Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
5af809ab
Commit
5af809ab
authored
Oct 02, 2007
by
Rob Shearman
Committed by
Alexandre Julliard
Oct 03, 2007
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
server: Move set_security_object to handle.c and set_object_sd to object.c.
These both don't operate on tokens so token.c is not the right place for them to be implemented.
parent
3d3369a7
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
177 additions
and
153 deletions
+177
-153
handle.c
server/handle.c
+27
-0
object.c
server/object.c
+89
-0
object.h
server/object.h
+1
-0
security.h
server/security.h
+53
-0
token.c
server/token.c
+7
-153
No files found.
server/handle.c
View file @
5af809ab
...
@@ -588,3 +588,30 @@ DECL_HANDLER(get_object_info)
...
@@ -588,3 +588,30 @@ DECL_HANDLER(get_object_info)
reply
->
ref_count
=
obj
->
refcount
;
reply
->
ref_count
=
obj
->
refcount
;
release_object
(
obj
);
release_object
(
obj
);
}
}
DECL_HANDLER
(
set_security_object
)
{
data_size_t
sd_size
=
get_req_data_size
();
const
struct
security_descriptor
*
sd
=
get_req_data
();
struct
object
*
obj
;
unsigned
int
access
=
0
;
if
(
!
sd_is_valid
(
sd
,
sd_size
))
{
set_error
(
STATUS_ACCESS_VIOLATION
);
return
;
}
if
(
req
->
security_info
&
OWNER_SECURITY_INFORMATION
||
req
->
security_info
&
GROUP_SECURITY_INFORMATION
)
access
|=
WRITE_OWNER
;
if
(
req
->
security_info
&
SACL_SECURITY_INFORMATION
)
access
|=
ACCESS_SYSTEM_SECURITY
;
if
(
req
->
security_info
&
DACL_SECURITY_INFORMATION
)
access
|=
WRITE_DAC
;
if
(
!
(
obj
=
get_handle_obj
(
current
->
process
,
req
->
handle
,
access
,
NULL
)))
return
;
set_object_sd
(
obj
,
sd
,
req
->
security_info
);
release_object
(
obj
);
}
server/object.c
View file @
5af809ab
...
@@ -34,8 +34,10 @@
...
@@ -34,8 +34,10 @@
#include "winternl.h"
#include "winternl.h"
#include "file.h"
#include "file.h"
#include "process.h"
#include "thread.h"
#include "thread.h"
#include "unicode.h"
#include "unicode.h"
#include "security.h"
struct
object_name
struct
object_name
...
@@ -365,6 +367,93 @@ unsigned int no_map_access( struct object *obj, unsigned int access )
...
@@ -365,6 +367,93 @@ unsigned int no_map_access( struct object *obj, unsigned int access )
return
access
&
~
(
GENERIC_READ
|
GENERIC_WRITE
|
GENERIC_EXECUTE
|
GENERIC_ALL
);
return
access
&
~
(
GENERIC_READ
|
GENERIC_WRITE
|
GENERIC_EXECUTE
|
GENERIC_ALL
);
}
}
void
set_object_sd
(
struct
object
*
obj
,
const
struct
security_descriptor
*
sd
,
unsigned
int
set_info
)
{
struct
security_descriptor
new_sd
,
*
new_sd_ptr
;
int
present
;
const
SID
*
owner
,
*
group
;
const
ACL
*
sacl
,
*
dacl
;
char
*
ptr
;
if
(
!
set_info
)
return
;
new_sd
.
control
=
sd
->
control
&
~
SE_SELF_RELATIVE
;
owner
=
sd_get_owner
(
sd
);
if
(
set_info
&
OWNER_SECURITY_INFORMATION
&&
owner
)
new_sd
.
owner_len
=
sd
->
owner_len
;
else
{
owner
=
token_get_user
(
current
->
process
->
token
);
new_sd
.
owner_len
=
FIELD_OFFSET
(
SID
,
SubAuthority
[
owner
->
SubAuthorityCount
]);
new_sd
.
control
|=
SE_OWNER_DEFAULTED
;
}
group
=
sd_get_group
(
sd
);
if
(
set_info
&
GROUP_SECURITY_INFORMATION
&&
group
)
new_sd
.
group_len
=
sd
->
group_len
;
else
{
group
=
token_get_primary_group
(
current
->
process
->
token
);
new_sd
.
