Skip to content

W
wine-winehq
Commit 990cc1c6 authored by Alexandre Julliard's avatar Alexandre Julliard
Browse files
Options

server: Define a server-side structure for SID.

Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent 841b8862
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 132 additions and 119 deletions
include/wine/server_protocol.h
View file @ 990cc1c6
......@@ -385,6 +385,14 @@ struct acl
unsigned short pad2;
};
struct sid
{
unsigned char revision;
unsigned char sub_count;
unsigned char id_auth[6];
unsigned int sub_auth[15];
};
typedef struct
{
unsigned int read;
......@@ -4411,7 +4419,7 @@ struct filter_token_request
unsigned int flags;
data_size_t privileges_size;
/* VARARG(privileges,luid_attr,privileges_size); */
/* VARARG(disable_sids,SID); */
/* VARARG(disable_sids,sid); */
};
struct filter_token_reply
{
......@@ -4450,7 +4458,7 @@ struct get_token_sid_reply
{
struct reply_header __header;
data_size_t sid_len;
/* VARARG(sid,SID); */
/* VARARG(sid,sid); */
char __pad_12[4];
};
......@@ -6261,7 +6269,7 @@ union generic_reply
/* ### protocol_version begin ### */
#define SERVER_PROTOCOL_VERSION 741
#define SERVER_PROTOCOL_VERSION 742
/* ### protocol_version end ### */
......
server/change.c
View file @ 990cc1c6
......@@ -364,7 +364,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
unsigned int set_info )
{
struct dir *dir = (struct dir *)obj;
const SID *owner;
const struct sid *owner;
struct stat st;
mode_t mode;
int unix_fd;
......@@ -383,7 +383,7 @@ static int dir_set_sd( struct object *obj, const struct security_descriptor *sd,
set_error( STATUS_INVALID_SECURITY_DESCR );
return 0;
}
if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) ))
if (!obj->sd || !equal_sid( owner, sd_get_owner( obj->sd ) ))
{
/* FIXME: get Unix uid and call fchown */
}
......
server/file.c
View file @ 990cc1c6
......@@ -243,7 +243,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
if (sd)
{
const SID *owner = sd_get_owner( sd );
const struct sid *owner = sd_get_owner( sd );
if (!owner)
owner = token_get_user( current->process->token );
mode = sd_to_mode( sd, owner );
......@@ -306,7 +306,7 @@ static struct fd *file_get_fd( struct object *obj )
return (struct fd *)grab_object( file->fd );
}
struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID *group )
struct security_descriptor *mode_to_sd( mode_t mode, const struct sid *user, const struct sid *group )
{
struct security_descriptor *sd;
unsigned char flags;
......@@ -314,25 +314,21 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
struct ace *ace;
struct acl *dacl;
char *ptr;
const SID *world_sid = security_world_sid;
const SID *local_system_sid = security_local_system_sid;
dacl_size = sizeof(*dacl) + sizeof(*ace) + security_sid_len( local_system_sid );
if (mode & S_IRWXU) dacl_size += sizeof(*ace) + security_sid_len( user );
dacl_size = sizeof(*dacl) + sizeof(*ace) + sid_len( &local_system_sid );
if (mode & S_IRWXU) dacl_size += sizeof(*ace) + sid_len( user );
if ((!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH))) ||
(!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IWOTH))) ||
(!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH))))
dacl_size += sizeof(*ace) + security_sid_len( user );
if (mode & S_IRWXO) dacl_size += sizeof(*ace) + security_sid_len( world_sid );
dacl_size += sizeof(*ace) + sid_len( user );
if (mode & S_IRWXO) dacl_size += sizeof(*ace) + sid_len( &world_sid );
sd = mem_alloc( sizeof(struct security_descriptor) +
security_sid_len( user ) + security_sid_len( group ) +
dacl_size );
sd = mem_alloc( sizeof(*sd) + sid_len( user ) + sid_len( group ) + dacl_size );
if (!sd) return sd;
sd->control = SE_DACL_PRESENT;
sd->owner_len = security_sid_len( user );
sd->group_len = security_sid_len( group );
sd->owner_len = sid_len( user );
sd->group_len = sid_len( group );
sd->sacl_len = 0;
sd->dacl_len = dacl_size;
......@@ -358,7 +354,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
flags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
/* always give FILE_ALL_ACCESS for Local System */
ace = set_ace( (struct ace *)(dacl + 1), local_system_sid,
ace = set_ace( (struct ace *)(dacl + 1), &local_system_sid,
ACCESS_ALLOWED_ACE_TYPE, flags, FILE_ALL_ACCESS );
if (mode & S_IRWXU)
......@@ -383,7 +379,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
if (mode & S_IRWXO)
{
/* appropriate access rights for Everyone */
ace = set_ace( ace_next( ace ), world_sid, ACCESS_ALLOWED_ACE_TYPE, flags, 0 );
ace = set_ace( ace_next( ace ), &world_sid, ACCESS_ALLOWED_ACE_TYPE, flags, 0 );
if (mode & S_IROTH) ace->mask |= FILE_GENERIC_READ | FILE_GENERIC_EXECUTE;
if (mode & S_IWOTH) ace->mask |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
}
......@@ -433,7 +429,7 @@ static mode_t file_access_to_mode( unsigned int access )
return mode;
}
mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
mode_t sd_to_mode( const struct security_descriptor *sd, const struct sid *owner )
{
mode_t new_mode = 0;
mode_t bits_to_set = ~0;
......@@ -448,7 +444,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
for (i = 0; i < dacl->count; i++, ace = ace_next( ace ))
{
const SID *sid = (const SID *)(ace + 1);
const struct sid *sid = (const struct sid *)(ace + 1);
if (ace->flags & INHERIT_ONLY_ACE) continue;
......@@ -456,7 +452,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
switch (ace->type)
{
case ACCESS_DENIED_ACE_TYPE:
if (security_equal_sid( sid, security_world_sid ))
if (equal_sid( sid, &world_sid ))
{
bits_to_set &= ~((mode << 6) | (mode << 3) | mode); /* all */
}
......@@ -465,13 +461,13 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
{
bits_to_set &= ~((mode << 6) | (mode << 3)); /* user + group */
}
else if (security_equal_sid( sid, owner ))
else if (equal_sid( sid, owner ))
{
bits_to_set &= ~(mode << 6); /* user only */
}
break;
case ACCESS_ALLOWED_ACE_TYPE:
if (security_equal_sid( sid, security_world_sid ))
if (equal_sid( sid, &world_sid ))
{
mode = (mode << 6) | (mode << 3) | mode; /* all */
new_mode |= mode & bits_to_set;
......@@ -484,7 +480,7 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
new_mode |= mode & bits_to_set;
bits_to_set &= ~mode;
}
else if (security_equal_sid( sid, owner ))
else if (equal_sid( sid, owner ))
{
mode = (mode << 6); /* user only */
new_mode |= mode & bits_to_set;
......@@ -505,7 +501,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
unsigned int set_info )
{
struct file *file = (struct file *)obj;
const SID *owner;
const struct sid *owner;
struct stat st;
mode_t mode;
int unix_fd;
......@@ -524,7 +520,7 @@ static int file_set_sd( struct object *obj, const struct security_descriptor *sd
set_error( STATUS_INVALID_SECURITY_DESCR );
return 0;
}
if (!obj->sd || !security_equal_sid( owner, sd_get_owner( obj->sd ) ))
if (!obj->sd || !equal_sid( owner, sd_get_owner( obj->sd ) ))
{
/* FIXME: get Unix uid and call fchown */
}
......
server/file.h
View file @ 990cc1c6
......@@ -164,8 +164,8 @@ extern int get_file_unix_fd( struct file *file );
extern struct file *create_file_for_fd( int fd, unsigned int access, unsigned int sharing );
extern struct file *create_file_for_fd_obj( struct fd *fd, unsigned int access, unsigned int sharing );
extern void file_set_error(void);
extern struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID *group );
extern mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner );
extern struct security_descriptor *mode_to_sd( mode_t mode, const struct sid *user, const struct sid *group );
extern mode_t sd_to_mode( const struct security_descriptor *sd, const struct sid *owner );
extern int is_file_executable( const char *name );
/* file mapping functions */
......
