Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
7d732267
Commit
7d732267
authored
Jan 25, 2022
by
Alexandre Julliard
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
server: Define a server-side structure for LUID_AND_ATTRIBUTES.
Signed-off-by:
Alexandre Julliard
<
julliard@winehq.org
>
parent
83064d15
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
153 additions
and
162 deletions
+153
-162
server_protocol.h
include/wine/server_protocol.h
+19
-13
protocol.def
server/protocol.def
+18
-12
registry.c
server/registry.c
+3
-3
request.h
server/request.h
+1
-1
security.h
server/security.h
+25
-25
token.c
server/token.c
+75
-95
trace.c
server/trace.c
+11
-12
make_requests
tools/make_requests
+1
-1
No files found.
include/wine/server_protocol.h
View file @
7d732267
...
...
@@ -364,11 +364,17 @@ struct filesystem_event
char
name
[
1
];
};
typedef
struct
struct
luid
{
unsigned
int
low_part
;
int
high_part
;
}
luid_t
;
};
struct
luid_attr
{
struct
luid
luid
;
unsigned
int
attrs
;
};
typedef
struct
{
...
...
@@ -4331,13 +4337,13 @@ struct adjust_token_privileges_request
obj_handle_t
handle
;
int
disable_all
;
int
get_modified_state
;
/* VARARG(privileges,
LUID_AND_ATTRIBUTES
); */
/* VARARG(privileges,
luid_attr
); */
};
struct
adjust_token_privileges_reply
{
struct
reply_header
__header
;
unsigned
int
len
;
/* VARARG(privileges,
LUID_AND_ATTRIBUTES
); */
/* VARARG(privileges,
luid_attr
); */
char
__pad_12
[
4
];
};
...
...
@@ -4351,7 +4357,7 @@ struct get_token_privileges_reply
{
struct
reply_header
__header
;
unsigned
int
len
;
/* VARARG(privileges,
LUID_AND_ATTRIBUTES
); */
/* VARARG(privileges,
luid_attr
); */
char
__pad_12
[
4
];
};
...
...
@@ -4361,14 +4367,14 @@ struct check_token_privileges_request
struct
request_header
__header
;
obj_handle_t
handle
;
int
all_required
;
/* VARARG(privileges,
LUID_AND_ATTRIBUTES
); */
/* VARARG(privileges,
luid_attr
); */
char
__pad_20
[
4
];
};
struct
check_token_privileges_reply
{
struct
reply_header
__header
;
int
has_privileges
;
/* VARARG(privileges,
LUID_AND_ATTRIBUTES
); */
/* VARARG(privileges,
luid_attr
); */
char
__pad_12
[
4
];
};
...
...
@@ -4395,7 +4401,7 @@ struct filter_token_request
obj_handle_t
handle
;
unsigned
int
flags
;
data_size_t
privileges_size
;
/* VARARG(privileges,
LUID_AND_ATTRIBUTES
,privileges_size); */
/* VARARG(privileges,
luid_attr
,privileges_size); */
/* VARARG(disable_sids,SID); */
};
struct
filter_token_reply
...
...
@@ -4420,7 +4426,7 @@ struct access_check_reply
unsigned
int
access_granted
;
unsigned
int
access_status
;
unsigned
int
privileges_len
;
/* VARARG(privileges,
LUID_AND_ATTRIBUTES
); */
/* VARARG(privileges,
luid_attr
); */
char
__pad_20
[
4
];
};
...
...
@@ -4732,7 +4738,7 @@ struct allocate_locally_unique_id_request
struct
allocate_locally_unique_id_reply
{
struct
reply_header
__header
;
luid_t
luid
;
struct
luid
luid
;
};
...
...
@@ -4904,8 +4910,8 @@ struct get_token_info_request
struct
get_token_info_reply
{
struct
reply_header
__header
;
luid_t
token_id
;
luid_t
modified_id
;
struct
luid
token_id
;
struct
luid
modified_id
;
unsigned
int
session_id
;
int
primary
;
int
impersonation_level
;
...
...
@@ -6246,7 +6252,7 @@ union generic_reply
/* ### protocol_version begin ### */
#define SERVER_PROTOCOL_VERSION 7
39
#define SERVER_PROTOCOL_VERSION 7
40
/* ### protocol_version end ### */
...
...
server/protocol.def
View file @
7d732267
...
...
@@ -380,11 +380,17 @@ struct filesystem_event
char name[1];
};
typedef struct
struct luid
{
unsigned int low_part;
int high_part;
} luid_t;
};
struct luid_attr
{
struct luid luid;
unsigned int attrs;
};
typedef struct
{
...
...
@@ -3084,10 +3090,10 @@ enum caret_state
obj_handle_t handle; /* handle to the token */
int disable_all; /* disable all privileges? */
int get_modified_state; /* get modified privileges? */
VARARG(privileges,
LUID_AND_ATTRIBUTES
); /* privileges to enable/disable/remove */
VARARG(privileges,
luid_attr
); /* privileges to enable/disable/remove */
@REPLY
unsigned int len; /* total length in bytes required to store token privileges */
VARARG(privileges,
LUID_AND_ATTRIBUTES
); /* modified privileges */
VARARG(privileges,
luid_attr
); /* modified privileges */
@END
/* Retrieves the set of privileges held by or available to a token */
...
...
