Skip to content

W
wine-winehq
Commit d6ef9401 authored by Alexandre Julliard's avatar Alexandre Julliard
Browse files
Options

server: Use the object type information to implement access mapping.

Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent 4d646de9
Hide whitespace changes
Inline Side-by-side
Showing with 85 additions and 269 deletions
dlls/advapi32/tests/security.c
View file @ d6ef9401
......@@ -6025,7 +6025,6 @@ static void test_thread_security(void)
"%d: expected %#x, got %#x\n", i, map[i].mapped, access);
break;
case GENERIC_WRITE:
todo_wine
ok(access == map[i].mapped ||
access == (map[i].mapped | THREAD_SET_LIMITED_INFORMATION) /* Vista+ */ ||
access == (map[i].mapped | THREAD_SET_LIMITED_INFORMATION | THREAD_RESUME) /* win8 */,
......
server/async.c
View file @ d6ef9401
......@@ -73,7 +73,7 @@ static const struct object_ops async_ops =
async_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -487,7 +487,7 @@ static const struct object_ops iosb_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/atom.c
View file @ d6ef9401
......@@ -83,7 +83,7 @@ static const struct object_ops atom_table_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/change.c
View file @ d6ef9401
......@@ -117,7 +117,7 @@ static const struct object_ops dir_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
dir_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
dir_get_sd, /* get_sd */
dir_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/clipboard.c
View file @ d6ef9401
......@@ -80,7 +80,7 @@ static const struct object_ops clipboard_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/completion.c
View file @ d6ef9401
......@@ -66,7 +66,6 @@ struct completion
static void completion_dump( struct object*, int );
static int completion_signaled( struct object *obj, struct wait_queue_entry *entry );
static unsigned int completion_map_access( struct object *obj, unsigned int access );
static void completion_destroy( struct object * );
static const struct object_ops completion_ops =
......@@ -80,7 +79,7 @@ static const struct object_ops completion_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
completion_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -128,15 +127,6 @@ static int completion_signaled( struct object *obj, struct wait_queue_entry *ent
return !list_empty( &completion->queue );
}
static unsigned int completion_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SYNCHRONIZE | IO_COMPLETION_QUERY_STATE;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE;
if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | IO_COMPLETION_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static struct completion *create_completion( struct object *root, const struct unicode_str *name,
unsigned int attr, unsigned int concurrent,
const struct security_descriptor *sd )
......
server/console.c
View file @ d6ef9401
......@@ -84,7 +84,7 @@ static const struct object_ops console_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
console_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -159,7 +159,7 @@ static const struct object_ops console_server_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
console_server_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -227,7 +227,7 @@ static const struct object_ops screen_buffer_ops =
NULL, /* satisfied */
no_signal, /* signal */
screen_buffer_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -275,7 +275,7 @@ static const struct object_ops console_device_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -312,7 +312,7 @@ static const struct object_ops console_input_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
console_input_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -368,7 +368,7 @@ static const struct object_ops console_output_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
console_output_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -425,7 +425,7 @@ static const struct object_ops console_connection_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
console_connection_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -1296,7 +1296,7 @@ static struct object *console_device_open_file( struct object *obj, unsigned int
unsigned int sharing, unsigned int options )
{
int is_output;
access = default_fd_map_access( obj, access );
access = default_map_access( obj, access );
is_output = access & FILE_WRITE_DATA;
if (!current->process->console || (is_output && !current->process->console))
{
......
server/debugger.c
View file @ d6ef9401
......@@ -90,7 +90,7 @@ static const struct object_ops debug_event_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -105,7 +105,6 @@ static const struct object_ops debug_event_ops =
static void debug_obj_dump( struct object *obj, int verbose );
static int debug_obj_signaled( struct object *obj, struct wait_queue_entry *entry );
static unsigned int debug_obj_map_access( struct object *obj, unsigned int access );
static void debug_obj_destroy( struct object *obj );
static const struct object_ops debug_obj_ops =
......@@ -119,7 +118,7 @@ static const struct object_ops debug_obj_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
debug_obj_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -327,15 +326,6 @@ static int debug_obj_signaled( struct object *obj, struct wait_queue_entry *entr
return find_event_to_send( debug_obj ) != NULL;
}
static unsigned int debug_obj_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | DEBUG_READ_EVENT | DEBUG_QUERY_INFORMATION;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | DEBUG_SET_INFORMATION;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | DEBUG_PROCESS_ASSIGN;
if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | EVENT_QUERY_STATE | EVENT_MODIFY_STATE;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static void debug_obj_destroy( struct object *obj )
{
struct list *ptr;
......