group_len
=
FIELD_OFFSET
(
SID
,
SubAuthority
[
group
->
SubAuthorityCount
]);
new_sd
.
control
|=
SE_GROUP_DEFAULTED
;
}
new_sd
.
control
|=
SE_SACL_PRESENT
;
sacl
=
sd_get_sacl
(
sd
,
&
present
);
if
(
set_info
&
SACL_SECURITY_INFORMATION
&&
present
)
new_sd
.
sacl_len
=
sd
->
sacl_len
;
else
{
if
(
obj
->
sd
)
sacl
=
sd_get_sacl
(
obj
->
sd
,
&
present
);
if
(
obj
->
sd
&&
present
)
new_sd
.
sacl_len
=
obj
->
sd
->
sacl_len
;
else
{
new_sd
.
sacl_len
=
0
;
new_sd
.
control
|=
SE_SACL_DEFAULTED
;
}
}
new_sd
.
control
|=
SE_DACL_PRESENT
;
dacl
=
sd_get_dacl
(
sd
,
&
present
);
if
(
set_info
&
DACL_SECURITY_INFORMATION
&&
present
)
new_sd
.
dacl_len
=
sd
->
dacl_len
;
else
{
if
(
obj
->
sd
)
dacl
=
sd_get_dacl
(
obj
->
sd
,
&
present
);
if
(
obj
->
sd
&&
present
)
new_sd
.
dacl_len
=
obj
->
sd
->
dacl_len
;
else
{
dacl
=
token_get_default_dacl
(
current
->
process
->
token
);
new_sd
.
dacl_len
=
dacl
->
AclSize
;
new_sd
.
control
|=
SE_DACL_DEFAULTED
;
}
}
ptr
=
mem_alloc
(
sizeof
(
new_sd
)
+
new_sd
.
owner_len
+
new_sd
.
group_len
+
new_sd
.
sacl_len
+
new_sd
.
dacl_len
);
if
(
!
ptr
)
return
;
new_sd_ptr
=
(
struct
security_descriptor
*
)
ptr
;
memcpy
(
ptr
,
&
new_sd
,
sizeof
(
new_sd
)
);
ptr
+=
sizeof
(
new_sd
);
memcpy
(
ptr
,
owner
,
new_sd
.
owner_len
);
ptr
+=
new_sd
.
owner_len
;
memcpy
(
ptr
,
group
,
new_sd
.
group_len
);
ptr
+=
new_sd
.
group_len
;
memcpy
(
ptr
,
sacl
,
new_sd
.
sacl_len
);
ptr
+=
new_sd
.
sacl_len
;
memcpy
(
ptr
,
dacl
,
new_sd
.
dacl_len
);
free
(
obj
->
sd
);
obj
->
sd
=
new_sd_ptr
;
}
struct
object
*
no_lookup_name
(
struct
object
*
obj
,
struct
unicode_str
*
name
,
struct
object
*
no_lookup_name
(
struct
object
*
obj
,
struct
unicode_str
*
name
,
unsigned
int
attr
)
unsigned
int
attr
)
{
{
...
...
server/object.h
View file @
5af809ab
...
@@ -127,6 +127,7 @@ extern int no_satisfied( struct object *obj, struct thread *thread );
...
@@ -127,6 +127,7 @@ extern int no_satisfied( struct object *obj, struct thread *thread );
extern
int
no_signal
(
struct
object
*
obj
,
unsigned
int
access
);
extern
int
no_signal
(
struct
object
*
obj
,
unsigned
int
access
);
extern
struct
fd
*
no_get_fd
(
struct
object
*
obj
);
extern
struct
fd
*
no_get_fd
(
struct
object
*
obj
);
extern
unsigned
int
no_map_access
(
struct
object
*
obj
,
unsigned
int
access
);
extern
unsigned
int
no_map_access
(
struct
object
*
obj
,
unsigned
int
access
);
extern
void
set_object_sd
(
struct
object
*
obj
,
const
struct
security_descriptor
*
sd
,
unsigned
int
set_info
);
extern
struct
object
*
no_lookup_name
(
struct
object
*
obj
,
struct
unicode_str
*
name
,
unsigned
int
attributes
);
extern
struct
object
*
no_lookup_name
(
struct
object
*
obj
,
struct
unicode_str
*
name
,
unsigned
int
attributes
);
extern
struct
object
*
no_open_file
(
struct
object
*
obj
,
unsigned
int
access
,
unsigned
int
sharing
,
extern
struct
object
*
no_open_file
(
struct
object
*
obj
,
unsigned
int
access
,
unsigned
int
sharing
,
unsigned
int
options
);
unsigned
int
options
);
...