server/handle.c
View file @ 990cc1c6
......@@ -737,7 +737,7 @@ DECL_HANDLER(get_security_object)
unsigned int access = READ_CONTROL;
struct security_descriptor req_sd;
int present;
const SID *owner, *group;
const struct sid *owner, *group;
const struct acl *sacl, *dacl;
struct acl *label_acl = NULL;
......
server/object.c
View file @ 990cc1c6
......@@ -543,7 +543,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
{
struct security_descriptor new_sd, *new_sd_ptr;
int present;
const SID *owner = NULL, *group = NULL;
const struct sid *owner = NULL, *group = NULL;
const struct acl *sacl, *dacl;
struct acl *replaced_sacl = NULL;
char *ptr;
......@@ -565,7 +565,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
else if (token)
{
owner = token_get_user( token );
new_sd.owner_len = security_sid_len( owner );
new_sd.owner_len = sid_len( owner );
}
else new_sd.owner_len = 0;
......@@ -582,7 +582,7 @@ int set_sd_defaults_from_token( struct object *obj, const struct security_descri
else if (token)
{
group = token_get_primary_group( token );
new_sd.group_len = security_sid_len( group );
new_sd.group_len = sid_len( group );
}
else new_sd.group_len = 0;
......
server/process.c
View file @ 990cc1c6
......@@ -735,7 +735,7 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla
/* Assign a high security label to the token. The default would be medium
* but Wine provides admin access to all applications right now so high
* makes more sense for the time being. */
if (!token_assign_label( process->token, security_high_label_sid ))
if (!token_assign_label( process->token, &high_label_sid ))
goto error;
set_fd_events( process->msg_fd, POLLIN ); /* start listening to events */
......@@ -825,8 +825,9 @@ static struct security_descriptor *process_get_sd( struct object *obj )
{
struct ace *ace;
struct acl *dacl;
size_t users_sid_len = security_sid_len( security_domain_users_sid );
size_t admins_sid_len = security_sid_len( security_builtin_admins_sid );
struct sid *sid;
size_t users_sid_len = sid_len( &domain_users_sid );
size_t admins_sid_len = sid_len( &builtin_admins_sid );
size_t dacl_len = sizeof(*dacl) + 2 * sizeof(*ace) + users_sid_len + admins_sid_len;
process_default_sd = mem_alloc( sizeof(*process_default_sd) + admins_sid_len + users_sid_len
......@@ -836,8 +837,9 @@ static struct security_descriptor *process_get_sd( struct object *obj )
process_default_sd->group_len = users_sid_len;
process_default_sd->sacl_len = 0;
process_default_sd->dacl_len = dacl_len;
memcpy( process_default_sd + 1, security_builtin_admins_sid, admins_sid_len );
memcpy( (char *)(process_default_sd + 1) + admins_sid_len, security_domain_users_sid, users_sid_len );
sid = (struct sid *)(process_default_sd + 1);
sid = copy_sid( sid, &builtin_admins_sid );
sid = copy_sid( sid, &domain_users_sid );
dacl = (struct acl *)((char *)(process_default_sd + 1) + admins_sid_len + users_sid_len);
dacl->revision = ACL_REVISION;
......@@ -845,9 +847,9 @@ static struct security_descriptor *process_get_sd( struct object *obj )
dacl->size = dacl_len;
dacl->count = 2;
dacl->pad2 = 0;
ace = set_ace( ace_first( dacl ), security_domain_users_sid, ACCESS_ALLOWED_ACE_TYPE,
ace = set_ace( ace_first( dacl ), &domain_users_sid, ACCESS_ALLOWED_ACE_TYPE,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE, GENERIC_READ );
set_ace( ace_next( ace ), security_builtin_admins_sid, ACCESS_ALLOWED_ACE_TYPE, 0, PROCESS_ALL_ACCESS );
set_ace( ace_next( ace ), &builtin_admins_sid, ACCESS_ALLOWED_ACE_TYPE, 0, PROCESS_ALL_ACCESS );
}
return process_default_sd;
}
......
