Commit Graph

112 Commits

Author SHA1 Message Date
Alexandre Julliard f6d871eecf server: impersonation_level should be an int since we store -1 in it.
Make sure we don't check the impersonation level for primary tokens.
2008-03-26 14:38:49 +01:00
H. Verbeet 3120c0861c server: Don't drop the SE_GROUP_LOGON_ID attribute. 2008-03-18 11:15:06 +01:00
Alexandre Julliard 8382eb01b2 server: Return correct object types in the get_directory_entry request. 2007-12-05 18:16:42 +01:00
Rob Shearman f98556c119 server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes. 2007-10-30 14:18:05 +01:00
Rob Shearman e51f8490f2 server: Ignore ACEs with the INHERIT_ONLY_ACE flag set during access checks. 2007-10-26 12:46:30 +02:00
Rob Shearman dd9e392796 server: Use the security descriptor passed in when creating events. 2007-10-25 12:47:22 +02:00
Rob Shearman 12e44bf299 server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs. 2007-10-16 13:17:22 +02:00
Rob Shearman cb124c9b12 server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions. 2007-10-04 12:30:52 +02:00
Rob Shearman c1707d8938 server: Add get_sd and set_sd object operations to allow the security descriptor to be stored somewhere other than server memory, such as on disk. 2007-10-04 12:30:52 +02:00
Rob Shearman 8184bcc91a server: Add a simple mapping from Unix uids to NT SIDs. 2007-10-04 12:30:52 +02:00
Rob Shearman 45b6706a32 server: Use ACL_REVISION in create_default_dacl instead of MAX_ACL_REVISION since we don't use any features from later ACL revisions. 2007-10-03 11:16:53 +02:00
Rob Shearman 5af809abfd server: Move set_security_object to handle.c and set_object_sd to object.c.
These both don't operate on tokens so token.c is not the right place for 
them to be implemented.
2007-10-03 11:04:43 +02:00
Rob Shearman 3f431a0646 server: Add get_token_statistics server call and use it to implement the TokenStatistics and TokenType levels for NtQueryInformationToken. 2007-09-14 14:43:46 +02:00
Peter Dons Tychsen ec4d8903ef server: Added the install driver privilege to the default user. 2007-07-31 20:32:40 +02:00
Rob Shearman bdf964dce8 server: Move most of the duplicate_token request to a new function, token_duplicate, to enable the code to be used inside wineserver. 2007-05-30 11:46:32 +02:00
Rob Shearman fa074bc544 server: Add the logon SID to the default admin token's groups. 2007-05-18 14:11:44 +02:00
Alexandre Julliard 7e71c1ddee server: Add an open_file() function to the object operations. 2007-03-22 11:44:29 +01:00
Alexandre Julliard bf17ce86d4 server: Use internal luid_t type where appropriate. 2007-03-07 13:45:11 +01:00
Juan Lang c2cb296277 ntdll: Implement NtAllocateLocallyUniqueId with server call. 2007-03-07 13:45:11 +01:00
Rob Shearman 221e01abd2 server: A general solution for handling MAXIMUM_ALLOWED access right has been implemented so remove the workarounds. 2007-03-06 22:17:39 +01:00
Rob Shearman d342d1413c server: Add get_token_impersonation_level server call for retrieving the impersonation level from a token.
Add tests for GetTokenInformation(TokenImpersonationLevel).
2007-02-21 19:49:37 +01:00
Rob Shearman 6a76a0ac7a server: Check object's security when creating handles.
Don't check object's security when duplicating a handle of the same or 
lower access rights. Based on a patch by Vitaliy Margolen.
2007-02-21 19:49:02 +01:00
Rob Shearman c9b9847dce server: Track the impersonation level of tokens. 2007-02-16 13:09:55 +01:00
Rob Shearman df0d625351 server: Track IDs for tokens and modifications made to tokens. 2007-02-16 13:09:49 +01:00
Vitaliy Margolen b0e9d7e0b5 ntdll/server: Implement NtSetSecurityObject. With tests. 2007-02-15 14:19:24 +01:00
Vitaliy Margolen 6413a9c193 server: Get the primary group from the token's groups. 2007-02-13 17:47:43 +01:00
Vitaliy Margolen aa28ed0162 server: Fix typo. Should be group not owner. 2007-02-08 11:56:12 +01:00
Vitaliy Margolen 55fdda4c3e server: Prevent a crash on error while creating a token. 2007-01-25 12:52:39 +01:00
Vitaliy Margolen fad936c7c5 server: Reverse return value and status in token_access_check to be consistent. 2007-01-25 12:44:35 +01:00
Vitaliy Margolen 2cf11ef771 advapi32: Add few more tests for token access check and fix it on Wine. 2007-01-25 12:42:32 +01:00
Vitaliy Margolen 97b122c03f server: User correct user sid for the default_dacl. 2007-01-22 12:02:10 +01:00
Andrew Talbot 53dae9b7f5 server: Cast-qual warnings fix. 2006-12-18 11:40:03 +01:00
Michael Stefaniuc 5cecceccb2 server: Remove redundant NULL check before free() (found by Smatch). 2006-10-10 12:56:16 +02:00
Michael Stefaniuc a624977f21 server: Fix some comparisons between signed and unsigned. 2006-07-26 11:11:04 +02:00
Alexandre Julliard 0f273c17ff server: Added data_size_t type to represent sizes in the server protocol.
Make it an unsigned int to save some space on Win64, if we need to
transfer more than 4Gb over the server pipe something is seriously
wrong.
2006-07-26 11:11:03 +02:00
Francois Gouget 11ae0f6386 Assorted spelling fixes. 2006-06-16 11:32:29 +02:00
Jonathan Ernst 360a3f9142 Update the address of the Free Software Foundation. 2006-05-23 14:11:13 +02:00
Robert Shearman 3396a66ee7 server: Retrieve the groups for a token from the server. 2006-05-15 14:25:43 +02:00
Robert Shearman 0bf1c22cad server: Handle failure of mem_alloc in duplicate_token. 2006-04-07 13:08:33 +02:00
Robert Shearman 9e0d0563c1 server: Handle possible mem_alloc failure in create_token. 2006-04-07 13:07:54 +02:00
Robert Shearman d18711e282 server: Store the token source. 2006-03-30 12:41:23 +02:00
Alexandre Julliard 5fb2e68bb2 server: Added access rights mapping to token objects. 2005-12-12 15:01:08 +01:00
Alexandre Julliard 28beba31d6 server: Added infrastructure for access rights mapping. 2005-12-12 14:57:40 +01:00
Alexandre Julliard 24560e70bb server: Make alloc_handle use attributes instead of inherit flag. 2005-12-09 13:58:25 +01:00
Alexandre Julliard 836d07c369 server: Use attributes instead of inherit flag in token requests.
Also use the specified access rights in the open_token request.
2005-12-09 12:17:19 +01:00
Ge van Geldorp 1a1583a364 Match PSDK STATUS_* definitions. 2005-11-28 17:32:54 +01:00
Vitaliy Margolen baffcb95d3 Add name_lookup function in object_ops. 2005-11-22 14:55:42 +00:00
Robert Shearman 91eaea53ae - Change the default user SID to match what was previously returned by
NtQueryInformationToken.
- Implement TokenUser for NtQueryInformationToken.
- Add a function for getting the user's registry path from a SID.
2005-07-18 13:22:55 +00:00
Robert Shearman fbf0ea9f18 Store the default DACL in the token. 2005-07-13 19:31:27 +00:00
Robert Shearman 4bba21643c Add support for impersonating a token. 2005-06-20 13:18:38 +00:00
Robert Shearman dacc3dbfa5 Fix size used to validate the sids in aces. 2005-06-14 19:15:58 +00:00
Robert Shearman f95ef09b8e Add TokenType attribute to specify whether the token is a primary or
impersonation token.
2005-06-14 18:10:04 +00:00
Robert Shearman 3795709344 Change code style of form "if( x )" to "if (x)" for consistency. 2005-06-10 19:54:46 +00:00
Alexandre Julliard b9b1ea9c9f Added a close_handle method to the object operations, and use it to
implement registry notifications and the strange behavior of
CloseHandle on winstation/desktop handles.
2005-06-09 15:39:52 +00:00
Robert Shearman 9b82644d00 - Avoid evil signed bitfields.
- Fix bug with using wrong revision in security_sid_alloc.
- Add all builtin groups present in the Administrator token on Windows
  to the default token.
2005-06-09 09:47:28 +00:00
Robert Shearman 4ad93416a8 Implement NtAccessCheck. 2005-05-24 12:32:18 +00:00
Robert Shearman 2a782c65bd Add user attribute to token objects. 2005-05-16 17:52:46 +00:00
Michael Stefaniuc d40517cb18 Change the type of 1 bit wide bitfields to unsigned. 2005-05-09 09:26:28 +00:00
Mike McCormack f92fff66a2 Implemented NtSignalAndWaitForSingleObject. 2005-04-24 17:35:52 +00:00
Robert Shearman d2ea92d14e - Clean up well-known privileges.
- Implement checking tokens for privileges in the server.
- Implement NtPrivilegeCheck.
2005-04-22 21:17:15 +00:00
Robert Shearman b0f02b28b9 - Implement AdjustTokenPrivileges, DuplicateTokenEx and
GetTokenInformation (for the TokenPrivileges case).
- Return STATUS_NO_TOKEN for OpenThreadToken when there is no token
  set for the thread.
2005-02-11 11:52:06 +00:00
Mike McCormack 36cd6f5dbb Added a security token object in wineserver. 2003-07-24 00:07:00 +00:00