...
server/security.h
View file @
5af809ab
...
@@ -41,6 +41,9 @@ extern const LUID SeCreateGlobalPrivilege;
...
@@ -41,6 +41,9 @@ extern const LUID SeCreateGlobalPrivilege;
extern
const
PSID
security_interactive_sid
;
extern
const
PSID
security_interactive_sid
;
/* token functions */
extern
struct
token
*
token_create_admin
(
void
);
extern
struct
token
*
token_create_admin
(
void
);
extern
struct
token
*
token_duplicate
(
struct
token
*
src_token
,
unsigned
primary
,
extern
struct
token
*
token_duplicate
(
struct
token
*
src_token
,
unsigned
primary
,
SECURITY_IMPERSONATION_LEVEL
impersonation_level
);
SECURITY_IMPERSONATION_LEVEL
impersonation_level
);
...
@@ -48,6 +51,9 @@ extern int token_check_privileges( struct token *token, int all_required,
...
@@ -48,6 +51,9 @@ extern int token_check_privileges( struct token *token, int all_required,
const
LUID_AND_ATTRIBUTES
*
reqprivs
,
const
LUID_AND_ATTRIBUTES
*
reqprivs
,
unsigned
int
count
,
LUID_AND_ATTRIBUTES
*
usedprivs
);
unsigned
int
count
,
LUID_AND_ATTRIBUTES
*
usedprivs
);
extern
const
ACL
*
token_get_default_dacl
(
struct
token
*
token
);
extern
const
ACL
*
token_get_default_dacl
(
struct
token
*
token
);
extern
const
SID
*
token_get_user
(
struct
token
*
token
);
extern
const
SID
*
token_get_primary_group
(
struct
token
*
token
);
extern
void
security_set_thread_token
(
struct
thread
*
thread
,
obj_handle_t
handle
);
extern
void
security_set_thread_token
(
struct
thread
*
thread
,
obj_handle_t
handle
);
extern
int
check_object_access
(
struct
object
*
obj
,
unsigned
int
*
access
);
extern
int
check_object_access
(
struct
object
*
obj
,
unsigned
int
*
access
);
...
@@ -60,3 +66,50 @@ static inline int thread_single_check_privilege( struct thread *thread, const LU
...
@@ -60,3 +66,50 @@ static inline int thread_single_check_privilege( struct thread *thread, const LU
return
token_check_privileges
(
token
,
TRUE
,
&
privs
,
1
,
NULL
);
return
token_check_privileges
(
token
,
TRUE
,
&
privs
,
1
,
NULL
);
}
}
/* security descriptor helper functions */
extern
int
sd_is_valid
(
const
struct
security_descriptor
*
sd
,
data_size_t
size
);
/* gets the discretionary access control list from a security descriptor */
static
inline
const
ACL
*
sd_get_dacl
(
const
struct
security_descriptor
*
sd
,
int
*
present
)
{
*
present
=
(
sd
->
control
&
SE_DACL_PRESENT
?
TRUE
:
FALSE
);
if
(
sd
->
dacl_len
)
return
(
const
ACL
*
)((
const
char
*
)(
sd
+
1
)
+
sd
->
owner_len
+
sd
->
group_len
+
sd
->
sacl_len
);
else
return
NULL
;
}
/* gets the system access control list from a security descriptor */
static
inline
const
ACL
*
sd_get_sacl
(
const
struct
security_descriptor
*
sd
,
int
*
present
)
{
*
present
=
(
sd
->
control
&
SE_SACL_PRESENT
?
TRUE
:
FALSE
);
if
(
sd
->
sacl_len
)
return
(
const
ACL
*
)((
const
char
*
)(
sd
+
1
)
+
sd
->
owner_len
+
sd
->
group_len
);
else
return
NULL
;
}
/* gets the owner from a security descriptor */
static
inline
const
SID
*
sd_get_owner
(
const
struct
security_descriptor
*
sd
)
{
if
(
sd
->
owner_len
)
return
(
const
SID
*
)(
sd
+
1
);
else
return
NULL
;
}
/* gets the primary group from a security descriptor */
static
inline
const
SID
*
sd_get_group
(
const
struct
security_descriptor
*
sd
)
{
if
(
sd
->
group_len
)
return
(
const
SID
*
)((
const
char
*
)(
sd
+
1
)
+
sd
->
owner_len
);
else
return
NULL
;
}
server/token.c
View file @
5af809ab
...
@@ -248,51 +248,9 @@ static int acl_is_valid( const ACL *acl, data_size_t size )
...
@@ -248,51 +248,9 @@ static int acl_is_valid( const ACL *acl, data_size_t size )
return
TRUE
;
return
TRUE
;
}
}
/* gets the discretionary access control list from a security descriptor */
static
inline
const
ACL
*
sd_get_dacl
(
const
struct
security_descriptor
*
sd
,
int
*
present
)
{
*
present
=
(
sd
->
control
&
SE_DACL_PRESENT
?
TRUE
:
FALSE
);
if
(
sd
->
dacl_len
)
return
(
const
ACL
*
)((
const
char
*
)(
sd
+
1
)
+
sd
->
owner_len
+
sd
->
group_len
+
sd
->
sacl_len
);
else
return
NULL
;
}
/* gets the system access control list from a security descriptor */
static
inline
const
ACL
*
sd_get_sacl
(
const
struct
security_descriptor
*
sd
,
int
*
present
)
{
*
present
=
(
sd
->
control
&
SE_SACL_PRESENT
?
TRUE
:
FALSE
);
if
(
sd
->
sacl_len
)
return
(
const
ACL
*
)((
const
char
*
)(
sd
+
1
)
+
sd
->
owner_len
+
sd
->
group_len
);
else
return
NULL
;
}
/* gets the owner from a security descriptor */
static
inline
const
SID
*
sd_get_owner
(
const
struct
security_descriptor
*
sd
)
{
if
(
sd
->
owner_len
)
return
(
const
SID
*
)(
sd
+
1
);
else
return
NULL
;
}
/* gets the primary group from a security descriptor */
static
inline
const
SID
*
sd_get_group
(
const
struct
security_descriptor
*
sd
)
{
if
(
sd
->
group_len
)
return
(
const
SID
*
)((
const
char
*
)(
sd
+
1
)
+
sd
->
owner_len
);
else
return
NULL
;
}
/* checks whether all members of a security descriptor fit inside the size
/* checks whether all members of a security descriptor fit inside the size
* of memory specified */
* of memory specified */
static
int
sd_is_valid
(
const
struct
security_descriptor
*
sd
,
data_size_t
size
)
int
sd_is_valid
(
const
struct
security_descriptor
*
sd
,
data_size_t
size
)
{
{
size_t
offset
=
sizeof
(
struct
security_descriptor
);
size_t
offset
=
sizeof
(
struct
security_descriptor
);
const
SID
*
group
;
const
SID
*
group
;
...
@@ -984,91 +942,14 @@ const ACL *token_get_default_dacl( struct token *token )
...
@@ -984,91 +942,14 @@ const ACL *token_get_default_dacl( struct token *token )
return
token
->
default_dacl
;
return
token
->
default_dacl
;
}
}
static
void
set_object_sd
(
struct
object
*
obj
,
const
struct
security_descriptor
*
sd
,
const
SID
*
token_get_user
(
struct
token
*
token
)
unsigned
int
set_info
)
{
{
struct
security_descriptor
new_sd
,
*
pnew_sd
;
return
token
->
user
;
int
present
;
}
const
SID
*
owner
,
*
group
;
const
ACL
*
sacl
,
*
dacl
;
char
*
ptr
;
if
(
!
set_info
)
return
;
new_sd
.
control
=
sd
->
control
&
~
SE_SELF_RELATIVE
;
owner
=
sd_get_owner
(
sd
);
if
(
set_info
&
OWNER_SECURITY_INFORMATION
&&
owner
)
new_sd
.
owner_len
=
sd
->
owner_len
;
else
{
owner
=
current
->
process
->
token
->
user
;
new_sd
.
owner_len
=
FIELD_OFFSET
(
SID
,
SubAuthority
[
owner
->
SubAuthorityCount
]);
new_sd
.
control
|=
SE_OWNER_DEFAULTED
;
}
group
=
sd_get_group
(
sd
);
if
(
set_info
&
GROUP_SECURITY_INFORMATION
&&
group
)
new_sd
.
group_len
=
sd
->
group_len
;
else
{
group
=
current
->
process
->
token
->
primary_group
;
new_sd
.
group_len
=
FIELD_OFFSET
(
SID
,
SubAuthority
[
group
->
SubAuthorityCount
]);
new_sd
.
control
|=
SE_GROUP_DEFAULTED
;
}
new_sd
.
control
|=
SE_SACL_PRESENT
;
sacl
=
sd_get_sacl
(
sd
,
&
present
);
if
(
set_info
&
SACL_SECURITY_INFORMATION
&&
present
)
new_sd
.
sacl_len
=
sd
->
sacl_len
;
else
{
if
(
obj
->
sd
)
sacl
=
sd_get_sacl
(
obj
->
sd
,
&
present
);
if
(
obj
->
sd
&&
present
)
new_sd
.
sacl_len
=
obj
->
sd
->
sacl_len
;
else
{
new_sd
.
sacl_len
=
0
;
new_sd
.
control
|=
SE_SACL_DEFAULTED
;
}
}
new_sd
.
control
|=
SE_DACL_PRESENT
;
dacl
=
sd_get_dacl
(
sd
,
&
present
);
if
(
set_info
&
DACL_SECURITY_INFORMATION
&&
present
)
new_sd
.
dacl_len
=
sd
->
dacl_len
;
else
{
if
(
obj
->
sd
)
dacl
=
sd_get_dacl
(
obj
->
sd
,
&
present
);
if
(
obj
->
sd
&&
present
)
new_sd
.
dacl_len
=
obj
->
sd
->
dacl_len
;
else
{
dacl
=
token_get_default_dacl
(
current
->
process
->
token
);
new_sd
.
dacl_len
=
dacl
->
AclSize
;
new_sd
.
control
|=
SE_DACL_DEFAULTED
;
}
}
ptr
=
mem_alloc
(
sizeof
(
new_sd
)
+
new_sd
.
owner_len
+
new_sd
.
group_len
+
new_sd
.
sacl_len
+
new_sd
.
dacl_len
);
if
(
!
ptr
)
return
;
pnew_sd
=
(
struct
security_descriptor
*
)
ptr
;
memcpy
(
ptr
,
&
new_sd
,
sizeof
(
new_sd
)
);
ptr
+=
sizeof
(
new_sd
);
memcpy
(
ptr
,
owner
,
new_sd
.
owner_len
);
ptr
+=
new_sd
.
owner_len
;
memcpy
(
ptr
,
group
,
new_sd
.
group_len
);
ptr
+=
new_sd
.
group_len
;
memcpy
(
ptr
,
sacl
,
new_sd
.
sacl_len
);
ptr
+=
new_sd
.
sacl_len
;
memcpy
(
ptr
,
dacl
,
new_sd
.
dacl_len
);
free
(
obj
->
sd
);
const
SID
*
token_get_primary_group
(
struct
token
*
token
)
obj
->
sd
=
pnew_sd
;
{
return
token
->
primary_group
;
}
}
int
check_object_access
(
struct
object
*
obj
,
unsigned
int
*
access
)
int
check_object_access
(
struct
object
*
obj
,
unsigned
int
*
access
)
...
@@ -1442,30 +1323,3 @@ DECL_HANDLER(get_token_statistics)
...
@@ -1442,30 +1323,3 @@ DECL_HANDLER(get_token_statistics)
release_object
(
token
);
release_object
(
token
);
}
}
}
}
DECL_HANDLER
(
set_security_object
)
{
data_size_t
sd_size
=
get_req_data_size
();
const
struct
security_descriptor
*
sd
=
get_req_data
();
struct
object
*
obj
;
unsigned
int
access
=
0
;
if
(
!
sd_is_valid
(
sd
,
sd_size
))
{
set_error
(
STATUS_ACCESS_VIOLATION
);
return
;
}
if
(
req
->
security_info
&
OWNER_SECURITY_INFORMATION
||
req
->
security_info
&
GROUP_SECURITY_INFORMATION
)
access
|=
WRITE_OWNER
;
if
(
req
->
security_info
&
SACL_SECURITY_INFORMATION
)
access
|=
ACCESS_SYSTEM_SECURITY
;
if
(
req
->
security_info
&
DACL_SECURITY_INFORMATION
)
access
|=
WRITE_DAC
;
if
(
!
(
obj
=
get_handle_obj
(
current
->
process
,
req
->
handle
,
access
,
NULL
)))
return
;
set_object_sd
(
obj
,
sd
,
req
->
security_info
);
release_object
(
obj
);
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment