token.c 58 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680
  1. /*
  2. * Tokens
  3. *
  4. * Copyright (C) 1998 Alexandre Julliard
  5. * Copyright (C) 2003 Mike McCormack
  6. * Copyright (C) 2005 Robert Shearman
  7. *
  8. * This library is free software; you can redistribute it and/or
  9. * modify it under the terms of the GNU Lesser General Public
  10. * License as published by the Free Software Foundation; either
  11. * version 2.1 of the License, or (at your option) any later version.
  12. *
  13. * This library is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16. * Lesser General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Lesser General Public
  19. * License along with this library; if not, write to the Free Software
  20. * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  21. */
  22. #include "config.h"
  23. #include <assert.h>
  24. #include <stdio.h>
  25. #include <stdlib.h>
  26. #include <stdarg.h>
  27. #include <unistd.h>
  28. #include "ntstatus.h"
  29. #define WIN32_NO_STATUS
  30. #include "windef.h"
  31. #include "winternl.h"
  32. #include "handle.h"
  33. #include "thread.h"
  34. #include "process.h"
  35. #include "request.h"
  36. #include "security.h"
  37. #define MAX_SUBAUTH_COUNT 1
  38. const LUID SeIncreaseQuotaPrivilege = { 5, 0 };
  39. const LUID SeTcbPrivilege = { 7, 0 };
  40. const LUID SeSecurityPrivilege = { 8, 0 };
  41. const LUID SeTakeOwnershipPrivilege = { 9, 0 };
  42. const LUID SeLoadDriverPrivilege = { 10, 0 };
  43. const LUID SeSystemProfilePrivilege = { 11, 0 };
  44. const LUID SeSystemtimePrivilege = { 12, 0 };
  45. const LUID SeProfileSingleProcessPrivilege = { 13, 0 };
  46. const LUID SeIncreaseBasePriorityPrivilege = { 14, 0 };
  47. const LUID SeCreatePagefilePrivilege = { 15, 0 };
  48. const LUID SeBackupPrivilege = { 17, 0 };
  49. const LUID SeRestorePrivilege = { 18, 0 };
  50. const LUID SeShutdownPrivilege = { 19, 0 };
  51. const LUID SeDebugPrivilege = { 20, 0 };
  52. const LUID SeSystemEnvironmentPrivilege = { 22, 0 };
  53. const LUID SeChangeNotifyPrivilege = { 23, 0 };
  54. const LUID SeRemoteShutdownPrivilege = { 24, 0 };
  55. const LUID SeUndockPrivilege = { 25, 0 };
  56. const LUID SeManageVolumePrivilege = { 28, 0 };
  57. const LUID SeImpersonatePrivilege = { 29, 0 };
  58. const LUID SeCreateGlobalPrivilege = { 30, 0 };
  59. #define SID_N(n) struct /* same fields as struct SID */ \
  60. { \
  61. BYTE Revision; \
  62. BYTE SubAuthorityCount; \
  63. SID_IDENTIFIER_AUTHORITY IdentifierAuthority; \
  64. DWORD SubAuthority[n]; \
  65. }
  66. static const SID world_sid = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } };
  67. static const SID local_sid = { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } };
  68. static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } };
  69. static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } };
  70. static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
  71. static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
  72. static const SID high_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_HIGH_RID } };
  73. static const SID_N(5) local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
  74. static const SID_N(2) builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
  75. static const SID_N(2) builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
  76. static const SID_N(3) builtin_logon_sid = { SID_REVISION, 3, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID, 0, 0 } };
  77. static const SID_N(5) domain_users_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, DOMAIN_GROUP_RID_USERS } };
  78. const PSID security_world_sid = (PSID)&world_sid;
  79. static const PSID security_local_sid = (PSID)&local_sid;
  80. static const PSID security_interactive_sid = (PSID)&interactive_sid;
  81. static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid;
  82. const PSID security_local_system_sid = (PSID)&local_system_sid;
  83. const PSID security_local_user_sid = (PSID)&local_user_sid;
  84. const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
  85. const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
  86. const PSID security_domain_users_sid = (PSID)&domain_users_sid;
  87. const PSID security_high_label_sid = (PSID)&high_label_sid;
  88. static luid_t prev_luid_value = { 1000, 0 };
  89. static const WCHAR token_name[] = {'T','o','k','e','n'};
  90. struct type_descr token_type =
  91. {
  92. { token_name, sizeof(token_name) }, /* name */
  93. TOKEN_ALL_ACCESS | SYNCHRONIZE, /* valid_access */
  94. { /* mapping */
  95. STANDARD_RIGHTS_READ | TOKEN_QUERY_SOURCE | TOKEN_QUERY | TOKEN_DUPLICATE,
  96. STANDARD_RIGHTS_WRITE | TOKEN_ADJUST_SESSIONID | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_GROUPS
  97. | TOKEN_ADJUST_PRIVILEGES,
  98. STANDARD_RIGHTS_EXECUTE | TOKEN_IMPERSONATE | TOKEN_ASSIGN_PRIMARY,
  99. TOKEN_ALL_ACCESS
  100. },
  101. };
  102. struct token
  103. {
  104. struct object obj; /* object header */
  105. luid_t token_id; /* system-unique id of token */
  106. luid_t modified_id; /* new id allocated every time token is modified */
  107. struct list privileges; /* privileges available to the token */
  108. struct list groups; /* groups that the user of this token belongs to (sid_and_attributes) */
  109. SID *user; /* SID of user this token represents */
  110. SID *owner; /* SID of owner (points to user or one of groups) */
  111. SID *primary_group; /* SID of user's primary group (points to one of groups) */
  112. unsigned primary; /* is this a primary or impersonation token? */
  113. ACL *default_dacl; /* the default DACL to assign to objects created by this user */
  114. TOKEN_SOURCE source; /* source of the token */
  115. int impersonation_level; /* impersonation level this token is capable of if non-primary token */
  116. int elevation; /* elevation type */
  117. };
  118. struct privilege
  119. {
  120. struct list entry;
  121. LUID luid;
  122. unsigned enabled : 1; /* is the privilege currently enabled? */
  123. unsigned def : 1; /* is the privilege enabled by default? */
  124. };
  125. struct group
  126. {
  127. struct list entry;
  128. unsigned enabled : 1; /* is the sid currently enabled? */
  129. unsigned def : 1; /* is the sid enabled by default? */
  130. unsigned logon : 1; /* is this a logon sid? */
  131. unsigned mandatory: 1; /* is this sid always enabled? */
  132. unsigned owner : 1; /* can this sid be an owner of an object? */
  133. unsigned resource : 1; /* is this a domain-local group? */
  134. unsigned deny_only: 1; /* is this a sid that should be use for denying only? */
  135. SID sid;
  136. };
  137. static void token_dump( struct object *obj, int verbose );
  138. static void token_destroy( struct object *obj );
  139. static const struct object_ops token_ops =
  140. {
  141. sizeof(struct token), /* size */
  142. &token_type, /* type */
  143. token_dump, /* dump */
  144. no_add_queue, /* add_queue */
  145. NULL, /* remove_queue */
  146. NULL, /* signaled */
  147. NULL, /* satisfied */
  148. no_signal, /* signal */
  149. no_get_fd, /* get_fd */
  150. default_map_access, /* map_access */
  151. default_get_sd, /* get_sd */
  152. default_set_sd, /* set_sd */
  153. no_get_full_name, /* get_full_name */
  154. no_lookup_name, /* lookup_name */
  155. no_link_name, /* link_name */
  156. NULL, /* unlink_name */
  157. no_open_file, /* open_file */
  158. no_kernel_obj_list, /* get_kernel_obj_list */
  159. no_close_handle, /* close_handle */
  160. token_destroy /* destroy */
  161. };
  162. static void token_dump( struct object *obj, int verbose )
  163. {
  164. struct token *token = (struct token *)obj;
  165. assert( obj->ops == &token_ops );
  166. fprintf( stderr, "Token id=%d.%u primary=%u impersonation level=%d\n", token->token_id.high_part,
  167. token->token_id.low_part, token->primary, token->impersonation_level );
  168. }
  169. static SID *security_sid_alloc( const SID_IDENTIFIER_AUTHORITY *idauthority, int subauthcount, const unsigned int subauth[] )
  170. {
  171. int i;
  172. SID *sid = mem_alloc( FIELD_OFFSET(SID, SubAuthority[subauthcount]) );
  173. if (!sid) return NULL;
  174. sid->Revision = SID_REVISION;
  175. sid->SubAuthorityCount = subauthcount;
  176. sid->IdentifierAuthority = *idauthority;
  177. for (i = 0; i < subauthcount; i++)
  178. sid->SubAuthority[i] = subauth[i];
  179. return sid;
  180. }
  181. void security_set_thread_token( struct thread *thread, obj_handle_t handle )
  182. {
  183. if (!handle)
  184. {
  185. if (thread->token)
  186. release_object( thread->token );
  187. thread->token = NULL;
  188. }
  189. else
  190. {
  191. struct token *token = (struct token *)get_handle_obj( current->process,
  192. handle,
  193. TOKEN_IMPERSONATE,
  194. &token_ops );
  195. if (token)
  196. {
  197. if (thread->token)
  198. release_object( thread->token );
  199. thread->token = token;
  200. }
  201. }
  202. }
  203. const SID *security_unix_uid_to_sid( uid_t uid )
  204. {
  205. /* very simple mapping: either the current user or not the current user */
  206. if (uid == getuid())
  207. return (const SID *)&local_user_sid;
  208. else
  209. return &anonymous_logon_sid;
  210. }
  211. static int acl_is_valid( const ACL *acl, data_size_t size )
  212. {
  213. ULONG i;
  214. const ACE_HEADER *ace;
  215. if (size < sizeof(ACL))
  216. return FALSE;
  217. size = min(size, MAX_ACL_LEN);
  218. size -= sizeof(ACL);
  219. ace = (const ACE_HEADER *)(acl + 1);
  220. for (i = 0; i < acl->AceCount; i++)
  221. {
  222. const SID *sid;
  223. data_size_t sid_size;
  224. if (size < sizeof(ACE_HEADER))
  225. return FALSE;
  226. if (size < ace->AceSize)
  227. return FALSE;
  228. size -= ace->AceSize;
  229. switch (ace->AceType)
  230. {
  231. case ACCESS_DENIED_ACE_TYPE:
  232. sid = (const SID *)&((const ACCESS_DENIED_ACE *)ace)->SidStart;
  233. sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart);
  234. break;
  235. case ACCESS_ALLOWED_ACE_TYPE:
  236. sid = (const SID *)&((const ACCESS_ALLOWED_ACE *)ace)->SidStart;
  237. sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
  238. break;
  239. case SYSTEM_AUDIT_ACE_TYPE:
  240. sid = (const SID *)&((const SYSTEM_AUDIT_ACE *)ace)->SidStart;
  241. sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart);
  242. break;
  243. case SYSTEM_ALARM_ACE_TYPE:
  244. sid = (const SID *)&((const SYSTEM_ALARM_ACE *)ace)->SidStart;
  245. sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_ALARM_ACE, SidStart);
  246. break;
  247. case SYSTEM_MANDATORY_LABEL_ACE_TYPE:
  248. sid = (const SID *)&((const SYSTEM_MANDATORY_LABEL_ACE *)ace)->SidStart;
  249. sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart);
  250. break;
  251. default:
  252. return FALSE;
  253. }
  254. if (sid_size < FIELD_OFFSET(SID, SubAuthority[0]) || sid_size < security_sid_len( sid ))
  255. return FALSE;
  256. ace = ace_next( ace );
  257. }
  258. return TRUE;
  259. }
  260. static unsigned int get_sid_count( const SID *sid, data_size_t size )
  261. {
  262. unsigned int count;
  263. for (count = 0; size >= sizeof(SID) && security_sid_len( sid ) <= size; count++)
  264. {
  265. size -= security_sid_len( sid );
  266. sid = (const SID *)((char *)sid + security_sid_len( sid ));
  267. }
  268. return count;
  269. }
  270. /* checks whether all members of a security descriptor fit inside the size
  271. * of memory specified */
  272. int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
  273. {
  274. size_t offset = sizeof(struct security_descriptor);
  275. const SID *group;
  276. const SID *owner;
  277. const ACL *sacl;
  278. const ACL *dacl;
  279. int dummy;
  280. if (size < offset)
  281. return FALSE;
  282. if ((sd->owner_len >= FIELD_OFFSET(SID, SubAuthority[255])) ||
  283. (offset + sd->owner_len > size))
  284. return FALSE;
  285. owner = sd_get_owner( sd );
  286. if (owner)
  287. {
  288. if ((sd->owner_len < sizeof(SID)) || (security_sid_len( owner ) > sd->owner_len))
  289. return FALSE;
  290. }
  291. offset += sd->owner_len;
  292. if ((sd->group_len >= FIELD_OFFSET(SID, SubAuthority[255])) ||
  293. (offset + sd->group_len > size))
  294. return FALSE;
  295. group = sd_get_group( sd );
  296. if (group)
  297. {
  298. if ((sd->group_len < sizeof(SID)) || (security_sid_len( group ) > sd->group_len))
  299. return FALSE;
  300. }
  301. offset += sd->group_len;
  302. if ((sd->sacl_len >= MAX_ACL_LEN) || (offset + sd->sacl_len > size))
  303. return FALSE;
  304. sacl = sd_get_sacl( sd, &dummy );
  305. if (sacl && !acl_is_valid( sacl, sd->sacl_len ))
  306. return FALSE;
  307. offset += sd->sacl_len;
  308. if ((sd->dacl_len >= MAX_ACL_LEN) || (offset + sd->dacl_len > size))
  309. return FALSE;
  310. dacl = sd_get_dacl( sd, &dummy );
  311. if (dacl && !acl_is_valid( dacl, sd->dacl_len ))
  312. return FALSE;
  313. offset += sd->dacl_len;
  314. return TRUE;
  315. }
  316. /* extract security labels from SACL */
  317. ACL *extract_security_labels( const ACL *sacl )
  318. {
  319. size_t size = sizeof(ACL);
  320. const ACE_HEADER *ace;
  321. ACE_HEADER *label_ace;
  322. unsigned int i, count = 0;
  323. ACL *label_acl;
  324. ace = (const ACE_HEADER *)(sacl + 1);
  325. for (i = 0; i < sacl->AceCount; i++, ace = ace_next( ace ))
  326. {
  327. if (ace->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
  328. {
  329. size += ace->AceSize;
  330. count++;
  331. }
  332. }
  333. label_acl = mem_alloc( size );
  334. if (!label_acl) return NULL;
  335. label_acl->AclRevision = sacl->AclRevision;
  336. label_acl->Sbz1 = 0;
  337. label_acl->AclSize = size;
  338. label_acl->AceCount = count;
  339. label_acl->Sbz2 = 0;
  340. label_ace = (ACE_HEADER *)(label_acl + 1);
  341. ace = (const ACE_HEADER *)(sacl + 1);
  342. for (i = 0; i < sacl->AceCount; i++, ace = ace_next( ace ))
  343. {
  344. if (ace->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
  345. {
  346. memcpy( label_ace, ace, ace->AceSize );
  347. label_ace = (ACE_HEADER *)ace_next( label_ace );
  348. }
  349. }
  350. return label_acl;
  351. }
  352. /* replace security labels in an existing SACL */
  353. ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl )
  354. {
  355. const ACE_HEADER *ace;
  356. ACE_HEADER *replaced_ace;
  357. size_t size = sizeof(ACL);
  358. unsigned int i, count = 0;
  359. BYTE revision = ACL_REVISION;
  360. ACL *replaced_acl;
  361. if (old_sacl)
  362. {
  363. revision = max( revision, old_sacl->AclRevision );
  364. ace = (const ACE_HEADER *)(old_sacl + 1);
  365. for (i = 0; i < old_sacl->AceCount; i++, ace = ace_next( ace ))
  366. {
  367. if (ace->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
  368. size += ace->AceSize;
  369. count++;
  370. }
  371. }
  372. if (new_sacl)
  373. {
  374. revision = max( revision, new_sacl->AclRevision );
  375. ace = (const ACE_HEADER *)(new_sacl + 1);
  376. for (i = 0; i < new_sacl->AceCount; i++, ace = ace_next( ace ))
  377. {
  378. if (ace->AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
  379. size += ace->AceSize;
  380. count++;
  381. }
  382. }
  383. replaced_acl = mem_alloc( size );
  384. if (!replaced_acl) return NULL;
  385. replaced_acl->AclRevision = revision;
  386. replaced_acl->Sbz1 = 0;
  387. replaced_acl->AclSize = size;
  388. replaced_acl->AceCount = count;
  389. replaced_acl->Sbz2 = 0;
  390. replaced_ace = (ACE_HEADER *)(replaced_acl + 1);
  391. if (old_sacl)
  392. {
  393. ace = (const ACE_HEADER *)(old_sacl + 1);
  394. for (i = 0; i < old_sacl->AceCount; i++, ace = ace_next( ace ))
  395. {
  396. if (ace->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
  397. memcpy( replaced_ace, ace, ace->AceSize );
  398. replaced_ace = (ACE_HEADER *)ace_next( replaced_ace );
  399. }
  400. }
  401. if (new_sacl)
  402. {
  403. ace = (const ACE_HEADER *)(new_sacl + 1);
  404. for (i = 0; i < new_sacl->AceCount; i++, ace = ace_next( ace ))
  405. {
  406. if (ace->AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
  407. memcpy( replaced_ace, ace, ace->AceSize );
  408. replaced_ace = (ACE_HEADER *)ace_next( replaced_ace );
  409. }
  410. }
  411. return replaced_acl;
  412. }
  413. static inline int is_equal_luid( const LUID *luid1, const LUID *luid2 )
  414. {
  415. return (luid1->LowPart == luid2->LowPart && luid1->HighPart == luid2->HighPart);
  416. }
  417. static inline void allocate_luid( luid_t *luid )
  418. {
  419. prev_luid_value.low_part++;
  420. *luid = prev_luid_value;
  421. }
  422. DECL_HANDLER( allocate_locally_unique_id )
  423. {
  424. allocate_luid( &reply->luid );
  425. }
  426. static inline void luid_and_attr_from_privilege( LUID_AND_ATTRIBUTES *out, const struct privilege *in)
  427. {
  428. out->Luid = in->luid;
  429. out->Attributes =
  430. (in->enabled ? SE_PRIVILEGE_ENABLED : 0) |
  431. (in->def ? SE_PRIVILEGE_ENABLED_BY_DEFAULT : 0);
  432. }
  433. static struct privilege *privilege_add( struct token *token, const LUID *luid, int enabled )
  434. {
  435. struct privilege *privilege = mem_alloc( sizeof(*privilege) );
  436. if (privilege)
  437. {
  438. privilege->luid = *luid;
  439. privilege->def = privilege->enabled = (enabled != 0);
  440. list_add_tail( &token->privileges, &privilege->entry );
  441. }
  442. return privilege;
  443. }
  444. static inline void privilege_remove( struct privilege *privilege )
  445. {
  446. list_remove( &privilege->entry );
  447. free( privilege );
  448. }
  449. static void token_destroy( struct object *obj )
  450. {
  451. struct token* token;
  452. struct list *cursor, *cursor_next;
  453. assert( obj->ops == &token_ops );
  454. token = (struct token *)obj;
  455. free( token->user );
  456. LIST_FOR_EACH_SAFE( cursor, cursor_next, &token->privileges )
  457. {
  458. struct privilege *privilege = LIST_ENTRY( cursor, struct privilege, entry );
  459. privilege_remove( privilege );
  460. }
  461. LIST_FOR_EACH_SAFE( cursor, cursor_next, &token->groups )
  462. {
  463. struct group *group = LIST_ENTRY( cursor, struct group, entry );
  464. list_remove( &group->entry );
  465. free( group );
  466. }
  467. free( token->default_dacl );
  468. }
  469. /* creates a new token.
  470. * groups may be NULL if group_count is 0.
  471. * privs may be NULL if priv_count is 0.
  472. * default_dacl may be NULL, indicating that all objects created by the user
  473. * are unsecured.
  474. * modified_id may be NULL, indicating that a new modified_id luid should be
  475. * allocated.
  476. */
  477. static struct token *create_token( unsigned primary, const SID *user,
  478. const SID_AND_ATTRIBUTES *groups, unsigned int group_count,
  479. const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
  480. const ACL *default_dacl, TOKEN_SOURCE source,
  481. const luid_t *modified_id,
  482. int impersonation_level, int elevation )
  483. {
  484. struct token *token = alloc_object( &token_ops );
  485. if (token)
  486. {
  487. unsigned int i;
  488. allocate_luid( &token->token_id );
  489. if (modified_id)
  490. token->modified_id = *modified_id;
  491. else
  492. allocate_luid( &token->modified_id );
  493. list_init( &token->privileges );
  494. list_init( &token->groups );
  495. token->primary = primary;
  496. /* primary tokens don't have impersonation levels */
  497. if (primary)
  498. token->impersonation_level = -1;
  499. else
  500. token->impersonation_level = impersonation_level;
  501. token->default_dacl = NULL;
  502. token->primary_group = NULL;
  503. token->elevation = elevation;
  504. /* copy user */
  505. token->user = memdup( user, security_sid_len( user ));
  506. if (!token->user)
  507. {
  508. release_object( token );
  509. return NULL;
  510. }
  511. /* copy groups */
  512. for (i = 0; i < group_count; i++)
  513. {
  514. size_t size = FIELD_OFFSET( struct group, sid.SubAuthority[((const SID *)groups[i].Sid)->SubAuthorityCount] );
  515. struct group *group = mem_alloc( size );
  516. if (!group)
  517. {
  518. release_object( token );
  519. return NULL;
  520. }
  521. memcpy( &group->sid, groups[i].Sid, security_sid_len( groups[i].Sid ));
  522. group->enabled = TRUE;
  523. group->def = TRUE;
  524. group->logon = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
  525. group->mandatory = (groups[i].Attributes & SE_GROUP_MANDATORY) != 0;
  526. group->owner = (groups[i].Attributes & SE_GROUP_OWNER) != 0;
  527. group->resource = FALSE;
  528. group->deny_only = FALSE;
  529. list_add_tail( &token->groups, &group->entry );
  530. /* Use first owner capable group as owner and primary group */
  531. if (!token->primary_group && group->owner)
  532. {
  533. token->owner = &group->sid;
  534. token->primary_group = &group->sid;
  535. }
  536. }
  537. /* copy privileges */
  538. for (i = 0; i < priv_count; i++)
  539. {
  540. /* note: we don't check uniqueness: the caller must make sure
  541. * privs doesn't contain any duplicate luids */
  542. if (!privilege_add( token, &privs[i].Luid,
  543. privs[i].Attributes & SE_PRIVILEGE_ENABLED ))
  544. {
  545. release_object( token );
  546. return NULL;
  547. }
  548. }
  549. if (default_dacl)
  550. {
  551. token->default_dacl = memdup( default_dacl, default_dacl->AclSize );
  552. if (!token->default_dacl)
  553. {
  554. release_object( token );
  555. return NULL;
  556. }
  557. }
  558. token->source = source;
  559. }
  560. return token;
  561. }
  562. static int filter_group( struct group *group, const SID *filter, unsigned int count )
  563. {
  564. unsigned int i;
  565. for (i = 0; i < count; i++)
  566. {
  567. if (security_equal_sid( &group->sid, filter )) return 1;
  568. filter = (const SID *)((char *)filter + security_sid_len( filter ));
  569. }
  570. return 0;
  571. }
  572. static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBUTES *filter, unsigned int count )
  573. {
  574. unsigned int i;
  575. for (i = 0; i < count; i++)
  576. {
  577. if (!memcmp( &privilege->luid, &filter[i].Luid, sizeof(LUID) ))
  578. return 1;
  579. }
  580. return 0;
  581. }
  582. struct token *token_duplicate( struct token *src_token, unsigned primary,
  583. int impersonation_level, const struct security_descriptor *sd,
  584. const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count,
  585. const SID *remove_groups, unsigned int remove_group_count)
  586. {
  587. const luid_t *modified_id =
  588. primary || (impersonation_level == src_token->impersonation_level) ?
  589. &src_token->modified_id : NULL;
  590. struct token *token = NULL;
  591. struct privilege *privilege;
  592. struct group *group;
  593. if (!primary &&
  594. (impersonation_level < SecurityAnonymous ||
  595. impersonation_level > SecurityDelegation ||
  596. (!src_token->primary && (impersonation_level > src_token->impersonation_level))))
  597. {
  598. set_error( STATUS_BAD_IMPERSONATION_LEVEL );
  599. return NULL;
  600. }
  601. token = create_token( primary, src_token->user, NULL, 0,
  602. NULL, 0, src_token->default_dacl,
  603. src_token->source, modified_id,
  604. impersonation_level, src_token->elevation );
  605. if (!token) return token;
  606. /* copy groups */
  607. token->primary_group = NULL;
  608. LIST_FOR_EACH_ENTRY( group, &src_token->groups, struct group, entry )
  609. {
  610. size_t size = FIELD_OFFSET( struct group, sid.SubAuthority[group->sid.SubAuthorityCount] );
  611. struct group *newgroup = mem_alloc( size );
  612. if (!newgroup)
  613. {
  614. release_object( token );
  615. return NULL;
  616. }
  617. memcpy( newgroup, group, size );
  618. if (filter_group( group, remove_groups, remove_group_count ))
  619. {
  620. newgroup->enabled = 0;
  621. newgroup->def = 0;
  622. newgroup->deny_only = 1;
  623. }
  624. list_add_tail( &token->groups, &newgroup->entry );
  625. if (src_token->primary_group == &group->sid)
  626. {
  627. token->owner = &newgroup->sid;
  628. token->primary_group = &newgroup->sid;
  629. }
  630. }
  631. assert( token->primary_group );
  632. /* copy privileges */
  633. LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
  634. {
  635. if (filter_privilege( privilege, remove_privs, remove_priv_count )) continue;
  636. if (!privilege_add( token, &privilege->luid, privilege->enabled ))
  637. {
  638. release_object( token );
  639. return NULL;
  640. }
  641. }
  642. if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
  643. DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
  644. return token;
  645. }
  646. static ACL *create_default_dacl( const SID *user )
  647. {
  648. ACCESS_ALLOWED_ACE *aaa;
  649. ACL *default_dacl;
  650. SID *sid;
  651. size_t default_dacl_size = sizeof(ACL) +
  652. 2*(sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) +
  653. sizeof(local_system_sid) +
  654. security_sid_len( user );
  655. default_dacl = mem_alloc( default_dacl_size );
  656. if (!default_dacl) return NULL;
  657. default_dacl->AclRevision = ACL_REVISION;
  658. default_dacl->Sbz1 = 0;
  659. default_dacl->AclSize = default_dacl_size;
  660. default_dacl->AceCount = 2;
  661. default_dacl->Sbz2 = 0;
  662. /* GENERIC_ALL for Local System */
  663. aaa = (ACCESS_ALLOWED_ACE *)(default_dacl + 1);
  664. aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  665. aaa->Header.AceFlags = 0;
  666. aaa->Header.AceSize = (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) +
  667. sizeof(local_system_sid);
  668. aaa->Mask = GENERIC_ALL;
  669. sid = (SID *)&aaa->SidStart;
  670. memcpy( sid, &local_system_sid, sizeof(local_system_sid) );
  671. /* GENERIC_ALL for specified user */
  672. aaa = (ACCESS_ALLOWED_ACE *)((char *)aaa + aaa->Header.AceSize);
  673. aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  674. aaa->Header.AceFlags = 0;
  675. aaa->Header.AceSize = (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + security_sid_len( user );
  676. aaa->Mask = GENERIC_ALL;
  677. sid = (SID *)&aaa->SidStart;
  678. memcpy( sid, user, security_sid_len( user ));
  679. return default_dacl;
  680. }
  681. struct sid_data
  682. {
  683. SID_IDENTIFIER_AUTHORITY idauth;
  684. int count;
  685. unsigned int subauth[MAX_SUBAUTH_COUNT];
  686. };
  687. static struct security_descriptor *create_security_label_sd( struct token *token, PSID label_sid )
  688. {
  689. size_t sid_len = security_sid_len( label_sid ), sacl_size, sd_size;
  690. SYSTEM_MANDATORY_LABEL_ACE *smla;
  691. struct security_descriptor *sd;
  692. ACL *sacl;
  693. sacl_size = sizeof(ACL) + FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + sid_len;
  694. sd_size = sizeof(struct security_descriptor) + sacl_size;
  695. if (!(sd = mem_alloc( sd_size )))
  696. return NULL;
  697. sd->control = SE_SACL_PRESENT;
  698. sd->owner_len = 0;
  699. sd->group_len = 0;
  700. sd->sacl_len = sacl_size;
  701. sd->dacl_len = 0;
  702. sacl = (ACL *)(sd + 1);
  703. sacl->AclRevision = ACL_REVISION;
  704. sacl->Sbz1 = 0;
  705. sacl->AclSize = sacl_size;
  706. sacl->AceCount = 1;
  707. sacl->Sbz2 = 0;
  708. smla = (SYSTEM_MANDATORY_LABEL_ACE *)(sacl + 1);
  709. smla->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE;
  710. smla->Header.AceFlags = 0;
  711. smla->Header.AceSize = FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + sid_len;
  712. smla->Mask = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP;
  713. memcpy( &smla->SidStart, label_sid, sid_len );
  714. assert( sd_is_valid( sd, sd_size ) );
  715. return sd;
  716. }
  717. int token_assign_label( struct token *token, PSID label )
  718. {
  719. struct security_descriptor *sd;
  720. int ret = 0;
  721. if ((sd = create_security_label_sd( token, label )))
  722. {
  723. ret = set_sd_defaults_from_token( &token->obj, sd, LABEL_SECURITY_INFORMATION, token );
  724. free( sd );
  725. }
  726. return ret;
  727. }
  728. struct token *get_token_obj( struct process *process, obj_handle_t handle, unsigned int access )
  729. {
  730. return (struct token *)get_handle_obj( process, handle, access, &token_ops );
  731. }
  732. struct token *token_create_admin( int elevation )
  733. {
  734. struct token *token = NULL;
  735. static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };
  736. static const unsigned int alias_admins_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS };
  737. static const unsigned int alias_users_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS };
  738. /* on Windows, this value changes every time the user logs on */
  739. static const unsigned int logon_subauth[] = { SECURITY_LOGON_IDS_RID, 0, 1 /* FIXME: should be randomly generated when tokens are inherited by new processes */ };
  740. PSID alias_admins_sid;
  741. PSID alias_users_sid;
  742. PSID logon_sid;
  743. const SID *user_sid = security_unix_uid_to_sid( getuid() );
  744. ACL *default_dacl = create_default_dacl( user_sid );
  745. alias_admins_sid = security_sid_alloc( &nt_authority, ARRAY_SIZE( alias_admins_subauth ),
  746. alias_admins_subauth );
  747. alias_users_sid = security_sid_alloc( &nt_authority, ARRAY_SIZE( alias_users_subauth ),
  748. alias_users_subauth );
  749. logon_sid = security_sid_alloc( &nt_authority, ARRAY_SIZE( logon_subauth ), logon_subauth );
  750. if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl)
  751. {
  752. const LUID_AND_ATTRIBUTES admin_privs[] =
  753. {
  754. { SeChangeNotifyPrivilege , SE_PRIVILEGE_ENABLED },
  755. { SeTcbPrivilege , 0 },
  756. { SeSecurityPrivilege , 0 },
  757. { SeBackupPrivilege , 0 },
  758. { SeRestorePrivilege , 0 },
  759. { SeSystemtimePrivilege , 0 },
  760. { SeShutdownPrivilege , 0 },
  761. { SeRemoteShutdownPrivilege , 0 },
  762. { SeTakeOwnershipPrivilege , 0 },
  763. { SeDebugPrivilege , 0 },
  764. { SeSystemEnvironmentPrivilege , 0 },
  765. { SeSystemProfilePrivilege , 0 },
  766. { SeProfileSingleProcessPrivilege, 0 },
  767. { SeIncreaseBasePriorityPrivilege, 0 },
  768. { SeLoadDriverPrivilege , SE_PRIVILEGE_ENABLED },
  769. { SeCreatePagefilePrivilege , 0 },
  770. { SeIncreaseQuotaPrivilege , 0 },
  771. { SeUndockPrivilege , 0 },
  772. { SeManageVolumePrivilege , 0 },
  773. { SeImpersonatePrivilege , SE_PRIVILEGE_ENABLED },
  774. { SeCreateGlobalPrivilege , SE_PRIVILEGE_ENABLED },
  775. };
  776. /* note: we don't include non-builtin groups here for the user -
  777. * telling us these is the job of a client-side program */
  778. const SID_AND_ATTRIBUTES admin_groups[] =
  779. {
  780. { security_world_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
  781. { security_local_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
  782. { security_interactive_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
  783. { security_authenticated_user_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
  784. { security_domain_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
  785. { alias_admins_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
  786. { alias_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
  787. { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
  788. };
  789. static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
  790. token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
  791. admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
  792. admin_source, NULL, -1, elevation );
  793. /* we really need a primary group */
  794. assert( token->primary_group );
  795. }
  796. free( logon_sid );
  797. free( alias_admins_sid );
  798. free( alias_users_sid );
  799. free( default_dacl );
  800. return token;
  801. }
  802. static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
  803. {
  804. struct privilege *privilege;
  805. LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
  806. {
  807. if (is_equal_luid( luid, &privilege->luid ))
  808. {
  809. if (enabled_only && !privilege->enabled)
  810. return NULL;
  811. return privilege;
  812. }
  813. }
  814. return NULL;
  815. }
  816. static unsigned int token_adjust_privileges( struct token *token, const LUID_AND_ATTRIBUTES *privs,
  817. unsigned int count, LUID_AND_ATTRIBUTES *mod_privs,
  818. unsigned int mod_privs_count )
  819. {
  820. unsigned int i, modified_count = 0;
  821. /* mark as modified */
  822. allocate_luid( &token->modified_id );
  823. for (i = 0; i < count; i++)
  824. {
  825. struct privilege *privilege =
  826. token_find_privilege( token, &privs[i].Luid, FALSE );
  827. if (!privilege)
  828. {
  829. set_error( STATUS_NOT_ALL_ASSIGNED );
  830. continue;
  831. }
  832. if (privs[i].Attributes & SE_PRIVILEGE_REMOVED)
  833. privilege_remove( privilege );
  834. else
  835. {
  836. /* save previous state for caller */
  837. if (mod_privs_count)
  838. {
  839. luid_and_attr_from_privilege(mod_privs, privilege);
  840. mod_privs++;
  841. mod_privs_count--;
  842. modified_count++;
  843. }
  844. if (privs[i].Attributes & SE_PRIVILEGE_ENABLED)
  845. privilege->enabled = TRUE;
  846. else
  847. privilege->enabled = FALSE;
  848. }
  849. }
  850. return modified_count;
  851. }
  852. static void token_disable_privileges( struct token *token )
  853. {
  854. struct privilege *privilege;
  855. /* mark as modified */
  856. allocate_luid( &token->modified_id );
  857. LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
  858. privilege->enabled = FALSE;
  859. }
  860. int token_check_privileges( struct token *token, int all_required,
  861. const LUID_AND_ATTRIBUTES *reqprivs,
  862. unsigned int count, LUID_AND_ATTRIBUTES *usedprivs)
  863. {
  864. unsigned int i, enabled_count = 0;
  865. for (i = 0; i < count; i++)
  866. {
  867. struct privilege *privilege =
  868. token_find_privilege( token, &reqprivs[i].Luid, TRUE );
  869. if (usedprivs)
  870. usedprivs[i] = reqprivs[i];
  871. if (privilege && privilege->enabled)
  872. {
  873. enabled_count++;
  874. if (usedprivs)
  875. usedprivs[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
  876. }
  877. }
  878. if (all_required)
  879. return (enabled_count == count);
  880. else
  881. return (enabled_count > 0);
  882. }
  883. int token_sid_present( struct token *token, const SID *sid, int deny )
  884. {
  885. struct group *group;
  886. if (security_equal_sid( token->user, sid )) return TRUE;
  887. LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
  888. {
  889. if (!group->enabled) continue;
  890. if (group->deny_only && !deny) continue;
  891. if (security_equal_sid( &group->sid, sid )) return TRUE;
  892. }
  893. return FALSE;
  894. }
  895. /* Checks access to a security descriptor. 'sd' must have been validated by
  896. * caller. It returns STATUS_SUCCESS if call succeeded or an error indicating
  897. * the reason. 'status' parameter will indicate if access is granted or denied.
  898. *
  899. * If both returned value and 'status' are STATUS_SUCCESS then access is granted.
  900. */
  901. static unsigned int token_access_check( struct token *token,
  902. const struct security_descriptor *sd,
  903. unsigned int desired_access,
  904. LUID_AND_ATTRIBUTES *privs,
  905. unsigned int *priv_count,
  906. const generic_map_t *mapping,
  907. unsigned int *granted_access,
  908. unsigned int *status )
  909. {
  910. unsigned int current_access = 0;
  911. unsigned int denied_access = 0;
  912. ULONG i;
  913. const ACL *dacl;
  914. int dacl_present;
  915. const ACE_HEADER *ace;
  916. const SID *owner;
  917. /* assume no access rights */
  918. *granted_access = 0;
  919. /* fail if desired_access contains generic rights */
  920. if (desired_access & (GENERIC_READ|GENERIC_WRITE|GENERIC_EXECUTE|GENERIC_ALL))
  921. {
  922. if (priv_count) *priv_count = 0;
  923. return STATUS_GENERIC_NOT_MAPPED;
  924. }
  925. dacl = sd_get_dacl( sd, &dacl_present );
  926. owner = sd_get_owner( sd );
  927. if (!owner || !sd_get_group( sd ))
  928. {
  929. if (priv_count) *priv_count = 0;
  930. return STATUS_INVALID_SECURITY_DESCR;
  931. }
  932. /* 1: Grant desired access if the object is unprotected */
  933. if (!dacl_present || !dacl)
  934. {
  935. if (priv_count) *priv_count = 0;
  936. if (desired_access & MAXIMUM_ALLOWED)
  937. *granted_access = mapping->all;
  938. else
  939. *granted_access = desired_access;
  940. return *status = STATUS_SUCCESS;
  941. }
  942. /* 2: Check if caller wants access to system security part. Note: access
  943. * is only granted if specifically asked for */
  944. if (desired_access & ACCESS_SYSTEM_SECURITY)
  945. {
  946. const LUID_AND_ATTRIBUTES security_priv = { SeSecurityPrivilege, 0 };
  947. LUID_AND_ATTRIBUTES retpriv = security_priv;
  948. if (token_check_privileges( token, TRUE, &security_priv, 1, &retpriv ))
  949. {
  950. if (priv_count)
  951. {
  952. /* assumes that there will only be one privilege to return */
  953. if (*priv_count >= 1)
  954. {
  955. *priv_count = 1;
  956. *privs = retpriv;
  957. }
  958. else
  959. {
  960. *priv_count = 1;
  961. return STATUS_BUFFER_TOO_SMALL;
  962. }
  963. }
  964. current_access |= ACCESS_SYSTEM_SECURITY;
  965. if (desired_access == current_access)
  966. {
  967. *granted_access = current_access;
  968. return *status = STATUS_SUCCESS;
  969. }
  970. }
  971. else
  972. {
  973. if (priv_count) *priv_count = 0;
  974. *status = STATUS_PRIVILEGE_NOT_HELD;
  975. return STATUS_SUCCESS;
  976. }
  977. }
  978. else if (priv_count) *priv_count = 0;
  979. /* 3: Check whether the token is the owner */
  980. /* NOTE: SeTakeOwnershipPrivilege is not checked for here - it is instead
  981. * checked when a "set owner" call is made, overriding the access rights
  982. * determined here. */
  983. if (token_sid_present( token, owner, FALSE ))
  984. {
  985. current_access |= (READ_CONTROL | WRITE_DAC);
  986. if (desired_access == current_access)
  987. {
  988. *granted_access = current_access;
  989. return *status = STATUS_SUCCESS;
  990. }
  991. }
  992. /* 4: Grant rights according to the DACL */
  993. ace = (const ACE_HEADER *)(dacl + 1);
  994. for (i = 0; i < dacl->AceCount; i++, ace = ace_next( ace ))
  995. {
  996. const ACCESS_ALLOWED_ACE *aa_ace;
  997. const ACCESS_DENIED_ACE *ad_ace;
  998. const SID *sid;
  999. if (ace->AceFlags & INHERIT_ONLY_ACE)
  1000. continue;
  1001. switch (ace->AceType)
  1002. {
  1003. case ACCESS_DENIED_ACE_TYPE:
  1004. ad_ace = (const ACCESS_DENIED_ACE *)ace;
  1005. sid = (const SID *)&ad_ace->SidStart;
  1006. if (token_sid_present( token, sid, TRUE ))
  1007. {
  1008. unsigned int access = map_access( ad_ace->Mask, mapping );
  1009. if (desired_access & MAXIMUM_ALLOWED)
  1010. denied_access |= access;
  1011. else
  1012. {
  1013. denied_access |= (access & ~current_access);
  1014. if (desired_access & access) goto done;
  1015. }
  1016. }
  1017. break;
  1018. case ACCESS_ALLOWED_ACE_TYPE:
  1019. aa_ace = (const ACCESS_ALLOWED_ACE *)ace;
  1020. sid = (const SID *)&aa_ace->SidStart;
  1021. if (token_sid_present( token, sid, FALSE ))
  1022. {
  1023. unsigned int access = map_access( aa_ace->Mask, mapping );
  1024. if (desired_access & MAXIMUM_ALLOWED)
  1025. current_access |= access;
  1026. else
  1027. current_access |= (access & ~denied_access);
  1028. }
  1029. break;
  1030. }
  1031. /* don't bother carrying on checking if we've already got all of
  1032. * rights we need */
  1033. if (desired_access == *granted_access)
  1034. break;
  1035. }
  1036. done:
  1037. if (desired_access & MAXIMUM_ALLOWED)
  1038. *granted_access = current_access & ~denied_access;
  1039. else
  1040. if ((current_access & desired_access) == desired_access)
  1041. *granted_access = current_access & desired_access;
  1042. else
  1043. *granted_access = 0;
  1044. *status = *granted_access ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;
  1045. return STATUS_SUCCESS;
  1046. }
  1047. const ACL *token_get_default_dacl( struct token *token )
  1048. {
  1049. return token->default_dacl;
  1050. }
  1051. const SID *token_get_user( struct token *token )
  1052. {
  1053. return token->user;
  1054. }
  1055. const SID *token_get_primary_group( struct token *token )
  1056. {
  1057. return token->primary_group;
  1058. }
  1059. int check_object_access(struct token *token, struct object *obj, unsigned int *access)
  1060. {
  1061. generic_map_t mapping;
  1062. unsigned int status;
  1063. int res;
  1064. if (!token)
  1065. token = current->token ? current->token : current->process->token;
  1066. mapping.all = obj->ops->map_access( obj, GENERIC_ALL );
  1067. if (!obj->sd)
  1068. {
  1069. if (*access & MAXIMUM_ALLOWED) *access = mapping.all;
  1070. return TRUE;
  1071. }
  1072. mapping.read = obj->ops->map_access( obj, GENERIC_READ );
  1073. mapping.write = obj->ops->map_access( obj, GENERIC_WRITE );
  1074. mapping.exec = obj->ops->map_access( obj, GENERIC_EXECUTE );
  1075. res = token_access_check( token, obj->sd, *access, NULL, NULL,
  1076. &mapping, access, &status ) == STATUS_SUCCESS &&
  1077. status == STATUS_SUCCESS;
  1078. if (!res) set_error( STATUS_ACCESS_DENIED );
  1079. return res;
  1080. }
  1081. /* open a security token */
  1082. DECL_HANDLER(open_token)
  1083. {
  1084. if (req->flags & OPEN_TOKEN_THREAD)
  1085. {
  1086. struct thread *thread = get_thread_from_handle( req->handle, 0 );
  1087. if (thread)
  1088. {
  1089. if (thread->token)
  1090. {
  1091. if (!thread->token->primary && thread->token->impersonation_level <= SecurityAnonymous)
  1092. set_error( STATUS_CANT_OPEN_ANONYMOUS );
  1093. else
  1094. reply->token = alloc_handle( current->process, thread->token,
  1095. req->access, req->attributes );
  1096. }
  1097. else
  1098. set_error( STATUS_NO_TOKEN );
  1099. release_object( thread );
  1100. }
  1101. }
  1102. else
  1103. {
  1104. struct process *process = get_process_from_handle( req->handle, 0 );
  1105. if (process)
  1106. {
  1107. if (process->token)
  1108. reply->token = alloc_handle( current->process, process->token, req->access,
  1109. req->attributes );
  1110. else
  1111. set_error( STATUS_NO_TOKEN );
  1112. release_object( process );
  1113. }
  1114. }
  1115. }
  1116. /* adjust the privileges held by a token */
  1117. DECL_HANDLER(adjust_token_privileges)
  1118. {
  1119. struct token *token;
  1120. unsigned int access = TOKEN_ADJUST_PRIVILEGES;
  1121. if (req->get_modified_state) access |= TOKEN_QUERY;
  1122. if ((token = (struct token *)get_handle_obj( current->process, req->handle,
  1123. access, &token_ops )))
  1124. {
  1125. const LUID_AND_ATTRIBUTES *privs = get_req_data();
  1126. LUID_AND_ATTRIBUTES *modified_privs = NULL;
  1127. unsigned int priv_count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES);
  1128. unsigned int modified_priv_count = 0;
  1129. if (req->get_modified_state && !req->disable_all)
  1130. {
  1131. unsigned int i;
  1132. /* count modified privs */
  1133. for (i = 0; i < priv_count; i++)
  1134. {
  1135. struct privilege *privilege =
  1136. token_find_privilege( token, &privs[i].Luid, FALSE );
  1137. if (privilege && req->get_modified_state)
  1138. modified_priv_count++;
  1139. }
  1140. reply->len = modified_priv_count;
  1141. modified_priv_count = min( modified_priv_count, get_reply_max_size() / sizeof(*modified_privs) );
  1142. if (modified_priv_count)
  1143. modified_privs = set_reply_data_size( modified_priv_count * sizeof(*modified_privs) );
  1144. }
  1145. reply->len = modified_priv_count * sizeof(*modified_privs);
  1146. if (req->disable_all)
  1147. token_disable_privileges( token );
  1148. else
  1149. token_adjust_privileges( token, privs, priv_count, modified_privs, modified_priv_count );
  1150. release_object( token );
  1151. }
  1152. }
  1153. /* retrieves the list of privileges that may be held be the token */
  1154. DECL_HANDLER(get_token_privileges)
  1155. {
  1156. struct token *token;
  1157. if ((token = (struct token *)get_handle_obj( current->process, req->handle,
  1158. TOKEN_QUERY,
  1159. &token_ops )))
  1160. {
  1161. int priv_count = 0;
  1162. LUID_AND_ATTRIBUTES *privs;
  1163. struct privilege *privilege;
  1164. LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
  1165. priv_count++;
  1166. reply->len = priv_count * sizeof(*privs);
  1167. if (reply->len <= get_reply_max_size())
  1168. {
  1169. privs = set_reply_data_size( priv_count * sizeof(*privs) );
  1170. if (privs)
  1171. {
  1172. int i = 0;
  1173. LIST_FOR_EACH_ENTRY( privilege, &token->privileges, struct privilege, entry )
  1174. {
  1175. luid_and_attr_from_privilege( &privs[i], privilege );
  1176. i++;
  1177. }
  1178. }
  1179. }
  1180. else
  1181. set_error(STATUS_BUFFER_TOO_SMALL);
  1182. release_object( token );
  1183. }
  1184. }
  1185. /* creates a duplicate of the token */
  1186. DECL_HANDLER(duplicate_token)
  1187. {
  1188. struct token *src_token;
  1189. struct unicode_str name;
  1190. const struct security_descriptor *sd;
  1191. const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL );
  1192. if (!objattr) return;
  1193. if ((src_token = (struct token *)get_handle_obj( current->process, req->handle,
  1194. TOKEN_DUPLICATE,
  1195. &token_ops )))
  1196. {
  1197. struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd, NULL, 0, NULL, 0 );
  1198. if (token)
  1199. {
  1200. unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
  1201. reply->new_handle = alloc_handle_no_access_check( current->process, token, access, objattr->attributes );
  1202. release_object( token );
  1203. }
  1204. release_object( src_token );
  1205. }
  1206. }
  1207. /* creates a restricted version of a token */
  1208. DECL_HANDLER(filter_token)
  1209. {
  1210. struct token *src_token;
  1211. if ((src_token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_DUPLICATE, &token_ops )))
  1212. {
  1213. const LUID_AND_ATTRIBUTES *filter_privileges = get_req_data();
  1214. unsigned int priv_count, group_count;
  1215. const SID *filter_groups;
  1216. struct token *token;
  1217. priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(LUID_AND_ATTRIBUTES);
  1218. filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(LUID_AND_ATTRIBUTES));
  1219. group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
  1220. token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
  1221. filter_privileges, priv_count, filter_groups, group_count );
  1222. if (token)
  1223. {
  1224. unsigned int access = get_handle_access( current->process, req->handle );
  1225. reply->new_handle = alloc_handle_no_access_check( current->process, token, access, 0 );
  1226. release_object( token );
  1227. }
  1228. release_object( src_token );
  1229. }
  1230. }
  1231. /* checks the specified privileges are held by the token */
  1232. DECL_HANDLER(check_token_privileges)
  1233. {
  1234. struct token *token;
  1235. if ((token = (struct token *)get_handle_obj( current->process, req->handle,
  1236. TOKEN_QUERY,
  1237. &token_ops )))
  1238. {
  1239. unsigned int count = get_req_data_size() / sizeof(LUID_AND_ATTRIBUTES);
  1240. if (!token->primary && token->impersonation_level <= SecurityAnonymous)
  1241. set_error( STATUS_BAD_IMPERSONATION_LEVEL );
  1242. else if (get_reply_max_size() >= count * sizeof(LUID_AND_ATTRIBUTES))
  1243. {
  1244. LUID_AND_ATTRIBUTES *usedprivs = set_reply_data_size( count * sizeof(*usedprivs) );
  1245. reply->has_privileges = token_check_privileges( token, req->all_required, get_req_data(), count, usedprivs );
  1246. }
  1247. else
  1248. set_error( STATUS_BUFFER_OVERFLOW );
  1249. release_object( token );
  1250. }
  1251. }
  1252. /* checks that a user represented by a token is allowed to access an object
  1253. * represented by a security descriptor */
  1254. DECL_HANDLER(access_check)
  1255. {
  1256. data_size_t sd_size = get_req_data_size();
  1257. const struct security_descriptor *sd = get_req_data();
  1258. struct token *token;
  1259. if (!sd_is_valid( sd, sd_size ))
  1260. {
  1261. set_error( STATUS_ACCESS_VIOLATION );
  1262. return;
  1263. }
  1264. if ((token = (struct token *)get_handle_obj( current->process, req->handle,
  1265. TOKEN_QUERY,
  1266. &token_ops )))
  1267. {
  1268. unsigned int status;
  1269. LUID_AND_ATTRIBUTES priv;
  1270. unsigned int priv_count = 1;
  1271. memset(&priv, 0, sizeof(priv));
  1272. /* only impersonation tokens may be used with this function */
  1273. if (token->primary)
  1274. {
  1275. set_error( STATUS_NO_IMPERSONATION_TOKEN );
  1276. release_object( token );
  1277. return;
  1278. }
  1279. /* anonymous impersonation tokens can't be used */
  1280. if (token->impersonation_level <= SecurityAnonymous)
  1281. {
  1282. set_error( STATUS_BAD_IMPERSONATION_LEVEL );
  1283. release_object( token );
  1284. return;
  1285. }
  1286. status = token_access_check( token, sd, req->desired_access, &priv, &priv_count, &req->mapping,
  1287. &reply->access_granted, &reply->access_status );
  1288. reply->privileges_len = priv_count*sizeof(LUID_AND_ATTRIBUTES);
  1289. if ((priv_count > 0) && (reply->privileges_len <= get_reply_max_size()))
  1290. {
  1291. LUID_AND_ATTRIBUTES *privs = set_reply_data_size( priv_count * sizeof(*privs) );
  1292. memcpy( privs, &priv, sizeof(priv) );
  1293. }
  1294. set_error( status );
  1295. release_object( token );
  1296. }
  1297. }
  1298. /* retrieves an SID from the token */
  1299. DECL_HANDLER(get_token_sid)
  1300. {
  1301. struct token *token;
  1302. reply->sid_len = 0;
  1303. if ((token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_QUERY, &token_ops )))
  1304. {
  1305. const SID *sid = NULL;
  1306. switch (req->which_sid)
  1307. {
  1308. case TokenUser:
  1309. assert(token->user);
  1310. sid = token->user;
  1311. break;
  1312. case TokenPrimaryGroup:
  1313. sid = token->primary_group;
  1314. break;
  1315. case TokenOwner:
  1316. sid = token->owner;
  1317. break;
  1318. case TokenLogonSid:
  1319. sid = (const SID *)&builtin_logon_sid;
  1320. break;
  1321. default:
  1322. set_error( STATUS_INVALID_PARAMETER );
  1323. break;
  1324. }
  1325. if (sid)
  1326. {
  1327. reply->sid_len = security_sid_len( sid );
  1328. if (reply->sid_len <= get_reply_max_size()) set_reply_data( sid, reply->sid_len );
  1329. else set_error( STATUS_BUFFER_TOO_SMALL );
  1330. }
  1331. release_object( token );
  1332. }
  1333. }
  1334. /* retrieves the groups that the user represented by the token belongs to */
  1335. DECL_HANDLER(get_token_groups)
  1336. {
  1337. struct token *token;
  1338. reply->user_len = 0;
  1339. if ((token = (struct token *)get_handle_obj( current->process, req->handle,
  1340. TOKEN_QUERY,
  1341. &token_ops )))
  1342. {
  1343. size_t size_needed = sizeof(struct token_groups);
  1344. size_t sid_size = 0;
  1345. unsigned int group_count = 0;
  1346. const struct group *group;
  1347. LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
  1348. {
  1349. group_count++;
  1350. sid_size += security_sid_len( &group->sid );
  1351. }
  1352. size_needed += sid_size;
  1353. /* attributes size */
  1354. size_needed += sizeof(unsigned int) * group_count;
  1355. /* reply buffer contains size_needed bytes formatted as:
  1356. unsigned int count;
  1357. unsigned int attrib[count];
  1358. char sid_data[];
  1359. user_len includes extra data needed for TOKEN_GROUPS representation,
  1360. required caller buffer size calculated here to avoid extra server call */
  1361. reply->user_len = FIELD_OFFSET( TOKEN_GROUPS, Groups[group_count] ) + sid_size;
  1362. if (reply->user_len <= get_reply_max_size())
  1363. {
  1364. struct token_groups *tg = set_reply_data_size( size_needed );
  1365. if (tg)
  1366. {
  1367. unsigned int *attr_ptr = (unsigned int *)(tg + 1);
  1368. SID *sid_ptr = (SID *)(attr_ptr + group_count);
  1369. tg->count = group_count;
  1370. LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
  1371. {
  1372. *attr_ptr = 0;
  1373. if (group->mandatory) *attr_ptr |= SE_GROUP_MANDATORY;
  1374. if (group->def) *attr_ptr |= SE_GROUP_ENABLED_BY_DEFAULT;
  1375. if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED;
  1376. if (group->owner) *attr_ptr |= SE_GROUP_OWNER;
  1377. if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY;
  1378. if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
  1379. if (group->logon) *attr_ptr |= SE_GROUP_LOGON_ID;
  1380. memcpy(sid_ptr, &group->sid, security_sid_len( &group->sid ));
  1381. sid_ptr = (SID *)((char *)sid_ptr + security_sid_len( &group->sid ));
  1382. attr_ptr++;
  1383. }
  1384. }
  1385. }
  1386. else set_error( STATUS_BUFFER_TOO_SMALL );
  1387. release_object( token );
  1388. }
  1389. }
  1390. DECL_HANDLER(get_token_info)
  1391. {
  1392. struct token *token;
  1393. if ((token = (struct token *)get_handle_obj( current->process, req->handle, TOKEN_QUERY, &token_ops )))
  1394. {
  1395. reply->token_id = token->token_id;
  1396. reply->modified_id = token->modified_id;
  1397. reply->primary = token->primary;
  1398. reply->impersonation_level = token->impersonation_level;
  1399. reply->elevation = token->elevation;
  1400. reply->group_count = list_count( &token->groups );
  1401. reply->privilege_count = list_count( &token->privileges );
  1402. release_object( token );
  1403. }
  1404. }
  1405. DECL_HANDLER(get_token_default_dacl)
  1406. {
  1407. struct token *token;
  1408. reply->acl_len = 0;
  1409. if ((token = (struct token *)get_handle_obj( current->process, req->handle,
  1410. TOKEN_QUERY,
  1411. &token_ops )))
  1412. {
  1413. if (token->default_dacl)
  1414. reply->acl_len = token->default_dacl->AclSize;
  1415. if (reply->acl_len <= get_reply_max_size())
  1416. {
  1417. ACL *acl_reply = set_reply_data_size( reply->acl_len );
  1418. if (acl_reply)
  1419. memcpy( acl_reply, token->default_dacl, reply->acl_len );
  1420. }
  1421. else set_error( STATUS_BUFFER_TOO_SMALL );
  1422. release_object( token );
  1423. }
  1424. }
  1425. DECL_HANDLER(set_token_default_dacl)
  1426. {
  1427. struct token *token;
  1428. if ((token = (struct token *)get_handle_obj( current->process, req->handle,
  1429. TOKEN_ADJUST_DEFAULT,
  1430. &token_ops )))
  1431. {
  1432. const ACL *acl = get_req_data();
  1433. unsigned int acl_size = get_req_data_size();
  1434. free( token->default_dacl );
  1435. token->default_dacl = NULL;
  1436. if (acl_size)
  1437. token->default_dacl = memdup( acl, acl_size );
  1438. release_object( token );
  1439. }
  1440. }
  1441. DECL_HANDLER(create_linked_token)
  1442. {
  1443. struct token *token, *linked;
  1444. int elevation;
  1445. if ((token = (struct token *)get_handle_obj( current->process, req->handle,
  1446. TOKEN_QUERY, &token_ops )))
  1447. {
  1448. switch (token->elevation)
  1449. {
  1450. case TokenElevationTypeFull:
  1451. elevation = TokenElevationTypeLimited;
  1452. break;
  1453. case TokenElevationTypeLimited:
  1454. elevation = TokenElevationTypeFull;
  1455. break;
  1456. default:
  1457. release_object( token );
  1458. return;
  1459. }
  1460. if ((linked = token_create_admin( elevation )))
  1461. {
  1462. reply->linked = alloc_handle( current->process, linked, TOKEN_ALL_ACCESS, 0 );
  1463. release_object( linked );
  1464. }
  1465. release_object( token );
  1466. }
  1467. }