Damjan Jovanovic
31e984a09d
server: The owner of a securable object should have all the standard access rights.
...
Cygwin fork() fails in NtCreateSymbolicLinkObject(). We successfully
create the link but then fail to alloc_handle() with STATUS_ACCESS_DENIED,
because the requested access rights exceed what the owner is allowed.
Allow it more.
Thank you to Dmitry Timoshkov for debugging the security details from
alloc_handle() onwards.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=48891
Signed-off-by: Damjan Jovanovic <damjan.jov@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-06-08 22:28:44 +02:00
Alexandre Julliard
6f7b56a198
server: Merge the various token information queries.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 21:42:18 +01:00
Zebediah Figura
ec9244f056
ntdll: Implement NtQueryInformationToken(TokenLinkedToken).
...
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 21:41:59 +01:00
Zebediah Figura
c96749790b
ntdll: Implement NtQueryInformationToken(TokenElevationType).
...
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 16:28:13 +01:00
Michael Müller
f68659c6e8
server: Grant the same access rights when req->access is zero in duplicate_token.
...
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-08 11:07:31 +01:00
Alexandre Julliard
d6ef9401b3
server: Use the object type information to implement access mapping.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-05 22:53:46 +01:00
Alexandre Julliard
4d646de90d
server: Add generic mapping masks for all object types.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-05 15:38:22 +01:00
Alexandre Julliard
c6f2aacb57
server: Add a type descriptor to all server objects.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-04 21:25:32 +01:00
Alexandre Julliard
928a22cd02
server: Add a data type for generic access mappings.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-04 21:25:32 +01:00
Paul Gofman
9df7a2efc3
server: Add SeTcbPrivilege (SE_TCB_NAME) to the list of admin privileges.
...
Fixes Origin client update failure.
Signed-off-by: Paul Gofman <pgofman@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-10-14 21:33:17 +02:00
Zebediah Figura
fa1b0fcf6c
server: Check duplicated handle access against the calling thread token and target process token.
...
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-24 15:22:36 +02:00
Michael Müller
d0bea3d702
server: Implement support for creating a process with a specified token.
...
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-24 15:21:43 +02:00
Michael Müller
8c5638aa5e
ntdll: Implement NtFilterToken.
...
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-23 15:58:10 +02:00
Alexandre Julliard
2e51f9aae3
server: Add an object operation to retrieve an object name.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-22 16:55:08 +02:00
Alexandre Julliard
8286b780a4
server: Don't use wine/unicode.h.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-03-24 19:43:38 +01:00
Qian Hong
1058647e14
server: Create primary group using DOMAIN_GROUP_RID_USERS.
...
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-05-01 11:15:29 +02:00
Erich E. Hoover
e11e8705eb
server: Add default security descriptor ownership for processes.
...
Signed-off-by: Erich E. Hoover <erich.e.hoover@gmail.com>
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-04-24 21:57:48 +02:00
Michael Müller
f926811e0d
server: Correctly validate SID length in sd_is_valid.
...
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-04-03 20:34:36 +02:00
Jacek Caban
b2a546c92d
server: Introduce kernel_object struct for generic association between server and kernel objects.
...
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-03-26 13:55:15 +01:00
Jacek Caban
c55c4ab88c
server: Support token object type.
...
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-02-22 14:27:22 +01:00
Michael Stefaniuc
9e365e4ecc
server: Use the ARRAY_SIZE() macro.
...
Signed-off-by: Michael Stefaniuc <mstefani@winehq.org>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-10-23 13:56:55 +02:00
Hans Leidekker
fc3057c4f3
server: Store the token owner separately.
...
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-05-02 16:05:32 +02:00
Hans Leidekker
14191f2dd0
server: Dump token details.
...
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-05-02 16:05:30 +02:00
Alexandre Julliard
6b758dd1dc
server: Add a macro to define SIDs.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-02-07 19:38:29 +01:00
Alistair Leslie-Hughes
4bbbc261d1
ntdll: Support TokenLogonSid in NtQueryInformationToken.
...
Based on a patch by Andrew Wesie.
Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-02-07 19:38:29 +01:00
Michael Müller
a78d419420
server: Assign a default label to all tokens.
...
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-19 09:50:32 +02:00
Michael Müller
7c08e787b1
server: Implement setting a security descriptor when duplicating tokens.
...
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:12:24 +02:00
Michael Müller
af2d01c2fa
server: Implement changing the label of a security descriptor.
...
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:08:59 +02:00
Michael Müller
2ebe679638
server: Implement querying the security label of a security descriptor.
...
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 10:50:54 +02:00
Sebastian Lackner
0e42bce0b6
server: Fix handling of MAXIMUM_ALLOWED in token_access_check.
...
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-02-03 19:05:10 +01:00
André Hentschel
6b85b31b00
server: Remove dead assignment (clang).
...
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-01-31 08:52:09 +01:00
Alexandre Julliard
f55db7882d
server: Add link_name and unlink_name object operations.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-02-04 21:07:19 +09:00
Alexandre Julliard
9504e2addf
server: Add a helper function to validate and return object attributes.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-01-16 00:05:57 +09:00
Sebastian Lackner
25b0a4981b
server: Fix assignment of primary_group in token_duplicate.
...
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2015-12-21 18:17:03 +01:00
Hans Leidekker
e0206d9f8a
server: Make returning used privileges optional in token_access_check.
2015-07-17 20:19:36 +09:00
Hans Leidekker
aa407a2818
server: Accept mandatory label ACEs.
2015-04-17 14:53:18 +09:00
Hans Leidekker
7dfdcf3034
server: The token user SID must be present in the default DACL.
2013-07-30 14:43:34 +02:00
Erich Hoover
04cd764d76
server: Report a default DACL for registry keys.
2013-04-23 17:20:11 +02:00
Erich Hoover
56c1a8b062
server: Report administrator ownership by default for registry objects.
2013-04-11 13:15:58 +02:00
Alexandre Julliard
62beef5a72
server: Add a helper function to compute an SID length.
2013-04-11 13:00:06 +02:00
Michael Stefaniuc
794ad90982
server: Avoid TRUE:FALSE conditional expressions.
2012-08-13 11:50:16 +02:00
Nikolay Sivov
573db9ef63
ntdll: While requesting TokenGroups calculate required user buffer size in server.
2011-08-23 16:53:54 +02:00
Nikolay Sivov
7381858e98
include: Fix definition name.
2011-08-03 14:15:48 +02:00
Hans Leidekker
c65bcce589
server: Map the Unix user id to a local user SID instead of the interactive SID.
2011-03-02 12:50:59 +01:00
Ben Peddell
b419df1de4
server: Include user groups in file mode calculation when user is file owner.
2009-12-11 17:47:30 +01:00
Rob Shearman
bd56916f90
server: Extend get_token_user server call to also retrieve SIDs for the token's owner or primary group.
2009-11-17 15:14:54 +01:00
Hans Leidekker
24af6f3e01
server: Add requests to set and retrieve default dacl.
2009-04-21 15:40:26 +02:00
Alexandre Julliard
f6d871eecf
server: impersonation_level should be an int since we store -1 in it.
...
Make sure we don't check the impersonation level for primary tokens.
2008-03-26 14:38:49 +01:00
H. Verbeet
3120c0861c
server: Don't drop the SE_GROUP_LOGON_ID attribute.
2008-03-18 11:15:06 +01:00
Alexandre Julliard
8382eb01b2
server: Return correct object types in the get_directory_entry request.
2007-12-05 18:16:42 +01:00