server/protocol.def
View file @ 990cc1c6
......@@ -401,6 +401,14 @@ struct acl
unsigned short pad2;
};
struct sid
{
unsigned char revision;
unsigned char sub_count;
unsigned char id_auth[6];
unsigned int sub_auth[15];
};
typedef struct
{
unsigned int read;
......@@ -418,8 +426,8 @@ struct security_descriptor
data_size_t group_len;
data_size_t sacl_len;
data_size_t dacl_len;
/* VARARG(owner,SID); */
/* VARARG(group,SID); */
/* VARARG(owner,sid); */
/* VARARG(group,sid); */
/* VARARG(sacl,acl); */
/* VARARG(dacl,acl); */
};
......@@ -451,7 +459,7 @@ struct token_groups
{
unsigned int count;
/* unsigned int attributes[count]; */
/* VARARG(sids,SID); */
/* VARARG(sids,sid); */
};
enum select_op
......@@ -3138,7 +3146,7 @@ enum caret_state
unsigned int flags; /* flags */
data_size_t privileges_size; /* size of privileges */
VARARG(privileges,luid_attr,privileges_size); /* privileges to remove from new token */
VARARG(disable_sids,SID); /* array of groups to remove from new token */
VARARG(disable_sids,sid); /* array of groups to remove from new token */
@REPLY
obj_handle_t new_handle; /* filtered handle */
@END
......@@ -3160,7 +3168,7 @@ enum caret_state
unsigned int which_sid; /* which SID to retrieve from the token */
@REPLY
data_size_t sid_len; /* length needed to store sid */
VARARG(sid,SID); /* the sid specified by which_sid from the token */
VARARG(sid,sid); /* the sid specified by which_sid from the token */
@END
@REQ(get_token_groups)
......
server/registry.c
View file @ 990cc1c6
......@@ -371,8 +371,9 @@ static struct security_descriptor *key_get_sd( struct object *obj )
{
struct acl *dacl;
struct ace *ace;
size_t users_sid_len = security_sid_len( security_builtin_users_sid );
size_t admins_sid_len = security_sid_len( security_builtin_admins_sid );
struct sid *sid;
size_t users_sid_len = sid_len( &builtin_users_sid );
size_t admins_sid_len = sid_len( &builtin_admins_sid );
size_t dacl_len = sizeof(*dacl) + 2 * sizeof(*ace) + users_sid_len + admins_sid_len;
key_default_sd = mem_alloc( sizeof(*key_default_sd) + 2 * admins_sid_len + dacl_len );
......@@ -381,8 +382,9 @@ static struct security_descriptor *key_get_sd( struct object *obj )
key_default_sd->group_len = admins_sid_len;
key_default_sd->sacl_len = 0;
key_default_sd->dacl_len = dacl_len;
memcpy( key_default_sd + 1, security_builtin_admins_sid, admins_sid_len );
memcpy( (char *)(key_default_sd + 1) + admins_sid_len, security_builtin_admins_sid, admins_sid_len );
sid = (struct sid *)(key_default_sd + 1);
sid = copy_sid( sid, &builtin_admins_sid );
sid = copy_sid( sid, &builtin_admins_sid );
dacl = (struct acl *)((char *)(key_default_sd + 1) + 2 * admins_sid_len);
dacl->revision = ACL_REVISION;
......@@ -390,9 +392,9 @@ static struct security_descriptor *key_get_sd( struct object *obj )
dacl->size = dacl_len;
dacl->count = 2;
dacl->pad2 = 0;
ace = set_ace( ace_first( dacl ), security_builtin_users_sid, ACCESS_ALLOWED_ACE_TYPE,
ace = set_ace( ace_first( dacl ), &builtin_users_sid, ACCESS_ALLOWED_ACE_TYPE,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE, GENERIC_READ );
set_ace( ace_next( ace ), security_builtin_admins_sid, ACCESS_ALLOWED_ACE_TYPE, 0, KEY_ALL_ACCESS );
set_ace( ace_next( ace ), &builtin_admins_sid, ACCESS_ALLOWED_ACE_TYPE, 0, KEY_ALL_ACCESS );
}
return key_default_sd;
}
......@@ -1791,17 +1793,17 @@ static int load_init_registry_from_file( const char *filename, struct key *key )
return (f != NULL);
}
static WCHAR *format_user_registry_path( const SID *sid, struct unicode_str *path )
static WCHAR *format_user_registry_path( const struct sid *sid, struct unicode_str *path )
{
char buffer[7 + 11 + 11 + 11 * SID_MAX_SUB_AUTHORITIES], *p = buffer;
char buffer[7 + 11 + 11 + 11 * ARRAY_SIZE(sid->sub_auth)], *p = buffer;
