Commit Graph

84 Commits

Author SHA1 Message Date
Michael Müller a78d419420 server: Assign a default label to all tokens.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-19 09:50:32 +02:00
Michael Müller 7c08e787b1 server: Implement setting a security descriptor when duplicating tokens.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:12:24 +02:00
Michael Müller af2d01c2fa server: Implement changing the label of a security descriptor.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:08:59 +02:00
Michael Müller 2ebe679638 server: Implement querying the security label of a security descriptor.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 10:50:54 +02:00
Sebastian Lackner 0e42bce0b6 server: Fix handling of MAXIMUM_ALLOWED in token_access_check.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-02-03 19:05:10 +01:00
André Hentschel 6b85b31b00 server: Remove dead assignment (clang).
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-01-31 08:52:09 +01:00
Alexandre Julliard f55db7882d server: Add link_name and unlink_name object operations.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-02-04 21:07:19 +09:00
Alexandre Julliard 9504e2addf server: Add a helper function to validate and return object attributes.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-01-16 00:05:57 +09:00
Sebastian Lackner 25b0a4981b server: Fix assignment of primary_group in token_duplicate.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2015-12-21 18:17:03 +01:00
Hans Leidekker e0206d9f8a server: Make returning used privileges optional in token_access_check. 2015-07-17 20:19:36 +09:00
Hans Leidekker aa407a2818 server: Accept mandatory label ACEs. 2015-04-17 14:53:18 +09:00
Hans Leidekker 7dfdcf3034 server: The token user SID must be present in the default DACL. 2013-07-30 14:43:34 +02:00
Erich Hoover 04cd764d76 server: Report a default DACL for registry keys. 2013-04-23 17:20:11 +02:00
Erich Hoover 56c1a8b062 server: Report administrator ownership by default for registry objects. 2013-04-11 13:15:58 +02:00
Alexandre Julliard 62beef5a72 server: Add a helper function to compute an SID length. 2013-04-11 13:00:06 +02:00
Michael Stefaniuc 794ad90982 server: Avoid TRUE:FALSE conditional expressions. 2012-08-13 11:50:16 +02:00
Nikolay Sivov 573db9ef63 ntdll: While requesting TokenGroups calculate required user buffer size in server. 2011-08-23 16:53:54 +02:00
Nikolay Sivov 7381858e98 include: Fix definition name. 2011-08-03 14:15:48 +02:00
Hans Leidekker c65bcce589 server: Map the Unix user id to a local user SID instead of the interactive SID. 2011-03-02 12:50:59 +01:00
Ben Peddell b419df1de4 server: Include user groups in file mode calculation when user is file owner. 2009-12-11 17:47:30 +01:00
Rob Shearman bd56916f90 server: Extend get_token_user server call to also retrieve SIDs for the token's owner or primary group. 2009-11-17 15:14:54 +01:00
Hans Leidekker 24af6f3e01 server: Add requests to set and retrieve default dacl. 2009-04-21 15:40:26 +02:00
Alexandre Julliard f6d871eecf server: impersonation_level should be an int since we store -1 in it.
Make sure we don't check the impersonation level for primary tokens.
2008-03-26 14:38:49 +01:00
H. Verbeet 3120c0861c server: Don't drop the SE_GROUP_LOGON_ID attribute. 2008-03-18 11:15:06 +01:00
Alexandre Julliard 8382eb01b2 server: Return correct object types in the get_directory_entry request. 2007-12-05 18:16:42 +01:00
Rob Shearman f98556c119 server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes. 2007-10-30 14:18:05 +01:00
Rob Shearman e51f8490f2 server: Ignore ACEs with the INHERIT_ONLY_ACE flag set during access checks. 2007-10-26 12:46:30 +02:00
Rob Shearman dd9e392796 server: Use the security descriptor passed in when creating events. 2007-10-25 12:47:22 +02:00
Rob Shearman 12e44bf299 server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs. 2007-10-16 13:17:22 +02:00
Rob Shearman cb124c9b12 server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions. 2007-10-04 12:30:52 +02:00
Rob Shearman c1707d8938 server: Add get_sd and set_sd object operations to allow the security descriptor to be stored somewhere other than server memory, such as on disk. 2007-10-04 12:30:52 +02:00
Rob Shearman 8184bcc91a server: Add a simple mapping from Unix uids to NT SIDs. 2007-10-04 12:30:52 +02:00
Rob Shearman 45b6706a32 server: Use ACL_REVISION in create_default_dacl instead of MAX_ACL_REVISION since we don't use any features from later ACL revisions. 2007-10-03 11:16:53 +02:00
Rob Shearman 5af809abfd server: Move set_security_object to handle.c and set_object_sd to object.c.
These both don't operate on tokens so token.c is not the right place for 
them to be implemented.
2007-10-03 11:04:43 +02:00
Rob Shearman 3f431a0646 server: Add get_token_statistics server call and use it to implement the TokenStatistics and TokenType levels for NtQueryInformationToken. 2007-09-14 14:43:46 +02:00
Peter Dons Tychsen ec4d8903ef server: Added the install driver privilege to the default user. 2007-07-31 20:32:40 +02:00
Rob Shearman bdf964dce8 server: Move most of the duplicate_token request to a new function, token_duplicate, to enable the code to be used inside wineserver. 2007-05-30 11:46:32 +02:00
Rob Shearman fa074bc544 server: Add the logon SID to the default admin token's groups. 2007-05-18 14:11:44 +02:00
Alexandre Julliard 7e71c1ddee server: Add an open_file() function to the object operations. 2007-03-22 11:44:29 +01:00
Alexandre Julliard bf17ce86d4 server: Use internal luid_t type where appropriate. 2007-03-07 13:45:11 +01:00
Juan Lang c2cb296277 ntdll: Implement NtAllocateLocallyUniqueId with server call. 2007-03-07 13:45:11 +01:00
Rob Shearman 221e01abd2 server: A general solution for handling MAXIMUM_ALLOWED access right has been implemented so remove the workarounds. 2007-03-06 22:17:39 +01:00
Rob Shearman d342d1413c server: Add get_token_impersonation_level server call for retrieving the impersonation level from a token.
Add tests for GetTokenInformation(TokenImpersonationLevel).
2007-02-21 19:49:37 +01:00
Rob Shearman 6a76a0ac7a server: Check object's security when creating handles.
Don't check object's security when duplicating a handle of the same or 
lower access rights. Based on a patch by Vitaliy Margolen.
2007-02-21 19:49:02 +01:00
Rob Shearman c9b9847dce server: Track the impersonation level of tokens. 2007-02-16 13:09:55 +01:00
Rob Shearman df0d625351 server: Track IDs for tokens and modifications made to tokens. 2007-02-16 13:09:49 +01:00
Vitaliy Margolen b0e9d7e0b5 ntdll/server: Implement NtSetSecurityObject. With tests. 2007-02-15 14:19:24 +01:00
Vitaliy Margolen 6413a9c193 server: Get the primary group from the token's groups. 2007-02-13 17:47:43 +01:00
Vitaliy Margolen aa28ed0162 server: Fix typo. Should be group not owner. 2007-02-08 11:56:12 +01:00
Vitaliy Margolen 55fdda4c3e server: Prevent a crash on error while creating a token. 2007-01-25 12:52:39 +01:00