@@ -3095,17 +3101,17 @@ enum caret_state
obj_handle_t handle; /* handle to the token */
@REPLY
unsigned int len; /* total length in bytes required to store token privileges */
VARARG(privileges,
LUID_AND_ATTRIBUTES
); /* privileges held by or available to a token */
VARARG(privileges,
luid_attr
); /* privileges held by or available to a token */
@END
/* Check the token has the required privileges */
@REQ(check_token_privileges)
obj_handle_t handle; /* handle to the token */
int all_required; /* are all the privileges required for the check to succeed? */
VARARG(privileges,
LUID_AND_ATTRIBUTES
); /* privileges to check */
VARARG(privileges,
luid_attr
); /* privileges to check */
@REPLY
int has_privileges; /* does the token have the required privileges? */
VARARG(privileges,
LUID_AND_ATTRIBUTES
); /* privileges held by or available to a token */
VARARG(privileges,
luid_attr
); /* privileges held by or available to a token */
@END
@REQ(duplicate_token)
...
...
@@ -3122,7 +3128,7 @@ enum caret_state
obj_handle_t handle; /* handle to the token to duplicate */
unsigned int flags; /* flags */
data_size_t privileges_size; /* size of privileges */
VARARG(privileges,
LUID_AND_ATTRIBUTES
,privileges_size); /* privileges to remove from new token */
VARARG(privileges,
luid_attr
,privileges_size); /* privileges to remove from new token */
VARARG(disable_sids,SID); /* array of groups to remove from new token */
@REPLY
obj_handle_t new_handle; /* filtered handle */
...
...
@@ -3137,7 +3143,7 @@ enum caret_state
unsigned int access_granted; /* access rights actually granted */
unsigned int access_status; /* was access granted? */
unsigned int privileges_len; /* length needed to store privileges */
VARARG(privileges,
LUID_AND_ATTRIBUTES
); /* privileges used during access check */
VARARG(privileges,
luid_attr
); /* privileges used during access check */
@END
@REQ(get_token_sid)
...
...
@@ -3321,7 +3327,7 @@ struct handle_info
/* Allocate a locally-unique identifier */
@REQ(allocate_locally_unique_id)
@REPLY
luid_t
luid;
struct luid
luid;
@END
...
...
@@ -3423,8 +3429,8 @@ struct handle_info
@REQ(get_token_info)
obj_handle_t handle; /* handle to the object */
@REPLY
luid_t
token_id; /* locally-unique identifier of the token */
luid_t
modified_id; /* locally-unique identifier of the modified version of the token */
struct luid
token_id; /* locally-unique identifier of the token */
struct luid
modified_id; /* locally-unique identifier of the modified version of the token */
unsigned int session_id; /* token session id */
int primary; /* is the token primary or impersonation? */
int impersonation_level; /* level of impersonation */
...
...
server/registry.c
View file @
7d732267
...
...
@@ -2303,7 +2303,7 @@ DECL_HANDLER(load_registry)
if
(
!
objattr
)
return
;
if
(
!
thread_single_check_privilege
(
current
,
&
SeRestorePrivilege
))
if
(
!
thread_single_check_privilege
(
current
,
SeRestorePrivilege
))
{
set_error
(
STATUS_PRIVILEGE_NOT_HELD
);
return
;
...
...
@@ -2334,7 +2334,7 @@ DECL_HANDLER(unload_registry)
struct
unicode_str
name
;
unsigned
int
access
=
0
;
if
(
!
thread_single_check_privilege
(
current
,
&
SeRestorePrivilege
))
if
(
!
thread_single_check_privilege
(
current
,
SeRestorePrivilege
))
{
set_error
(
STATUS_PRIVILEGE_NOT_HELD
);
return
;
...
...
@@ -2362,7 +2362,7 @@ DECL_HANDLER(save_registry)
{
struct
key
*
key
;
if
(
!
thread_single_check_privilege
(
current
,
&
SeBackupPrivilege
))
if
(
!
thread_single_check_privilege
(
current
,
SeBackupPrivilege
))
{
set_error
(
STATUS_PRIVILEGE_NOT_HELD
);
return
;
...
...
server/request.h
View file @
7d732267
...
...
@@ -692,13 +692,13 @@ C_ASSERT( sizeof(int) == 4 );
C_ASSERT
(
sizeof
(
ioctl_code_t
)
==
4
);
C_ASSERT
(
sizeof
(
irp_params_t
)
==
32
);
C_ASSERT
(
sizeof
(
lparam_t
)
==
8
);
C_ASSERT
(
sizeof
(
luid_t
)
==
8
);
C_ASSERT
(
sizeof
(
mem_size_t
)
==
8
);
C_ASSERT
(
sizeof
(
mod_handle_t
)
==
8
);
C_ASSERT
(
sizeof
(
obj_handle_t
)
==
4
);
C_ASSERT
(
sizeof
(
process_id_t
)
==
4
);
C_ASSERT
(
sizeof
(
rectangle_t
)
==
16
);
C_ASSERT
(
sizeof
(
short
int
)
==
2
);
C_ASSERT
(
sizeof
(
struct
luid
)
==
8
);
C_ASSERT
(
sizeof
(
thread_id_t
)
==
4
);
C_ASSERT
(
sizeof
(
timeout_t
)
==
8
);
C_ASSERT
(
sizeof
(
unsigned
char
)
==
1
);
...
...
server/security.h
View file @
7d732267
...
...
@@ -23,26 +23,26 @@
#include <sys/types.h>
extern
const
LUID
SeIncreaseQuotaPrivilege
;
extern
const
LUID
SeSecurityPrivilege
;
extern
const
LUID
SeTakeOwnershipPrivilege
;
extern
const
LUID
SeLoadDriverPrivilege
;
extern
const
LUID
SeSystemProfilePrivilege
;
extern
const
LUID
SeSystemtimePrivilege
;
extern
const
LUID
SeProfileSingleProcessPrivilege
;
extern
const
LUID
SeIncreaseBasePriorityPrivilege
;
extern
const
LUID
SeCreatePagefilePrivilege
;
extern
const
LUID
SeBackupPrivilege
;
extern
const
LUID
SeRestorePrivilege
;
extern
const
LUID
SeShutdownPrivilege
;
extern
const
LUID
SeDebugPrivilege
;
extern
const
LUID
SeSystemEnvironmentPrivilege
;
extern
const
LUID
SeChangeNotifyPrivilege
;
extern
const
LUID
SeRemoteShutdownPrivilege
;
extern
const
LUID
SeUndockPrivilege
;
extern
const
LUID
SeManageVolumePrivilege
;
extern
const
LUID
SeImpersonatePrivilege
;
extern
const
LUID
SeCreateGlobalPrivilege
;
extern
const
struct
luid
SeIncreaseQuotaPrivilege
;
extern
const
struct
luid
SeSecurityPrivilege
;
extern
const
struct
luid
SeTakeOwnershipPrivilege
;
extern
const
struct
luid
SeLoadDriverPrivilege
;
extern
const
struct
luid
SeSystemProfilePrivilege
;
extern
const
struct
luid
SeSystemtimePrivilege
;
extern
const
struct
luid
SeProfileSingleProcessPrivilege
;
extern
const
struct
luid
SeIncreaseBasePriorityPrivilege
;
extern
const
struct
luid
SeCreatePagefilePrivilege
;
extern
const
struct
luid
SeBackupPrivilege
;
extern
const
struct
luid
SeRestorePrivilege
;
extern
const
struct
luid
SeShutdownPrivilege
;
extern
const
struct
luid
SeDebugPrivilege
;
extern
const
struct
luid
SeSystemEnvironmentPrivilege
;
extern
const
struct
luid
SeChangeNotifyPrivilege
;
extern
const
struct
luid
SeRemoteShutdownPrivilege
;
extern
const
struct
luid
SeUndockPrivilege
;
extern
const
struct
luid
SeManageVolumePrivilege
;
extern
const
struct
luid
SeImpersonatePrivilege
;
extern
const
struct
luid
SeCreateGlobalPrivilege
;
extern
const
PSID
security_world_sid
;
extern
const
PSID
security_local_user_sid
;
...
...
@@ -60,11 +60,11 @@ extern struct token *token_create_admin( unsigned primary, int impersonation_lev
extern
int
token_assign_label
(
struct
token
*
token
,
PSID
label
);
extern
struct
token
*
token_duplicate
(
struct
token
*
src_token
,
unsigned
primary
,
int
impersonation_level
,
const
struct
security_descriptor
*
sd
,
const
LUID_AND_ATTRIBUTES
*
remove_privs
,
unsigned
int
remove_priv_count
,
const
struct
luid_attr
*
remove_privs
,
unsigned
int
remove_priv_count
,
const
SID
*
remove_groups
,
unsigned
int
remove_group_count
);
extern
int
token_check_privileges
(
struct
token
*
token
,
int
all_required
,
const
LUID_AND_ATTRIBUTES
*
reqprivs
,
unsigned
int
count
,
LUID_AND_ATTRIBUTES
*
usedprivs
);
const
struct
luid_attr
*
reqprivs
,
unsigned
int
count
,
struct
luid_attr
*
usedprivs
);
extern
const
ACL
*
token_get_default_dacl
(
struct
token
*
token
);
extern
const
SID
*
token_get_user
(
struct
token
*
token
);
extern
const
SID
*
token_get_primary_group
(
struct
token
*
token
);
...
...
@@ -91,10 +91,10 @@ extern void security_set_thread_token( struct thread *thread, obj_handle_t handl
extern
const
SID
*
security_unix_uid_to_sid
(
uid_t
uid
);
extern
int
check_object_access
(
struct
token
*
token
,
struct
object
*
obj
,
unsigned
int
*
access
);
static
inline
int
thread_single_check_privilege
(
struct
thread
*
thread
,
const
LUID
*
priv
)
static
inline
int
thread_single_check_privilege
(
struct
thread
*
thread
,
struct
luid
priv
)
{
struct
token
*
token
=
thread_get_impersonation_token
(
thread
);
const
LUID_AND_ATTRIBUTES
privs
=
{
*
priv
,
0
};
const
struct
luid_attr
privs
=
{
priv
,
0
};
if
(
!
token
)
return
FALSE
;
...
...
server/token.c
View file @
7d732267
...
...
@@ -42,27 +42,27 @@
#define MAX_SUBAUTH_COUNT 1
const
LUID
SeIncreaseQuotaPrivilege
=
{
5
,
0
};
const
LUID
SeTcbPrivilege
=
{
7
,
0
};
const
LUID
SeSecurityPrivilege
=
{
8
,
0
};
const
LUID
SeTakeOwnershipPrivilege
=
{
9
,
0
};
const
LUID
SeLoadDriverPrivilege
=
{
10
,
0
};
const
LUID
SeSystemProfilePrivilege
=
{
11
,
0
};
const
LUID
SeSystemtimePrivilege
=
{
12
,
0
};
const
LUID
SeProfileSingleProcessPrivilege
=
{
13
,
0
};
const
LUID
SeIncreaseBasePriorityPrivilege
=
{
14
,
0
};
const
LUID
SeCreatePagefilePrivilege
=
{
15
,
0
};
const
LUID
SeBackupPrivilege
=
{
17
,
0
};
const
LUID
SeRestorePrivilege
=
{
18
,
0
};
const
LUID
SeShutdownPrivilege
=
{
19
,
0
};
const
LUID
SeDebugPrivilege
=
{
20
,
0
};
const
LUID
SeSystemEnvironmentPrivilege
=
{
22
,
0
};
const
LUID
SeChangeNotifyPrivilege
=
{
23
,
0
};
const
LUID
SeRemoteShutdownPrivilege
=
{
24
,
0
};
const
LUID
SeUndockPrivilege
=
{
25
,
0
};
const
LUID
SeManageVolumePrivilege
=
{
28
,
0
};
const
LUID
SeImpersonatePrivilege
=
{
29
,
0
};
const
LUID
SeCreateGlobalPrivilege
=
{
30
,
0
};
const
struct
luid
SeIncreaseQuotaPrivilege
=
{
5
,
0
};
const
struct
luid
SeTcbPrivilege
=
{
7
,
0
};
const
struct
luid
SeSecurityPrivilege
=
{
8
,
0
};
const
struct
luid
SeTakeOwnershipPrivilege
=
{
9
,
0
};
const
struct
luid
SeLoadDriverPrivilege
=
{
10
,
0
};
const
struct
luid
SeSystemProfilePrivilege
=
{
11
,
0
};
const
struct
luid
SeSystemtimePrivilege
=
{
12
,
0
};
const
struct
luid
SeProfileSingleProcessPrivilege
=
{
13
,
0
};
const
struct
luid
SeIncreaseBasePriorityPrivilege
=
{
14
,
0
};
const
struct
luid
SeCreatePagefilePrivilege
=
{
15
,
0
};
const
struct
luid
SeBackupPrivilege
=
{
17
,
0
};
const
struct
luid
SeRestorePrivilege
=
{
18
,
0
};
const
struct
luid
SeShutdownPrivilege
=
{
19
,
0
};
const
struct
luid
SeDebugPrivilege
=
{
20
,
0
};
const
struct
luid
SeSystemEnvironmentPrivilege
=
{
22
,
0
};
const
struct
luid
SeChangeNotifyPrivilege
=
{
23
,
0
};
const
struct
luid
SeRemoteShutdownPrivilege
=
{
24
,
0
};
const
struct
luid
SeUndockPrivilege
=
{
25
,
0
};
const
struct
luid
SeManageVolumePrivilege
=
{
28
,
0
};
const
struct
luid
SeImpersonatePrivilege
=
{
29
,
0
};
const
struct
luid
SeCreateGlobalPrivilege
=
{
30
,
0
};
#define SID_N(n) struct
/* same fields as struct SID */
\
{ \
...
...
@@ -96,7 +96,7 @@ const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
const
PSID
security_domain_users_sid
=
(
PSID
)
&
domain_users_sid
;
const
PSID
security_high_label_sid
=
(
PSID
)
&
high_label_sid
;
static
luid_t
prev_luid_value
=
{
1000
,
0
};
static
struct
luid
prev_luid_value
=
{
1000
,
0
};
static
const
WCHAR
token_name
[]
=
{
'T'
,
'o'
,
'k'
,
'e'
,
'n'
};
...
...
@@ -116,8 +116,8 @@ struct type_descr token_type =
struct
token
{
struct
object
obj
;
/* object header */
luid_t
token_id
;
/* system-unique id of token */
luid_t
modified_id
;
/* new id allocated every time token is modified */
struct
luid
token_id
;
/* system-unique id of token */
struct
luid
modified_id
;
/* new id allocated every time token is modified */
struct
list
privileges
;
/* privileges available to the token */
struct
list
groups
;
/* groups that the user of this token belongs to (sid_and_attributes) */
SID
*
user
;
/* SID of user this token represents */
...
...
@@ -134,7 +134,7 @@ struct token
struct
privilege
{
struct
list
entry
;
LUID
luid
;
struct
luid
luid
;
unsigned
enabled
:
1
;
/* is the privilege currently enabled? */
unsigned
def
:
1
;
/* is the privilege enabled by default? */
};
...
...
@@ -463,12 +463,12 @@ ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl )
return
replaced_acl
;
}
static
inline
int
is_equal_luid
(
const
LUID
*
luid1
,
const
LUID
*
luid2
)
static
inline
int
is_equal_luid
(
struct
luid
luid1
,
struct
luid
luid2
)
{
return
(
luid1
->
LowPart
==
luid2
->
LowPart
&&
luid1
->
HighPart
==
luid2
->
HighP
art
);
return
(
luid1
.
low_part
==
luid2
.
low_part
&&
luid1
.
high_part
==
luid2
.
high_p
art
);
}
static
inline
void
allocate_luid
(
luid_t
*
luid
)
static
inline
void
allocate_luid
(
struct
luid
*
luid
)
{
prev_luid_value
.
low_part
++
;
*
luid
=
prev_luid_value
;
...
...
@@ -479,20 +479,21 @@ DECL_HANDLER( allocate_locally_unique_id )
allocate_luid
(
&
reply
->
luid
);
}
static
inline
void
luid_and_attr_from_privilege
(
LUID_AND_ATTRIBUTES
*
out
,
const
struct
privilege
*
in
)
static
inline
struct
luid_attr
luid_and_attr_from_privilege
(
const
struct
privilege
*
in
)
{
out
->
Luid
=
in
->
luid
;
out
->
Attributes
=
(
in
->
enabled
?
SE_PRIVILEGE_ENABLED
:
0
)
|
struct
luid_attr
ret
=
{
in
->
luid
}
;
ret
.
attrs
=
(
in
->
enabled
?
SE_PRIVILEGE_ENABLED
:
0
)
|
(
in
->
def
?
SE_PRIVILEGE_ENABLED_BY_DEFAULT
:
0
);
return
ret
;
}
static
struct
privilege
*
privilege_add
(
struct
token
*
token
,
const
LUID
*
luid
,
int
enabled
)
static
struct
privilege
*
privilege_add
(
struct
token
*
token
,
struct
luid
luid
,
int
enabled
)
{
struct
privilege
*
privilege
=
mem_alloc
(
sizeof
(
*
privilege
)
);
if
(
privilege
)
{
privilege
->
luid
=
*
luid
;
privilege
->
luid
=
luid
;
privilege
->
def
=
privilege
->
enabled
=
(
enabled
!=
0
);
list_add_tail
(
&
token
->
privileges
,
&
privilege
->
entry
);
}
...
...
@@ -541,9 +542,9 @@ static void token_destroy( struct object *obj )
*/
static
struct
token
*
create_token
(
unsigned
int
primary
,
unsigned
int
session_id
,
const
SID
*
user
,
const
SID_AND_ATTRIBUTES
*
groups
,
unsigned
int
group_count
,
const
LUID_AND_ATTRIBUTES
*
privs
,
unsigned
int
priv_count
,
const
struct
luid_attr
*
privs
,
unsigned
int
priv_count
,
const
ACL
*
default_dacl
,
TOKEN_SOURCE
source
,
const
luid_t
*
modified_id
,
const
struct
luid
*
modified_id
,
int
impersonation_level
,
int
elevation
)
{
struct
token
*
token
=
alloc_object
(
&
token_ops
);
...
...
@@ -610,8 +611,7 @@ static struct token *create_token( unsigned int primary, unsigned int session_id
{
/* note: we don't check uniqueness: the caller must make sure
* privs doesn't contain any duplicate luids */
if
(
!
privilege_add
(
token
,
&
privs
[
i
].
Luid
,
privs
[
i
].
Attributes
&
SE_PRIVILEGE_ENABLED
))
if
(
!
privilege_add
(
token
,
privs
[
i
].
luid
,
privs
[
i
].
attrs
&
SE_PRIVILEGE_ENABLED
))
{
release_object
(
token
);
return
NULL
;
...
...
@@ -646,25 +646,22 @@ static int filter_group( struct group *group, const SID *filter, unsigned int co
return
0
;
}
static
int
filter_privilege
(
struct
privilege
*
privilege
,
const
LUID_AND_ATTRIBUTES
*
filter
,
unsigned
int
count
)
static
int
filter_privilege
(
struct
privilege
*
privilege
,
const
struct
luid_attr
*
filter
,
unsigned
int
count
)
{
unsigned
int
i
;
for
(
i
=
0
;
i
<
count
;
i
++
)
{
if
(
!
memcmp
(
&
privilege
->
luid
,
&
filter
[
i
].
Luid
,
sizeof
(
LUID
)
))
return
1
;
}
if
(
is_equal_luid
(
privilege
->
luid
,
filter
[
i
].
luid
))
return
1
;
return
0
;
}
struct
token
*
token_duplicate
(
struct
token
*
src_token
,
unsigned
primary
,
int
impersonation_level
,
const
struct
security_descriptor
*
sd
,
const
LUID_AND_ATTRIBUTES
*
remove_privs
,
unsigned
int
remove_priv_count
,
const
struct
luid_attr
*
remove_privs
,
unsigned
int
remove_priv_count
,
const
SID
*
remove_groups
,
unsigned
int
remove_group_count
)
{
const
luid_t
*
modified_id
=
const
struct
luid
*
modified_id
=
primary
||
(
impersonation_level
==
src_token
->
impersonation_level
)
?
&
src_token
->
modified_id
:
NULL
;
struct
token
*
token
=
NULL
;
...
...
@@ -717,7 +714,7 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
LIST_FOR_EACH_ENTRY
(
privilege
,
&
src_token
->
privileges
,
struct
privilege
,
entry
)
{
if
(
filter_privilege
(
privilege
,
remove_privs
,
remove_priv_count
))
continue
;
if
(
!
privilege_add
(
token
,
&
privilege
->
luid
,
privilege
->
enabled
))
if
(
!
privilege_add
(
token
,
privilege
->
luid
,
privilege
->
enabled
))
{
release_object
(
token
);
return
NULL
;
...
...
@@ -855,7 +852,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
if
(
alias_admins_sid
&&
alias_users_sid
&&
logon_sid
&&
default_dacl
)
{
const
LUID_AND_ATTRIBUTES
admin_privs
[]
=
const
struct
luid_attr
admin_privs
[]
=
{
{
SeChangeNotifyPrivilege
,
SE_PRIVILEGE_ENABLED
},
{
SeTcbPrivilege
,
0
},
...
...
@@ -908,12 +905,12 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
return
token
;
}
static
struct
privilege
*
token_find_privilege
(
struct
token
*
token
,
const
LUID
*
luid
,
int
enabled_only
)
static
struct
privilege
*
token_find_privilege
(
struct
token
*
token
,
struct
luid
luid
,
int
enabled_only
)
{
struct
privilege
*
privilege
;
LIST_FOR_EACH_ENTRY
(
privilege
,
&
token
->
privileges
,
struct
privilege
,
entry
)
{
if
(
is_equal_luid
(
luid
,
&
privilege
->
luid
))
if
(
is_equal_luid
(
luid
,
privilege
->
luid
))
{
if
(
enabled_only
&&
!
privilege
->
enabled
)
return
NULL
;
...
...
@@ -923,8 +920,8 @@ static struct privilege *token_find_privilege( struct token *token, const LUID *
return
NULL
;
}
static
unsigned
int
token_adjust_privileges
(
struct
token
*
token
,
const
LUID_AND_ATTRIBUTES
*
privs
,
unsigned
int
count
,
LUID_AND_ATTRIBUTES
*
mod_privs
,
static
unsigned
int
token_adjust_privileges
(
struct
token
*
token
,
const
struct
luid_attr
*
privs
,
unsigned
int
count
,
struct
luid_attr
*
mod_privs
,
unsigned
int
mod_privs_count
)
{
unsigned
int
i
,
modified_count
=
0
;
...
...
@@ -934,31 +931,24 @@ static unsigned int token_adjust_privileges( struct token *token, const LUID_AND
for
(
i
=
0
;
i
<
count
;
i
++
)
{
struct
privilege
*
privilege
=
token_find_privilege
(
token
,
&
privs
[
i
].
