search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
comctl32: Export TaskDialogIndirect by ordinal and name.
[wine/wine-gecko.git] / server / token.c
blob7d6086d2dc9ea6a8c01762c051089a7e39454b52
1 /*
2 * Tokens
3 *
4 * Copyright (C) 1998 Alexandre Julliard
5 * Copyright (C) 2003 Mike McCormack
6 * Copyright (C) 2005 Robert Shearman
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 #include "config.h"
24
25 #include <assert.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <stdarg.h>
29 #include <unistd.h>
30
31 #include "ntstatus.h"
32 #define WIN32_NO_STATUS
33 #include "windef.h"
34 #include "winternl.h"
35
36 #include "handle.h"
37 #include "thread.h"
38 #include "process.h"
39 #include "request.h"
40 #include "security.h"
41
42 #include "wine/unicode.h"
43
44 #define MAX_SUBAUTH_COUNT 1
45
46 const LUID SeIncreaseQuotaPrivilege = { 5, 0 };
47 const LUID SeSecurityPrivilege = { 8, 0 };
48 const LUID SeTakeOwnershipPrivilege = { 9, 0 };
49 const LUID SeLoadDriverPrivilege = { 10, 0 };
50 const LUID SeSystemProfilePrivilege = { 11, 0 };
51 const LUID SeSystemtimePrivilege = { 12, 0 };
52 const LUID SeProfileSingleProcessPrivilege = { 13, 0 };
53 const LUID SeIncreaseBasePriorityPrivilege = { 14, 0 };
54 const LUID SeCreatePagefilePrivilege = { 15, 0 };
55 const LUID SeBackupPrivilege = { 17, 0 };
56 const LUID SeRestorePrivilege = { 18, 0 };
57 const LUID SeShutdownPrivilege = { 19, 0 };
58 const LUID SeDebugPrivilege = { 20, 0 };
59 const LUID SeSystemEnvironmentPrivilege = { 22, 0 };
60 const LUID SeChangeNotifyPrivilege = { 23, 0 };
61 const LUID SeRemoteShutdownPrivilege = { 24, 0 };
62 const LUID SeUndockPrivilege = { 25, 0 };
63 const LUID SeManageVolumePrivilege = { 28, 0 };
64 const LUID SeImpersonatePrivilege = { 29, 0 };
65 const LUID SeCreateGlobalPrivilege = { 30, 0 };
66
67 static const SID world_sid = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } };
68 static const SID local_sid = { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } };
69 static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } };
70 static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } };
71 static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
72 static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
73 static const struct /* same fields as struct SID */
74 {
75 BYTE Revision;
76 BYTE SubAuthorityCount;
77 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
78 DWORD SubAuthority[5];
79 } local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
80 static const struct /* same fields as struct SID */
81 {
82 BYTE Revision;
83 BYTE SubAuthorityCount;
84 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
85 DWORD SubAuthority[2];
86 } builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
87
88 const PSID security_world_sid = (PSID)&world_sid;
89 static const PSID security_local_sid = (PSID)&local_sid;
90 static const PSID security_interactive_sid = (PSID)&interactive_sid;
91 static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid;
92 const PSID security_local_system_sid = (PSID)&local_system_sid;
93 const PSID security_local_user_sid = (PSID)&local_user_sid;
94 const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
95
96 static luid_t prev_luid_value = { 1000, 0 };
97
98 struct token
99 {
100 struct object obj; /* object header */
101 luid_t token_id; /* system-unique id of token */
102 luid_t modified_id; /* new id allocated every time token is modified */
103 struct list privileges; /* privileges available to the token */
104 struct list groups; /* groups that the user of this token belongs to (sid_and_attributes) */
105 SID *user; /* SID of user this token represents */
106 SID *primary_group; /* SID of user's primary group */
107 unsigned primary; /* is this a primary or impersonation token? */
108 ACL *default_dacl; /* the default DACL to assign to objects created by this user */
109 TOKEN_SOURCE source; /* source of the token */
110 int impersonation_level; /* impersonation level this token is capable of if non-primary token */
111 };
112
113 struct privilege
114 {
115 struct list entry;
116 LUID luid;
117 unsigned enabled : 1; /* is the privilege currently enabled? */
118 unsigned def : 1; /* is the privilege enabled by default? */
119 };
120
121 struct group
122 {
123 struct list entry;
124 unsigned enabled : 1; /* is the sid currently enabled? */
125 unsigned def : 1; /* is the sid enabled by default? */
126 unsigned logon : 1; /* is this a logon sid? */
127 unsigned mandatory: 1; /* is this sid always enabled? */
128 unsigned owner : 1; /* can this sid be an owner of an object? */
129 unsigned resource : 1; /* is this a domain-local group? */
130 unsigned deny_only: 1; /* is this a sid that should be use for denying only? */
131 SID sid;
132 };
133
134 static void token_dump( struct object *obj, int verbose );
135 static unsigned int token_map_access( struct object *obj, unsigned int access );
136 static void token_destroy( struct object *obj );
137
138 static const struct object_ops token_ops =
139 {
140 sizeof(struct token), /* size */
141 token_dump, /* dump */
142 no_get_type, /* get_type */
143 no_add_queue, /* add_queue */
144 NULL, /* remove_queue */
145 NULL, /* signaled */
146 NULL, /* satisfied */
147 no_signal, /* signal */
148 no_get_fd, /* get_fd */
149 token_map_access, /* map_access */
150 default_get_sd, /* get_sd */
151 default_set_sd, /* set_sd */
152 no_lookup_name, /* lookup_name */
153 no_open_file, /* open_file */
154 no_close_handle, /* close_handle */
155 token_destroy /* destroy */
156 };
157
158
159 static void token_dump( struct object *obj, int verbose )
160 {
161 fprintf( stderr, "Security token\n" );
162 /* FIXME: dump token members */
163 }
164
165 static unsigned int token_map_access( struct object *obj, unsigned int access )
166 {
167 if (access & GENERIC_READ) access |= TOKEN_READ;
168 if (access & GENERIC_WRITE) access |= TOKEN_WRITE;
169 if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE;
170 if (access & GENERIC_ALL) access |= TOKEN_ALL_ACCESS;
171 return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
172 }
173
174 static SID *security_sid_alloc( const SID_IDENTIFIER_AUTHORITY *idauthority, int subauthcount, const unsigned int subauth[] )
175 {
176 int i;
177 SID *sid = mem_alloc( FIELD_OFFSET(SID, SubAuthority[subauthcount]) );
178 if (!sid) return NULL;
179 sid->Revision = SID_REVISION;
180 sid->SubAuthorityCount = subauthcount;
181 sid->IdentifierAuthority = *idauthority;
182 for (i = 0; i < subauthcount; i++)
183 sid->SubAuthority[i] = subauth[i];
184 return sid;
185 }
186
187 void security_set_thread_token( struct thread *thread, obj_handle_t handle )
188 {
189 if (!handle)
190 {
191 if (thread->token)
192 release_object( thread->token );
193 thread->token = NULL;
194 }
195 else
196 {
197 struct token *token = (struct token *)get_handle_obj( current->process,
198 handle,
199 TOKEN_IMPERSONATE,
200 &token_ops );
201 if (token)
202 {
203 if (thread->token)
204 release_object( thread->token );
205 thread->token = token;
206 }
207 }
208 }
209
210 const SID *security_unix_uid_to_sid( uid_t uid )
211 {
212 /* very simple mapping: either the current user or not the current user */
213 if (uid == getuid())
214 return (const SID *)&local_user_sid;
215 else
216 return &anonymous_logon_sid;
217 }
218
219 static int acl_is_valid( const ACL *acl, data_size_t size )
220 {
221 ULONG i;
222 const ACE_HEADER *ace;
223
224 if (size < sizeof(ACL))
225 return FALSE;
226
227 size = min(size, MAX_ACL_LEN);
228
229 size -= sizeof(ACL);
230
231 ace = (const ACE_HEADER *)(acl + 1);
232 for (i = 0; i < acl->AceCount; i++)
233 {
234 const SID *sid;
235 data_size_t sid_size;
236
237 if (size < sizeof(ACE_HEADER))
238 return FALSE;
239 if (size < ace->AceSize)
240 return FALSE;
241 size -= ace->AceSize;
242 switch (ace->AceType)
243 {
244 case ACCESS_DENIED_ACE_TYPE:
245 sid = (const SID *)&((const ACCESS_DENIED_ACE *)ace)->SidStart;
246 sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart);
247 break;
248 case ACCESS_ALLOWED_ACE_TYPE:
249 sid = (const SID *)&((const ACCESS_ALLOWED_ACE *)ace)->SidStart;
250 sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
251 break;
252 case SYSTEM_AUDIT_ACE_TYPE:
253 sid = (const SID *)&((const SYSTEM_AUDIT_ACE *)ace)->SidStart;
254 sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart);
255 break;
256 case SYSTEM_ALARM_ACE_TYPE:
257 sid = (const SID *)&((const SYSTEM_ALARM_ACE *)ace)->SidStart;
258 sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_ALARM_ACE, SidStart);
259 break;
260 default:
261 return FALSE;
262 }
263 if (sid_size < FIELD_OFFSET(SID, SubAuthority[0]) || sid_size < security_sid_len( sid ))
264 return FALSE;
265 ace = ace_next( ace );
266 }
267 return TRUE;
268 }
269
270 /* checks whether all members of a security descriptor fit inside the size
271 * of memory specified */
272 int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
273 {
274 size_t offset = sizeof(struct security_descriptor);
275 const SID *group;
276 const SID *owner;
277 const ACL *sacl;
278 const ACL *dacl;
279 int dummy;
280
281 if (size < offset)
282 return FALSE;
283
284 if ((sd->owner_len >= FIELD_OFFSET(SID, SubAuthority[255])) ||
285 (offset + sd->owner_len > size))
286 return FALSE;
287 owner = sd_get_owner( sd );
288 if (owner)
289 {
290 size_t needed_size = security_sid_len( owner );
291 if ((sd->owner_len < sizeof(SID)) || (needed_size > sd->owner_len))
292 return FALSE;
293 }
294 offset += sd->owner_len;
295
296 if ((sd->group_len >= FIELD_OFFSET(SID, SubAuthority[255])) ||
297 (offset + sd->group_len > size))
298 return FALSE;
299 group = sd_get_group( sd );
300 if (group)
301 {
302 size_t needed_size = security_sid_len( group );
303 if ((sd->group_len < sizeof(SID)) || (needed_size > sd->group_len))
304 return FALSE;
305 }
306 offset += sd->group_len;
307
308 if ((sd->sacl_len >= MAX_ACL_LEN) || (offset + sd->sacl_len > size))
309 return FALSE;
310 sacl = sd_get_sacl( sd, &dummy );
311 if (sacl && !acl_is_valid( sacl, sd->sacl_len ))
312 return FALSE;
313 offset += sd->sacl_len;
314
315 if ((sd->dacl_len >= MAX_ACL_LEN) || (offset + sd->dacl_len > size))
316 return FALSE;
317 dacl = sd_get_dacl( sd, &dummy );
318 if (dacl && !acl_is_valid( dacl, sd->dacl_len ))
319 return FALSE;
320 offset += sd->dacl_len;
321
322 return TRUE;
323 }
324
325 /* determines whether an object_attributes struct is valid in a buffer
326 * and calls set_error appropriately */
327 int objattr_is_valid( const struct object_attributes *objattr, data_size_t size )
328 {
329 if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len) ||
330 (size - sizeof(*objattr) - objattr->sd_len < objattr->name_len))
331 {
332 set_error( STATUS_ACCESS_VIOLATION );
333 return FALSE;
334 }
335
336 if (objattr->sd_len)
337 {
338 const struct security_descriptor *sd = (const struct security_descriptor *)(objattr + 1);
339 if (!sd_is_valid( sd, objattr->sd_len ))
340 {
341 set_error( STATUS_INVALID_SECURITY_DESCR );
342 return FALSE;
343 }
344 }
345
346 return TRUE;
347 }
348
349 /* maps from generic rights to specific rights as given by a mapping */
350 static inline void map_generic_mask(unsigned int *mask, const GENERIC_MAPPING *mapping)
351 {
352 if (*mask & GENERIC_READ) *mask |= mapping->GenericRead;
353 if (*mask & GENERIC_WRITE) *mask |= mapping->GenericWrite;
354 if (*mask & GENERIC_EXECUTE) *mask |= mapping->GenericExecute;
355 if (*mask & GENERIC_ALL) *mask |= mapping->GenericAll;
356 *mask &= 0x0FFFFFFF;
357 }
358
359 static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 )
360 {
361 return (luid1->LowPart == luid2->LowPart && luid1->HighPart == luid2->HighPart);
362 }
363
364 static inline void allocate_luid( luid_t *luid )
365 {
366 prev_luid_value.low_part++;
367 *luid = prev_luid_value;
368 }
369
370 DECL_HANDLER( allocate_locally_unique_id )
371 {
372 allocate_luid( &reply->luid );
373 }
374
375 static inline void luid_and_attr_from_privilege( LUID_AND_ATTRIBUTES *out, const struct privilege *in)
376 {
377 out->Luid = in->luid;
378 out->Attributes =
379 (in->enabled ? SE_PRIVILEGE_ENABLED : 0) |
380 (in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0);
381 }
382
383 static struct privilege *privilege_add( struct token *token, const LUID *luid, int enabled )
384 {
385 struct privilege *privilege = mem_alloc( sizeof(*privilege) );
386 if (privilege)
387 {
388 privilege->luid = *luid;
389 privilege->def = privilege->enabled = (enabled != 0);
390 list_add_tail( &token->privileges, &privilege->entry );
391 }
392 return privilege;
393 }
394
395 static inline void privilege_remove( struct privilege *privilege )
396 {
397 list_remove( &privilege->entry );
398 free( privilege );
399 }
400
401 static void token_destroy( struct object *obj )
402 {
403 struct token* token;
404 struct list *cursor, *cursor_next;
405
406 assert( obj->ops == &token_ops );
407 token = (struct token *)obj;
408
409 free( token->user );
410
411 LIST_FOR_EACH_SAFE( cursor, cursor_next, &token->privileges )
412 {
413 struct privilege *privilege = LIST_ENTRY( cursor, struct privilege, entry );
414 privilege_remove( privilege );
415 }
416
417 LIST_FOR_EACH_SAFE( cursor, cursor_next, &token->groups )
418 {
419 struct group *group = LIST_ENTRY( cursor, struct group, entry );
420 list_remove( &group->entry );
421 free( group );
422 }
423
424 free( token->default_dacl );
425 }
426
427 /* creates a new token.
428 * groups may be NULL if group_count is 0.
429 * privs may be NULL if priv_count is 0.
430 * default_dacl may be NULL, indicating that all objects created by the user
431 * are unsecured.
432 * modified_id may be NULL, indicating that a new modified_id luid should be
433 * allocated.
434 */
435 static struct token *create_token( unsigned primary, const SID *user,
436 const SID_AND_ATTRIBUTES *groups, unsigned int group_count,
437 const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
438 const ACL *default_dacl, TOKEN_SOURCE source,
439 const luid_t *modified_id,
440 int impersonation_level )
441 {
442 struct token *token = alloc_object( &token_ops );
443 if (token)
444 {
445 unsigned int i;
446
447 allocate_luid( &token->token_id );
448 if (modified_id)
449 token->modified_id = *modified_id;
450 else
451 allocate_luid( &token->modified_id );
452 list_init( &token->privileges );
453 list_init( &token->groups );
454 token->primary = primary;
455 /* primary tokens don't have impersonation levels */
456 if (primary)
457 token->impersonation_level = -1;
458 else
459 token->impersonation_level = impersonation_level;
460 token->default_dacl = NULL;
461 token->primary_group = NULL;
462
463 /* copy user */
464 token->user = memdup( user, security_sid_len( user ));
465 if (!token->user)
466 {
467 release_object( token );
468 return NULL;
469 }
470
471 /* copy groups */
472 for (i = 0; i < group_count; i++)
473 {
474 size_t size = FIELD_OFFSET( struct group, sid.SubAuthority[((const SID *)groups[i].Sid)->SubAuthorityCount] );
475 struct group *group = mem_alloc( size );
476
477 if (!group)
478 {
479 release_object( token );
480 return NULL;
481 }
482 memcpy( &group->sid, groups[i].Sid, security_sid_len( groups[i].Sid ));
483 group->enabled = TRUE;
484 group->def = TRUE;
485 group->logon = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
486 group->mandatory = (groups[i].Attributes & SE_GROUP_MANDATORY) != 0;
487 group->owner = (groups[i].Attributes & SE_GROUP_OWNER) != 0;
488 group->resource = FALSE;
489 group->deny_only = FALSE;
490 list_add_tail( &token->groups, &group->entry );
491 /* Use first owner capable group as an owner */
492 if (!token->primary_group && group->owner)
493 token->primary_group = &group->sid;
494 }
495
496 /* copy privileges */
497 for (i = 0; i < priv_count; i++)
498 {
499 /* note: we don't check uniqueness: the caller must make sure
500 * privs doesn't contain any duplicate luids */
501 if (!privilege_add( token, &privs[i].Luid,
502 privs[i].Attributes & SE_PRIVILEGE_ENABLED ))
503 {
504 release_object( token );
505 return NULL;
506 }
507 }
508
509 if (default_dacl)
510 {
511 token->default_dacl = memdup( default_dacl, default_dacl->AclSize );
512 if (!token->default_dacl)
513 {
514 release_object( token );
515 return NULL;
516 }
517 }
518
519 token->source = source;
520 }
521 return token;
522 }
523
524 struct token *token_duplicate( struct token *src_token, unsigned primary,
525 int impersonation_level )
526 {
527 const luid_t *modified_id =
528 primary || (impersonation_level == src_token->impersonation_level) ?
529 &src_token->modified_id : NULL;
530 struct token *token = NULL;
531 struct privilege *privilege;
532 struct group *group;
533
534 if (!primary &&
535 (impersonation_level < SecurityAnonymous ||
536 impersonation_level > SecurityDelegation ||
537 (!src_token->primary && (impersonation_level > src_token->impersonation_level))))
538 {
539 set_error( STATUS_BAD_IMPERSONATION_LEVEL );
540 return NULL;
541 }
542
543 token = create_token( primary, src_token->user, NULL, 0,
544 NULL, 0, src_token->default_dacl,
545 src_token->source, modified_id,
546 impersonation_level );
547 if (!token) return token;
548
549 /* copy groups */
550 LIST_FOR_EACH_ENTRY( group, &src_token->groups, struct group, entry )
551 {
552 size_t size = FIELD_OFFSET( struct group, sid.SubAuthority[group->sid.SubAuthorityCount] );
553 struct group *newgroup = mem_alloc( size );
554 if (!newgroup)
555 {
556 release_object( token );
557 return NULL;
558 }
559 memcpy( newgroup, group, size );
560 list_add_tail( &token->groups, &newgroup->entry );
561 }
562 token->primary_group = src_token->primary_group;
563 assert( token->primary_group );
564
565 /* copy privileges */
566 LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
567 if (!privilege_add( token, &privilege->luid, privilege->enabled ))
568 {
569 release_object( token );
570 return NULL;
571 }
572
573 return token;
574 }
575
576 static ACL *create_default_dacl( const SID *user )
577 {
578 ACCESS_ALLOWED_ACE *aaa;
579 ACL *default_dacl;
580 SID *sid;
581 size_t default_dacl_size = sizeof(ACL) +
582 2*(sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) +
583 sizeof(local_system_sid) +
584 security_sid_len( user );
585
586 default_dacl = mem_alloc( default_dacl_size );
587 if (!default_dacl) return NULL;
588
589 default_dacl->AclRevision = ACL_REVISION;
590 default_dacl->Sbz1 = 0;
591 default_dacl->AclSize = default_dacl_size;
592 default_dacl->AceCount = 2;
593 default_dacl->Sbz2 = 0;
594
595 /* GENERIC_ALL for Local System */
596 aaa = (ACCESS_ALLOWED_ACE *)(default_dacl + 1);
597 aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
598 aaa->Header.AceFlags = 0;
599 aaa->Header.AceSize = (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) +
600 sizeof(local_system_sid);
601 aaa->Mask = GENERIC_ALL;
602 sid = (SID *)&aaa->SidStart;
603 memcpy( sid, &local_system_sid, sizeof(local_system_sid) );
604
605 /* GENERIC_ALL for specified user */
606 aaa = (ACCESS_ALLOWED_ACE *)((char *)aaa + aaa->Header.AceSize);
607 aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
608 aaa->Header.AceFlags = 0;
609 aaa->Header.AceSize = (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + security_sid_len( user );
610 aaa->Mask = GENERIC_ALL;
611 sid = (SID *)&aaa->SidStart;
612 memcpy( sid, user, security_sid_len( user ));
613
614 return default_dacl;
615 }
616
617 struct sid_data
618 {
619 SID_IDENTIFIER_AUTHORITY idauth;
620 int count;
621 unsigned int subauth[MAX_SUBAUTH_COUNT];
622 };
623
624 struct token *token_create_admin( void )
625 {
626 struct token *token = NULL;
627 static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };
628 static const unsigned int alias_admins_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS };
629 static const unsigned int alias_users_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS };
630 /* on Windows, this value changes every time the user logs on */
631 static const unsigned int logon_subauth[] = { SECURITY_LOGON_IDS_RID, 0, 1 /* FIXME: should be randomly generated when tokens are inherited by new processes */ };
632 PSID alias_admins_sid;
633 PSID alias_users_sid;
634 PSID logon_sid;
635 /* note: should be the owner specified in the token */
636 ACL *default_dacl = create_default_dacl( &interactive_sid );
637
638 alias_admins_sid = security_sid_alloc( &nt_authority, sizeof(alias_admins_subauth)/sizeof(alias_admins_subauth[0]),
639 alias_admins_subauth );
640 alias_users_sid = security_sid_alloc( &nt_authority, sizeof(alias_users_subauth)/sizeof(alias_users_subauth[0]),
641 alias_users_subauth );
642 logon_sid = security_sid_alloc( &nt_authority, sizeof(logon_subauth)/sizeof(logon_subauth[0]),
643 logon_subauth );
644
645 if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl)
646 {
647 const LUID_AND_ATTRIBUTES admin_privs[] =
648 {
649 { SeChangeNotifyPrivilege , SE_PRIVILEGE_ENABLED },
650 { SeSecurityPrivilege , 0 },
651 { SeBackupPrivilege , 0 },
652 { SeRestorePrivilege , 0 },
653 { SeSystemtimePrivilege , 0 },
654 { SeShutdownPrivilege , 0 },
655 { SeRemoteShutdownPrivilege , 0 },
656 { SeTakeOwnershipPrivilege , 0 },
657 { SeDebugPrivilege , 0 },
658 { SeSystemEnvironmentPrivilege , 0 },
659 { SeSystemProfilePrivilege , 0 },
660 { SeProfileSingleProcessPrivilege, 0 },
661 { SeIncreaseBasePriorityPrivilege, 0 },
662 { SeLoadDriverPrivilege , SE_PRIVILEGE_ENABLED },
663 { SeCreatePagefilePrivilege , 0 },
664 { SeIncreaseQuotaPrivilege , 0 },
665 { SeUndockPrivilege , 0 },
666 { SeManageVolumePrivilege , 0 },
667 { SeImpersonatePrivilege , SE_PRIVILEGE_ENABLED },
668 { SeCreateGlobalPrivilege , SE_PRIVILEGE_ENABLED },
669 };
670 /* note: we don't include non-builtin groups here for the user -
671 * telling us these is the job of a client-side program */
672 const SID_AND_ATTRIBUTES admin_groups[] =
673 {
674 { security_world_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
675 { security_local_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
676 { security_interactive_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
677 { security_authenticated_user_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
678 { alias_admins_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
679 { alias_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
680 { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
681 };
682 static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
683 token = create_token( TRUE, security_unix_uid_to_sid( getuid() ),
684 admin_groups, sizeof(admin_groups)/sizeof(admin_groups[0]),
685 admin_privs, sizeof(admin_privs)/sizeof(admin_privs[0]),
686 default_dacl, admin_source, NULL, -1 );
687 /* we really need a primary group */
688 assert( token->primary_group );
689 }
690
691 free( logon_sid );
692 free( alias_admins_sid );
693 free( alias_users_sid );
694 free( default_dacl );
695
696 return token;
697 }
698
699 static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
700 {
701 struct privilege *privilege;
702 LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
703 {
704 if (is_equal_luid( luid, &privilege->luid ))
705 {
706 if (enabled_only && !privilege->enabled)
707 return NULL;
708 return privilege;
709 }
710 }
711 return NULL;
712 }
713
714 static unsigned int token_adjust_privileges( struct token *token, const LUID_AND_ATTRIBUTES *privs,
715 unsigned int count, LUID_AND_ATTRIBUTES *mod_privs,
716 unsigned int mod_privs_count )
717 {
718 unsigned int i, modified_count = 0;
719
720 /* mark as modified */
721 allocate_luid( &token->modified_id );
722
723 for (i = 0; i < count; i++)
724 {
725 struct privilege *privilege =
726 token_find_privilege( token, &privs[i].Luid, FALSE );
727 if (!privilege)
728 {
729 set_error( STATUS_NOT_ALL_ASSIGNED );
730 continue;
731 }
732
733 if (privs[i].Attributes & SE_PRIVILEGE_REMOVED)
734 privilege_remove( privilege );
735 else
736 {
737 /* save previous state for caller */
738 if (mod_privs_count)
739 {
740 luid_and_attr_from_privilege(mod_privs, privilege);
741 mod_privs++;
742 mod_privs_count--;
743 modified_count++;
744 }
745
746 if (privs[i].Attributes & SE_PRIVILEGE_ENABLED)
747 privilege->enabled = TRUE;
748 else
749 privilege->enabled = FALSE;
750 }
751 }
752 return modified_count;
753 }
754
755 static void token_disable_privileges( struct token *token )
756 {
757 struct privilege *privilege;
758
759 /* mark as modified */
760 allocate_luid( &token->modified_id );
761
762 LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
763 privilege->enabled = FALSE;
764 }
765
766 int token_check_privileges( struct token *token, int all_required,
767 const LUID_AND_ATTRIBUTES *reqprivs,
768 unsigned int count, LUID_AND_ATTRIBUTES *usedprivs)
769 {
770 unsigned int i, enabled_count = 0;
771
772 for (i = 0; i < count; i++)
773 {
774 struct privilege *privilege =
775 token_find_privilege( token, &reqprivs[i].Luid, TRUE );
776
777 if (usedprivs)
778 usedprivs[i] = reqprivs[i];
779
780 if (privilege && privilege->enabled)
781 {
782 enabled_count++;
783 if (usedprivs)
784 usedprivs[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
785 }
786 }
787
788 if (all_required)
789 return (enabled_count == count);
790 else
791 return (enabled_count > 0);
792 }
793
794 int token_sid_present( struct token *token, const SID *sid, int deny )
795 {
796 struct group *group;
797
798 if (security_equal_sid( token->user, sid )) return TRUE;
799
800 LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
801 {
802 if (!group->enabled) continue;
803 if (group->deny_only && !deny) continue;
804
805 if (security_equal_sid( &group->sid, sid )) return TRUE;
806 }
807
808 return FALSE;
809 }
810
811 /* Checks access to a security descriptor. 'sd' must have been validated by
812 * caller. It returns STATUS_SUCCESS if call succeeded or an error indicating
813 * the reason. 'status' parameter will indicate if access is granted or denied.
814 *
815 * If both returned value and 'status' are STATUS_SUCCESS then access is granted.
816 */
817 static unsigned int token_access_check( struct token *token,
818 const struct security_descriptor *sd,
819 unsigned int desired_access,
820 LUID_AND_ATTRIBUTES *privs,
821 unsigned int *priv_count,
822 const GENERIC_MAPPING *mapping,
823 unsigned int *granted_access,
824 unsigned int *status )
825 {
826 unsigned int current_access = 0;
827 unsigned int denied_access = 0;
828 ULONG i;
829 const ACL *dacl;
830 int dacl_present;
831 const ACE_HEADER *ace;
832 const SID *owner;
833
834 /* assume no access rights */
835 *granted_access = 0;
836
837 /* fail if desired_access contains generic rights */
838 if (desired_access & (GENERIC_READ|GENERIC_WRITE|GENERIC_EXECUTE|GENERIC_ALL))
839 {
840 *priv_count = 0;
841 return STATUS_GENERIC_NOT_MAPPED;
842 }
843
844 dacl = sd_get_dacl( sd, &dacl_present );
845 owner = sd_get_owner( sd );
846 if (!owner || !sd_get_group( sd ))
847 {
848 *priv_count = 0;
849 return STATUS_INVALID_SECURITY_DESCR;
850 }
851
852 /* 1: Grant desired access if the object is unprotected */
853 if (!dacl_present || !dacl)
854 {
855 *priv_count = 0;
856 *granted_access = desired_access;
857 return *status = STATUS_SUCCESS;
858 }
859
860 /* 2: Check if caller wants access to system security part. Note: access
861 * is only granted if specifically asked for */
862 if (desired_access & ACCESS_SYSTEM_SECURITY)
863 {
864 const LUID_AND_ATTRIBUTES security_priv = { SeSecurityPrivilege, 0 };
865 LUID_AND_ATTRIBUTES retpriv = security_priv;
866 if (token_check_privileges( token, TRUE, &security_priv, 1, &retpriv ))
867 {
868 if (priv_count)
869 {
870 /* assumes that there will only be one privilege to return */
871 if (*priv_count >= 1)
872 {
873 *priv_count = 1;
874 *privs = retpriv;
875 }
876 else
877 {
878 *priv_count = 1;
879 return STATUS_BUFFER_TOO_SMALL;
880 }
881 }
882 current_access |= ACCESS_SYSTEM_SECURITY;
883 if (desired_access == current_access)
884 {
885 *granted_access = current_access;
886 return *status = STATUS_SUCCESS;
887 }
888 }
889 else
890 {
891 *priv_count = 0;
892 *status = STATUS_PRIVILEGE_NOT_HELD;
893 return STATUS_SUCCESS;
894 }
895 }
896 else if (priv_count) *priv_count = 0;
897
898 /* 3: Check whether the token is the owner */
899 /* NOTE: SeTakeOwnershipPrivilege is not checked for here - it is instead
900 * checked when a "set owner" call is made, overriding the access rights
901 * determined here. */
902 if (token_sid_present( token, owner, FALSE ))
903 {
904 current_access |= (READ_CONTROL | WRITE_DAC);
905 if (desired_access == current_access)
906 {
907 *granted_access = current_access;
908 return *status = STATUS_SUCCESS;
909 }
910 }
911
912 /* 4: Grant rights according to the DACL */
913 ace = (const ACE_HEADER *)(dacl + 1);
914 for (i = 0; i < dacl->AceCount; i++, ace = ace_next( ace ))
915 {
916 const ACCESS_ALLOWED_ACE *aa_ace;
917 const ACCESS_DENIED_ACE *ad_ace;
918 const SID *sid;
919
920 if (ace->AceFlags & INHERIT_ONLY_ACE)
921 continue;
922
923 switch (ace->AceType)
924 {
925 case ACCESS_DENIED_ACE_TYPE:
926 ad_ace = (const ACCESS_DENIED_ACE *)ace;
927 sid = (const SID *)&ad_ace->SidStart;
928 if (token_sid_present( token, sid, TRUE ))
929 {
930 unsigned int access = ad_ace->Mask;
931 map_generic_mask(&access, mapping);
932 if (desired_access & MAXIMUM_ALLOWED)
933 denied_access |= access;
934 else
935 {
936 denied_access |= (access & ~current_access);
937 if (desired_access & access) goto done;
938 }
939 }
940 break;
941 case ACCESS_ALLOWED_ACE_TYPE:
942 aa_ace = (const ACCESS_ALLOWED_ACE *)ace;
943 sid = (const SID *)&aa_ace->SidStart;
944 if (token_sid_present( token, sid, FALSE ))
945 {
946 unsigned int access = aa_ace->Mask;
947 map_generic_mask(&access, mapping);
948 if (desired_access & MAXIMUM_ALLOWED)
949 current_access |= access;
950 else
951 current_access |= (access & ~denied_access);
952 }
953 break;
954 }
955
956 /* don't bother carrying on checking if we've already got all of
957 * rights we need */
958 if (desired_access == *granted_access)
959 break;
960 }
961
962 done:
963 if (desired_access & MAXIMUM_ALLOWED)
964 *granted_access = current_access & ~denied_access;
965 else
966 if ((current_access & desired_access) == desired_access)
967 *granted_access = current_access & desired_access;
968 else
969 *granted_access = 0;
970
971 *status = *granted_access ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;
972 return STATUS_SUCCESS;
973 }
974
975 const ACL *token_get_default_dacl( struct token *token )
976 {
977 return token->default_dacl;
978 }
979
980 const SID *token_get_user( struct token *token )
981 {
982 return token->user;
983 }
984
985 const SID *token_get_primary_group( struct token *token )
986 {
987 return token->primary_group;
988 }
989
990 int check_object_access(struct object *obj, unsigned int *access)
991 {
992 GENERIC_MAPPING mapping;
993 struct token *token = current->token ? current->token : current->process->token;
994 LUID_AND_ATTRIBUTES priv;
995 unsigned int status, priv_count = 1;
996 int res;
997
998 mapping.GenericAll = obj->ops->map_access( obj, GENERIC_ALL );
999
1000 if (!obj->sd)
1001 {
1002 if (*access & MAXIMUM_ALLOWED)
1003 *access = mapping.GenericAll;
1004 return TRUE;
1005 }
1006
1007 mapping.GenericRead = obj->ops->map_access( obj, GENERIC_READ );
1008 mapping.GenericWrite = obj->ops->map_access( obj, GENERIC_WRITE );
1009 mapping.GenericExecute = obj->ops->map_access( obj, GENERIC_EXECUTE );
1010
1011 res = token_access_check( token, obj->sd, *access, &priv, &priv_count,
1012 &mapping, access, &status ) == STATUS_SUCCESS &&
1013 status == STATUS_SUCCESS;
1014
1015 if (!res) set_error( STATUS_ACCESS_DENIED );
1016 return res;
1017 }
1018
1019
1020 /* open a security token */
1021 DECL_HANDLER(open_token)
1022 {
1023 if (req->flags & OPEN_TOKEN_THREAD)
1024 {
1025 struct thread *thread = get_thread_from_handle( req->handle, 0 );
1026 if (thread)
1027 {
1028 if (thread->token)
1029 {
1030 if (!thread->token->primary && thread->token->impersonation_level <= SecurityAnonymous)
1031 set_error( STATUS_CANT_OPEN_ANONYMOUS );
1032 else
1033 reply->token = alloc_handle( current->process, thread->token,
1034 req->access, req->attributes );
1035 }
1036 else
1037 set_error( STATUS_NO_TOKEN );
1038 release_object( thread );
1039 }
1040 }
1041 else
1042 {
1043 struct process *process = get_process_from_handle( req->handle, 0 );
1044 if (process)
1045 {
1046 if (process->token)
1047 reply->token = alloc_handle( current->process, process->token, req->access,
1048 req->attributes );
1049 else
1050 set_error( STATUS_NO_TOKEN );
1051 release_object( process );
1052 }
1053 }
1054 }
1055
1056 /* adjust the privileges held by a token */
1057 DECL_HANDLER(adjust_token_privileges)
1058 {
1059 struct token *token;
1060 unsigned int access = TOKEN_ADJUST_PRIVILEGES;
1061
1062 if (req->get_modified_state) access |= TOKEN_QUERY;
1063
1064 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1065 access, &token_ops )))
1066 {
1067 const LUID_AND_ATTRIBUTES *privs = get_req_data();
1068 LUID_AND_ATTRIBUTES *modified_privs = NULL;
1069 unsigned int priv_count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES);
1070 unsigned int modified_priv_count = 0;
1071
1072 if (req->get_modified_state && !req->disable_all)
1073 {
1074 unsigned int i;
1075 /* count modified privs */
1076 for (i = 0; i < priv_count; i++)
1077 {
1078 struct privilege *privilege =
1079 token_find_privilege( token, &privs[i].Luid, FALSE );
1080 if (privilege && req->get_modified_state)
1081 modified_priv_count++;
1082 }
1083 reply->len = modified_priv_count;
1084 modified_priv_count = min( modified_priv_count, get_reply_max_size() / sizeof(*modified_privs) );
1085 if (modified_priv_count)
1086 modified_privs = set_reply_data_size( modified_priv_count * sizeof(*modified_privs) );
1087 }
1088 reply->len = modified_priv_count * sizeof(*modified_privs);
1089
1090 if (req->disable_all)
1091 token_disable_privileges( token );
1092 else
1093 modified_priv_count = token_adjust_privileges( token, privs,
1094 priv_count, modified_privs, modified_priv_count );
1095
1096 release_object( token );
1097 }
1098 }
1099
1100 /* retrieves the list of privileges that may be held be the token */
1101 DECL_HANDLER(get_token_privileges)
1102 {
1103 struct token *token;
1104
1105 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1106 TOKEN_QUERY,
1107 &token_ops )))
1108 {
1109 int priv_count = 0;
1110 LUID_AND_ATTRIBUTES *privs;
1111 struct privilege *privilege;
1112
1113 LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
1114 priv_count++;
1115
1116 reply->len = priv_count * sizeof(*privs);
1117 if (reply->len <= get_reply_max_size())
1118 {
1119 privs = set_reply_data_size( priv_count * sizeof(*privs) );
1120 if (privs)
1121 {
1122 int i = 0;
1123 LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
1124 {
1125 luid_and_attr_from_privilege( &privs[i], privilege );
1126 i++;
1127 }
1128 }
1129 }
1130 else
1131 set_error(STATUS_BUFFER_TOO_SMALL);
1132
1133 release_object( token );
1134 }
1135 }
1136
1137 /* creates a duplicate of the token */
1138 DECL_HANDLER(duplicate_token)
1139 {
1140 struct token *src_token;
1141
1142 if ((src_token = (struct token *)get_handle_obj( current->process, req->handle,
1143 TOKEN_DUPLICATE,
1144 &token_ops )))
1145 {
1146 struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level );
1147 if (token)
1148 {
1149 reply->new_handle = alloc_handle( current->process, token, req->access, req->attributes);
1150 release_object( token );
1151 }
1152 release_object( src_token );
1153 }
1154 }
1155
1156 /* checks the specified privileges are held by the token */
1157 DECL_HANDLER(check_token_privileges)
1158 {
1159 struct token *token;
1160
1161 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1162 TOKEN_QUERY,
1163 &token_ops )))
1164 {
1165 unsigned int count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES);
1166
1167 if (!token->primary && token->impersonation_level <= SecurityAnonymous)
1168 set_error( STATUS_BAD_IMPERSONATION_LEVEL );
1169 else if (get_reply_max_size() >= count * sizeof(LUID_AND_ATTRIBUTES))
1170 {
1171 LUID_AND_ATTRIBUTES *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) );
1172 reply->has_privileges = token_check_privileges( token, req->all_required, get_req_data(), count, usedprivs );
1173 }
1174 else
1175 set_error( STATUS_BUFFER_OVERFLOW );
1176 release_object( token );
1177 }
1178 }
1179
1180 /* checks that a user represented by a token is allowed to access an object
1181 * represented by a security descriptor */
1182 DECL_HANDLER(access_check)
1183 {
1184 data_size_t sd_size = get_req_data_size();
1185 const struct security_descriptor *sd = get_req_data();
1186 struct token *token;
1187
1188 if (!sd_is_valid( sd, sd_size ))
1189 {
1190 set_error( STATUS_ACCESS_VIOLATION );
1191 return;
1192 }
1193
1194 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1195 TOKEN_QUERY,
1196 &token_ops )))
1197 {
1198 GENERIC_MAPPING mapping;
1199 unsigned int status;
1200 LUID_AND_ATTRIBUTES priv;
1201 unsigned int priv_count = 1;
1202
1203 memset(&priv, 0, sizeof(priv));
1204
1205 /* only impersonation tokens may be used with this function */
1206 if (token->primary)
1207 {
1208 set_error( STATUS_NO_IMPERSONATION_TOKEN );
1209 release_object( token );
1210 return;
1211 }
1212 /* anonymous impersonation tokens can't be used */
1213 if (token->impersonation_level <= SecurityAnonymous)
1214 {
1215 set_error( STATUS_BAD_IMPERSONATION_LEVEL );
1216 release_object( token );
1217 return;
1218 }
1219
1220 mapping.GenericRead = req->mapping_read;
1221 mapping.GenericWrite = req->mapping_write;
1222 mapping.GenericExecute = req->mapping_execute;
1223 mapping.GenericAll = req->mapping_all;
1224
1225 status = token_access_check(
1226 token, sd, req->desired_access, &priv, &priv_count, &mapping,
1227 &reply->access_granted, &reply->access_status );
1228
1229 reply->privileges_len = priv_count*sizeof(LUID_AND_ATTRIBUTES);
1230
1231 if ((priv_count > 0) && (reply->privileges_len <= get_reply_max_size()))
1232 {
1233 LUID_AND_ATTRIBUTES *privs = set_reply_data_size( priv_count * sizeof(*privs) );
1234 memcpy( privs, &priv, sizeof(priv) );
1235 }
1236
1237 set_error( status );
1238 release_object( token );
1239 }
1240 }
1241
1242 /* retrieves the SID of the user that the token represents */
1243 DECL_HANDLER(get_token_sid)
1244 {
1245 struct token *token;
1246
1247 reply->sid_len = 0;
1248
1249 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1250 TOKEN_QUERY,
1251 &token_ops )))
1252 {
1253 const SID *sid = NULL;
1254
1255 switch (req->which_sid)
1256 {
1257 case TokenUser:
1258 assert(token->user);
1259 sid = token->user;
1260 break;
1261 case TokenPrimaryGroup:
1262 sid = token->primary_group;
1263 break;
1264 case TokenOwner:
1265 {
1266 struct group *group;
1267 LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
1268 {
1269 if (group->owner)
1270 {
1271 sid = &group->sid;
1272 break;
1273 }
1274 }
1275 break;
1276 }
1277 default:
1278 set_error( STATUS_INVALID_PARAMETER );
1279 break;
1280 }
1281
1282 if (sid)
1283 {
1284 reply->sid_len = security_sid_len( sid );
1285 if (reply->sid_len <= get_reply_max_size()) set_reply_data( sid, reply->sid_len );
1286 else set_error( STATUS_BUFFER_TOO_SMALL );
1287 }
1288 release_object( token );
1289 }
1290 }
1291
1292 /* retrieves the groups that the user represented by the token belongs to */
1293 DECL_HANDLER(get_token_groups)
1294 {
1295 struct token *token;
1296
1297 reply->user_len = 0;
1298
1299 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1300 TOKEN_QUERY,
1301 &token_ops )))
1302 {
1303 size_t size_needed = sizeof(struct token_groups);
1304 size_t sid_size = 0;
1305 unsigned int group_count = 0;
1306 const struct group *group;
1307
1308 LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
1309 {
1310 group_count++;
1311 sid_size += security_sid_len( &group->sid );
1312 }
1313 size_needed += sid_size;
1314 /* attributes size */
1315 size_needed += sizeof(unsigned int) * group_count;
1316
1317 /* reply buffer contains size_needed bytes formatted as:
1318
1319 unsigned int count;
1320 unsigned int attrib[count];
1321 char sid_data[];
1322
1323 user_len includes extra data needed for TOKEN_GROUPS representation,
1324 required caller buffer size calculated here to avoid extra server call */
1325 reply->user_len = FIELD_OFFSET( TOKEN_GROUPS, Groups[group_count] ) + sid_size;
1326
1327 if (reply->user_len <= get_reply_max_size())
1328 {
1329 struct token_groups *tg = set_reply_data_size( size_needed );
1330 if (tg)
1331 {
1332 unsigned int *attr_ptr = (unsigned int *)(tg + 1);
1333 SID *sid_ptr = (SID *)(attr_ptr + group_count);
1334
1335 tg->count = group_count;
1336
1337 LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
1338 {
1339
1340 *attr_ptr = 0;
1341 if (group->mandatory) *attr_ptr |= SE_GROUP_MANDATORY;
1342 if (group->def) *attr_ptr |= SE_GROUP_ENABLED_BY_DEFAULT;
1343 if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED;
1344 if (group->owner) *attr_ptr |= SE_GROUP_OWNER;
1345 if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY;
1346 if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
1347 if (group->logon) *attr_ptr |= SE_GROUP_LOGON_ID;
1348
1349 memcpy(sid_ptr, &group->sid, security_sid_len( &group->sid ));
1350
1351 sid_ptr = (SID *)((char *)sid_ptr + security_sid_len( &group->sid ));
1352 attr_ptr++;
1353 }
1354 }
1355 }
1356 else set_error( STATUS_BUFFER_TOO_SMALL );
1357
1358 release_object( token );
1359 }
1360 }
1361
1362 DECL_HANDLER(get_token_impersonation_level)
1363 {
1364 struct token *token;
1365
1366 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1367 TOKEN_QUERY,
1368 &token_ops )))
1369 {
1370 if (token->primary)
1371 set_error( STATUS_INVALID_PARAMETER );
1372 else
1373 reply->impersonation_level = token->impersonation_level;
1374
1375 release_object( token );
1376 }
1377 }
1378
1379 DECL_HANDLER(get_token_statistics)
1380 {
1381 struct token *token;
1382
1383 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1384 TOKEN_QUERY,
1385 &token_ops )))
1386 {
1387 reply->token_id = token->token_id;
1388 reply->modified_id = token->modified_id;
1389 reply->primary = token->primary;
1390 reply->impersonation_level = token->impersonation_level;
1391 reply->group_count = list_count( &token->groups );
1392 reply->privilege_count = list_count( &token->privileges );
1393
1394 release_object( token );
1395 }
1396 }
1397
1398 DECL_HANDLER(get_token_default_dacl)
1399 {
1400 struct token *token;
1401
1402 reply->acl_len = 0;
1403
1404 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1405 TOKEN_QUERY,
1406 &token_ops )))
1407 {
1408 if (token->default_dacl)
1409 reply->acl_len = token->default_dacl->AclSize;
1410
1411 if (reply->acl_len <= get_reply_max_size())
1412 {
1413 ACL *acl_reply = set_reply_data_size( reply->acl_len );
1414 if (acl_reply)
1415 memcpy( acl_reply, token->default_dacl, reply->acl_len );
1416 }
1417 else set_error( STATUS_BUFFER_TOO_SMALL );
1418
1419 release_object( token );
1420 }
1421 }
1422
1423 DECL_HANDLER(set_token_default_dacl)
1424 {
1425 struct token *token;
1426
1427 if ((token = (struct token *)get_handle_obj( current->process, req->handle,
1428 TOKEN_ADJUST_DEFAULT,
1429 &token_ops )))
1430 {
1431 const ACL *acl = get_req_data();
1432 unsigned int acl_size = get_req_data_size();
1433
1434 free( token->default_dacl );
1435 token->default_dacl = NULL;
1436
1437 if (acl_size)
1438 token->default_dacl = memdup( acl, acl_size );
1439
1440 release_object( token );
1441 }
1442 }
Wine tree for Wine Gecko development