search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
widl: Fold inherit cases by using typename rule in qualified_type.
[wine.git] / server / token.c
blob2ae1cb1780a1115c49b3f60a0ff0cad0114235cd
1 /*
2 * Tokens
3 *
4 * Copyright (C) 1998 Alexandre Julliard
5 * Copyright (C) 2003 Mike McCormack
6 * Copyright (C) 2005 Robert Shearman
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 #include "config.h"
24
25 #include <assert.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <stdarg.h>
29 #include <unistd.h>
30
31 #include "ntstatus.h"
32 #define WIN32_NO_STATUS
33 #include "windef.h"
34 #include "winternl.h"
35
36 #include "handle.h"
37 #include "thread.h"
38 #include "process.h"
39 #include "request.h"
40 #include "security.h"
41
42 #define MAX_SUBAUTH_COUNT 1
43
44 const LUID SeIncreaseQuotaPrivilege = { 5, 0 };
45 const LUID SeTcbPrivilege = { 7, 0 };
46 const LUID SeSecurityPrivilege = { 8, 0 };
47 const LUID SeTakeOwnershipPrivilege = { 9, 0 };
48 const LUID SeLoadDriverPrivilege = { 10, 0 };
49 const LUID SeSystemProfilePrivilege = { 11, 0 };
50 const LUID SeSystemtimePrivilege = { 12, 0 };
51 const LUID SeProfileSingleProcessPrivilege = { 13, 0 };
52 const LUID SeIncreaseBasePriorityPrivilege = { 14, 0 };
53 const LUID SeCreatePagefilePrivilege = { 15, 0 };
54 const LUID SeBackupPrivilege = { 17, 0 };
55 const LUID SeRestorePrivilege = { 18, 0 };
56 const LUID SeShutdownPrivilege = { 19, 0 };
57 const LUID SeDebugPrivilege = { 20, 0 };
58 const LUID SeSystemEnvironmentPrivilege = { 22, 0 };
59 const LUID SeChangeNotifyPrivilege = { 23, 0 };
60 const LUID SeRemoteShutdownPrivilege = { 24, 0 };
61 const LUID SeUndockPrivilege = { 25, 0 };
62 const LUID SeManageVolumePrivilege = { 28, 0 };
63 const LUID SeImpersonatePrivilege = { 29, 0 };
64 const LUID SeCreateGlobalPrivilege = { 30, 0 };
65
66 #define SID_N(n) struct /* same fields as struct SID */ \
67 { \
68 BYTE Revision; \
69 BYTE SubAuthorityCount; \
70 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; \
71 DWORD SubAuthority[n]; \
72 }
73
74 static const SID world_sid = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } };
75 static const SID local_sid = { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } };
76 static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } };
77 static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } };
78 static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
79 static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
80 static const SID high_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_HIGH_RID } };
81 static const SID_N(5) local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
82 static const SID_N(2) builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
83 static const SID_N(2) builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
84 static const SID_N(3) builtin_logon_sid = { SID_REVISION, 3, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID, 0, 0 } };
85 static const SID_N(5) domain_users_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, DOMAIN_GROUP_RID_USERS } };
86
87 const PSID security_world_sid = (PSID)&world_sid;
88 static const PSID security_local_sid = (PSID)&local_sid;
89 static const PSID security_interactive_sid = (PSID)&interactive_sid;
90 static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid;
91 const PSID security_local_system_sid = (PSID)&local_system_sid;
92 const PSID security_local_user_sid = (PSID)&local_user_sid;
93 const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
94 const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
95 const PSID security_domain_users_sid = (PSID)&domain_users_sid;
96 const PSID security_high_label_sid = (PSID)&high_label_sid;
97
98 static luid_t prev_luid_value = { 1000, 0 };
99
100 static const WCHAR token_name[] = {'T','o','k','e','n'};
101
102 struct type_descr token_type =
103 {
104 { token_name, sizeof(token_name) }, /* name */
105 TOKEN_ALL_ACCESS | SYNCHRONIZE, /* valid_access */
106 { /* mapping */
107 STANDARD_RIGHTS_READ | TOKEN_QUERY_SOURCE | TOKEN_QUERY | TOKEN_DUPLICATE,
108 STANDARD_RIGHTS_WRITE | TOKEN_ADJUST_SESSIONID | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_GROUPS
109 | TOKEN_ADJUST_PRIVILEGES,
110 STANDARD_RIGHTS_EXECUTE | TOKEN_IMPERSONATE | TOKEN_ASSIGN_PRIMARY,
111 TOKEN_ALL_ACCESS
112 },
113 };
114
115 struct token
116 {
117 struct object obj; /* object header */
118 luid_t token_id; /* system-unique id of token */
119 luid_t modified_id; /* new id allocated every time token is modified */
120 struct list privileges; /* privileges available to the token */
121 struct list groups; /* groups that the user of this token belongs to (sid_and_attributes) */
122 SID *user; /* SID of user this token represents */
123 SID *owner; /* SID of owner (points to user or one of groups) */
124 SID *primary_group; /* SID of user's primary group (points to one of groups) */
125 unsigned primary; /* is this a primary or impersonation token? */
126 ACL *default_dacl; /* the default DACL to assign to objects created by this user */
127 TOKEN_SOURCE source; /* source of the token */
128 int impersonation_level; /* impersonation level this token is capable of if non-primary token */
129 };
130
131 struct privilege
132 {
133 struct list entry;
134 LUID luid;
135 unsigned enabled : 1; /* is the privilege currently enabled? */
136 unsigned def : 1; /* is the privilege enabled by default? */
137 };
138
139 struct group
140 {
141 struct list entry;
142 unsigned enabled : 1; /* is the sid currently enabled? */
143 unsigned def : 1; /* is the sid enabled by default? */
144 unsigned logon : 1; /* is this a logon sid? */
145 unsigned mandatory: 1; /* is this sid always enabled? */
146 unsigned owner : 1; /* can this sid be an owner of an object? */
147 unsigned resource : 1; /* is this a domain-local group? */
148 unsigned deny_only: 1; /* is this a sid that should be use for denying only? */
149 SID sid;
150 };
151
152 static void token_dump( struct object *obj, int verbose );
153 static void token_destroy( struct object *obj );
154
155 static const struct object_ops token_ops =
156 {
157 sizeof(struct token), /* size */
158 &token_type, /* type */
159 token_dump, /* dump */
160 no_add_queue, /* add_queue */
161 NULL, /* remove_queue */
162 NULL, /* signaled */
163 NULL, /* satisfied */
164 no_signal, /* signal */
165 no_get_fd, /* get_fd */
166 default_map_access, /* map_access */
167 default_get_sd, /* get_sd */
168 default_set_sd, /* set_sd */
169 no_get_full_name, /* get_full_name */
170 no_lookup_name, /* lookup_name */
171 no_link_name, /* link_name */
172 NULL, /* unlink_name */
173 no_open_file, /* open_file */
174 no_kernel_obj_list, /* get_kernel_obj_list */
175 no_close_handle, /* close_handle */
176 token_destroy /* destroy */
177 };
178
179 static void token_dump( struct object *obj, int verbose )
180 {
181 struct token *token = (struct token *)obj;
182 assert( obj->ops == &token_ops );
183 fprintf( stderr, "Token id=%d.%u primary=%u impersonation level=%d\n", token->token_id.high_part,
184 token->token_id.low_part, token->primary, token->impersonation_level );
185 }
186
187 static SID *security_sid_alloc( const SID_IDENTIFIER_AUTHORITY *idauthority, int subauthcount, const unsigned int subauth[] )
188 {
189 int i;
190 SID *sid = mem_alloc( FIELD_OFFSET(SID, SubAuthority[subauthcount]) );
191 if (!sid) return NULL;
192 sid->Revision = SID_REVISION;
193 sid->SubAuthorityCount = subauthcount;
194 sid->IdentifierAuthority = *idauthority;
195 for (i = 0; i < subauthcount; i++)
196 sid->SubAuthority[i] = subauth[i];
197 return sid;
198 }
199
200 void security_set_thread_token( struct thread *thread, obj_handle_t handle )
201 {
202 if (!handle)
203 {
204 if (thread->token)
205 release_object( thread->token );
206 thread->token = NULL;
207 }
208 else
209 {
210 struct token *token = (struct token *)get_handle_obj( current->process,
211 handle,
212 TOKEN_IMPERSONATE,
213 &token_ops );
214 if (token)
215 {
216 if (thread->token)
217 release_object( thread->token );
218 thread->token = token;
219 }
220 }
221 }
222
223 const SID *security_unix_uid_to_sid( uid_t uid )
224 {
225 /* very simple mapping: either the current user or not the current user */
226 if (uid == getuid())
227 return (const SID *)&local_user_sid;
228 else
229 return &anonymous_logon_sid;
230 }
231
232 static int acl_is_valid( const ACL *acl, data_size_t size )
233 {
234 ULONG i;
235 const ACE_HEADER *ace;
236
237 if (size < sizeof(ACL))
238 return FALSE;
239
240 size = min(size, MAX_ACL_LEN);
241
242 size -= sizeof(ACL);
243
244 ace = (const ACE_HEADER *)(acl + 1);
245 for (i = 0; i < acl->AceCount; i++)
246 {
247 const SID *sid;
248 data_size_t sid_size;
249
250 if (size < sizeof(ACE_HEADER))
251 return FALSE;
252 if (size < ace->AceSize)
253 return FALSE;
254 size -= ace->AceSize;
255 switch (ace->AceType)
256 {
257 case ACCESS_DENIED_ACE_TYPE:
258 sid = (const SID *)&((const ACCESS_DENIED_ACE *)ace)->SidStart;
259 sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart);
260 break;
261 case ACCESS_ALLOWED_ACE_TYPE:
262 sid = (const SID *)&((const ACCESS_ALLOWED_ACE *)ace)->SidStart;
263 sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
264 break;
265 case SYSTEM_AUDIT_ACE_TYPE:
266 sid = (const SID *)&((const SYSTEM_AUDIT_ACE *)ace)->SidStart;
267 sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart);
268 break;
269 case SYSTEM_ALARM_ACE_TYPE:
270 sid = (const SID *)&((const SYSTEM_ALARM_ACE *)ace)->SidStart;
271 sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_ALARM_ACE, SidStart);
272 break;
273 case SYSTEM_MANDATORY_LABEL_ACE_TYPE:
274 sid = (const SID *)&((const SYSTEM_MANDATORY_LABEL_ACE *)ace)->SidStart;
275 sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart);
276 break;
277 default:
278 return FALSE;
279 }
280 if (sid_size < FIELD_OFFSET(SID, SubAuthority[0]) || sid_size < security_sid_len( sid ))
281 return FALSE;
282 ace = ace_next( ace );
283 }
284 return TRUE;
285 }
286
287 static unsigned int get_sid_count( const SID *sid, data_size_t size )
288 {
289 unsigned int count;
290
291 for (count = 0; size >= sizeof(SID) && security_sid_len( sid ) <= size; count++)
292 {
293 size -= security_sid_len( sid );
294 sid = (const SID *)((char *)sid + security_sid_len( sid ));
295 }
296
297 return count;
298 }
299
300 /* checks whether all members of a security descriptor fit inside the size
301 * of memory specified */
302 int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
303 {
304 size_t offset = sizeof(struct security_descriptor);
305 const SID *group;
306 const SID *owner;
307 const ACL *sacl;
308 const ACL *dacl;
309 int dummy;
310
311 if (size < offset)
312 return FALSE;
313
314 if ((sd->owner_len >= FIELD_OFFSET(SID, SubAuthority[255])) ||
315 (offset + sd->owner_len > size))
316 return FALSE;
317 owner = sd_get_owner( sd );
318 if (owner)
319 {
320 if ((sd->owner_len < sizeof(SID)) || (security_sid_len( owner ) > sd->owner_len))
321 return FALSE;
322 }
323 offset += sd->owner_len;
324
325 if ((sd->group_len >= FIELD_OFFSET(SID, SubAuthority[255])) ||
326 (offset + sd->group_len > size))
327 return FALSE;
328 group = sd_get_group( sd );
329 if (group)
330 {
331 if ((sd->group_len < sizeof(SID)) || (security_sid_len( group ) > sd->group_len))
332 return FALSE;
333 }
334 offset += sd->group_len;
335
336 if ((sd->sacl_len >= MAX_ACL_LEN) || (offset + sd->sacl_len > size))
337 return FALSE;
338 sacl = sd_get_sacl( sd, &dummy );
339 if (sacl && !acl_is_valid( sacl, sd->sacl_len ))
340 return FALSE;
341 offset += sd->sacl_len;
342
343 if ((sd->dacl_len >= MAX_ACL_LEN) || (offset + sd->dacl_len > size))
344 return FALSE;
345 dacl = sd_get_dacl( sd, &dummy );
346 if (dacl && !acl_is_valid( dacl, sd->dacl_len ))
347 return FALSE;
348 offset += sd->dacl_len;
349
350 return TRUE;
351 }
352
353 /* extract security labels from SACL */
354 ACL *extract_security_labels( const ACL *sacl )
355 {
356 size_t size = sizeof(ACL);
357 const ACE_HEADER *ace;
358 ACE_HEADER *label_ace;
359 unsigned int i, count = 0;
360 ACL *label_acl;
361
362 ace = (const ACE_HEADER *)(sacl + 1);
363 for (i = 0; i < sacl->AceCount; i++, ace = ace_next( ace ))
364 {
365 if (ace->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
366 {
367 size += ace->AceSize;
368 count++;
369 }
370 }
371
372 label_acl = mem_alloc( size );
373 if (!label_acl) return NULL;
374
375 label_acl->AclRevision = sacl->AclRevision;
376 label_acl->Sbz1 = 0;
377 label_acl->AclSize = size;
378 label_acl->AceCount = count;
379 label_acl->Sbz2 = 0;
380 label_ace = (ACE_HEADER *)(label_acl + 1);
381
382 ace = (const ACE_HEADER *)(sacl + 1);
383 for (i = 0; i < sacl->AceCount; i++, ace = ace_next( ace ))
384 {
385 if (ace->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
386 {
387 memcpy( label_ace, ace, ace->AceSize );
388 label_ace = (ACE_HEADER *)ace_next( label_ace );
389 }
390 }
391 return label_acl;
392 }
393
394 /* replace security labels in an existing SACL */
395 ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl )
396 {
397 const ACE_HEADER *ace;
398 ACE_HEADER *replaced_ace;
399 size_t size = sizeof(ACL);
400 unsigned int i, count = 0;
401 BYTE revision = ACL_REVISION;
402 ACL *replaced_acl;
403
404 if (old_sacl)
405 {
406 revision = max( revision, old_sacl->AclRevision );
407 ace = (const ACE_HEADER *)(old_sacl + 1);
408 for (i = 0; i < old_sacl->AceCount; i++, ace = ace_next( ace ))
409 {
410 if (ace->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
411 size += ace->AceSize;
412 count++;
413 }
414 }
415
416 if (new_sacl)
417 {
418 revision = max( revision, new_sacl->AclRevision );
419 ace = (const ACE_HEADER *)(new_sacl + 1);
420 for (i = 0; i < new_sacl->AceCount; i++, ace = ace_next( ace ))
421 {
422 if (ace->AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
423 size += ace->AceSize;
424 count++;
425 }
426 }
427
428 replaced_acl = mem_alloc( size );
429 if (!replaced_acl) return NULL;
430
431 replaced_acl->AclRevision = revision;
432 replaced_acl->Sbz1 = 0;
433 replaced_acl->AclSize = size;
434 replaced_acl->AceCount = count;
435 replaced_acl->Sbz2 = 0;
436 replaced_ace = (ACE_HEADER *)(replaced_acl + 1);
437
438 if (old_sacl)
439 {
440 ace = (const ACE_HEADER *)(old_sacl + 1);
441 for (i = 0; i < old_sacl->AceCount; i++, ace = ace_next( ace ))
442 {
443 if (ace->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
444 memcpy( replaced_ace, ace, ace->AceSize );
445 replaced_ace = (ACE_HEADER *)ace_next( replaced_ace );
446 }
447 }
448
449 if (new_sacl)
450 {
451 ace = (const ACE_HEADER *)(new_sacl + 1);
452 for (i = 0; i < new_sacl->AceCount; i++, ace = ace_next( ace ))
453 {
454 if (ace->AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
455 memcpy( replaced_ace, ace, ace->AceSize );
456 replaced_ace = (ACE_HEADER *)ace_next( replaced_ace );
457 }
458 }
459
460 return replaced_acl;
461 }
462
463 static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 )
464 {
465 return (luid1->LowPart == luid2->LowPart && luid1->HighPart == luid2->HighPart);
466 }
467
468 static inline void allocate_luid( luid_t *luid )
469 {
470 prev_luid_value.low_part++;
471 *luid = prev_luid_value;
472 }
473
474 DECL_HANDLER( allocate_locally_unique_id )
475 {
476 allocate_luid( &reply->luid );
477 }
478
479 static inline void luid_and_attr_from_privilege( LUID_AND_ATTRIBUTES *out, const struct privilege *in)
480 {
481 out->Luid = in->luid;
482 out->Attributes =
483 (in->enabled ? SE_PRIVILEGE_ENABLED : 0) |
484 (in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0);
485 }
486
487 static struct privilege *privilege_add( struct token *token, const LUID *luid, int enabled )
488 {
489 struct privilege *privilege = mem_alloc( sizeof(*privilege) );
490 if (privilege)
491 {
492 privilege->luid = *luid;
493 privilege->def = privilege->enabled = (enabled != 0);
494 list_add_tail( &token->privileges, &privilege->entry );
495 }
496 return privilege;
497 }
498
499 static inline void privilege_remove( struct privilege *privilege )
500 {
501 list_remove( &privilege->entry );
502 free( privilege );
503 }
504
505 static void token_destroy( struct object *obj )
506 {
507 struct token* token;
508 struct list *cursor, *cursor_next;
509
510 assert( obj->ops == &token_ops );
511 token = (struct token *)obj;
512
513 free( token->user );
514
515 LIST_FOR_EACH_SAFE( cursor, cursor_next, &token->privileges )
516 {
517 struct privilege *privilege = LIST_ENTRY( cursor, struct privilege, entry );
518 privilege_remove( privilege );
519 }
520
521 LIST_FOR_EACH_SAFE( cursor, cursor_next, &token->groups )
522 {
523 struct group *group = LIST_ENTRY( cursor, struct group, entry );
524 list_remove( &group->entry );
525 free( group );
526 }
527
528 free( token->default_dacl );
529 }
530
531 /* creates a new token.
532 * groups may be NULL if group_count is 0.
533 * privs may be NULL if priv_count is 0.
534 * default_dacl may be NULL, indicating that all objects created by the user
535 * are unsecured.
536 * modified_id may be NULL, indicating that a new modified_id luid should be
537 * allocated.
538 */
539 static struct token *create_token( unsigned primary, const SID *user,
540 const SID_AND_ATTRIBUTES *groups, unsigned int group_count,
541 const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
542 const ACL *default_dacl, TOKEN_SOURCE source,
543 const luid_t *modified_id,
544 int impersonation_level )
545 {
546 struct token *token = alloc_object( &token_ops );
547 if (token)
548 {
549 unsigned int i;
550
551 allocate_luid( &token->token_id );
552 if (modified_id)
553 token->modified_id = *modified_id;
554 else
555 allocate_luid( &token->modified_id );
556 list_init( &token->privileges );
557 list_init( &token->groups );
558 token->primary = primary;
559 /* primary tokens don't have impersonation levels */
560 if (primary)
561 token->impersonation_level = -1;
562 else
563 token->impersonation_level = impersonation_level;
564 token->default_dacl = NULL;
565 token->primary_group = NULL;
566
567 /* copy user */
568 token->user = memdup( user, security_sid_len( user ));
569 if (!token->user)
570 {
571 release_object( token );
572 return NULL;
573 }
574
575 /* copy groups */
576 for (i = 0; i < group_count; i++)
577 {
578 size_t size = FIELD_OFFSET( struct group, sid.SubAuthority[((const SID *)groups[i].Sid)->SubAuthorityCount] );
579 struct group *group = mem_alloc( size );
580
581 if (!group)
582 {
583 release_object( token );
584 return NULL;
585 }
586 memcpy( &group->sid, groups[i].Sid, security_sid_len( groups[i].Sid ));
587 group->enabled = TRUE;
588 group->def = TRUE;
589 group->logon = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
590 group->mandatory = (groups[i].Attributes & SE_GROUP_MANDATORY) != 0;
591 group->owner = (groups[i].Attributes & SE_GROUP_OWNER) != 0;
592 group->resource = FALSE;
593 group->deny_only = FALSE;
594 list_add_tail( &token->groups, &group->entry );
595 /* Use first owner capable group as owner and primary group */
596 if (!token->primary_group && group->owner)
597 {
598 token->owner = &group->sid;
599 token->primary_group = &group->sid;
600 }
601 }
602
603 /* copy privileges */
604 for (i = 0; i < priv_count; i++)
605 {
606 /* note: we don't check uniqueness: the caller must make sure
607 * privs doesn't contain any duplicate luids */
608 if (!privilege_add( token, &privs[i].Luid,
609 privs[i].Attributes & SE_PRIVILEGE_ENABLED ))
610 {
611 release_object( token );
612 return NULL;
613 }
614 }
615
616 if (default_dacl)
617 {
618 token->default_dacl = memdup( default_dacl, default_dacl->AclSize );
619 if (!token->default_dacl)
620 {
621 release_object( token );
622 return NULL;
623 }
624 }
625
626 token->source = source;
627 }
628 return token;
629 }
630
631 static int filter_group( struct group *group, const SID *filter, unsigned int count )
632 {
633 unsigned int i;
634
635 for (i = 0; i < count; i++)
636 {
637 if (security_equal_sid( &group->sid, filter )) return 1;
638 filter = (const SID *)((char *)filter + security_sid_len( filter ));
639 }
640
641 return 0;
642 }
643
644 static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBUTES *filter, unsigned int count )
645 {
646 unsigned int i;
647
648 for (i = 0; i < count; i++)
649 {
650 if (!memcmp( &privilege->luid, &filter[i].Luid, sizeof(LUID) ))
651 return 1;
652 }
653
654 return 0;
655 }
656
657 struct token *token_duplicate( struct token *src_token, unsigned primary,
658 int impersonation_level, const struct security_descriptor *sd,
659 const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count,
660 const SID *remove_groups, unsigned int remove_group_count)
661 {
662 const luid_t *modified_id =
663 primary || (impersonation_level == src_token->impersonation_level) ?
664 &src_token->modified_id : NULL;
665 struct token *token = NULL;
666 struct privilege *privilege;
667 struct group *group;
668
669 if (!primary &&
670 (impersonation_level < SecurityAnonymous ||
671 impersonation_level > SecurityDelegation ||
672 (!src_token->primary && (impersonation_level > src_token->impersonation_level))))
673 {
674 set_error( STATUS_BAD_IMPERSONATION_LEVEL );
675 return NULL;
676 }
677
678 token = create_token( primary, src_token->user, NULL, 0,
679 NULL, 0, src_token->default_dacl,
680 src_token->source, modified_id,
681 impersonation_level );
682 if (!token) return token;
683
684 /* copy groups */
685 token->primary_group = NULL;
686 LIST_FOR_EACH_ENTRY( group, &src_token->groups, struct group, entry )
687 {
688 size_t size = FIELD_OFFSET( struct group, sid.SubAuthority[group->sid.SubAuthorityCount] );
689 struct group *newgroup = mem_alloc( size );
690 if (!newgroup)
691 {
692 release_object( token );
693 return NULL;
694 }
695 memcpy( newgroup, group, size );
696 if (filter_group( group, remove_groups, remove_group_count ))
697 {
698 newgroup->enabled = 0;
699 newgroup->def = 0;
700 newgroup->deny_only = 1;
701 }
702 list_add_tail( &token->groups, &newgroup->entry );
703 if (src_token->primary_group == &group->sid)
704 {
705 token->owner = &newgroup->sid;
706 token->primary_group = &newgroup->sid;
707 }
708 }
709 assert( token->primary_group );
710
711 /* copy privileges */
712 LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
713 {
714 if (filter_privilege( privilege, remove_privs, remove_priv_count )) continue;
715 if (!privilege_add( token, &privilege->luid, privilege->enabled ))
716 {
717 release_object( token );
718 return NULL;
719 }
720 }
721
722 if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
723 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
724
725 return token;
726 }
727
728 static ACL *create_default_dacl( const SID *user )
729 {
730 ACCESS_ALLOWED_ACE *aaa;
731 ACL *default_dacl;
732 SID *sid;
733 size_t default_dacl_size = sizeof(ACL) +
734 2*(sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) +
735 sizeof(local_system_sid) +
736 security_sid_len( user );
737
738 default_dacl = mem_alloc( default_dacl_size );
739 if (!default_dacl) return NULL;
740
741 default_dacl->AclRevision = ACL_REVISION;
742 default_dacl->Sbz1 = 0;
743 default_dacl->AclSize = default_dacl_size;
744 default_dacl->AceCount = 2;
745 default_dacl->Sbz2 = 0;
746
747 /* GENERIC_ALL for Local System */
748 aaa = (ACCESS_ALLOWED_ACE *)(default_dacl + 1);
749 aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
750 aaa->Header.AceFlags = 0;
751 aaa->Header.AceSize = (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) +
752 sizeof(local_system_sid);
753 aaa->Mask = GENERIC_ALL;
754 sid = (SID *)&aaa->SidStart;
755 memcpy( sid, &local_system_sid, sizeof(local_system_sid) );
756
757 /* GENERIC_ALL for specified user */
758 aaa = (ACCESS_ALLOWED_ACE *)((char *)aaa + aaa->Header.AceSize);
759 aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
760 aaa->Header.AceFlags = 0;
761 aaa->Header.AceSize = (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + security_sid_len( user );
762 aaa->Mask = GENERIC_ALL;
763 sid = (SID *)&aaa->SidStart;
764 memcpy( sid, user, security_sid_len( user ));
765
766 return default_dacl;
767 }
768
769 struct sid_data
770 {
771 SID_IDENTIFIER_AUTHORITY idauth;
772 int count;
773 unsigned int subauth[MAX_SUBAUTH_COUNT];
774 };
775
776 static struct security_descriptor *create_security_label_sd( struct token *token, PSID label_sid )
777 {
778 size_t sid_len = security_sid_len( label_sid ), sacl_size, sd_size;
779 SYSTEM_MANDATORY_LABEL_ACE *smla;
780 struct security_descriptor *sd;
781 ACL *sacl;
782
783 sacl_size = sizeof(ACL) + FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + sid_len;
784 sd_size = sizeof(struct security_descriptor) + sacl_size;
785 if (!(sd = mem_alloc( sd_size )))
786 return NULL;
787
788 sd->control = SE_SACL_PRESENT;
789 sd->owner_len = 0;
790 sd->group_len = 0;
791 sd->sacl_len = sacl_size;
792 sd->dacl_len = 0;
793
794 sacl = (ACL *)(sd + 1);
795 sacl->AclRevision = ACL_REVISION;
796 sacl->Sbz1 = 0;
797 sacl->AclSize = sacl_size;
798 sacl->AceCount = 1;
799 sacl->Sbz2 = 0;
800
801 smla = (SYSTEM_MANDATORY_LABEL_ACE *)(sacl + 1);
802 smla->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE;
803 smla->Header.AceFlags = 0;
804 smla->Header.AceSize = FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + sid_len;
805 smla->Mask = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP;
806 memcpy( &smla->SidStart, label_sid, sid_len );
807
808 assert( sd_is_valid( sd, sd_size ) );
809 return sd;
810 }
811
812 int token_assign_label( struct token *token, PSID label )
813 {
814 struct security_descriptor *sd;
815 int ret = 0;
816
817 if ((sd = create_security_label_sd( token, label )))
818 {
819 ret = set_sd_defaults_from_token( &token->obj, sd, LABEL_SECURITY_INFORMATION, token );
820 free( sd );
821 }
822
823 return ret;
824 }
825
826 struct token *get_token_obj( struct process *process, obj_handle_t handle, unsigned int access )
827 {
828 return (struct token *)get_handle_obj( process, handle, access, &token_ops );
829 }
830
831 struct token *token_create_admin( void )
832 {
833 struct token *token = NULL;
834 static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };
835 static const unsigned int alias_admins_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS };
836 static const unsigned int alias_users_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS };
837 /* on Windows, this value changes every time the user logs on */
838 static const unsigned int logon_subauth[] = { SECURITY_LOGON_IDS_RID, 0, 1 /* FIXME: should be randomly generated when tokens are inherited by new processes */ };
839 PSID alias_admins_sid;
840 PSID alias_users_sid;
841 PSID logon_sid;
842 const SID *user_sid = security_unix_uid_to_sid( getuid() );
843 ACL *default_dacl = create_default_dacl( user_sid );
844
845 alias_admins_sid = security_sid_alloc( &nt_authority, ARRAY_SIZE( alias_admins_subauth ),
846 alias_admins_subauth );
847 alias_users_sid = security_sid_alloc( &nt_authority, ARRAY_SIZE( alias_users_subauth ),
848 alias_users_subauth );
849 logon_sid = security_sid_alloc( &nt_authority, ARRAY_SIZE( logon_subauth ), logon_subauth );
850
851 if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl)
852 {
853 const LUID_AND_ATTRIBUTES admin_privs[] =
854 {
855 { SeChangeNotifyPrivilege , SE_PRIVILEGE_ENABLED },
856 { SeTcbPrivilege , 0 },
857 { SeSecurityPrivilege , 0 },
858 { SeBackupPrivilege , 0 },
859 { SeRestorePrivilege , 0 },
860 { SeSystemtimePrivilege , 0 },
861 { SeShutdownPrivilege , 0 },
862 { SeRemoteShutdownPrivilege , 0 },
863 { SeTakeOwnershipPrivilege , 0 },
864 { SeDebugPrivilege , 0 },
865 { SeSystemEnvironmentPrivilege , 0 },
866 { SeSystemProfilePrivilege , 0 },
867 { SeProfileSingleProcessPrivilege, 0 },
868 { SeIncreaseBasePriorityPrivilege, 0 },
869 { SeLoadDriverPrivilege , SE_PRIVILEGE_ENABLED },
870 { SeCreatePagefilePrivilege , 0 },
871 { SeIncreaseQuotaPrivilege , 0 },
872 { SeUndockPrivilege , 0 },
873 { SeManageVolumePrivilege , 0 },
874 { SeImpersonatePrivilege , SE_PRIVILEGE_ENABLED },
875 { SeCreateGlobalPrivilege , SE_PRIVILEGE_ENABLED },
876 };
877 /* note: we don't include non-builtin groups here for the user -
878 * telling us these is the job of a client-side program */
879 const SID_AND_ATTRIBUTES admin_groups[] =
880 {
881 { security_world_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
882 { security_local_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
883 { security_interactive_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
884 { security_authenticated_user_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
885 { security_domain_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
886 { alias_admins_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
887 { alias_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
888 { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
889 };
890 static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
891 token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
892 admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
893 admin_source, NULL, -1 );
894 /* we really need a primary group */
895 assert( token->primary_group );
896 }
897
898 free( logon_sid );
899 free( alias_admins_sid );
900 free( alias_users_sid );
901 free( default_dacl );
902
903 return token;
904 }
905
906 static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
907 {
908 struct privilege *privilege;
909 LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
910 {
911 if (is_equal_luid( luid, &privilege->luid ))
912 {
913 if (enabled_only && !privilege->enabled)
914 return NULL;
915 return privilege;
916 }
917 }
918 return NULL;
919 }
920
921 static unsigned int token_adjust_privileges( struct token *token, const LUID_AND_ATTRIBUTES *privs,
922 unsigned int count, LUID_AND_ATTRIBUTES *mod_privs,
923 unsigned int mod_privs_count )
924 {
925 unsigned int i, modified_count = 0;
926
927 /* mark as modified */
928 allocate_luid( &token->modified_id );
929
930 for (i = 0; i < count; i++)
931 {
932 struct privilege *privilege =
933 token_find_privilege( token, &privs[i].Luid, FALSE );
934 if (!privilege)
935 {
936 set_error( STATUS_NOT_ALL_ASSIGNED );
937 continue;
938 }
939
940 if (privs[i].Attributes & SE_PRIVILEGE_REMOVED)
941 privilege_remove( privilege );
942 else
943 {
944 /* save previous state for caller */
945 if (mod_privs_count)
946 {
947 luid_and_attr_from_privilege(mod_privs, privilege);
948 mod_privs++;
949 mod_privs_count--;
950 modified_count++;
951 }
952
953 if (privs[i].Attributes & SE_PRIVILEGE_ENABLED)
954 privilege->enabled = TRUE;
955 else
956 privilege->enabled = FALSE;
957 }
958 }
959 return modified_count;
960 }
961
962 static void token_disable_privileges( struct token *token )
963 {
964 struct privilege *privilege;
965
966 /* mark as modified */
967 allocate_luid( &token->modified_id );
968
969 LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
970 privilege->enabled = FALSE;
971 }
972
973 int token_check_privileges( struct token *token, int all_required,
974 const LUID_AND_ATTRIBUTES *reqprivs,
975 unsigned int count, LUID_AND_ATTRIBUTES *usedprivs)
976 {
977 unsigned int i, enabled_count = 0;
978
979 for (i = 0; i < count; i++)
980 {
981 struct privilege *privilege =
982 token_find_privilege( token, &reqprivs[i].Luid, TRUE );
983
984 if (usedprivs)
985 usedprivs[i] = reqprivs[i];
986
987 if (privilege && privilege->enabled)
988 {
989 enabled_count++;
990 if (usedprivs)
991 usedprivs[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
992 }
993 }
994
995 if (all_required)
996 return (enabled_count == count);
997 else
998 return (enabled_count > 0);
999 }
1000
1001 int token_sid_present( struct token *token, const SID *sid, int deny )
1002 {
1003 struct group *group;
1004
1005 if (security_equal_sid( token->user, sid )) return TRUE;
1006
1007 LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
1008 {
1009 if (!group->enabled) continue;
1010 if (group->deny_only && !deny) continue;
1011
1012 if (security_equal_sid( &group->sid, sid )) return TRUE;
1013 }
1014
1015 return FALSE;
1016 }
1017
1018 /* Checks access to a security descriptor. 'sd' must have been validated by
1019 * caller. It returns STATUS_SUCCESS if call succeeded or an error indicating
1020 * the reason. 'status' parameter will indicate if access is granted or denied.
1021 *
1022 * If both returned value and 'status' are STATUS_SUCCESS then access is granted.
1023 */
1024 static unsigned int token_access_check( struct token *token,
1025 const struct security_descriptor *sd,
1026 unsigned int desired_access,
1027 LUID_AND_ATTRIBUTES *privs,
1028 unsigned int *priv_count,
1029 const generic_map_t *mapping,
1030 unsigned int *granted_access,
1031 unsigned int *status )
1032 {
1033 unsigned int current_access = 0;
1034 unsigned int denied_access = 0;
1035 ULONG i;
1036 const ACL *dacl;
1037 int dacl_present;
1038 const ACE_HEADER *ace;
1039 const SID *owner;
1040
1041 /* assume no access rights */
1042 *granted_access = 0;
1043
1044 /* fail if desired_access contains generic rights */
1045 if (desired_access & (GENERIC_READ|GENERIC_WRITE|GENERIC_EXECUTE|GENERIC_ALL))
1046 {
1047 if (priv_count) *priv_count = 0;
1048 return STATUS_GENERIC_NOT_MAPPED;
1049 }
1050
1051 dacl = sd_get_dacl( sd, &dacl_present );
1052 owner = sd_get_owner( sd );
1053 if (!owner || !sd_get_group( sd ))
1054 {
1055 if (priv_count) *priv_count = 0;
1056 return STATUS_INVALID_SECURITY_DESCR;
1057 }
1058
1059 /* 1: Grant desired access if the object is unprotected */
1060 if (!dacl_present || !dacl)
1061 {
1062 if (priv_count) *priv_count = 0;
1063 if (desired_access & MAXIMUM_ALLOWED)
1064 *granted_access = mapping->all;
1065 else
1066 *granted_access = desired_access;
1067 return *status = STATUS_SUCCESS;
1068 }
1069
1070 /* 2: Check if caller wants access to system security part. Note: access
1071 * is only granted if specifically asked for */
1072 if (desired_access & ACCESS_SYSTEM_SECURITY)
1073 {
1074 const LUID_AND_ATTRIBUTES security_priv = { SeSecurityPrivilege, 0 };
1075 LUID_AND_ATTRIBUTES retpriv = security_priv;
1076 if (token_check_privileges( token, TRUE, &security_priv, 1, &retpriv ))
1077 {
1078 if (priv_count)
1079 {
1080 /* assumes that there will only be one privilege to return */
1081 if (*priv_count >= 1)
1082 {
1083 *priv_count = 1;
1084 *privs = retpriv;
1085 }
1086 else
1087 {
1088 *priv_count = 1;
1089 return STATUS_BUFFER_TOO_SMALL;
1090 }
1091 }
1092 current_access |= ACCESS_SYSTEM_SECURITY;
1093 if (desired_access == current_access)
1094 {
1095 *granted_access = current_access;
1096 return *status = STATUS_SUCCESS;
1097 }
1098 }
1099 else
1100 {
1101 if (priv_count) *priv_count = 0;
1102 *status = STATUS_PRIVILEGE_NOT_HELD;
1103 return STATUS_SUCCESS;
1104 }
1105 }
1106 else if (priv_count) *priv_count = 0;
1107
1108 /* 3: Check whether the token is the owner */
1109 /* NOTE: SeTakeOwnershipPrivilege is not checked for here - it is instead
1110 * checked when a "set owner" call is made, overriding the access rights
1111 * determined here. */
1112 if (token_sid_present( token, owner, FALSE ))
1113 {
1114 current_access |= (READ_CONTROL | WRITE_DAC);
1115 if (desired_access == current_access)
1116 {
1117 *granted_access = current_access;
1118 return *status = STATUS_SUCCESS;
1119 }
1120 }
1121
1122 /* 4: Grant rights according to the DACL */
1123 ace = (const ACE_HEADER *)(dacl + 1);
1124 for (i = 0; i < dacl->AceCount; i++, ace = ace_next( ace ))
1125 {
1126 const ACCESS_ALLOWED_ACE *aa_ace;
1127 const ACCESS_DENIED_ACE *ad_ace;
1128 const SID *sid;
1129
1130 if (ace->AceFlags & INHERIT_ONLY_ACE)
1131 continue;
1132
1133 switch (ace->AceType)
1134 {
1135 case ACCESS_DENIED_ACE_TYPE:
1136 ad_ace = (const ACCESS_DENIED_ACE *)ace;
1137 sid = (const SID *)&ad_ace->SidStart;
1138 if (token_sid_present( token, sid, TRUE ))
1139 {
1140 unsigned int access = map_access( ad_ace->Mask, mapping );
1141 if (desired_access & MAXIMUM_ALLOWED)
1142 denied_access |= access;
1143 else
1144 {
1145 denied_access |= (access & ~current_access);
1146 if (desired_access & access) goto done;
1147 }
1148 }
1149 break;
1150 case ACCESS_ALLOWED_ACE_TYPE:
1151 aa_ace = (const ACCESS_ALLOWED_ACE *)ace;
1152 sid = (const SID *)&aa_ace->SidStart;
1153 if (token_sid_present( token, sid, FALSE ))
1154 {
1155 unsigned int access = map_access( aa_ace->Mask, mapping );
1156 if (desired_access & MAXIMUM_ALLOWED)
1157 current_access |= access;
1158 else
1159 current_access |= (access & ~denied_access);
1160 }
1161 break;
1162 }
1163
1164 /* don't bother carrying on checking if we've already got all of
1165 * rights we need */
1166 if (desired_access == *granted_access)
1167 break;
1168 }
1169
1170 done:
1171 if (desired_access & MAXIMUM_ALLOWED)
1172 *granted_access = current_access & ~denied_access;
1173 else
1174 if ((current_access & desired_access) == desired_access)
1175 *granted_access = current_access & desired_access;
1176 else
1177 *granted_access = 0;
1178
1179 *status = *granted_access ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;
1180 return STATUS_SUCCESS;
1181 }
1182
1183 const ACL *token_get_default_dacl( struct token *token )
1184 {
1185 return token->default_dacl;
1186 }
1187
1188 const SID *token_get_user( struct token *token )
1189 {
1190 return token->user;
1191 }
1192
1193 const SID *token_get_primary_group( struct token *token )
1194 {
1195 return token->primary_group;
1196 }
1197
1198 int check_object_access(struct token *token, struct object *obj, unsigned int *access)
1199 {
1200 generic_map_t mapping;
1201 unsigned int status;
1202 int res;
1203
1204 if (!token)
1205 token = current->token ? current->token : current->process->token;
1206
1207 mapping.all = obj->ops->map_access( obj, GENERIC_ALL );
1208
1209 if (!obj->sd)
1210 {
1211 if (*access & MAXIMUM_ALLOWED) *access = mapping.all;
1212 return TRUE;
1213 }
1214
1215 mapping.read = obj->ops->map_access( obj, GENERIC_READ );
1216 mapping.write = obj->ops->map_access( obj, GENERIC_WRITE );
1217 mapping.exec = obj->ops->map_access( obj, GENERIC_EXECUTE );
1218
1219 res = token_access_check( token, obj->sd, *access, NULL, NULL,
1220 &mapping, access, &status ) == STATUS_SUCCESS &&
1221 status == STATUS_SUCCESS;
1222
1223 if (!res) set_error( STATUS_ACCESS_DENIED );
1224 return res;
1225 }
1226
1227
1228 /* open a security token */
1229 DECL_HANDLER(open_token)
1230 {
1231 if (req->flags & OPEN_TOKEN_THREAD)
1232 {
1233 struct thread *thread = get_thread_from_handle( req->handle, 0 );
1234 if (thread)
1235 {
1236 if (thread->token)
1237 {
1238 if (!thread->token->primary && thread->token->impersonation_level <= SecurityAnonymous)
1239 set_error( STATUS_CANT_OPEN_ANONYMOUS );
1240 else
1241 reply->token = alloc_handle( current->process, thread->token,
1242 req->access, req->attributes );
1243 }
1244 else
1245 set_error( STATUS_NO_TOKEN );
1246 release_object( thread );
1247 }
1248 }
1249 else
1250 {
1251 struct process *process = get_process_from_handle( req->handle, 0 );
1252 if (process)
1253 {
1254 if (process->token)
1255 reply->token = alloc_handle( current->process, process->token, req->access,
1256 req->attributes );
1257 else
1258 set_error( STATUS_NO_TOKEN );
1259 release_object( process );
1260 }
1261 }
1262 }
1263
1264 /* adjust the privileges held by a token */
1265 DECL_HANDLER(adjust_token_privileges)
1266 {
1267 struct token *token;
1268 unsigned int access = TOKEN_ADJUST_PRIVILEGES;
1269
1270 if (req->get_modified_state) access |= TOKEN_QUERY;
1271
1272 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1273 access, &token_ops )))
1274 {
1275 const LUID_AND_ATTRIBUTES *privs = get_req_data();
1276 LUID_AND_ATTRIBUTES *modified_privs = NULL;
1277 unsigned int priv_count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES);
1278 unsigned int modified_priv_count = 0;
1279
1280 if (req->get_modified_state && !req->disable_all)
1281 {
1282 unsigned int i;
1283 /* count modified privs */
1284 for (i = 0; i < priv_count; i++)
1285 {
1286 struct privilege *privilege =
1287 token_find_privilege( token, &privs[i].Luid, FALSE );
1288 if (privilege && req->get_modified_state)
1289 modified_priv_count++;
1290 }
1291 reply->len = modified_priv_count;
1292 modified_priv_count = min( modified_priv_count, get_reply_max_size() / sizeof(*modified_privs) );
1293 if (modified_priv_count)
1294 modified_privs = set_reply_data_size( modified_priv_count * sizeof(*modified_privs) );
1295 }
1296 reply->len = modified_priv_count * sizeof(*modified_privs);
1297
1298 if (req->disable_all)
1299 token_disable_privileges( token );
1300 else
1301 token_adjust_privileges( token, privs, priv_count, modified_privs, modified_priv_count );
1302
1303 release_object( token );
1304 }
1305 }
1306
1307 /* retrieves the list of privileges that may be held be the token */
1308 DECL_HANDLER(get_token_privileges)
1309 {
1310 struct token *token;
1311
1312 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1313 TOKEN_QUERY,
1314 &token_ops )))
1315 {
1316 int priv_count = 0;
1317 LUID_AND_ATTRIBUTES *privs;
1318 struct privilege *privilege;
1319
1320 LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
1321 priv_count++;
1322
1323 reply->len = priv_count * sizeof(*privs);
1324 if (reply->len <= get_reply_max_size())
1325 {
1326 privs = set_reply_data_size( priv_count * sizeof(*privs) );
1327 if (privs)
1328 {
1329 int i = 0;
1330 LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
1331 {
1332 luid_and_attr_from_privilege( &privs[i], privilege );
1333 i++;
1334 }
1335 }
1336 }
1337 else
1338 set_error(STATUS_BUFFER_TOO_SMALL);
1339
1340 release_object( token );
1341 }
1342 }
1343
1344 /* creates a duplicate of the token */
1345 DECL_HANDLER(duplicate_token)
1346 {
1347 struct token *src_token;
1348 struct unicode_str name;
1349 const struct security_descriptor *sd;
1350 const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL );
1351
1352 if (!objattr) return;
1353
1354 if ((src_token = (struct token *)get_handle_obj( current->process, req->handle,
1355 TOKEN_DUPLICATE,
1356 &token_ops )))
1357 {
1358 struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd, NULL, 0, NULL, 0 );
1359 if (token)
1360 {
1361 unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
1362 reply->new_handle = alloc_handle_no_access_check( current->process, token, access, objattr->attributes );
1363 release_object( token );
1364 }
1365 release_object( src_token );
1366 }
1367 }
1368
1369 /* creates a restricted version of a token */
1370 DECL_HANDLER(filter_token)
1371 {
1372 struct token *src_token;
1373
1374 if ((src_token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_DUPLICATE, &token_ops )))
1375 {
1376 const LUID_AND_ATTRIBUTES *filter_privileges = get_req_data();
1377 unsigned int priv_count, group_count;
1378 const SID *filter_groups;
1379 struct token *token;
1380
1381 priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(LUID_AND_ATTRIBUTES);
1382 filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(LUID_AND_ATTRIBUTES));
1383 group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
1384
1385 token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
1386 filter_privileges, priv_count, filter_groups, group_count );
1387 if (token)
1388 {
1389 unsigned int access = get_handle_access( current->process, req->handle );
1390 reply->new_handle = alloc_handle_no_access_check( current->process, token, access, 0 );
1391 release_object( token );
1392 }
1393 release_object( src_token );
1394 }
1395 }
1396
1397 /* checks the specified privileges are held by the token */
1398 DECL_HANDLER(check_token_privileges)
1399 {
1400 struct token *token;
1401
1402 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1403 TOKEN_QUERY,
1404 &token_ops )))
1405 {
1406 unsigned int count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES);
1407
1408 if (!token->primary && token->impersonation_level <= SecurityAnonymous)
1409 set_error( STATUS_BAD_IMPERSONATION_LEVEL );
1410 else if (get_reply_max_size() >= count * sizeof(LUID_AND_ATTRIBUTES))
1411 {
1412 LUID_AND_ATTRIBUTES *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) );
1413 reply->has_privileges = token_check_privileges( token, req->all_required, get_req_data(), count, usedprivs );
1414 }
1415 else
1416 set_error( STATUS_BUFFER_OVERFLOW );
1417 release_object( token );
1418 }
1419 }
1420
1421 /* checks that a user represented by a token is allowed to access an object
1422 * represented by a security descriptor */
1423 DECL_HANDLER(access_check)
1424 {
1425 data_size_t sd_size = get_req_data_size();
1426 const struct security_descriptor *sd = get_req_data();
1427 struct token *token;
1428
1429 if (!sd_is_valid( sd, sd_size ))
1430 {
1431 set_error( STATUS_ACCESS_VIOLATION );
1432 return;
1433 }
1434
1435 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1436 TOKEN_QUERY,
1437 &token_ops )))
1438 {
1439 unsigned int status;
1440 LUID_AND_ATTRIBUTES priv;
1441 unsigned int priv_count = 1;
1442
1443 memset(&priv, 0, sizeof(priv));
1444
1445 /* only impersonation tokens may be used with this function */
1446 if (token->primary)
1447 {
1448 set_error( STATUS_NO_IMPERSONATION_TOKEN );
1449 release_object( token );
1450 return;
1451 }
1452 /* anonymous impersonation tokens can't be used */
1453 if (token->impersonation_level <= SecurityAnonymous)
1454 {
1455 set_error( STATUS_BAD_IMPERSONATION_LEVEL );
1456 release_object( token );
1457 return;
1458 }
1459
1460 status = token_access_check( token, sd, req->desired_access, &priv, &priv_count, &req->mapping,
1461 &reply->access_granted, &reply->access_status );
1462
1463 reply->privileges_len = priv_count*sizeof(LUID_AND_ATTRIBUTES);
1464
1465 if ((priv_count > 0) && (reply->privileges_len <= get_reply_max_size()))
1466 {
1467 LUID_AND_ATTRIBUTES *privs = set_reply_data_size( priv_count * sizeof(*privs) );
1468 memcpy( privs, &priv, sizeof(priv) );
1469 }
1470
1471 set_error( status );
1472 release_object( token );
1473 }
1474 }
1475
1476 /* retrieves an SID from the token */
1477 DECL_HANDLER(get_token_sid)
1478 {
1479 struct token *token;
1480
1481 reply->sid_len = 0;
1482
1483 if ((token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_QUERY, &token_ops )))
1484 {
1485 const SID *sid = NULL;
1486
1487 switch (req->which_sid)
1488 {
1489 case TokenUser:
1490 assert(token->user);
1491 sid = token->user;
1492 break;
1493 case TokenPrimaryGroup:
1494 sid = token->primary_group;
1495 break;
1496 case TokenOwner:
1497 sid = token->owner;
1498 break;
1499 case TokenLogonSid:
1500 sid = (const SID *)&builtin_logon_sid;
1501 break;
1502 default:
1503 set_error( STATUS_INVALID_PARAMETER );
1504 break;
1505 }
1506
1507 if (sid)
1508 {
1509 reply->sid_len = security_sid_len( sid );
1510 if (reply->sid_len <= get_reply_max_size()) set_reply_data( sid, reply->sid_len );
1511 else set_error( STATUS_BUFFER_TOO_SMALL );
1512 }
1513 release_object( token );
1514 }
1515 }
1516
1517 /* retrieves the groups that the user represented by the token belongs to */
1518 DECL_HANDLER(get_token_groups)
1519 {
1520 struct token *token;
1521
1522 reply->user_len = 0;
1523
1524 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1525 TOKEN_QUERY,
1526 &token_ops )))
1527 {
1528 size_t size_needed = sizeof(struct token_groups);
1529 size_t sid_size = 0;
1530 unsigned int group_count = 0;
1531 const struct group *group;
1532
1533 LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
1534 {
1535 group_count++;
1536 sid_size += security_sid_len( &group->sid );
1537 }
1538 size_needed += sid_size;
1539 /* attributes size */
1540 size_needed += sizeof(unsigned int) * group_count;
1541
1542 /* reply buffer contains size_needed bytes formatted as:
1543
1544 unsigned int count;
1545 unsigned int attrib[count];
1546 char sid_data[];
1547
1548 user_len includes extra data needed for TOKEN_GROUPS representation,
1549 required caller buffer size calculated here to avoid extra server call */
1550 reply->user_len = FIELD_OFFSET( TOKEN_GROUPS, Groups[group_count] ) + sid_size;
1551
1552 if (reply->user_len <= get_reply_max_size())
1553 {
1554 struct token_groups *tg = set_reply_data_size( size_needed );
1555 if (tg)
1556 {
1557 unsigned int *attr_ptr = (unsigned int *)(tg + 1);
1558 SID *sid_ptr = (SID *)(attr_ptr + group_count);
1559
1560 tg->count = group_count;
1561
1562 LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
1563 {
1564
1565 *attr_ptr = 0;
1566 if (group->mandatory) *attr_ptr |= SE_GROUP_MANDATORY;
1567 if (group->def) *attr_ptr |= SE_GROUP_ENABLED_BY_DEFAULT;
1568 if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED;
1569 if (group->owner) *attr_ptr |= SE_GROUP_OWNER;
1570 if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY;
1571 if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
1572 if (group->logon) *attr_ptr |= SE_GROUP_LOGON_ID;
1573
1574 memcpy(sid_ptr, &group->sid, security_sid_len( &group->sid ));
1575
1576 sid_ptr = (SID *)((char *)sid_ptr + security_sid_len( &group->sid ));
1577 attr_ptr++;
1578 }
1579 }
1580 }
1581 else set_error( STATUS_BUFFER_TOO_SMALL );
1582
1583 release_object( token );
1584 }
1585 }
1586
1587 DECL_HANDLER(get_token_impersonation_level)
1588 {
1589 struct token *token;
1590
1591 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1592 TOKEN_QUERY,
1593 &token_ops )))
1594 {
1595 if (token->primary)
1596 set_error( STATUS_INVALID_PARAMETER );
1597 else
1598 reply->impersonation_level = token->impersonation_level;
1599
1600 release_object( token );
1601 }
1602 }
1603
1604 DECL_HANDLER(get_token_statistics)
1605 {
1606 struct token *token;
1607
1608 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1609 TOKEN_QUERY,
1610 &token_ops )))
1611 {
1612 reply->token_id = token->token_id;
1613 reply->modified_id = token->modified_id;
1614 reply->primary = token->primary;
1615 reply->impersonation_level = token->impersonation_level;
1616 reply->group_count = list_count( &token->groups );
1617 reply->privilege_count = list_count( &token->privileges );
1618
1619 release_object( token );
1620 }
1621 }
1622
1623 DECL_HANDLER(get_token_default_dacl)
1624 {
1625 struct token *token;
1626
1627 reply->acl_len = 0;
1628
1629 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1630 TOKEN_QUERY,
1631 &token_ops )))
1632 {
1633 if (token->default_dacl)
1634 reply->acl_len = token->default_dacl->AclSize;
1635
1636 if (reply->acl_len <= get_reply_max_size())
1637 {
1638 ACL *acl_reply = set_reply_data_size( reply->acl_len );
1639 if (acl_reply)
1640 memcpy( acl_reply, token->default_dacl, reply->acl_len );
1641 }
1642 else set_error( STATUS_BUFFER_TOO_SMALL );
1643
1644 release_object( token );
1645 }
1646 }
1647
1648 DECL_HANDLER(set_token_default_dacl)
1649 {
1650 struct token *token;
1651
1652 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1653 TOKEN_ADJUST_DEFAULT,
1654 &token_ops )))
1655 {
1656 const ACL *acl = get_req_data();
1657 unsigned int acl_size = get_req_data_size();
1658
1659 free( token->default_dacl );
1660 token->default_dacl = NULL;
1661
1662 if (acl_size)
1663 token->default_dacl = memdup( acl, acl_size );
1664
1665 release_object( token );
1666 }
1667 }
Windows API implementation