Commit Graph

109 Commits

Author SHA1 Message Date
Damjan Jovanovic 31e984a09d server: The owner of a securable object should have all the standard access rights.
Cygwin fork() fails in NtCreateSymbolicLinkObject(). We successfully
create the link but then fail to alloc_handle() with STATUS_ACCESS_DENIED,
because the requested access rights exceed what the owner is allowed.
Allow it more.

Thank you to Dmitry Timoshkov for debugging the security details from
alloc_handle() onwards.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=48891
Signed-off-by: Damjan Jovanovic <damjan.jov@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-06-08 22:28:44 +02:00
Alexandre Julliard 6f7b56a198 server: Merge the various token information queries.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 21:42:18 +01:00
Zebediah Figura ec9244f056 ntdll: Implement NtQueryInformationToken(TokenLinkedToken).
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 21:41:59 +01:00
Zebediah Figura c96749790b ntdll: Implement NtQueryInformationToken(TokenElevationType).
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 16:28:13 +01:00
Michael Müller f68659c6e8 server: Grant the same access rights when req->access is zero in duplicate_token.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-08 11:07:31 +01:00
Alexandre Julliard d6ef9401b3 server: Use the object type information to implement access mapping.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-05 22:53:46 +01:00
Alexandre Julliard 4d646de90d server: Add generic mapping masks for all object types.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-05 15:38:22 +01:00
Alexandre Julliard c6f2aacb57 server: Add a type descriptor to all server objects.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-04 21:25:32 +01:00
Alexandre Julliard 928a22cd02 server: Add a data type for generic access mappings.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-04 21:25:32 +01:00
Paul Gofman 9df7a2efc3 server: Add SeTcbPrivilege (SE_TCB_NAME) to the list of admin privileges.
Fixes Origin client update failure.

Signed-off-by: Paul Gofman <pgofman@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-10-14 21:33:17 +02:00
Zebediah Figura fa1b0fcf6c server: Check duplicated handle access against the calling thread token and target process token.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-24 15:22:36 +02:00
Michael Müller d0bea3d702 server: Implement support for creating a process with a specified token.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-24 15:21:43 +02:00
Michael Müller 8c5638aa5e ntdll: Implement NtFilterToken.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-23 15:58:10 +02:00
Alexandre Julliard 2e51f9aae3 server: Add an object operation to retrieve an object name.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-22 16:55:08 +02:00
Alexandre Julliard 8286b780a4 server: Don't use wine/unicode.h.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-03-24 19:43:38 +01:00
Qian Hong 1058647e14 server: Create primary group using DOMAIN_GROUP_RID_USERS.
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-05-01 11:15:29 +02:00
Erich E. Hoover e11e8705eb server: Add default security descriptor ownership for processes.
Signed-off-by: Erich E. Hoover <erich.e.hoover@gmail.com>
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-04-24 21:57:48 +02:00
Michael Müller f926811e0d server: Correctly validate SID length in sd_is_valid.
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-04-03 20:34:36 +02:00
Jacek Caban b2a546c92d server: Introduce kernel_object struct for generic association between server and kernel objects.
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-03-26 13:55:15 +01:00
Jacek Caban c55c4ab88c server: Support token object type.
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-02-22 14:27:22 +01:00
Michael Stefaniuc 9e365e4ecc server: Use the ARRAY_SIZE() macro.
Signed-off-by: Michael Stefaniuc <mstefani@winehq.org>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-10-23 13:56:55 +02:00
Hans Leidekker fc3057c4f3 server: Store the token owner separately.
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-05-02 16:05:32 +02:00
Hans Leidekker 14191f2dd0 server: Dump token details.
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-05-02 16:05:30 +02:00
Alexandre Julliard 6b758dd1dc server: Add a macro to define SIDs.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-02-07 19:38:29 +01:00
Alistair Leslie-Hughes 4bbbc261d1 ntdll: Support TokenLogonSid in NtQueryInformationToken.
Based on a patch by Andrew Wesie.

Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-02-07 19:38:29 +01:00
Michael Müller a78d419420 server: Assign a default label to all tokens.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-19 09:50:32 +02:00
Michael Müller 7c08e787b1 server: Implement setting a security descriptor when duplicating tokens.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:12:24 +02:00
Michael Müller af2d01c2fa server: Implement changing the label of a security descriptor.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:08:59 +02:00
Michael Müller 2ebe679638 server: Implement querying the security label of a security descriptor.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 10:50:54 +02:00
Sebastian Lackner 0e42bce0b6 server: Fix handling of MAXIMUM_ALLOWED in token_access_check.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-02-03 19:05:10 +01:00
André Hentschel 6b85b31b00 server: Remove dead assignment (clang).
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-01-31 08:52:09 +01:00
Alexandre Julliard f55db7882d server: Add link_name and unlink_name object operations.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-02-04 21:07:19 +09:00
Alexandre Julliard 9504e2addf server: Add a helper function to validate and return object attributes.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-01-16 00:05:57 +09:00
Sebastian Lackner 25b0a4981b server: Fix assignment of primary_group in token_duplicate.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2015-12-21 18:17:03 +01:00
Hans Leidekker e0206d9f8a server: Make returning used privileges optional in token_access_check. 2015-07-17 20:19:36 +09:00
Hans Leidekker aa407a2818 server: Accept mandatory label ACEs. 2015-04-17 14:53:18 +09:00
Hans Leidekker 7dfdcf3034 server: The token user SID must be present in the default DACL. 2013-07-30 14:43:34 +02:00
Erich Hoover 04cd764d76 server: Report a default DACL for registry keys. 2013-04-23 17:20:11 +02:00
Erich Hoover 56c1a8b062 server: Report administrator ownership by default for registry objects. 2013-04-11 13:15:58 +02:00
Alexandre Julliard 62beef5a72 server: Add a helper function to compute an SID length. 2013-04-11 13:00:06 +02:00
Michael Stefaniuc 794ad90982 server: Avoid TRUE:FALSE conditional expressions. 2012-08-13 11:50:16 +02:00
Nikolay Sivov 573db9ef63 ntdll: While requesting TokenGroups calculate required user buffer size in server. 2011-08-23 16:53:54 +02:00
Nikolay Sivov 7381858e98 include: Fix definition name. 2011-08-03 14:15:48 +02:00
Hans Leidekker c65bcce589 server: Map the Unix user id to a local user SID instead of the interactive SID. 2011-03-02 12:50:59 +01:00
Ben Peddell b419df1de4 server: Include user groups in file mode calculation when user is file owner. 2009-12-11 17:47:30 +01:00
Rob Shearman bd56916f90 server: Extend get_token_user server call to also retrieve SIDs for the token's owner or primary group. 2009-11-17 15:14:54 +01:00
Hans Leidekker 24af6f3e01 server: Add requests to set and retrieve default dacl. 2009-04-21 15:40:26 +02:00
Alexandre Julliard f6d871eecf server: impersonation_level should be an int since we store -1 in it.
Make sure we don't check the impersonation level for primary tokens.
2008-03-26 14:38:49 +01:00
H. Verbeet 3120c0861c server: Don't drop the SE_GROUP_LOGON_ID attribute. 2008-03-18 11:15:06 +01:00
Alexandre Julliard 8382eb01b2 server: Return correct object types in the get_directory_entry request. 2007-12-05 18:16:42 +01:00