server/device.c
View file @ d6ef9401
......@@ -71,7 +71,7 @@ static const struct object_ops irp_call_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -111,7 +111,7 @@ static const struct object_ops device_manager_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -168,7 +168,7 @@ static const struct object_ops device_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -219,7 +219,7 @@ static const struct object_ops device_file_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
device_file_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
device_file_get_full_name, /* get_full_name */
......
server/directory.c
View file @ d6ef9401
......@@ -73,7 +73,7 @@ static const struct object_ops object_type_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -123,7 +123,7 @@ static const struct object_ops directory_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......
server/event.c
View file @ d6ef9401
......@@ -61,7 +61,6 @@ struct event
static void event_dump( struct object *obj, int verbose );
static int event_signaled( struct object *obj, struct wait_queue_entry *entry );
static void event_satisfied( struct object *obj, struct wait_queue_entry *entry );
static unsigned int event_map_access( struct object *obj, unsigned int access );
static int event_signal( struct object *obj, unsigned int access);
static struct list *event_get_kernel_obj_list( struct object *obj );
......@@ -76,7 +75,7 @@ static const struct object_ops event_ops =
event_satisfied, /* satisfied */
event_signal, /* signal */
no_get_fd, /* get_fd */
event_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -111,7 +110,6 @@ struct keyed_event
static void keyed_event_dump( struct object *obj, int verbose );
static int keyed_event_signaled( struct object *obj, struct wait_queue_entry *entry );
static unsigned int keyed_event_map_access( struct object *obj, unsigned int access );
static const struct object_ops keyed_event_ops =
{
......@@ -124,7 +122,7 @@ static const struct object_ops keyed_event_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
keyed_event_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -205,15 +203,6 @@ static void event_satisfied( struct object *obj, struct wait_queue_entry *entry
if (!event->manual_reset) event->signaled = 0;
}
static unsigned int event_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | EVENT_QUERY_STATE;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | EVENT_MODIFY_STATE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE;
if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | EVENT_QUERY_STATE | EVENT_MODIFY_STATE;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static int event_signal( struct object *obj, unsigned int access )
{
struct event *event = (struct event *)obj;
......@@ -287,15 +276,6 @@ static int keyed_event_signaled( struct object *obj, struct wait_queue_entry *en
return 0;
}
static unsigned int keyed_event_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | KEYEDEVENT_WAIT;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | KEYEDEVENT_WAKE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE;
if (access & GENERIC_ALL) access |= KEYEDEVENT_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
/* create an event */
DECL_HANDLER(create_event)
{
......
server/fd.c
View file @ d6ef9401
......@@ -213,7 +213,7 @@ static const struct object_ops fd_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -254,7 +254,7 @@ static const struct object_ops device_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -294,7 +294,7 @@ static const struct object_ops inode_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -336,7 +336,7 @@ static const struct object_ops file_lock_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -2092,16 +2092,6 @@ int default_fd_signaled( struct object *obj, struct wait_queue_entry *entry )
return ret;
}
/* default map_access() routine for objects that behave like an fd */
unsigned int default_fd_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= FILE_GENERIC_READ;
if (access & GENERIC_WRITE) access |= FILE_GENERIC_WRITE;
if (access & GENERIC_EXECUTE) access |= FILE_GENERIC_EXECUTE;
if (access & GENERIC_ALL) access |= FILE_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
int default_fd_get_poll_events( struct fd *fd )
{
int events = 0;
......
server/file.c
View file @ d6ef9401
......@@ -76,8 +76,6 @@ struct file
struct list kernel_object; /* list of kernel object pointers */
};
static unsigned int generic_file_map_access( unsigned int access );
static void file_dump( struct object *obj, int verbose );
static struct fd *file_get_fd( struct object *obj );
static struct security_descriptor *file_get_sd( struct object *obj );
......@@ -102,7 +100,7 @@ static const struct object_ops file_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
file_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
file_get_sd, /* get_sd */
file_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -151,7 +149,7 @@ struct file *create_file_for_fd( int fd, unsigned int access, unsigned int shari
}
file->mode = st.st_mode;
file->access = default_fd_map_access( &file->obj, access );
file->access = default_map_access( &file->obj, access );
list_init( &file->kernel_object );
if (!(file->fd = create_anonymous_fd( &file_fd_ops, fd, &file->obj,
FILE_SYNCHRONOUS_IO_NONALERT )))
......@@ -178,7 +176,7 @@ struct file *create_file_for_fd_obj( struct fd *fd, unsigned int access, unsigne
if ((file = alloc_object( &file_ops )))
{
file->mode = st.st_mode;
file->access = default_fd_map_access( &file->obj, access );
file->access = default_map_access( &file->obj, access );
list_init( &file->kernel_object );
if (!(file->fd = dup_fd_object( fd, access, sharing, FILE_SYNCHRONOUS_IO_NONALERT )))
{
......@@ -266,7 +264,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
mode |= S_IXOTH;
}
access = generic_file_map_access( access );
access = map_access( access, &file_type.mapping );
/* FIXME: should set error to STATUS_OBJECT_NAME_COLLISION if file existed before */
fd = open_fd( root, name, flags | O_NONBLOCK | O_LARGEFILE, &mode, access, sharing, options );
......@@ -309,15 +307,6 @@ static struct fd *file_get_fd( struct object *obj )
return (struct fd *)grab_object( file->fd );
}
static unsigned int generic_file_map_access( unsigned int access )
{
if (access & GENERIC_READ) access |= FILE_GENERIC_READ;
if (access & GENERIC_WRITE) access |= FILE_GENERIC_WRITE;
if (access & GENERIC_EXECUTE) access |= FILE_GENERIC_EXECUTE;
if (access & GENERIC_ALL) access |= FILE_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID *group )
{
struct security_descriptor *sd;
......@@ -469,7 +458,7 @@ static mode_t file_access_to_mode( unsigned int access )
{
mode_t mode = 0;
access = generic_file_map_access( access );
access = map_access( access, &file_type.mapping );
if (access & FILE_READ_DATA) mode |= 4;
if (access & (FILE_WRITE_DATA|FILE_APPEND_DATA)) mode |= 2;
if (access & FILE_EXECUTE) mode |= 1;
......
server/file.h
View file @ d6ef9401
......@@ -102,7 +102,6 @@ extern void set_fd_signaled( struct fd *fd, int signaled );
extern char *dup_fd_name( struct fd *root, const char *name );
extern int default_fd_signaled( struct object *obj, struct wait_queue_entry *entry );
extern unsigned int default_fd_map_access( struct object *obj, unsigned int access );
extern int default_fd_get_poll_events( struct fd *fd );
extern void default_poll_event( struct fd *fd, int event );
extern void fd_queue_async( struct fd *fd, struct async *async, int type );
......
server/handle.c
View file @ d6ef9401
......@@ -129,7 +129,7 @@ static const struct object_ops handle_table_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/hook.c
View file @ d6ef9401
......@@ -84,7 +84,7 @@ static const struct object_ops hook_table_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/mailslot.c
View file @ d6ef9401
......@@ -201,7 +201,7 @@ static const struct object_ops mailslot_device_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -231,7 +231,7 @@ static const struct object_ops mailslot_device_file_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
mailslot_device_file_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
mailslot_device_file_get_full_name, /* get_full_name */
......@@ -297,9 +297,7 @@ static struct fd *mailslot_get_fd( struct object *obj )
static unsigned int mailslot_map_access( struct object *obj, unsigned int access )
{
/* mailslots can only be read */
if (access & GENERIC_READ) access |= FILE_GENERIC_READ;
if (access & GENERIC_ALL) access |= FILE_GENERIC_READ;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
return default_map_access( obj, access ) & FILE_GENERIC_READ;
}
static int mailslot_link_name( struct object *obj, struct object_name *name, struct object *parent )
......@@ -538,9 +536,7 @@ static struct fd *mail_writer_get_fd( struct object *obj )
static unsigned int mail_writer_map_access( struct object *obj, unsigned int access )
{
/* mailslot writers can only get write access */
if (access & GENERIC_WRITE) access |= FILE_GENERIC_WRITE;
if (access & GENERIC_ALL) access |= FILE_GENERIC_WRITE;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
return default_map_access( obj, access ) & FILE_GENERIC_WRITE;
}
static struct mailslot *get_mailslot_obj( struct process *process, obj_handle_t handle,
......
server/mapping.c
View file @ d6ef9401
......@@ -71,7 +71,7 @@ static const struct object_ops ranges_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -107,7 +107,7 @@ static const struct object_ops shared_map_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -164,7 +164,6 @@ struct mapping
static void mapping_dump( struct object *obj, int verbose );
static struct fd *mapping_get_fd( struct object *obj );
static unsigned int mapping_map_access( struct object *obj, unsigned int access );
static void mapping_destroy( struct object *obj );
static enum server_fd_type mapping_get_fd_type( struct fd *fd );
......@@ -179,7 +178,7 @@ static const struct object_ops mapping_ops =
NULL, /* satisfied */
no_signal, /* signal */
mapping_get_fd, /* get_fd */
mapping_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -997,15 +996,6 @@ static struct fd *mapping_get_fd( struct object *obj )
return (struct fd *)grab_object( mapping->fd );
}
static unsigned int mapping_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SECTION_QUERY | SECTION_MAP_READ;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | SECTION_MAP_WRITE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SECTION_MAP_EXECUTE;
if (access & GENERIC_ALL) access |= SECTION_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static void mapping_destroy( struct object *obj )
{
struct mapping *mapping = (struct mapping *)obj;
......
server/mutex.c
View file @ d6ef9401
......@@ -62,7 +62,6 @@ struct mutex
static void mutex_dump( struct object *obj, int verbose );
static int mutex_signaled( struct object *obj, struct wait_queue_entry *entry );
static void mutex_satisfied( struct object *obj, struct wait_queue_entry *entry );
static unsigned int mutex_map_access( struct object *obj, unsigned int access );
static void mutex_destroy( struct object *obj );
static int mutex_signal( struct object *obj, unsigned int access );
......@@ -77,7 +76,7 @@ static const struct object_ops mutex_ops =
mutex_satisfied, /* satisfied */
mutex_signal, /* signal */
no_get_fd, /* get_fd */
mutex_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -171,15 +170,6 @@ static void mutex_satisfied( struct object *obj, struct wait_queue_entry *entry
mutex->abandoned = 0;
}
static unsigned int mutex_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | MUTANT_QUERY_STATE;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE;
if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | MUTEX_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static int mutex_signal( struct object *obj, unsigned int access )
{
struct mutex *mutex = (struct mutex *)obj;
......
server/named_pipe.c
View file @ d6ef9401
......@@ -170,7 +170,7 @@ static const struct object_ops pipe_server_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
pipe_end_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
pipe_end_get_sd, /* get_sd */
pipe_end_set_sd, /* set_sd */
pipe_end_get_full_name, /* get_full_name */
......@@ -213,7 +213,7 @@ static const struct object_ops pipe_client_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
pipe_end_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
pipe_end_get_sd, /* get_sd */
pipe_end_set_sd, /* set_sd */
pipe_end_get_full_name, /* get_full_name */
......@@ -259,7 +259,7 @@ static const struct object_ops named_pipe_device_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -290,7 +290,7 @@ static const struct object_ops named_pipe_device_file_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
named_pipe_device_file_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
named_pipe_device_file_get_full_name, /* get_full_name */
......
server/object.c
View file @ d6ef9401
......@@ -528,13 +528,9 @@ struct fd *no_get_fd( struct object *obj )
return NULL;
}
unsigned int no_map_access( struct object *obj, unsigned int access )
unsigned int default_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE;
if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
return map_access( access, &obj->ops->type->mapping );
}
struct security_descriptor *default_get_sd( struct object *obj )
......
server/object.h
View file @ d6ef9401
......@@ -171,7 +171,7 @@ extern int no_add_queue( struct object *obj, struct wait_queue_entry *entry );
extern void no_satisfied( struct object *obj, struct wait_queue_entry *entry );
extern int no_signal( struct object *obj, unsigned int access );
extern struct fd *no_get_fd( struct object *obj );
extern unsigned int no_map_access( struct object *obj, unsigned int access );
extern unsigned int default_map_access( struct object *obj, unsigned int access );
extern struct security_descriptor *default_get_sd( struct object *obj );
extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info );
extern int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd,
......@@ -194,6 +194,15 @@ extern void close_objects(void);
static inline void make_object_permanent( struct object *obj ) { obj->is_permanent = 1; }
static inline void make_object_temporary( struct object *obj ) { obj->is_permanent = 0; }
static inline unsigned int map_access( unsigned int access, const generic_map_t *mapping )
{
if (access & GENERIC_READ) access |= mapping->read;
if (access & GENERIC_WRITE) access |= mapping->write;
if (access & GENERIC_EXECUTE) access |= mapping->exec;
if (access & GENERIC_ALL) access |= mapping->all;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
/* event functions */
struct event;
......
server/process.c
View file @ d6ef9401
......@@ -145,7 +145,7 @@ static const struct object_ops startup_info_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -176,7 +176,6 @@ struct type_descr job_type =
static void job_dump( struct object *obj, int verbose );
static int job_signaled( struct object *obj, struct wait_queue_entry *entry );
static unsigned int job_map_access( struct object *obj, unsigned int access );
static int job_close_handle( struct object *obj, struct process *process, obj_handle_t handle );
static void job_destroy( struct object *obj );
......@@ -204,7 +203,7 @@ static const struct object_ops job_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
job_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -245,15 +244,6 @@ static struct job *get_job_obj( struct process *process, obj_handle_t handle, un
return (struct job *)get_handle_obj( process, handle, access, &job_ops );
}
static unsigned int job_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE;
if (access & GENERIC_ALL) access |= JOB_OBJECT_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static void add_job_completion( struct job *job, apc_param_t msg, apc_param_t pid )
{
if (job->completion_port)
......@@ -681,16 +671,10 @@ static int process_signaled( struct object *obj, struct wait_queue_entry *entry
static unsigned int process_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION | PROCESS_SUSPEND_RESUME |
PROCESS_VM_WRITE | PROCESS_DUP_HANDLE | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE;
if (access & GENERIC_ALL) access |= PROCESS_ALL_ACCESS;
access = default_map_access( obj, access );
if (access & PROCESS_QUERY_INFORMATION) access |= PROCESS_QUERY_LIMITED_INFORMATION;
if (access & PROCESS_SET_INFORMATION) access |= PROCESS_SET_LIMITED_INFORMATION;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
return access;
}
static struct list *process_get_kernel_obj_list( struct object *obj )
......
server/queue.c
View file @ d6ef9401
......@@ -174,7 +174,7 @@ static const struct object_ops msg_queue_ops =
msg_queue_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -211,7 +211,7 @@ static const struct object_ops thread_input_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/registry.c
View file @ d6ef9401
......@@ -352,13 +352,9 @@ static inline struct notify *find_notify( struct key *key, struct process *proce
static unsigned int key_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= KEY_READ;
if (access & GENERIC_WRITE) access |= KEY_WRITE;
if (access & GENERIC_EXECUTE) access |= KEY_EXECUTE;
if (access & GENERIC_ALL) access |= KEY_ALL_ACCESS;
access = default_map_access( obj, access );
/* filter the WOW64 masks, as they aren't real access bits */
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL |
KEY_WOW64_64KEY | KEY_WOW64_32KEY);
return access & ~(KEY_WOW64_64KEY | KEY_WOW64_32KEY);
}
static struct security_descriptor *key_get_sd( struct object *obj )
......
server/request.c
View file @ d6ef9401
......@@ -100,7 +100,7 @@ static const struct object_ops master_socket_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/semaphore.c
View file @ d6ef9401
......@@ -60,7 +60,6 @@ struct semaphore
static void semaphore_dump( struct object *obj, int verbose );
static int semaphore_signaled( struct object *obj, struct wait_queue_entry *entry );
static void semaphore_satisfied( struct object *obj, struct wait_queue_entry *entry );
static unsigned int semaphore_map_access( struct object *obj, unsigned int access );
static int semaphore_signal( struct object *obj, unsigned int access );
static const struct object_ops semaphore_ops =
......@@ -74,7 +73,7 @@ static const struct object_ops semaphore_ops =
semaphore_satisfied, /* satisfied */
semaphore_signal, /* signal */
no_get_fd, /* get_fd */
semaphore_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -155,15 +154,6 @@ static void semaphore_satisfied( struct object *obj, struct wait_queue_entry *en
sem->count--;
}
static unsigned int semaphore_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SEMAPHORE_QUERY_STATE;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | SEMAPHORE_MODIFY_STATE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE;
if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_ALL | SEMAPHORE_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static int semaphore_signal( struct object *obj, unsigned int access )
{
struct semaphore *sem = (struct semaphore *)obj;
......
server/serial.c
View file @ d6ef9401
......@@ -95,7 +95,7 @@ static const struct object_ops serial_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
serial_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/signal.c
View file @ d6ef9401
......@@ -70,7 +70,7 @@ static const struct object_ops handler_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......
server/sock.c
View file @ d6ef9401
......@@ -191,7 +191,7 @@ static const struct object_ops sock_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
sock_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -1536,7 +1536,7 @@ static const struct object_ops ifchange_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
ifchange_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -1756,7 +1756,7 @@ static const struct object_ops socket_device_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......
server/symlink.c
View file @ d6ef9401
......@@ -60,7 +60,6 @@ struct symlink
};
static void symlink_dump( struct object *obj, int verbose );
static unsigned int symlink_map_access( struct object *obj, unsigned int access );
static struct object *symlink_lookup_name( struct object *obj, struct unicode_str *name,
unsigned int attr, struct object *root );
static void symlink_destroy( struct object *obj );
......@@ -76,7 +75,7 @@ static const struct object_ops symlink_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
symlink_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -126,15 +125,6 @@ static struct object *symlink_lookup_name( struct object *obj, struct unicode_st
return target;
}
static unsigned int symlink_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SYMBOLIC_LINK_QUERY;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE;
if (access & GENERIC_ALL) access |= SYMBOLIC_LINK_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static void symlink_destroy( struct object *obj )
{
struct symlink *symlink = (struct symlink *)obj;
......
server/thread.c
View file @ d6ef9401
......@@ -113,7 +113,7 @@ static const struct object_ops thread_apc_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -150,7 +150,7 @@ static const struct object_ops context_ops =
no_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -467,16 +467,10 @@ static int thread_signaled( struct object *obj, struct wait_queue_entry *entry )
static unsigned int thread_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | THREAD_QUERY_INFORMATION | THREAD_GET_CONTEXT;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | THREAD_SET_INFORMATION | THREAD_SET_CONTEXT |
THREAD_TERMINATE | THREAD_SUSPEND_RESUME;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE | THREAD_QUERY_LIMITED_INFORMATION;
if (access & GENERIC_ALL) access |= THREAD_ALL_ACCESS;
access = default_map_access( obj, access );
if (access & THREAD_QUERY_INFORMATION) access |= THREAD_QUERY_LIMITED_INFORMATION;
if (access & THREAD_SET_INFORMATION) access |= THREAD_SET_LIMITED_INFORMATION;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
return access;
}
static void dump_thread_apc( struct object *obj, int verbose )
......
server/timer.c
View file @ d6ef9401
......@@ -67,7 +67,6 @@ struct timer
static void timer_dump( struct object *obj, int verbose );
static int timer_signaled( struct object *obj, struct wait_queue_entry *entry );
static void timer_satisfied( struct object *obj, struct wait_queue_entry *entry );
static unsigned int timer_map_access( struct object *obj, unsigned int access );
static void timer_destroy( struct object *obj );
static const struct object_ops timer_ops =
......@@ -81,7 +80,7 @@ static const struct object_ops timer_ops =
timer_satisfied, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
timer_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -219,15 +218,6 @@ static void timer_satisfied( struct object *obj, struct wait_queue_entry *entry
if (!timer->manual) timer->signaled = 0;
}
static unsigned int timer_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | SYNCHRONIZE | TIMER_QUERY_STATE;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | TIMER_MODIFY_STATE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE;
if (access & GENERIC_ALL) access |= TIMER_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static void timer_destroy( struct object *obj )
{
struct timer *timer = (struct timer *)obj;
......
server/token.c
View file @ d6ef9401
......@@ -150,7 +150,6 @@ struct group
};
static void token_dump( struct object *obj, int verbose );
static unsigned int token_map_access( struct object *obj, unsigned int access );
static void token_destroy( struct object *obj );
static const struct object_ops token_ops =
......@@ -164,7 +163,7 @@ static const struct object_ops token_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
token_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
no_get_full_name, /* get_full_name */
......@@ -185,15 +184,6 @@ static void token_dump( struct object *obj, int verbose )
token->token_id.low_part, token->primary, token->impersonation_level );
}
static unsigned int token_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= TOKEN_READ;
if (access & GENERIC_WRITE) access |= TOKEN_WRITE;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE;
if (access & GENERIC_ALL) access |= TOKEN_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static SID *security_sid_alloc( const SID_IDENTIFIER_AUTHORITY *idauthority, int subauthcount, const unsigned int subauth[] )
{
int i;
......@@ -470,16 +460,6 @@ ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl )
return replaced_acl;
}
/* maps from generic rights to specific rights as given by a mapping */
static inline void map_generic_mask( unsigned int *mask, const generic_map_t *mapping )
{
if (*mask & GENERIC_READ) *mask |= mapping->read;
if (*mask & GENERIC_WRITE) *mask |= mapping->write;
if (*mask & GENERIC_EXECUTE) *mask |= mapping->exec;
if (*mask & GENERIC_ALL) *mask |= mapping->all;
*mask &= ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 )
{
return (luid1->LowPart == luid2->LowPart && luid1->HighPart == luid2->HighPart);
......@@ -1157,8 +1137,7 @@ static unsigned int token_access_check( struct token *token,
sid = (const SID *)&ad_ace->SidStart;
if (token_sid_present( token, sid, TRUE ))
{
unsigned int access = ad_ace->Mask;
map_generic_mask(&access, mapping);
unsigned int access = map_access( ad_ace->Mask, mapping );
if (desired_access & MAXIMUM_ALLOWED)
denied_access |= access;
else
......@@ -1173,8 +1152,7 @@ static unsigned int token_access_check( struct token *token,
sid = (const SID *)&aa_ace->SidStart;
if (token_sid_present( token, sid, FALSE ))
{
unsigned int access = aa_ace->Mask;
map_generic_mask(&access, mapping);
unsigned int access = map_access( aa_ace->Mask, mapping );
if (desired_access & MAXIMUM_ALLOWED)
current_access |= access;
else
......
server/winstation.c
View file @ d6ef9401
......@@ -48,12 +48,10 @@ static int winstation_close_handle( struct object *obj, struct process *process,
static struct object *winstation_lookup_name( struct object *obj, struct unicode_str *name,
unsigned int attr, struct object *root );
static void winstation_destroy( struct object *obj );
static unsigned int winstation_map_access( struct object *obj, unsigned int access );
static void desktop_dump( struct object *obj, int verbose );
static int desktop_link_name( struct object *obj, struct object_name *name, struct object *parent );
static int desktop_close_handle( struct object *obj, struct process *process, obj_handle_t handle );
static void desktop_destroy( struct object *obj );
static unsigned int desktop_map_access( struct object *obj, unsigned int access );
static const WCHAR winstation_name[] = {'W','i','n','d','o','w','S','t','a','t','i','o','n'};
......@@ -80,7 +78,7 @@ static const struct object_ops winstation_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
winstation_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -120,7 +118,7 @@ static const struct object_ops desktop_ops =
NULL, /* satisfied */
no_signal, /* signal */
no_get_fd, /* get_fd */
desktop_map_access, /* map_access */
default_map_access, /* map_access */
default_get_sd, /* get_sd */
default_set_sd, /* set_sd */
default_get_full_name, /* get_full_name */
......@@ -205,17 +203,6 @@ static void winstation_destroy( struct object *obj )
free( winstation->desktop_names );
}
static unsigned int winstation_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | WINSTA_ENUMDESKTOPS | WINSTA_READATTRIBUTES |
WINSTA_ENUMERATE | WINSTA_READSCREEN;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP |
WINSTA_WRITEATTRIBUTES;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS;
if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_REQUIRED | WINSTA_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
/* retrieve the process window station, checking the handle access rights */
struct winstation *get_process_winstation( struct process *process, unsigned int access )
{
......@@ -308,17 +295,6 @@ static void desktop_destroy( struct object *obj )
release_object( desktop->winstation );
}
static unsigned int desktop_map_access( struct object *obj, unsigned int access )
{
if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | DESKTOP_READOBJECTS | DESKTOP_ENUMERATE;
if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW |
DESKTOP_HOOKCONTROL | DESKTOP_JOURNALRECORD | DESKTOP_JOURNALPLAYBACK |
DESKTOP_WRITEOBJECTS;
if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | DESKTOP_SWITCHDESKTOP;
if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_REQUIRED | DESKTOP_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
/* retrieve the thread desktop, checking the handle access rights */
struct desktop *get_thread_desktop( struct thread *thread, unsigned int access )
{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment