search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
makefiles: Always use the global SOURCES variable for .l files.
[wine.git] / dlls / wow64 / security.c
blob26d413baa130e57d74851d8d9914d64940824b4d
1 /*
2 * WoW64 security functions
3 *
4 * Copyright 2021 Alexandre Julliard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdarg.h>
22
23 #include "ntstatus.h"
24 #define WIN32_NO_STATUS
25 #include "windef.h"
26 #include "winbase.h"
27 #include "winnt.h"
28 #include "winternl.h"
29 #include "wow64_private.h"
30 #include "wine/debug.h"
31
32 WINE_DEFAULT_DEBUG_CHANNEL(wow);
33
34
35 static TOKEN_GROUPS *token_groups_32to64( const TOKEN_GROUPS32 *groups32 )
36 {
37 TOKEN_GROUPS *groups;
38 ULONG i;
39
40 if (!groups32) return NULL;
41 groups = Wow64AllocateTemp( offsetof( TOKEN_GROUPS, Groups[groups32->GroupCount] ));
42 groups->GroupCount = groups32->GroupCount;
43 for (i = 0; i < groups->GroupCount; i++)
44 {
45 groups->Groups[i].Sid = ULongToPtr( groups32->Groups[i].Sid );
46 groups->Groups[i].Attributes = groups32->Groups[i].Attributes;
47 }
48 return groups;
49 }
50
51
52 /**********************************************************************
53 * wow64_NtAccessCheck
54 */
55 NTSTATUS WINAPI wow64_NtAccessCheck( UINT *args )
56 {
57 SECURITY_DESCRIPTOR *sd32 = get_ptr( &args );
58 HANDLE handle = get_handle( &args );
59 ACCESS_MASK access = get_ulong( &args );
60 GENERIC_MAPPING *mapping = get_ptr( &args );
61 PRIVILEGE_SET *privs = get_ptr( &args );
62 ULONG *retlen = get_ptr( &args );
63 ACCESS_MASK *access_granted = get_ptr( &args );
64 NTSTATUS *access_status = get_ptr( &args );
65
66 SECURITY_DESCRIPTOR sd;
67
68 return NtAccessCheck( secdesc_32to64( &sd, sd32 ), handle, access, mapping,
69 privs, retlen, access_granted, access_status );
70 }
71
72
73 /**********************************************************************
74 * wow64_NtAccessCheckAndAuditAlarm
75 */
76 NTSTATUS WINAPI wow64_NtAccessCheckAndAuditAlarm( UINT *args )
77 {
78 UNICODE_STRING32 *subsystem32 = get_ptr( &args );
79 HANDLE handle = get_handle( &args );
80 UNICODE_STRING32 *typename32 = get_ptr( &args );
81 UNICODE_STRING32 *objname32 = get_ptr( &args );
82 SECURITY_DESCRIPTOR *sd32 = get_ptr( &args );
83 ACCESS_MASK access = get_ulong( &args );
84 GENERIC_MAPPING *mapping = get_ptr( &args );
85 BOOLEAN creation = get_ulong( &args );
86 ACCESS_MASK *access_granted = get_ptr( &args );
87 BOOLEAN *access_status = get_ptr( &args );
88 BOOLEAN *onclose = get_ptr( &args );
89
90 UNICODE_STRING subsystem, typename, objname;
91 SECURITY_DESCRIPTOR sd;
92
93 return NtAccessCheckAndAuditAlarm( unicode_str_32to64( &subsystem, subsystem32 ), handle,
94 unicode_str_32to64( &typename, typename32 ),
95 unicode_str_32to64( &objname, objname32 ),
96 secdesc_32to64( &sd, sd32 ), access, mapping, creation,
97 access_granted, access_status, onclose );
98 }
99
100
101 /**********************************************************************
102 * wow64_NtAdjustGroupsToken
103 */
104 NTSTATUS WINAPI wow64_NtAdjustGroupsToken( UINT *args )
105 {
106 HANDLE handle = get_handle( &args );
107 BOOLEAN reset = get_ulong( &args );
108 TOKEN_GROUPS32 *groups = get_ptr( &args );
109 ULONG len = get_ulong( &args );
110 TOKEN_GROUPS32 *prev = get_ptr( &args );
111 ULONG *retlen = get_ptr( &args );
112
113 FIXME( "%p %d %p %lu %p %p\n", handle, reset, groups, len, prev, retlen );
114 return STATUS_NOT_IMPLEMENTED;
115 }
116
117
118 /**********************************************************************