Luid
,
FALSE
);
struct
privilege
*
privilege
=
token_find_privilege
(
token
,
privs
[
i
].
luid
,
FALSE
);
if
(
!
privilege
)
{
set_error
(
STATUS_NOT_ALL_ASSIGNED
);
continue
;
}
if
(
privs
[
i
].
Attributes
&
SE_PRIVILEGE_REMOVED
)
privilege_remove
(
privilege
);
if
(
privs
[
i
].
attrs
&
SE_PRIVILEGE_REMOVED
)
privilege_remove
(
privilege
);
else
{
/* save previous state for caller */
if
(
mod_privs_count
)
{
luid_and_attr_from_privilege
(
mod_privs
,
privilege
);
mod_privs
++
;
*
mod_privs
++
=
luid_and_attr_from_privilege
(
privilege
);
mod_privs_count
--
;
modified_count
++
;
}
if
(
privs
[
i
].
Attributes
&
SE_PRIVILEGE_ENABLED
)
privilege
->
enabled
=
TRUE
;
else
privilege
->
enabled
=
FALSE
;
privilege
->
enabled
=
!!
(
privs
[
i
].
attrs
&
SE_PRIVILEGE_ENABLED
);
}
}
return
modified_count
;
...
...
@@ -975,16 +965,14 @@ static void token_disable_privileges( struct token *token )
privilege
->
enabled
=
FALSE
;
}
int
token_check_privileges
(
struct
token
*
token
,
int
all_required
,
const
LUID_AND_ATTRIBUTES
*
reqprivs
,
unsigned
int
count
,
LUID_AND_ATTRIBUTES
*
usedprivs
)
int
token_check_privileges
(
struct
token
*
token
,
int
all_required
,
const
struct
luid_attr
*
reqprivs
,
unsigned
int
count
,
struct
luid_attr
*
usedprivs
)
{
unsigned
int
i
,
enabled_count
=
0
;
for
(
i
=
0
;
i
<
count
;
i
++
)
{
struct
privilege
*
privilege
=
token_find_privilege
(
token
,
&
reqprivs
[
i
].
Luid
,
TRUE
);
struct
privilege
*
privilege
=
token_find_privilege
(
token
,
reqprivs
[
i
].
luid
,
TRUE
);
if
(
usedprivs
)
usedprivs
[
i
]
=
reqprivs
[
i
];
...
...
@@ -992,8 +980,7 @@ int token_check_privileges( struct token *token, int all_required,
if
(
privilege
&&
privilege
->
enabled
)
{
enabled_count
++
;
if
(
usedprivs
)
usedprivs
[
i
].
Attributes
|=
SE_PRIVILEGE_USED_FOR_ACCESS
;
if
(
usedprivs
)
usedprivs
[
i
].
attrs
|=
SE_PRIVILEGE_USED_FOR_ACCESS
;
}
}
...
...
@@ -1029,7 +1016,7 @@ int token_sid_present( struct token *token, const SID *sid, int deny )
static
unsigned
int
token_access_check
(
struct
token
*
token
,
const
struct
security_descriptor
*
sd
,
unsigned
int
desired_access
,
LUID_AND_ATTRIBUTES
*
privs
,
struct
luid_attr
*
privs
,
unsigned
int
*
priv_count
,
const
generic_map_t
*
mapping
,
unsigned
int
*
granted_access
,
...
...
@@ -1076,8 +1063,8 @@ static unsigned int token_access_check( struct token *token,
* is only granted if specifically asked for */
if
(
desired_access
&
ACCESS_SYSTEM_SECURITY
)
{
const
LUID_AND_ATTRIBUTES
security_priv
=
{
SeSecurityPrivilege
,
0
};
LUID_AND_ATTRIBUTES
retpriv
=
security_priv
;
const
struct
luid_attr
security_priv
=
{
SeSecurityPrivilege
,
0
};
struct
luid_attr
retpriv
=
security_priv
;
if
(
token_check_privileges
(
token
,
TRUE
,
&
security_priv
,
1
,
&
retpriv
))
{
if
(
priv_count
)
...
...
@@ -1282,9 +1269,9 @@ DECL_HANDLER(adjust_token_privileges)
if
((
token
=
(
struct
token
*
)
get_handle_obj
(
current
->
process
,
req
->
handle
,
access
,
&
token_ops
)))
{
const
LUID_AND_ATTRIBUTES
*
privs
=
get_req_data
();
LUID_AND_ATTRIBUTES
*
modified_privs
=
NULL
;
unsigned
int
priv_count
=
get_req_data_size
()
/
sizeof
(
LUID_AND_ATTRIBUTES
);
const
struct
luid_attr
*
privs
=
get_req_data
();
struct
luid_attr
*
modified_privs
=
NULL
;
unsigned
int
priv_count
=
get_req_data_size
()
/
sizeof
(
*
privs
);
unsigned
int
modified_priv_count
=
0
;
if
(
req
->
get_modified_state
&&
!
req
->
disable_all
)
...
...
@@ -1293,8 +1280,7 @@ DECL_HANDLER(adjust_token_privileges)
/* count modified privs */
for
(
i
=
0
;
i
<
priv_count
;
i
++
)
{
struct
privilege
*
privilege
=
token_find_privilege
(
token
,
&
privs
[
i
].
Luid
,
FALSE
);
struct
privilege
*
privilege
=
token_find_privilege
(
token
,
privs
[
i
].
luid
,
FALSE
);
if
(
privilege
&&
req
->
get_modified_state
)
modified_priv_count
++
;
}
...
...
@@ -1324,7 +1310,7 @@ DECL_HANDLER(get_token_privileges)
&
token_ops
)))
{
int
priv_count
=
0
;
LUID_AND_ATTRIBUTES
*
privs
;
struct
luid_attr
*
privs
;
struct
privilege
*
privilege
;
LIST_FOR_EACH_ENTRY
(
privilege
,
&
token
->
privileges
,
struct
privilege
,
entry
)
...
