Commit Graph

102 Commits

Author SHA1 Message Date
Alexandre Julliard c6f2aacb57 server: Add a type descriptor to all server objects.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-04 21:25:32 +01:00
Alexandre Julliard 928a22cd02 server: Add a data type for generic access mappings.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-04 21:25:32 +01:00
Paul Gofman 9df7a2efc3 server: Add SeTcbPrivilege (SE_TCB_NAME) to the list of admin privileges.
Fixes Origin client update failure.

Signed-off-by: Paul Gofman <pgofman@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-10-14 21:33:17 +02:00
Zebediah Figura fa1b0fcf6c server: Check duplicated handle access against the calling thread token and target process token.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-24 15:22:36 +02:00
Michael Müller d0bea3d702 server: Implement support for creating a process with a specified token.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-24 15:21:43 +02:00
Michael Müller 8c5638aa5e ntdll: Implement NtFilterToken.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-23 15:58:10 +02:00
Alexandre Julliard 2e51f9aae3 server: Add an object operation to retrieve an object name.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-22 16:55:08 +02:00
Alexandre Julliard 8286b780a4 server: Don't use wine/unicode.h.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-03-24 19:43:38 +01:00
Qian Hong 1058647e14 server: Create primary group using DOMAIN_GROUP_RID_USERS.
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-05-01 11:15:29 +02:00
Erich E. Hoover e11e8705eb server: Add default security descriptor ownership for processes.
Signed-off-by: Erich E. Hoover <erich.e.hoover@gmail.com>
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-04-24 21:57:48 +02:00
Michael Müller f926811e0d server: Correctly validate SID length in sd_is_valid.
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-04-03 20:34:36 +02:00
Jacek Caban b2a546c92d server: Introduce kernel_object struct for generic association between server and kernel objects.
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-03-26 13:55:15 +01:00
Jacek Caban c55c4ab88c server: Support token object type.
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-02-22 14:27:22 +01:00
Michael Stefaniuc 9e365e4ecc server: Use the ARRAY_SIZE() macro.
Signed-off-by: Michael Stefaniuc <mstefani@winehq.org>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-10-23 13:56:55 +02:00
Hans Leidekker fc3057c4f3 server: Store the token owner separately.
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-05-02 16:05:32 +02:00
Hans Leidekker 14191f2dd0 server: Dump token details.
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-05-02 16:05:30 +02:00
Alexandre Julliard 6b758dd1dc server: Add a macro to define SIDs.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-02-07 19:38:29 +01:00
Alistair Leslie-Hughes 4bbbc261d1 ntdll: Support TokenLogonSid in NtQueryInformationToken.
Based on a patch by Andrew Wesie.

Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-02-07 19:38:29 +01:00
Michael Müller a78d419420 server: Assign a default label to all tokens.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-19 09:50:32 +02:00
Michael Müller 7c08e787b1 server: Implement setting a security descriptor when duplicating tokens.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:12:24 +02:00
Michael Müller af2d01c2fa server: Implement changing the label of a security descriptor.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:08:59 +02:00
Michael Müller 2ebe679638 server: Implement querying the security label of a security descriptor.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 10:50:54 +02:00
Sebastian Lackner 0e42bce0b6 server: Fix handling of MAXIMUM_ALLOWED in token_access_check.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-02-03 19:05:10 +01:00
André Hentschel 6b85b31b00 server: Remove dead assignment (clang).
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-01-31 08:52:09 +01:00
Alexandre Julliard f55db7882d server: Add link_name and unlink_name object operations.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-02-04 21:07:19 +09:00
Alexandre Julliard 9504e2addf server: Add a helper function to validate and return object attributes.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-01-16 00:05:57 +09:00
Sebastian Lackner 25b0a4981b server: Fix assignment of primary_group in token_duplicate.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2015-12-21 18:17:03 +01:00
Hans Leidekker e0206d9f8a server: Make returning used privileges optional in token_access_check. 2015-07-17 20:19:36 +09:00
Hans Leidekker aa407a2818 server: Accept mandatory label ACEs. 2015-04-17 14:53:18 +09:00
Hans Leidekker 7dfdcf3034 server: The token user SID must be present in the default DACL. 2013-07-30 14:43:34 +02:00
Erich Hoover 04cd764d76 server: Report a default DACL for registry keys. 2013-04-23 17:20:11 +02:00
Erich Hoover 56c1a8b062 server: Report administrator ownership by default for registry objects. 2013-04-11 13:15:58 +02:00
Alexandre Julliard 62beef5a72 server: Add a helper function to compute an SID length. 2013-04-11 13:00:06 +02:00
Michael Stefaniuc 794ad90982 server: Avoid TRUE:FALSE conditional expressions. 2012-08-13 11:50:16 +02:00
Nikolay Sivov 573db9ef63 ntdll: While requesting TokenGroups calculate required user buffer size in server. 2011-08-23 16:53:54 +02:00
Nikolay Sivov 7381858e98 include: Fix definition name. 2011-08-03 14:15:48 +02:00
Hans Leidekker c65bcce589 server: Map the Unix user id to a local user SID instead of the interactive SID. 2011-03-02 12:50:59 +01:00
Ben Peddell b419df1de4 server: Include user groups in file mode calculation when user is file owner. 2009-12-11 17:47:30 +01:00
Rob Shearman bd56916f90 server: Extend get_token_user server call to also retrieve SIDs for the token's owner or primary group. 2009-11-17 15:14:54 +01:00
Hans Leidekker 24af6f3e01 server: Add requests to set and retrieve default dacl. 2009-04-21 15:40:26 +02:00
Alexandre Julliard f6d871eecf server: impersonation_level should be an int since we store -1 in it.
Make sure we don't check the impersonation level for primary tokens.
2008-03-26 14:38:49 +01:00
H. Verbeet 3120c0861c server: Don't drop the SE_GROUP_LOGON_ID attribute. 2008-03-18 11:15:06 +01:00
Alexandre Julliard 8382eb01b2 server: Return correct object types in the get_directory_entry request. 2007-12-05 18:16:42 +01:00
Rob Shearman f98556c119 server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes. 2007-10-30 14:18:05 +01:00
Rob Shearman e51f8490f2 server: Ignore ACEs with the INHERIT_ONLY_ACE flag set during access checks. 2007-10-26 12:46:30 +02:00
Rob Shearman dd9e392796 server: Use the security descriptor passed in when creating events. 2007-10-25 12:47:22 +02:00
Rob Shearman 12e44bf299 server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs. 2007-10-16 13:17:22 +02:00
Rob Shearman cb124c9b12 server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions. 2007-10-04 12:30:52 +02:00
Rob Shearman c1707d8938 server: Add get_sd and set_sd object operations to allow the security descriptor to be stored somewhere other than server memory, such as on disk. 2007-10-04 12:30:52 +02:00
Rob Shearman 8184bcc91a server: Add a simple mapping from Unix uids to NT SIDs. 2007-10-04 12:30:52 +02:00