119 * wow64_NtAdjustPrivilegesToken
120 */
121 NTSTATUS WINAPI wow64_NtAdjustPrivilegesToken( UINT *args )
122 {
123 HANDLE handle = get_handle( &args );
124 BOOLEAN disable = get_ulong( &args );
125 TOKEN_PRIVILEGES *privs = get_ptr( &args );
126 ULONG len = get_ulong( &args );
127 TOKEN_PRIVILEGES *prev = get_ptr( &args );
128 ULONG *retlen = get_ptr( &args );
129
130 return NtAdjustPrivilegesToken( handle, disable, privs, len, prev, retlen );
131 }
132
133
134 /**********************************************************************
135 * wow64_NtCreateLowBoxToken
136 */
137 NTSTATUS WINAPI wow64_NtCreateLowBoxToken( UINT *args )
138 {
139 ULONG *handle_ptr = get_ptr( &args );
140 HANDLE token = get_handle( &args );
141 ACCESS_MASK access = get_ulong( &args );
142 OBJECT_ATTRIBUTES32 *attr32 = get_ptr( &args );
143 SID *sid = get_ptr( &args );
144 ULONG count = get_ulong( &args );
145 SID_AND_ATTRIBUTES32 *capabilities32 = get_ptr( &args );
146 ULONG handle_count = get_ulong( &args );
147 ULONG *handles32 = get_ptr( &args );
148
149 FIXME( "%p %p %lx %p %p %lu %p %lu %p: stub\n",
150 handle_ptr, token, access, attr32, sid, count, capabilities32, handle_count, handles32 );
151
152 *handle_ptr = 0;
153 return STATUS_SUCCESS;
154 }
155
156
157 /**********************************************************************
158 * wow64_NtCreateToken
159 */
160 NTSTATUS WINAPI wow64_NtCreateToken( UINT *args )
161 {
162 ULONG *handle_ptr = get_ptr( &args );
163 ACCESS_MASK access = get_ulong( &args );
164 OBJECT_ATTRIBUTES32 *attr32 = get_ptr( &args );
165 TOKEN_TYPE type = get_ulong( &args );
166 LUID *luid = get_ptr( &args );
167 LARGE_INTEGER *expire = get_ptr( &args );
168 TOKEN_USER32 *user32 = get_ptr( &args );
169 TOKEN_GROUPS32 *groups32 = get_ptr( &args );
170 TOKEN_PRIVILEGES *privs = get_ptr( &args );
171 TOKEN_OWNER32 *owner32 = get_ptr( &args );
172 TOKEN_PRIMARY_GROUP32 *group32 = get_ptr( &args );
173 TOKEN_DEFAULT_DACL32 *dacl32 = get_ptr( &args );
174 TOKEN_SOURCE *source = get_ptr( &args );
175
176 struct object_attr64 attr;
177 TOKEN_USER user;
178 TOKEN_OWNER owner;
179 TOKEN_PRIMARY_GROUP group;
180 TOKEN_DEFAULT_DACL dacl;
181 HANDLE handle = 0;
182 NTSTATUS status;
183
184 status = NtCreateToken( &handle, access, objattr_32to64( &attr, attr32 ), type, luid, expire,
185 token_user_32to64( &user, user32 ), token_groups_32to64( groups32 ), privs,
186 token_owner_32to64( &owner, owner32 ), token_primary_group_32to64( &group, group32 ),
187 token_default_dacl_32to64( &dacl, dacl32 ), source );
188 put_handle( handle_ptr, handle );
189 return status;
190 }
191
192
193 /**********************************************************************
194 * wow64_NtDuplicateToken
195 */
196 NTSTATUS WINAPI wow64_NtDuplicateToken( UINT *args )
197 {
198 HANDLE token = get_handle( &args );
199 ACCESS_MASK access = get_ulong( &args );
200 OBJECT_ATTRIBUTES32 *attr32 = get_ptr( &args );
201 BOOLEAN effective_only = get_ulong( &args );
202 TOKEN_TYPE type = get_ulong( &args );
203 ULONG *handle_ptr = get_ptr( &args );
204
205 struct object_attr64 attr;
206 HANDLE handle = 0;
207 NTSTATUS status;
208
209 *handle_ptr = 0;
210 status = NtDuplicateToken( token, access, objattr_32to64( &attr, attr32 ), effective_only, type, &handle );
211 put_handle( handle_ptr, handle );
212 return status;
213 }
214
215
216 /**********************************************************************
217 * wow64_NtFilterToken
218 */
219 NTSTATUS WINAPI wow64_NtFilterToken( UINT *args )
220 {
221 HANDLE token = get_handle( &args );
222 ULONG flags = get_ulong( &args );
223 TOKEN_GROUPS32 *disable_sids32 = get_ptr( &args );
224 TOKEN_PRIVILEGES *privs = get_ptr( &args );
225 TOKEN_GROUPS32 *restrict_sids32 = get_ptr( &args );
226 ULONG *handle_ptr = get_ptr( &args );
227
228 HANDLE handle = 0;
229 NTSTATUS status;
230
231 *handle_ptr = 0;
232 status = NtFilterToken( token, flags, token_groups_32to64( disable_sids32 ), privs,
233 token_groups_32to64( restrict_sids32 ), &handle );
234 put_handle( handle_ptr, handle );
235 return status;
236 }
237
238
239 /**********************************************************************
240 * wow64_NtImpersonateAnonymousToken
241 */
242 NTSTATUS WINAPI wow64_NtImpersonateAnonymousToken( UINT *args )
243 {
244 HANDLE handle = get_handle( &args );
245
246 return NtImpersonateAnonymousToken( handle );
247 }
248
249
250 /**********************************************************************
251 * wow64_NtOpenProcessToken
252 */
253 NTSTATUS WINAPI wow64_NtOpenProcessToken( UINT *args )
254 {
255 HANDLE process = get_handle( &args );
256 ACCESS_MASK access = get_ulong( &args );
257 ULONG *handle_ptr = get_ptr( &args );
258
259 HANDLE handle = 0;
260 NTSTATUS status;
261
262 *handle_ptr = 0;
263 status = NtOpenProcessToken( process, access, &handle );
264 put_handle( handle_ptr, handle );
265 return status;
266 }
267
268
269 /**********************************************************************
270 * wow64_NtOpenProcessTokenEx
271 */
272 NTSTATUS WINAPI wow64_NtOpenProcessTokenEx( UINT *args )
273 {
274 HANDLE process = get_handle( &args );
275 ACCESS_MASK access = get_ulong( &args );
276 ULONG attributes = get_ulong( &args );
277 ULONG *handle_ptr = get_ptr( &args );
278
279 HANDLE handle = 0;
280 NTSTATUS status;
281
282 *handle_ptr = 0;
283 status = NtOpenProcessTokenEx( process, access, attributes, &handle );
284 put_handle( handle_ptr, handle );
285 return status;
286 }
287
288
289 /**********************************************************************
290 * wow64_NtOpenThreadToken
291 */
292 NTSTATUS WINAPI wow64_NtOpenThreadToken( UINT *args )
293 {
294 HANDLE thread = get_handle( &args );
295 ACCESS_MASK access = get_ulong( &args );
296 BOOLEAN self = get_ulong( &args );
297 ULONG *handle_ptr = get_ptr( &args );
298
299 HANDLE handle = 0;
300 NTSTATUS status;
301
302 *handle_ptr = 0;
303 status = NtOpenThreadToken( thread, access, self, &handle );
304 put_handle( handle_ptr, handle );
305 return status;
306 }
307
308
309 /**********************************************************************
310 * wow64_NtOpenThreadTokenEx
311 */
312 NTSTATUS WINAPI wow64_NtOpenThreadTokenEx( UINT *args )
313 {
314 HANDLE thread = get_handle( &args );
315 ACCESS_MASK access = get_ulong( &args );
316 BOOLEAN self = get_ulong( &args );
317 ULONG attributes = get_ulong( &args );
318 ULONG *handle_ptr = get_ptr( &args );
319
320 HANDLE handle = 0;
321 NTSTATUS status;
322
323 *handle_ptr = 0;
324 status = NtOpenThreadTokenEx( thread, access, self, attributes, &handle );
325 put_handle( handle_ptr, handle );
326 return status;
327 }
328
329
330 /**********************************************************************
331 * wow64_NtPrivilegeCheck
332 */
333 NTSTATUS WINAPI wow64_NtPrivilegeCheck( UINT *args )
334 {
335 HANDLE token = get_handle( &args );
336 PRIVILEGE_SET *privs = get_ptr( &args );
337 BOOLEAN *res = get_ptr( &args );
338
339 return NtPrivilegeCheck( token, privs, res );
340 }
341
342
343 /**********************************************************************
344 * wow64_NtQueryInformationToken
345 */
346 NTSTATUS WINAPI wow64_NtQueryInformationToken( UINT *args )
347 {
348 HANDLE handle = get_handle( &args );
349 TOKEN_INFORMATION_CLASS class = get_ulong( &args );
350 void *info = get_ptr( &args );
351 ULONG len = get_ulong( &args );
352 ULONG *retlen = get_ptr( &args );
353
354 NTSTATUS status;
355 ULONG ret_size, sid_len;
356
357 switch (class)
358 {
359 case TokenPrivileges: /* TOKEN_PRIVILEGES */
360 case TokenImpersonationLevel: /* SECURITY_IMPERSONATION_LEVEL */
361 case TokenStatistics: /* TOKEN_STATISTICS */
362 case TokenType: /* TOKEN_TYPE */
363 case TokenElevationType: /* TOKEN_ELEVATION_TYPE */
364 case TokenElevation: /* TOKEN_ELEVATION */
365 case TokenSessionId: /* ULONG */
366 case TokenVirtualizationEnabled: /* ULONG */
367 case TokenIsAppContainer: /* ULONG */
368 /* nothing to map */
369 return NtQueryInformationToken( handle, class, info, len, retlen );
370
371 case TokenUser: /* TOKEN_USER + SID */
372 case TokenIntegrityLevel: /* TOKEN_MANDATORY_LABEL + SID */
373 {
374 ULONG_PTR buffer[(sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE) / sizeof(ULONG_PTR)];
375 TOKEN_USER *user = (TOKEN_USER *)buffer;
376 TOKEN_USER32 *user32 = info;
377 SID *sid;
378
379 status = NtQueryInformationToken( handle, class, &buffer, sizeof(buffer), &ret_size );
380 if (status) return status;
381 sid = user->User.Sid;
382 sid_len = offsetof( SID, SubAuthority[sid->SubAuthorityCount] );
383 if (len >= sizeof(*user32) + sid_len)
384 {
385 user32->User.Sid = PtrToUlong( user32 + 1 );
386 user32->User.Attributes = user->User.Attributes;
387 memcpy( user32 + 1, sid, sid_len );
388 }
389 else status = STATUS_BUFFER_TOO_SMALL;
390 if (retlen) *retlen = sizeof(*user32) + sid_len;
391 return status;
392 }
393
394 case TokenOwner: /* TOKEN_OWNER + SID */
395 case TokenPrimaryGroup: /* TOKEN_PRIMARY_GROUP + SID */
396 case TokenAppContainerSid: /* TOKEN_APPCONTAINER_INFORMATION + SID */
397 {
398 ULONG_PTR buffer[(sizeof(TOKEN_OWNER) + SECURITY_MAX_SID_SIZE) / sizeof(ULONG_PTR)];
399 TOKEN_OWNER *owner = (TOKEN_OWNER *)buffer;
400 TOKEN_OWNER32 *owner32 = info;
401 SID *sid;
402
403 status = NtQueryInformationToken( handle, class, &buffer, sizeof(buffer), &ret_size );
404 if (status) return status;
405 sid = owner->Owner;
406 sid_len = offsetof( SID, SubAuthority[sid->SubAuthorityCount] );
407 if (len >= sizeof(*owner32) + sid_len)
408 {
409 owner32->Owner = PtrToUlong( owner32 + 1 );
410 memcpy( owner32 + 1, sid, sid_len );
411 }
412 else status = STATUS_BUFFER_TOO_SMALL;
413 if (retlen) *retlen = sizeof(*owner32) + sid_len;
414 return status;
415 }
416
417 case TokenGroups: /* TOKEN_GROUPS */
418 case TokenLogonSid: /* TOKEN_GROUPS */
419 {
420 TOKEN_GROUPS32 *groups32 = info;
421 TOKEN_GROUPS *groups;
422 ULONG i, group_len, group32_len;
423
424 status = NtQueryInformationToken( handle, class, NULL, 0, &ret_size );
425 if (status != STATUS_BUFFER_TOO_SMALL) return status;
426 groups = Wow64AllocateTemp( ret_size );
427 status = NtQueryInformationToken( handle, class, groups, ret_size, &ret_size );
428 if (status) return status;
429 group_len = offsetof( TOKEN_GROUPS, Groups[groups->GroupCount] );
430 group32_len = offsetof( TOKEN_GROUPS32, Groups[groups->GroupCount] );
431 sid_len = ret_size - group_len;
432 ret_size = group32_len + sid_len;
433 if (len >= ret_size)
434 {
435 SID *sid = (SID *)((char *)groups + group_len);
436 SID *sid32 = (SID *)((char *)groups32 + group32_len);
437
438 memcpy( sid32, sid, sid_len );
439 groups32->GroupCount = groups->GroupCount;
440 for (i = 0; i < groups->GroupCount; i++)
441 {
442 groups32->Groups[i].Sid = PtrToUlong(sid32) + ((char *)groups->Groups[i].Sid - (char *)sid);
443 groups32->Groups[i].Attributes = groups->Groups[i].Attributes;
444 }
445 }
446 else status = STATUS_BUFFER_TOO_SMALL;
447 if (retlen) *retlen = ret_size;
448 return status;
449 }
450
451 case TokenDefaultDacl: /* TOKEN_DEFAULT_DACL + ACL */
452 {
453 ULONG size = len + sizeof(TOKEN_DEFAULT_DACL) - sizeof(TOKEN_DEFAULT_DACL32);
454 TOKEN_DEFAULT_DACL32 *dacl32 = info;
455 TOKEN_DEFAULT_DACL *dacl = Wow64AllocateTemp( size );
456
457 status = NtQueryInformationToken( handle, class, dacl, size, &ret_size );
458 if (!status)
459 {
460 dacl32->DefaultDacl = dacl->DefaultDacl ? PtrToUlong( dacl32 + 1 ) : 0;
461 memcpy( dacl32 + 1, dacl->DefaultDacl, ret_size - sizeof(*dacl) );
462 }
463 if (retlen) *retlen = ret_size + sizeof(*dacl32) - sizeof(*dacl);
464 return status;
465 }
466
467 case TokenLinkedToken: /* TOKEN_LINKED_TOKEN */
468 {
469 TOKEN_LINKED_TOKEN link;
470
471 status = NtQueryInformationToken( handle, class, &link, sizeof(link), &ret_size );
472 if (!status) *(ULONG *)info = HandleToLong( link.LinkedToken );
473 if (retlen) *retlen = sizeof(ULONG);
474 return status;
475 }
476
477 default:
478 FIXME( "unsupported class %u\n", class );
479 return STATUS_INVALID_INFO_CLASS;
480 }
481 }
482
483
484 /**********************************************************************
485 * wow64_NtQuerySecurityObject
486 */
487 NTSTATUS WINAPI wow64_NtQuerySecurityObject( UINT *args )
488 {
489 HANDLE handle = get_handle( &args );
490 SECURITY_INFORMATION info = get_ulong( &args );
491 SECURITY_DESCRIPTOR *sd = get_ptr( &args );
492 ULONG len = get_ulong( &args );
493 ULONG *retlen = get_ptr( &args );
494
495 /* returned descriptor is always SE_SELF_RELATIVE, no mapping needed */
496 return NtQuerySecurityObject( handle, info, sd, len, retlen );
497 }
498
499
500 /**********************************************************************
501 * wow64_NtSetInformationToken
502 */
503 NTSTATUS WINAPI wow64_NtSetInformationToken( UINT *args )
504 {
505 HANDLE handle = get_handle( &args );
506 TOKEN_INFORMATION_CLASS class = get_ulong( &args );
507 void *ptr = get_ptr( &args );
508 ULONG len = get_ulong( &args );
509
510 switch (class)
511 {
512 case TokenSessionId: /* ULONG */
513 return NtSetInformationToken( handle, class, ptr, len );
514
515 case TokenDefaultDacl: /* TOKEN_DEFAULT_DACL */
516 if (len >= sizeof(TOKEN_DEFAULT_DACL32))
517 {
518 TOKEN_DEFAULT_DACL32 *dacl32 = ptr;
519 TOKEN_DEFAULT_DACL dacl = { ULongToPtr( dacl32->DefaultDacl ) };
520
521 return NtSetInformationToken( handle, class, &dacl, sizeof(dacl) );
522 }
523 else return STATUS_INFO_LENGTH_MISMATCH;
524
525 default:
526 FIXME( "unsupported class %u\n", class );
527 return STATUS_NOT_IMPLEMENTED;
528 }
529 }
530
531
532 /**********************************************************************
533 * wow64_NtSetSecurityObject
534 */
535 NTSTATUS WINAPI wow64_NtSetSecurityObject( UINT *args )
536 {
537 HANDLE handle = get_handle( &args );
538 SECURITY_INFORMATION info = get_ulong( &args );
539 SECURITY_DESCRIPTOR *sd32 = get_ptr( &args );
540
541 SECURITY_DESCRIPTOR sd;
542
543 return NtSetSecurityObject( handle, info, secdesc_32to64( &sd, sd32 ));
544 }
Windows API implementation