unsigned int i;
p += sprintf( p, "User\\S-%u-%u", sid->Revision,
MAKELONG( MAKEWORD( sid->IdentifierAuthority.Value[5],
sid->IdentifierAuthority.Value[4] ),
MAKEWORD( sid->IdentifierAuthority.Value[3],
sid->IdentifierAuthority.Value[2] )));
for (i = 0; i < sid->SubAuthorityCount; i++) p += sprintf( p, "-%u", sid->SubAuthority[i] );
p += sprintf( p, "User\\S-%u-%u", sid->revision,
((unsigned int)sid->id_auth[2] << 24) |
((unsigned int)sid->id_auth[3] << 16) |
((unsigned int)sid->id_auth[4] << 8) |
((unsigned int)sid->id_auth[5]) );
for (i = 0; i < sid->sub_count; i++) p += sprintf( p, "-%u", sid->sub_auth[i] );
return ascii_to_unicode_str( buffer, path );
}
......@@ -1900,7 +1902,7 @@ void init_registry(void)
/* load user.reg into HKEY_CURRENT_USER */
/* FIXME: match default user in token.c. should get from process token instead */
current_user_path = format_user_registry_path( security_local_user_sid, &current_user_str );
current_user_path = format_user_registry_path( &local_user_sid, &current_user_str );
if (!current_user_path ||
!(hkcu = create_key_recursive( root_key, &current_user_str, current_time )))
fatal_error( "could not create HKEY_CURRENT_USER registry key\n" );
......
server/security.h
View file @ 990cc1c6
......@@ -44,13 +44,13 @@ extern const struct luid SeManageVolumePrivilege;
extern const struct luid SeImpersonatePrivilege;
extern const struct luid SeCreateGlobalPrivilege;
extern const PSID security_world_sid;
extern const PSID security_local_user_sid;
extern const PSID security_local_system_sid;
extern const PSID security_builtin_users_sid;
extern const PSID security_builtin_admins_sid;
extern const PSID security_domain_users_sid;
extern const PSID security_high_label_sid;
extern const struct sid world_sid;
extern const struct sid local_user_sid;
extern const struct sid local_system_sid;
extern const struct sid builtin_users_sid;
extern const struct sid builtin_admins_sid;
extern const struct sid domain_users_sid;
extern const struct sid high_label_sid;
struct ace
{
......@@ -64,19 +64,19 @@ struct ace
extern struct token *get_token_obj( struct process *process, obj_handle_t handle, unsigned int access );
extern struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation, unsigned int session_id );
extern int token_assign_label( struct token *token, PSID label );
extern int token_assign_label( struct token *token, const struct sid *label );
extern struct token *token_duplicate( struct token *src_token, unsigned primary,
int impersonation_level, const struct security_descriptor *sd,
const struct luid_attr *remove_privs, unsigned int remove_priv_count,
const SID *remove_groups, unsigned int remove_group_count );
const struct sid *remove_groups, unsigned int remove_group_count );
extern int token_check_privileges( struct token *token, int all_required,
const struct luid_attr *reqprivs,
unsigned int count, struct luid_attr *usedprivs );
extern const struct acl *token_get_default_dacl( struct token *token );
extern const SID *token_get_user( struct token *token );
extern const SID *token_get_primary_group( struct token *token );
extern const struct sid *token_get_user( struct token *token );
extern const struct sid *token_get_primary_group( struct token *token );
extern unsigned int token_get_session_id( struct token *token );
extern int token_sid_present( struct token *token, const SID *sid, int deny);
extern int token_sid_present( struct token *token, const struct sid *sid, int deny );
static inline struct ace *ace_first( const struct acl *acl )
{
......@@ -88,35 +88,40 @@ static inline struct ace *ace_next( const struct ace *ace )
return (struct ace *)((char *)ace + ace->size);
}
static inline size_t security_sid_len( const SID *sid )
static inline size_t sid_len( const struct sid *sid )
{
return offsetof( SID, SubAuthority[sid->SubAuthorityCount] );
return offsetof( struct sid, sub_auth[sid->sub_count] );
}
static inline int security_equal_sid( const SID *sid1, const SID *sid2 )
static inline int equal_sid( const struct sid *sid1, const struct sid *sid2 )
{
return ((sid1->SubAuthorityCount == sid2->SubAuthorityCount) &&
!memcmp( sid1, sid2, security_sid_len( sid1 )));
return ((sid1->sub_count == sid2->sub_count) && !memcmp( sid1, sid2, sid_len( sid1 )));
}
static inline int sid_valid_size( const SID *sid, data_size_t size )
static inline void *copy_sid( struct sid *dst, const struct sid *src )
{
return (size >= offsetof( SID, SubAuthority[0] ) && size >= security_sid_len( sid ));
memcpy( dst, src, sid_len( src ));
return (char *)dst + sid_len( src );
}
static inline struct ace *set_ace( struct ace *ace, const SID *sid, unsigned char type,
static inline int sid_valid_size( const struct sid *sid, data_size_t size )
{
return (size >= offsetof( struct sid, sub_auth[0] ) && size >= sid_len( sid ));
}
static inline struct ace *set_ace( struct ace *ace, const struct sid *sid, unsigned char type,
unsigned char flags, unsigned int mask )
{
ace->type = type;
ace->flags = flags;
ace->size = sizeof(*ace) + security_sid_len( sid );
ace->size = sizeof(*ace) + sid_len( sid );
ace->mask = mask;
memcpy( ace + 1, sid, security_sid_len( sid ));
memcpy( ace + 1, sid, sid_len( sid ));
return ace;
}
extern void security_set_thread_token( struct thread *thread, obj_handle_t handle );
extern const SID *security_unix_uid_to_sid( uid_t uid );
extern const struct sid *security_unix_uid_to_sid( uid_t uid );
extern int check_object_access( struct token *token, struct object *obj, unsigned int *access );
static inline int thread_single_check_privilege( struct thread *thread, struct luid priv )
......@@ -161,19 +166,19 @@ static inline const struct acl *sd_get_sacl( const struct security_descriptor *s
}
/* gets the owner from a security descriptor */
static inline const SID *sd_get_owner( const struct security_descriptor *sd )
static inline const struct sid *sd_get_owner( const struct security_descriptor *sd )
{
if (sd->owner_len)
return (const SID *)(sd + 1);
return (const struct sid *)(sd + 1);
else
return NULL;
}
/* gets the primary group from a security descriptor */
static inline const SID *sd_get_group( const struct security_descriptor *sd )
static inline const struct sid *sd_get_group( const struct security_descriptor *sd )
{
if (sd->group_len)
return (const SID *)((const char *)(sd + 1) + sd->owner_len);
return (const struct sid *)((const char *)(sd + 1) + sd->owner_len);
else
return NULL;
}
......
server/trace.c
View file @ 990cc1c6
......@@ -1016,33 +1016,27 @@ static void dump_varargs_luid_attr( const char *prefix, data_size_t size )
remove_data( size );
}
static void dump_inline_sid( const char *prefix, const SID *sid, data_size_t size )
static void dump_inline_sid( const char *prefix, const struct sid *sid, data_size_t size )
{
DWORD i;
/* security check */
if ((FIELD_OFFSET(SID, SubAuthority[0]) > size) ||
(FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) > size))
fprintf( stderr,"%s", prefix );
if (sid_valid_size( sid, size ))
{
fprintf( stderr, "<invalid sid>" );
return;
fprintf( stderr, "S-%u-%u", sid->revision,
((unsigned int)sid->id_auth[2] << 24) |
((unsigned int)sid->id_auth[3] << 16) |
((unsigned int)sid->id_auth[4] << 8) |
((unsigned int)sid->id_auth[5]) );
for (i = 0; i < sid->sub_count; i++) fprintf( stderr, "-%u", sid->sub_auth[i] );
}
fprintf( stderr,"%s{", prefix );
fprintf( stderr, "S-%u-%u", sid->Revision, MAKELONG(
MAKEWORD( sid->IdentifierAuthority.Value[5],
sid->IdentifierAuthority.Value[4] ),
MAKEWORD( sid->IdentifierAuthority.Value[3],
sid->IdentifierAuthority.Value[2] ) ) );
for (i = 0; i < sid->SubAuthorityCount; i++)
fprintf( stderr, "-%u", sid->SubAuthority[i] );
fputc( '}', stderr );
else fprintf( stderr, "<invalid>" );
}
static void dump_varargs_SID( const char *prefix, data_size_t size )
static void dump_varargs_sid( const char *prefix, data_size_t size )
{
const SID *sid = cur_data;
dump_inline_sid( prefix, sid, size );
const struct sid *sid = cur_data;
if (size) dump_inline_sid( prefix, sid, size );
remove_data( size );
}
......@@ -1062,7 +1056,7 @@ static void dump_inline_acl( const char *prefix, const struct acl *acl, data_siz
size -= sizeof(*acl);
for (i = 0, ace = ace_first( acl ); i < acl->count; i++, ace = ace_next( ace ))
{
const SID *sid = (const SID *)(ace + 1);
const struct sid *sid = (const struct sid *)(ace + 1);
data_size_t sid_size;
if (size < sizeof(*ace) || size < ace->size) break;
......@@ -1104,17 +1098,17 @@ static void dump_inline_security_descriptor( const char *prefix, const struct se
{
size_t offset = sizeof(struct security_descriptor);
fprintf( stderr, "control=%08x", sd->control );
if ((sd->owner_len > FIELD_OFFSET(SID, SubAuthority[255])) || (offset + sd->owner_len > size))
if ((sd->owner_len > offsetof(struct sid, sub_auth[255])) || (offset + sd->owner_len > size))
return;
if (sd->owner_len)
dump_inline_sid( ",owner=", (const SID *)((const char *)sd + offset), sd->owner_len );
dump_inline_sid( ",owner=", (const struct sid *)((const char *)sd + offset), sd->owner_len );
else
fprintf( stderr, ",owner=<not present>" );
offset += sd->owner_len;
if ((sd->group_len > FIELD_OFFSET(SID, SubAuthority[255])) || (offset + sd->group_len > size))
if ((sd->group_len > offsetof(struct sid, sub_auth[255])) || (offset + sd->group_len > size))
return;
if (sd->group_len)
dump_inline_sid( ",group=", (const SID *)((const char *)sd + offset), sd->group_len );
dump_inline_sid( ",group=", (const struct sid *)((const char *)sd + offset), sd->group_len );
else
fprintf( stderr, ",group=<not present>" );
offset += sd->group_len;
......@@ -1156,16 +1150,14 @@ static void dump_varargs_token_groups( const char *prefix, data_size_t size )
fputc( '[', stderr );
for (i = 0; i < tg->count; i++)
{
const SID *sid = (const SID *)((const char *)cur_data + offset);
const struct sid *sid = (const struct sid *)((const char *)cur_data + offset);
if (i != 0)
fputc( ',', stderr );
fputc( '{', stderr );
fprintf( stderr, "attributes=%08x", attr[i] );
dump_inline_sid( ",sid=", sid, size - offset );
if ((offset + FIELD_OFFSET(SID, SubAuthority[0]) > size) ||
(offset + FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) > size))
break;
offset += FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]);
if (!sid_valid_size( sid, size - offset )) break;
offset += sid_len( sid );
fputc( '}', stderr );
}
fputc( ']', stderr );
......@@ -3834,7 +3826,7 @@ static void dump_filter_token_request( const struct filter_token_request *req )
fprintf( stderr, ", flags=%08x", req->flags );
fprintf( stderr, ", privileges_size=%u", req->privileges_size );
dump_varargs_luid_attr( ", privileges=", min(cur_size,req->privileges_size) );
dump_varargs_SID( ", disable_sids=", cur_size );
dump_varargs_sid( ", disable_sids=", cur_size );
}
static void dump_filter_token_reply( const struct filter_token_reply *req )
......@@ -3867,7 +3859,7 @@ static void dump_get_token_sid_request( const struct get_token_sid_request *req
static void dump_get_token_sid_reply( const struct get_token_sid_reply *req )
{
fprintf( stderr, " sid_len=%u", req->sid_len );
dump_varargs_SID( ", sid=", cur_size );
dump_varargs_sid( ", sid=", cur_size );
}
static void dump_get_token_groups_request( const struct get_token_groups_request *req )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment