- a/server/handle.c +++ b/server/handle.c @@ -129,7 +129,7 @@ static const struct object_ops handle_table_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/hook.c b/server/hook.c index 3c329f35c9b..c048908c295 100644 --- a/server/hook.c +++ b/server/hook.c @@ -84,7 +84,7 @@ static const struct object_ops hook_table_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/mailslot.c b/server/mailslot.c index ef691efbb9c..5597a21dd29 100644 --- a/server/mailslot.c +++ b/server/mailslot.c @@ -201,7 +201,7 @@ static const struct object_ops mailslot_device_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -231,7 +231,7 @@ static const struct object_ops mailslot_device_file_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ mailslot_device_file_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ mailslot_device_file_get_full_name, /* get_full_name */ @@ -297,9 +297,7 @@ static struct fd *mailslot_get_fd( struct object *obj ) static unsigned int mailslot_map_access( struct object *obj, unsigned int access ) { /* mailslots can only be read */ - if (access & GENERIC_READ) access |= FILE_GENERIC_READ; - if (access & GENERIC_ALL) access |= FILE_GENERIC_READ; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); + return default_map_access( obj, access ) & FILE_GENERIC_READ; } static int mailslot_link_name( struct object *obj, struct object_name *name, struct object *parent ) @@ -538,9 +536,7 @@ static struct fd *mail_writer_get_fd( struct object *obj ) static unsigned int mail_writer_map_access( struct object *obj, unsigned int access ) { /* mailslot writers can only get write access */ - if (access & GENERIC_WRITE) access |= FILE_GENERIC_WRITE; - if (access & GENERIC_ALL) access |= FILE_GENERIC_WRITE; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); + return default_map_access( obj, access ) & FILE_GENERIC_WRITE; } static struct mailslot *get_mailslot_obj( struct process *process, obj_handle_t handle, diff --git a/server/mapping.c b/server/mapping.c index 7fe3bfd2090..4d79c22bfb9 100644 --- a/server/mapping.c +++ b/server/mapping.c @@ -71,7 +71,7 @@ static const struct object_ops ranges_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -107,7 +107,7 @@ static const struct object_ops shared_map_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -164,7 +164,6 @@ struct mapping static void mapping_dump( struct object *obj, int verbose ); static struct fd *mapping_get_fd( struct object *obj ); -static unsigned int mapping_map_access( struct object *obj, unsigned int access ); static void mapping_destroy( struct object *obj ); static enum server_fd_type mapping_get_fd_type( struct fd *fd ); @@ -179,7 +178,7 @@ static const struct object_ops mapping_ops = NULL, /* satisfied */ no_signal, /* signal */ mapping_get_fd, /* get_fd */ - mapping_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -997,15 +996,6 @@ static struct fd *mapping_get_fd( struct object *obj ) return (struct fd *)grab_object( mapping->fd ); } -static unsigned int mapping_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SECTION_QUERY | SECTION_MAP_READ; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | SECTION_MAP_WRITE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SECTION_MAP_EXECUTE; - if (access & GENERIC_ALL) access |= SECTION_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static void mapping_destroy( struct object *obj ) { struct mapping *mapping = (struct mapping *)obj; diff --git a/server/mutex.c b/server/mutex.c index 3cf657edb98..75ff5117d3f 100644 --- a/server/mutex.c +++ b/server/mutex.c @@ -62,7 +62,6 @@ struct mutex static void mutex_dump( struct object *obj, int verbose ); static int mutex_signaled( struct object *obj, struct wait_queue_entry *entry ); static void mutex_satisfied( struct object *obj, struct wait_queue_entry *entry ); -static unsigned int mutex_map_access( struct object *obj, unsigned int access ); static void mutex_destroy( struct object *obj ); static int mutex_signal( struct object *obj, unsigned int access ); @@ -77,7 +76,7 @@ static const struct object_ops mutex_ops = mutex_satisfied, /* satisfied */ mutex_signal, /* signal */ no_get_fd, /* get_fd */ - mutex_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -171,15 +170,6 @@ static void mutex_satisfied( struct object *obj, struct wait_queue_entry *entry mutex->abandoned = 0; } -static unsigned int mutex_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | MUTANT_QUERY_STATE; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE; - if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | MUTEX_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static int mutex_signal( struct object *obj, unsigned int access ) { struct mutex *mutex = (struct mutex *)obj; diff --git a/server/named_pipe.c b/server/named_pipe.c index ae284c3d40a..2e80ef3b1aa 100644 --- a/server/named_pipe.c +++ b/server/named_pipe.c @@ -170,7 +170,7 @@ static const struct object_ops pipe_server_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ pipe_end_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ pipe_end_get_sd, /* get_sd */ pipe_end_set_sd, /* set_sd */ pipe_end_get_full_name, /* get_full_name */ @@ -213,7 +213,7 @@ static const struct object_ops pipe_client_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ pipe_end_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ pipe_end_get_sd, /* get_sd */ pipe_end_set_sd, /* set_sd */ pipe_end_get_full_name, /* get_full_name */ @@ -259,7 +259,7 @@ static const struct object_ops named_pipe_device_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -290,7 +290,7 @@ static const struct object_ops named_pipe_device_file_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ named_pipe_device_file_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ named_pipe_device_file_get_full_name, /* get_full_name */ diff --git a/server/object.c b/server/object.c index 807939f0241..b2779fd61fe 100644 --- a/server/object.c +++ b/server/object.c @@ -528,13 +528,9 @@ struct fd *no_get_fd( struct object *obj ) return NULL; } -unsigned int no_map_access( struct object *obj, unsigned int access ) +unsigned int default_map_access( struct object *obj, unsigned int access ) { - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE; - if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); + return map_access( access, &obj->ops->type->mapping ); } struct security_descriptor *default_get_sd( struct object *obj ) diff --git a/server/object.h b/server/object.h index 2035c41a287..5b2c309f0b2 100644 --- a/server/object.h +++ b/server/object.h @@ -171,7 +171,7 @@ extern int no_add_queue( struct object *obj, struct wait_queue_entry *entry ); extern void no_satisfied( struct object *obj, struct wait_queue_entry *entry ); extern int no_signal( struct object *obj, unsigned int access ); extern struct fd *no_get_fd( struct object *obj ); -extern unsigned int no_map_access( struct object *obj, unsigned int access ); +extern unsigned int default_map_access( struct object *obj, unsigned int access ); extern struct security_descriptor *default_get_sd( struct object *obj ); extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info ); extern int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd, @@ -194,6 +194,15 @@ extern void close_objects(void); static inline void make_object_permanent( struct object *obj ) { obj->is_permanent = 1; } static inline void make_object_temporary( struct object *obj ) { obj->is_permanent = 0; } +static inline unsigned int map_access( unsigned int access, const generic_map_t *mapping ) +{ + if (access & GENERIC_READ) access |= mapping->read; + if (access & GENERIC_WRITE) access |= mapping->write; + if (access & GENERIC_EXECUTE) access |= mapping->exec; + if (access & GENERIC_ALL) access |= mapping->all; + return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); +} + /* event functions */ struct event; diff --git a/server/process.c b/server/process.c index 8a719cc6ced..ac82f0e1541 100644 --- a/server/process.c +++ b/server/process.c @@ -145,7 +145,7 @@ static const struct object_ops startup_info_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -176,7 +176,6 @@ struct type_descr job_type = static void job_dump( struct object *obj, int verbose ); static int job_signaled( struct object *obj, struct wait_queue_entry *entry ); -static unsigned int job_map_access( struct object *obj, unsigned int access ); static int job_close_handle( struct object *obj, struct process *process, obj_handle_t handle ); static void job_destroy( struct object *obj ); @@ -204,7 +203,7 @@ static const struct object_ops job_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - job_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -245,15 +244,6 @@ static struct job *get_job_obj( struct process *process, obj_handle_t handle, un return (struct job *)get_handle_obj( process, handle, access, &job_ops ); } -static unsigned int job_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE; - if (access & GENERIC_ALL) access |= JOB_OBJECT_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static void add_job_completion( struct job *job, apc_param_t msg, apc_param_t pid ) { if (job->completion_port) @@ -681,16 +671,10 @@ static int process_signaled( struct object *obj, struct wait_queue_entry *entry static unsigned int process_map_access( struct object *obj, unsigned int access ) { - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION | PROCESS_SUSPEND_RESUME | - PROCESS_VM_WRITE | PROCESS_DUP_HANDLE | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE; - if (access & GENERIC_ALL) access |= PROCESS_ALL_ACCESS; - + access = default_map_access( obj, access ); if (access & PROCESS_QUERY_INFORMATION) access |= PROCESS_QUERY_LIMITED_INFORMATION; if (access & PROCESS_SET_INFORMATION) access |= PROCESS_SET_LIMITED_INFORMATION; - - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); + return access; } static struct list *process_get_kernel_obj_list( struct object *obj ) diff --git a/server/queue.c b/server/queue.c index 954bd5d5312..ad886a3ba80 100644 --- a/server/queue.c +++ b/server/queue.c @@ -174,7 +174,7 @@ static const struct object_ops msg_queue_ops = msg_queue_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -211,7 +211,7 @@ static const struct object_ops thread_input_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/registry.c b/server/registry.c index a66e424a18b..76ef7aeb65d 100644 --- a/server/registry.c +++ b/server/registry.c @@ -352,13 +352,9 @@ static inline struct notify *find_notify( struct key *key, struct process *proce static unsigned int key_map_access( struct object *obj, unsigned int access ) { - if (access & GENERIC_READ) access |= KEY_READ; - if (access & GENERIC_WRITE) access |= KEY_WRITE; - if (access & GENERIC_EXECUTE) access |= KEY_EXECUTE; - if (access & GENERIC_ALL) access |= KEY_ALL_ACCESS; + access = default_map_access( obj, access ); /* filter the WOW64 masks, as they aren't real access bits */ - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL | - KEY_WOW64_64KEY | KEY_WOW64_32KEY); + return access & ~(KEY_WOW64_64KEY | KEY_WOW64_32KEY); } static struct security_descriptor *key_get_sd( struct object *obj ) diff --git a/server/request.c b/server/request.c index 835c869216c..29b63600f15 100644 --- a/server/request.c +++ b/server/request.c @@ -100,7 +100,7 @@ static const struct object_ops master_socket_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/semaphore.c b/server/semaphore.c index d868ab491d9..543d5883ec8 100644 --- a/server/semaphore.c +++ b/server/semaphore.c @@ -60,7 +60,6 @@ struct semaphore static void semaphore_dump( struct object *obj, int verbose ); static int semaphore_signaled( struct object *obj, struct wait_queue_entry *entry ); static void semaphore_satisfied( struct object *obj, struct wait_queue_entry *entry ); -static unsigned int semaphore_map_access( struct object *obj, unsigned int access ); static int semaphore_signal( struct object *obj, unsigned int access ); static const struct object_ops semaphore_ops = @@ -74,7 +73,7 @@ static const struct object_ops semaphore_ops = semaphore_satisfied, /* satisfied */ semaphore_signal, /* signal */ no_get_fd, /* get_fd */ - semaphore_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -155,15 +154,6 @@ static void semaphore_satisfied( struct object *obj, struct wait_queue_entry *en sem->count--; } -static unsigned int semaphore_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SEMAPHORE_QUERY_STATE; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | SEMAPHORE_MODIFY_STATE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE; - if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | SEMAPHORE_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static int semaphore_signal( struct object *obj, unsigned int access ) { struct semaphore *sem = (struct semaphore *)obj; diff --git a/server/serial.c b/server/serial.c index 68779606055..ba8402c5935 100644 --- a/server/serial.c +++ b/server/serial.c @@ -95,7 +95,7 @@ static const struct object_ops serial_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ serial_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/signal.c b/server/signal.c index 0746cfc9284..0c22c157f2b 100644 --- a/server/signal.c +++ b/server/signal.c @@ -70,7 +70,7 @@ static const struct object_ops handler_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ diff --git a/server/sock.c b/server/sock.c index a9f32556c29..5281c65e8b0 100644 --- a/server/sock.c +++ b/server/sock.c @@ -191,7 +191,7 @@ static const struct object_ops sock_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ sock_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -1536,7 +1536,7 @@ static const struct object_ops ifchange_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ ifchange_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -1756,7 +1756,7 @@ static const struct object_ops socket_device_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - default_fd_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ diff --git a/server/symlink.c b/server/symlink.c index 35dbe1dc391..3879bb685f7 100644 --- a/server/symlink.c +++ b/server/symlink.c @@ -60,7 +60,6 @@ struct symlink }; static void symlink_dump( struct object *obj, int verbose ); -static unsigned int symlink_map_access( struct object *obj, unsigned int access ); static struct object *symlink_lookup_name( struct object *obj, struct unicode_str *name, unsigned int attr, struct object *root ); static void symlink_destroy( struct object *obj ); @@ -76,7 +75,7 @@ static const struct object_ops symlink_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - symlink_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -126,15 +125,6 @@ static struct object *symlink_lookup_name( struct object *obj, struct unicode_st return target; } -static unsigned int symlink_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SYMBOLIC_LINK_QUERY; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE; - if (access & GENERIC_ALL) access |= SYMBOLIC_LINK_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static void symlink_destroy( struct object *obj ) { struct symlink *symlink = (struct symlink *)obj; diff --git a/server/thread.c b/server/thread.c index 2cfbace3be0..38bc25ae5f5 100644 --- a/server/thread.c +++ b/server/thread.c @@ -113,7 +113,7 @@ static const struct object_ops thread_apc_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -150,7 +150,7 @@ static const struct object_ops context_ops = no_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - no_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -467,16 +467,10 @@ static int thread_signaled( struct object *obj, struct wait_queue_entry *entry ) static unsigned int thread_map_access( struct object *obj, unsigned int access ) { - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | THREAD_QUERY_INFORMATION | THREAD_GET_CONTEXT; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | THREAD_SET_INFORMATION | THREAD_SET_CONTEXT | - THREAD_TERMINATE | THREAD_SUSPEND_RESUME; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE | THREAD_QUERY_LIMITED_INFORMATION; - if (access & GENERIC_ALL) access |= THREAD_ALL_ACCESS; - + access = default_map_access( obj, access ); if (access & THREAD_QUERY_INFORMATION) access |= THREAD_QUERY_LIMITED_INFORMATION; if (access & THREAD_SET_INFORMATION) access |= THREAD_SET_LIMITED_INFORMATION; - - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); + return access; } static void dump_thread_apc( struct object *obj, int verbose ) diff --git a/server/timer.c b/server/timer.c index 410cd8fd91d..49483d9ae13 100644 --- a/server/timer.c +++ b/server/timer.c @@ -67,7 +67,6 @@ struct timer static void timer_dump( struct object *obj, int verbose ); static int timer_signaled( struct object *obj, struct wait_queue_entry *entry ); static void timer_satisfied( struct object *obj, struct wait_queue_entry *entry ); -static unsigned int timer_map_access( struct object *obj, unsigned int access ); static void timer_destroy( struct object *obj ); static const struct object_ops timer_ops = @@ -81,7 +80,7 @@ static const struct object_ops timer_ops = timer_satisfied, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - timer_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -219,15 +218,6 @@ static void timer_satisfied( struct object *obj, struct wait_queue_entry *entry if (!timer->manual) timer->signaled = 0; } -static unsigned int timer_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SYNCHRONIZE | TIMER_QUERY_STATE; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | TIMER_MODIFY_STATE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE; - if (access & GENERIC_ALL) access |= TIMER_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static void timer_destroy( struct object *obj ) { struct timer *timer = (struct timer *)obj; diff --git a/server/token.c b/server/token.c index 5f23a310aa7..ec2616098c6 100644 --- a/server/token.c +++ b/server/token.c @@ -150,7 +150,6 @@ struct group }; static void token_dump( struct object *obj, int verbose ); -static unsigned int token_map_access( struct object *obj, unsigned int access ); static void token_destroy( struct object *obj ); static const struct object_ops token_ops = @@ -164,7 +163,7 @@ static const struct object_ops token_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - token_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ no_get_full_name, /* get_full_name */ @@ -185,15 +184,6 @@ static void token_dump( struct object *obj, int verbose ) token->token_id.low_part, token->primary, token->impersonation_level ); } -static unsigned int token_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= TOKEN_READ; - if (access & GENERIC_WRITE) access |= TOKEN_WRITE; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE; - if (access & GENERIC_ALL) access |= TOKEN_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static SID *security_sid_alloc( const SID_IDENTIFIER_AUTHORITY *idauthority, int subauthcount, const unsigned int subauth[] ) { int i; @@ -470,16 +460,6 @@ ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl ) return replaced_acl; } -/* maps from generic rights to specific rights as given by a mapping */ -static inline void map_generic_mask( unsigned int *mask, const generic_map_t *mapping ) -{ - if (*mask & GENERIC_READ) *mask |= mapping->read; - if (*mask & GENERIC_WRITE) *mask |= mapping->write; - if (*mask & GENERIC_EXECUTE) *mask |= mapping->exec; - if (*mask & GENERIC_ALL) *mask |= mapping->all; - *mask &= ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 ) { return (luid1->LowPart == luid2->LowPart && luid1->HighPart == luid2->HighPart); @@ -1157,8 +1137,7 @@ static unsigned int token_access_check( struct token *token, sid = (const SID *)&ad_ace->SidStart; if (token_sid_present( token, sid, TRUE )) { - unsigned int access = ad_ace->Mask; - map_generic_mask(&access, mapping); + unsigned int access = map_access( ad_ace->Mask, mapping ); if (desired_access & MAXIMUM_ALLOWED) denied_access |= access; else @@ -1173,8 +1152,7 @@ static unsigned int token_access_check( struct token *token, sid = (const SID *)&aa_ace->SidStart; if (token_sid_present( token, sid, FALSE )) { - unsigned int access = aa_ace->Mask; - map_generic_mask(&access, mapping); + unsigned int access = map_access( aa_ace->Mask, mapping ); if (desired_access & MAXIMUM_ALLOWED) current_access |= access; else diff --git a/server/winstation.c b/server/winstation.c index d60192bec53..0403825b575 100644 --- a/server/winstation.c +++ b/server/winstation.c @@ -48,12 +48,10 @@ static int winstation_close_handle( struct object *obj, struct process *process, static struct object *winstation_lookup_name( struct object *obj, struct unicode_str *name, unsigned int attr, struct object *root ); static void winstation_destroy( struct object *obj ); -static unsigned int winstation_map_access( struct object *obj, unsigned int access ); static void desktop_dump( struct object *obj, int verbose ); static int desktop_link_name( struct object *obj, struct object_name *name, struct object *parent ); static int desktop_close_handle( struct object *obj, struct process *process, obj_handle_t handle ); static void desktop_destroy( struct object *obj ); -static unsigned int desktop_map_access( struct object *obj, unsigned int access ); static const WCHAR winstation_name[] = {'W','i','n','d','o','w','S','t','a','t','i','o','n'}; @@ -80,7 +78,7 @@ static const struct object_ops winstation_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - winstation_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -120,7 +118,7 @@ static const struct object_ops desktop_ops = NULL, /* satisfied */ no_signal, /* signal */ no_get_fd, /* get_fd */ - desktop_map_access, /* map_access */ + default_map_access, /* map_access */ default_get_sd, /* get_sd */ default_set_sd, /* set_sd */ default_get_full_name, /* get_full_name */ @@ -205,17 +203,6 @@ static void winstation_destroy( struct object *obj ) free( winstation->desktop_names ); } -static unsigned int winstation_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | WINSTA_ENUMDESKTOPS | WINSTA_READATTRIBUTES | - WINSTA_ENUMERATE | WINSTA_READSCREEN; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | - WINSTA_WRITEATTRIBUTES; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS; - if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_REQUIRED | WINSTA_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - /* retrieve the process window station, checking the handle access rights */ struct winstation *get_process_winstation( struct process *process, unsigned int access ) { @@ -308,17 +295,6 @@ static void desktop_destroy( struct object *obj ) release_object( desktop->winstation ); } -static unsigned int desktop_map_access( struct object *obj, unsigned int access ) -{ - if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | DESKTOP_READOBJECTS | DESKTOP_ENUMERATE; - if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | - DESKTOP_HOOKCONTROL | DESKTOP_JOURNALRECORD | DESKTOP_JOURNALPLAYBACK | - DESKTOP_WRITEOBJECTS; - if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | DESKTOP_SWITCHDESKTOP; - if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_REQUIRED | DESKTOP_ALL_ACCESS; - return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); -} - /* retrieve the thread desktop, checking the handle access rights */ struct desktop *get_thread_desktop( struct thread *thread, unsigned int access ) {