From 7bff35428be5532c4809ff59087274f9d8eab5a9 Mon Sep 17 00:00:00 2001 From: Robert Shearman Date: Mon, 23 May 2005 16:33:00 +0000 Subject: [PATCH] - Add new server type "struct security_descriptor". - Add tracing for this new type. --- include/wine/server_protocol.h | 15 +++++ server/protocol.def | 15 +++++ server/trace.c | 112 +++++++++++++++++++++++++++++++++ 3 files changed, 142 insertions(+) diff --git a/include/wine/server_protocol.h b/include/wine/server_protocol.h index 37b6c271d0c..707ecd6c6bc 100644 --- a/include/wine/server_protocol.h +++ b/include/wine/server_protocol.h @@ -162,6 +162,21 @@ typedef struct unsigned short attr; } char_info_t; +#define MAX_ACL_LEN 65535 + +struct security_descriptor +{ + unsigned int control; + size_t owner_len; + size_t group_len; + size_t sacl_len; + size_t dacl_len; + + + + +}; + diff --git a/server/protocol.def b/server/protocol.def index 8d0166f4a1f..2dd38c6a79d 100644 --- a/server/protocol.def +++ b/server/protocol.def @@ -178,6 +178,21 @@ typedef struct unsigned short attr; } char_info_t; +#define MAX_ACL_LEN 65535 + +struct security_descriptor +{ + unsigned int control; /* SE_ flags */ + size_t owner_len; + size_t group_len; + size_t sacl_len; + size_t dacl_len; + /* VARARGS(owner,SID); */ + /* VARARGS(group,SID); */ + /* VARARGS(sacl,ACL); */ + /* VARARGS(dacl,ACL); */ +}; + /****************************************************************/ /* Request declarations */ diff --git a/server/trace.c b/server/trace.c index 0dd5933bf97..912d4f98f92 100644 --- a/server/trace.c +++ b/server/trace.c @@ -424,6 +424,118 @@ static void dump_varargs_LUID_AND_ATTRIBUTES( size_t size ) remove_data( size ); } +static void dump_inline_sid( const SID *sid, size_t size ) +{ + DWORD i; + + /* security check */ + if ((size < sizeof(SID)) || + (FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) > size)) + return; + + fputc( '{', stderr ); + fprintf( stderr, "S-%u-%lu", sid->Revision, MAKELONG( + MAKEWORD( sid->IdentifierAuthority.Value[5], + sid->IdentifierAuthority.Value[4] ), + MAKEWORD( sid->IdentifierAuthority.Value[3], + sid->IdentifierAuthority.Value[2] ) ) ); + for (i = 0; i < sid->SubAuthorityCount; i++) + fprintf( stderr, "-%lu", sid->SubAuthority[i] ); + fputc( '}', stderr ); +} + +static void dump_inline_acl( const ACL *acl, size_t size ) +{ + const ACE_HEADER *ace; + ULONG i; + fputc( '{', stderr ); + + if (size) + { + if (size < sizeof(ACL)) + return; + size -= sizeof(ACL); + ace = (const ACE_HEADER *)(acl + 1); + for (i = 0; i < acl->AceCount; i++) + { + const SID *sid = NULL; + + if (size < sizeof(ACE_HEADER)) + return; + if (size < ace->AceSize) + return; + size -= ace->AceSize; + fprintf( stderr, "{AceType=" ); + switch (ace->AceType) + { + case ACCESS_DENIED_ACE_TYPE: + sid = (const SID *)&((const ACCESS_DENIED_ACE *)ace)->SidStart; + fprintf( stderr, "ACCESS_DENIED_ACE_TYPE" ); + break; + case ACCESS_ALLOWED_ACE_TYPE: + sid = (const SID *)&((const ACCESS_ALLOWED_ACE *)ace)->SidStart; + fprintf( stderr, "ACCESS_ALLOWED_ACE_TYPE" ); + break; + case SYSTEM_AUDIT_ACE_TYPE: + sid = (const SID *)&((const SYSTEM_AUDIT_ACE *)ace)->SidStart; + fprintf( stderr, "SYSTEM_AUDIT_ACE_TYPE" ); + break; + case SYSTEM_ALARM_ACE_TYPE: + sid = (const SID *)&((const SYSTEM_ALARM_ACE *)ace)->SidStart; + fprintf( stderr, "SYSTEM_ALARM_ACE_TYPE" ); + break; + default: + fprintf( stderr, "unknown<%d>", ace->AceType ); + break; + } + fprintf( stderr, ",AceFlags=%x,Sid=", ace->AceFlags ); + if (sid) + dump_inline_sid( sid, size ); + ace = (const ACE_HEADER *)((const char *)ace + ace->AceSize); + fputc( '}', stderr ); + } + } + fputc( '}', stderr ); +} + +static void dump_inline_security_descriptor( const struct security_descriptor *sd, size_t size ) +{ + fputc( '{', stderr ); + if (size >= sizeof(struct security_descriptor)) + { + size_t offset = sizeof(struct security_descriptor); + fprintf( stderr, "control=%08x", sd->control ); + fprintf( stderr, ",owner=" ); + if ((sd->owner_len > FIELD_OFFSET(SID, SubAuthority[255])) || (offset + sd->owner_len > size)) + return; + dump_inline_sid( (const SID *)((const char *)sd + offset), sd->owner_len ); + offset += sd->owner_len; + fprintf( stderr, ",group=" ); + if ((sd->group_len > FIELD_OFFSET(SID, SubAuthority[255])) || (offset + sd->group_len > size)) + return; + dump_inline_sid( (const SID *)((const char *)sd + offset), sd->group_len ); + offset += sd->group_len; + fprintf( stderr, ",sacl=" ); + if ((sd->sacl_len >= MAX_ACL_LEN) || (offset + sd->sacl_len > size)) + return; + dump_inline_acl( (const ACL *)((const char *)sd + offset), sd->sacl_len ); + offset += sd->sacl_len; + fprintf( stderr, ",dacl=" ); + if ((sd->dacl_len >= MAX_ACL_LEN) || (offset + sd->dacl_len > size)) + return; + dump_inline_acl( (const ACL *)((const char *)sd + offset), sd->dacl_len ); + offset += sd->dacl_len; + } + fputc( '}', stderr ); +} + +static void dump_varargs_security_descriptor( size_t size ) +{ + const struct security_descriptor *sd = cur_data; + dump_inline_security_descriptor( sd, size ); + remove_data( size ); +} + typedef void (*dump_func)( const void *req ); /* Everything below this line is generated automatically by tools/make_requests */