...
@@ -1335,14 +1321,8 @@ DECL_HANDLER(get_token_privileges)
{
privs
=
set_reply_data_size
(
priv_count
*
sizeof
(
*
privs
)
);
if
(
privs
)
{
int
i
=
0
;
LIST_FOR_EACH_ENTRY
(
privilege
,
&
token
->
privileges
,
struct
privilege
,
entry
)
{
luid_and_attr_from_privilege
(
&
privs
[
i
],
privilege
);
i
++
;
}
}
*
privs
++
=
luid_and_attr_from_privilege
(
privilege
);
}
else
set_error
(
STATUS_BUFFER_TOO_SMALL
);
...
...
@@ -1383,14 +1363,14 @@ DECL_HANDLER(filter_token)
if
((
src_token
=
(
struct
token
*
)
get_handle_obj
(
current
->
process
,
req
->
handle
,
TOKEN_DUPLICATE
,
&
token_ops
)))
{
const
LUID_AND_ATTRIBUTES
*
filter_privileges
=
get_req_data
();
const
struct
luid_attr
*
filter_privileges
=
get_req_data
();
unsigned
int
priv_count
,
group_count
;
const
SID
*
filter_groups
;
struct
token
*
token
;
priv_count
=
min
(
req
->
privileges_size
,
get_req_data_size
()
)
/
sizeof
(
LUID_AND_ATTRIBUTES
);
filter_groups
=
(
const
SID
*
)((
char
*
)
filter_privileges
+
priv_count
*
sizeof
(
LUID_AND_ATTRIBUTES
));
group_count
=
get_sid_count
(
filter_groups
,
get_req_data_size
()
-
priv_count
*
sizeof
(
LUID_AND_ATTRIBUTES
)
);
priv_count
=
min
(
req
->
privileges_size
,
get_req_data_size
()
)
/
sizeof
(
struct
luid_attr
);
filter_groups
=
(
const
SID
*
)((
char
*
)
filter_privileges
+
priv_count
*
sizeof
(
struct
luid_attr
));
group_count
=
get_sid_count
(
filter_groups
,
get_req_data_size
()
-
priv_count
*
sizeof
(
struct
luid_attr
)
);
token
=
token_duplicate
(
src_token
,
src_token
->
primary
,
src_token
->
impersonation_level
,
NULL
,
filter_privileges
,
priv_count
,
filter_groups
,
group_count
);
...
...
@@ -1413,13 +1393,13 @@ DECL_HANDLER(check_token_privileges)
TOKEN_QUERY
,
&
token_ops
)))
{
unsigned
int
count
=
get_req_data_size
()
/
sizeof
(
LUID_AND_ATTRIBUTES
);
unsigned
int
count
=
get_req_data_size
()
/
sizeof
(
struct
luid_attr
);
if
(
!
token
->
primary
&&
token
->
impersonation_level
<=
SecurityAnonymous
)
set_error
(
STATUS_BAD_IMPERSONATION_LEVEL
);
else
if
(
get_reply_max_size
()
>=
count
*
sizeof
(
LUID_AND_ATTRIBUTES
))
else
if
(
get_reply_max_size
()
>=
count
*
sizeof
(
struct
luid_attr
))
{
LUID_AND_ATTRIBUTES
*
usedprivs
=
set_reply_data_size
(
count
*
sizeof
(
*
usedprivs
)
);
struct
luid_attr
*
usedprivs
=
set_reply_data_size
(
count
*
sizeof
(
*
usedprivs
)
);
reply
->
has_privileges
=
token_check_privileges
(
token
,
req
->
all_required
,
get_req_data
(),
count
,
usedprivs
);
}
else
...
...
@@ -1447,7 +1427,7 @@ DECL_HANDLER(access_check)
&
token_ops
)))
{
unsigned
int
status
;
LUID_AND_ATTRIBUTES
priv
;
struct
luid_attr
priv
;
unsigned
int
priv_count
=
1
;
memset
(
&
priv
,
0
,
sizeof
(
priv
));
...
...
@@ -1470,11 +1450,11 @@ DECL_HANDLER(access_check)
status
=
token_access_check
(
token
,
sd
,
req
->
desired_access
,
&
priv
,
&
priv_count
,
&
req
->
mapping
,
&
reply
->
access_granted
,
&
reply
->
access_status
);
reply
->
privileges_len
=
priv_count
*
sizeof
(
LUID_AND_ATTRIBUTES
);
reply
->
privileges_len
=
priv_count
*
sizeof
(
struct
luid_attr
);
if
((
priv_count
>
0
)
&&
(
reply
->
privileges_len
<=
get_reply_max_size
()))
{
LUID_AND_ATTRIBUTES
*
privs
=
set_reply_data_size
(
priv_count
*
sizeof
(
*
privs
)
);
struct
luid_attr
*
privs
=
set_reply_data_size
(
priv_count
*
sizeof
(
*
privs
)
);
memcpy
(
privs
,
&
priv
,
sizeof
(
priv
)
);
}
...
...
server/trace.c
View file @
7d732267
...
...
@@ -457,7 +457,7 @@ static void dump_hw_input( const char *prefix, const hw_input_t *input )
}
}
static
void
dump_luid
(
const
char
*
prefix
,
const
luid_t
*
luid
)
static
void
dump_luid
(
const
char
*
prefix
,
const
struct
luid
*
luid
)
{
fprintf
(
stderr
,
"%s%d.%u"
,
prefix
,
luid
->
high_part
,
luid
->
low_part
);
}
...
...
@@ -999,16 +999,15 @@ static void dump_varargs_properties( const char *prefix, data_size_t size )
remove_data
(
size
);
}
static
void
dump_varargs_
LUID_AND_ATTRIBUTES
(
const
char
*
prefix
,
data_size_t
size
)
static
void
dump_varargs_
luid_attr
(
const
char
*
prefix
,
data_size_t
size
)
{
const
LUID_AND_ATTRIBUTES
*
lat
=
cur_data
;
const
struct
luid_attr
*
lat
=
cur_data
;
data_size_t
len
=
size
/
sizeof
(
*
lat
);
fprintf
(
stderr
,
"%s{"
,
prefix
);
while
(
len
>
0
)
{
fprintf
(
stderr
,
"{luid=%08x%08x,attr=%x}"
,
lat
->
Luid
.
HighPart
,
lat
->
Luid
.
LowPart
,
lat
->
Attributes
);
fprintf
(
stderr
,
"{luid=%08x%08x,attrs=%x}"
,
lat
->
luid
.
high_part
,
lat
->
luid
.
low_part
,
lat
->
attrs
);
lat
++
;
if
(
--
len
)
fputc
(
','
,
stderr
);
}
...
...
@@ -3807,13 +3806,13 @@ static void dump_adjust_token_privileges_request( const struct adjust_token_priv
fprintf
(
stderr
,
" handle=%04x"
,
req
->
handle
);
fprintf
(
stderr
,
", disable_all=%d"
,
req
->
disable_all
);
fprintf
(
stderr
,
", get_modified_state=%d"
,
req
->
get_modified_state
);
dump_varargs_
LUID_AND_ATTRIBUTES
(
", privileges="
,
cur_size
);
dump_varargs_
luid_attr
(
", privileges="
,
cur_size
);
}
static
void
dump_adjust_token_privileges_reply
(
const
struct
adjust_token_privileges_reply
*
req
)
{
fprintf
(
stderr
,
" len=%08x"
,
req
->
len
);
dump_varargs_
LUID_AND_ATTRIBUTES
(
", privileges="
,
cur_size
);
dump_varargs_
luid_attr
(
", privileges="
,
cur_size
);
}
static
void
dump_get_token_privileges_request
(
const
struct
get_token_privileges_request
*
req
)
...
...
@@ -3824,20 +3823,20 @@ static void dump_get_token_privileges_request( const struct get_token_privileges
static
void
dump_get_token_privileges_reply
(
const
struct
get_token_privileges_reply
*
req
)
{
fprintf
(
stderr
,
" len=%08x"
,
req
->
len
);
dump_varargs_
LUID_AND_ATTRIBUTES
(
", privileges="
,
cur_size
);
dump_varargs_
luid_attr
(
", privileges="
,
cur_size
);
}
static
void
dump_check_token_privileges_request
(
const
struct
check_token_privileges_request
*
req
)
{
fprintf
(
stderr
,
" handle=%04x"
,
req
->
handle
);
fprintf
(
stderr
,
", all_required=%d"
,
req
->
all_required
);
dump_varargs_
LUID_AND_ATTRIBUTES
(
", privileges="
,
cur_size
);
dump_varargs_
luid_attr
(
", privileges="
,
cur_size
);
}
static
void
dump_check_token_privileges_reply
(
const
struct
check_token_privileges_reply
*
req
)
{
fprintf
(
stderr
,
" has_privileges=%d"
,
req
->
has_privileges
);
dump_varargs_
LUID_AND_ATTRIBUTES
(
", privileges="
,
cur_size
);
dump_varargs_
luid_attr
(
", privileges="
,
cur_size
);
}
static
void
dump_duplicate_token_request
(
const
struct
duplicate_token_request
*
req
)
...
...
@@ -3859,7 +3858,7 @@ static void dump_filter_token_request( const struct filter_token_request *req )
fprintf
(
stderr
,
" handle=%04x"
,
req
->
handle
);
fprintf
(
stderr
,
", flags=%08x"
,
req
->
flags
);
fprintf
(
stderr
,
", privileges_size=%u"
,
req
->
privileges_size
);
dump_varargs_
LUID_AND_ATTRIBUTES
(
", privileges="
,
min
(
cur_size
,
req
->
privileges_size
)
);
dump_varargs_
luid_attr
(
", privileges="
,
min
(
cur_size
,
req
->
privileges_size
)
);
dump_varargs_SID
(
", disable_sids="
,
cur_size
);
}
...
...
@@ -3881,7 +3880,7 @@ static void dump_access_check_reply( const struct access_check_reply *req )
fprintf
(
stderr
,
" access_granted=%08x"
,
req
->
access_granted
);
fprintf
(
stderr
,
", access_status=%08x"
,
req
->
access_status
);
fprintf
(
stderr
,
", privileges_len=%08x"
,
req
->
privileges_len
);
dump_varargs_
LUID_AND_ATTRIBUTES
(
", privileges="
,
cur_size
);
dump_varargs_
luid_attr
(
", privileges="
,
cur_size
);
}
static
void
dump_get_token_sid_request
(
const
struct
get_token_sid_request
*
req
)
...
...
tools/make_requests
View file @
7d732267
...
...
@@ -49,7 +49,7 @@ my %formats =
"apc_result_t"
=>
[
40
,
8
,
"&dump_apc_result"
],
"async_data_t"
=>
[
40
,
8
,
"&dump_async_data"
],
"irp_params_t"
=>
[
32
,
8
,
"&dump_irp_params"
],
"
luid_t"
=>
[
8
,
4
,
"&dump_luid"
],
"
struct luid"
=>
[
8
,
4
,
"&dump_luid"
],
"generic_map_t"
=>
[
16
,
4
,
"&dump_generic_map"
],
"ioctl_code_t"
=>
[
4
,
4
,
"&dump_ioctl_code"
],
"hw_input_t"
=>
[
40
,
8
,
"&dump_hw_input"
],
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment