Commit graph

119 commits

Author SHA1 Message Date
Alexandre Julliard
868af0c500 server: Don't depend on the TOKEN_GROUPS structure on the server side.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2022-01-25 12:35:54 +01:00
Alexandre Julliard
990cc1c64b server: Define a server-side structure for SID.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2022-01-25 12:32:11 +01:00
Alexandre Julliard
841b8862fb server: Define a server-side structure for ACE.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2022-01-25 12:21:14 +01:00
Alexandre Julliard
c36f81fa75 server: Define a server-side structure for ACL.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2022-01-25 12:10:40 +01:00
Alexandre Julliard
bf3442fab6 server: Define a server-side structure for SID_AND_ATTRIBUTES.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2022-01-25 12:03:14 +01:00
Alexandre Julliard
7d7322671c server: Define a server-side structure for LUID_AND_ATTRIBUTES.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2022-01-25 11:55:40 +01:00
Alexandre Julliard
1381be977b server: Add sys/types.h include in a few more files.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-10-11 11:44:02 +02:00
Alexandre Julliard
eb69da2a9c ntdll: Implement NtQueryInformationToken(TokenSessionId).
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=46595
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-07-01 22:34:31 +02:00
Alexandre Julliard
2b5cefc92e server: Store the session id in the process token.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-07-01 22:34:31 +02:00
Zebediah Figura
4cca8b67d0 server: Create linked tokens as impersonation tokens.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=51347
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-06-30 18:46:16 +02:00
Damjan Jovanovic
31e984a09d server: The owner of a securable object should have all the standard access rights.
Cygwin fork() fails in NtCreateSymbolicLinkObject(). We successfully
create the link but then fail to alloc_handle() with STATUS_ACCESS_DENIED,
because the requested access rights exceed what the owner is allowed.
Allow it more.

Thank you to Dmitry Timoshkov for debugging the security details from
alloc_handle() onwards.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=48891
Signed-off-by: Damjan Jovanovic <damjan.jov@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-06-08 22:28:44 +02:00
Alexandre Julliard
6f7b56a198 server: Merge the various token information queries.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 21:42:18 +01:00
Zebediah Figura
ec9244f056 ntdll: Implement NtQueryInformationToken(TokenLinkedToken).
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 21:41:59 +01:00
Zebediah Figura
c96749790b ntdll: Implement NtQueryInformationToken(TokenElevationType).
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-17 16:28:13 +01:00
Michael Müller
f68659c6e8 server: Grant the same access rights when req->access is zero in duplicate_token.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-08 11:07:31 +01:00
Alexandre Julliard
d6ef9401b3 server: Use the object type information to implement access mapping.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-05 22:53:46 +01:00
Alexandre Julliard
4d646de90d server: Add generic mapping masks for all object types.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-05 15:38:22 +01:00
Alexandre Julliard
c6f2aacb57 server: Add a type descriptor to all server objects.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-04 21:25:32 +01:00
Alexandre Julliard
928a22cd02 server: Add a data type for generic access mappings.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-02-04 21:25:32 +01:00
Paul Gofman
9df7a2efc3 server: Add SeTcbPrivilege (SE_TCB_NAME) to the list of admin privileges.
Fixes Origin client update failure.

Signed-off-by: Paul Gofman <pgofman@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-10-14 21:33:17 +02:00
Zebediah Figura
fa1b0fcf6c server: Check duplicated handle access against the calling thread token and target process token.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-24 15:22:36 +02:00
Michael Müller
d0bea3d702 server: Implement support for creating a process with a specified token.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-24 15:21:43 +02:00
Michael Müller
8c5638aa5e ntdll: Implement NtFilterToken.
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-23 15:58:10 +02:00
Alexandre Julliard
2e51f9aae3 server: Add an object operation to retrieve an object name.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-22 16:55:08 +02:00
Alexandre Julliard
8286b780a4 server: Don't use wine/unicode.h.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-03-24 19:43:38 +01:00
Qian Hong
1058647e14 server: Create primary group using DOMAIN_GROUP_RID_USERS.
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-05-01 11:15:29 +02:00
Erich E. Hoover
e11e8705eb server: Add default security descriptor ownership for processes.
Signed-off-by: Erich E. Hoover <erich.e.hoover@gmail.com>
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-04-24 21:57:48 +02:00
Michael Müller
f926811e0d server: Correctly validate SID length in sd_is_valid.
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-04-03 20:34:36 +02:00
Jacek Caban
b2a546c92d server: Introduce kernel_object struct for generic association between server and kernel objects.
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-03-26 13:55:15 +01:00
Jacek Caban
c55c4ab88c server: Support token object type.
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-02-22 14:27:22 +01:00
Michael Stefaniuc
9e365e4ecc server: Use the ARRAY_SIZE() macro.
Signed-off-by: Michael Stefaniuc <mstefani@winehq.org>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-10-23 13:56:55 +02:00
Hans Leidekker
fc3057c4f3 server: Store the token owner separately.
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-05-02 16:05:32 +02:00
Hans Leidekker
14191f2dd0 server: Dump token details.
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-05-02 16:05:30 +02:00
Alexandre Julliard
6b758dd1dc server: Add a macro to define SIDs.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-02-07 19:38:29 +01:00
Alistair Leslie-Hughes
4bbbc261d1 ntdll: Support TokenLogonSid in NtQueryInformationToken.
Based on a patch by Andrew Wesie.

Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-02-07 19:38:29 +01:00
Michael Müller
a78d419420 server: Assign a default label to all tokens.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-19 09:50:32 +02:00
Michael Müller
7c08e787b1 server: Implement setting a security descriptor when duplicating tokens.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:12:24 +02:00
Michael Müller
af2d01c2fa server: Implement changing the label of a security descriptor.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 11:08:59 +02:00
Michael Müller
2ebe679638 server: Implement querying the security label of a security descriptor.
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-06-15 10:50:54 +02:00
Sebastian Lackner
0e42bce0b6 server: Fix handling of MAXIMUM_ALLOWED in token_access_check.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-02-03 19:05:10 +01:00
André Hentschel
6b85b31b00 server: Remove dead assignment (clang).
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2017-01-31 08:52:09 +01:00
Alexandre Julliard
f55db7882d server: Add link_name and unlink_name object operations.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-02-04 21:07:19 +09:00
Alexandre Julliard
9504e2addf server: Add a helper function to validate and return object attributes.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-01-16 00:05:57 +09:00
Sebastian Lackner
25b0a4981b server: Fix assignment of primary_group in token_duplicate.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2015-12-21 18:17:03 +01:00
Hans Leidekker
e0206d9f8a server: Make returning used privileges optional in token_access_check. 2015-07-17 20:19:36 +09:00
Hans Leidekker
aa407a2818 server: Accept mandatory label ACEs. 2015-04-17 14:53:18 +09:00
Hans Leidekker
7dfdcf3034 server: The token user SID must be present in the default DACL. 2013-07-30 14:43:34 +02:00
Erich Hoover
04cd764d76 server: Report a default DACL for registry keys. 2013-04-23 17:20:11 +02:00
Erich Hoover
56c1a8b062 server: Report administrator ownership by default for registry objects. 2013-04-11 13:15:58 +02:00
Alexandre Julliard
62beef5a72 server: Add a helper function to compute an SID length. 2013-04-11 13:00:06 +02:00