- Change the default user SID to match what was previously returned by

NtQueryInformationToken.
- Implement TokenUser for NtQueryInformationToken.
- Add a function for getting the user's registry path from a SID.
oldstable
Robert Shearman 2005-07-18 13:22:55 +00:00 committed by Alexandre Julliard
parent 2997fc51a4
commit 91eaea53ae
8 changed files with 125 additions and 20 deletions

View File

@ -196,9 +196,6 @@ NTSTATUS WINAPI NtQueryInformationToken(
switch (tokeninfoclass) switch (tokeninfoclass)
{ {
case TokenUser:
len = sizeof(TOKEN_USER) + sizeof(SID);
break;
case TokenGroups: case TokenGroups:
len = sizeof(TOKEN_GROUPS); len = sizeof(TOKEN_GROUPS);
break; break;
@ -232,15 +229,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
switch (tokeninfoclass) switch (tokeninfoclass)
{ {
case TokenUser: case TokenUser:
if( tokeninfo ) SERVER_START_REQ( get_token_user )
{ {
TOKEN_USER * tuser = tokeninfo; TOKEN_USER * tuser = tokeninfo;
PSID sid = (PSID) (tuser + 1); PSID sid = (PSID) (tuser + 1);
SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY}; DWORD sid_len = tokeninfolength < sizeof(TOKEN_USER) ? 0 : tokeninfolength - sizeof(TOKEN_USER);
RtlInitializeSid(sid, &localSidAuthority, 1);
*(RtlSubAuthoritySid(sid, 0)) = SECURITY_INTERACTIVE_RID; req->handle = token;
tuser->User.Sid = sid; wine_server_set_reply( req, sid, sid_len );
status = wine_server_call( req );
*retlen = reply->user_len + sizeof(TOKEN_USER);
if (status == STATUS_SUCCESS)
{
tuser->User.Sid = sid;
tuser->User.Attributes = 0;
}
} }
SERVER_END_REQ;
break; break;
case TokenGroups: case TokenGroups:
if (tokeninfo) if (tokeninfo)

View File

@ -3487,6 +3487,18 @@ struct access_check_reply
/* VARARG(privileges,LUID_AND_ATTRIBUTES); */ /* VARARG(privileges,LUID_AND_ATTRIBUTES); */
}; };
struct get_token_user_request
{
struct request_header __header;
obj_handle_t handle;
};
struct get_token_user_reply
{
struct reply_header __header;
size_t user_len;
/* VARARG(user,SID); */
};
struct create_mailslot_request struct create_mailslot_request
{ {
@ -3739,6 +3751,7 @@ enum request
REQ_check_token_privileges, REQ_check_token_privileges,
REQ_duplicate_token, REQ_duplicate_token,
REQ_access_check, REQ_access_check,
REQ_get_token_user,
REQ_create_mailslot, REQ_create_mailslot,
REQ_open_mailslot, REQ_open_mailslot,
REQ_set_mailslot_info, REQ_set_mailslot_info,
@ -3948,6 +3961,7 @@ union generic_request
struct check_token_privileges_request check_token_privileges_request; struct check_token_privileges_request check_token_privileges_request;
struct duplicate_token_request duplicate_token_request; struct duplicate_token_request duplicate_token_request;
struct access_check_request access_check_request; struct access_check_request access_check_request;
struct get_token_user_request get_token_user_request;
struct create_mailslot_request create_mailslot_request; struct create_mailslot_request create_mailslot_request;
struct open_mailslot_request open_mailslot_request; struct open_mailslot_request open_mailslot_request;
struct set_mailslot_info_request set_mailslot_info_request; struct set_mailslot_info_request set_mailslot_info_request;
@ -4155,11 +4169,12 @@ union generic_reply
struct check_token_privileges_reply check_token_privileges_reply; struct check_token_privileges_reply check_token_privileges_reply;
struct duplicate_token_reply duplicate_token_reply; struct duplicate_token_reply duplicate_token_reply;
struct access_check_reply access_check_reply; struct access_check_reply access_check_reply;
struct get_token_user_reply get_token_user_reply;
struct create_mailslot_reply create_mailslot_reply; struct create_mailslot_reply create_mailslot_reply;
struct open_mailslot_reply open_mailslot_reply; struct open_mailslot_reply open_mailslot_reply;
struct set_mailslot_info_reply set_mailslot_info_reply; struct set_mailslot_info_reply set_mailslot_info_reply;
}; };
#define SERVER_PROTOCOL_VERSION 187 #define SERVER_PROTOCOL_VERSION 188
#endif /* __WINE_WINE_SERVER_PROTOCOL_H */ #endif /* __WINE_WINE_SERVER_PROTOCOL_H */

View File

@ -2448,6 +2448,13 @@ enum message_type
VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges used during access check */ VARARG(privileges,LUID_AND_ATTRIBUTES); /* privileges used during access check */
@END @END
@REQ(get_token_user)
obj_handle_t handle; /* handle to the token */
@REPLY
size_t user_len; /* length needed to store user */
VARARG(user,SID); /* sid of the user the token represents */
@END
/* Create a mailslot */ /* Create a mailslot */
@REQ(create_mailslot) @REQ(create_mailslot)
unsigned int max_msgsize; unsigned int max_msgsize;

View File

@ -1421,14 +1421,34 @@ static void load_init_registry_from_file( const char *filename, struct key *key
} }
} }
static WCHAR *format_user_registry_path( const SID *sid )
{
static const WCHAR prefixW[] = {'U','s','e','r','\\','S',0};
static const WCHAR formatW[] = {'-','%','u',0};
WCHAR buffer[7 + 10 + 10 + 10 * SID_MAX_SUB_AUTHORITIES];
WCHAR *p = buffer;
unsigned int i;
strcpyW( p, prefixW );
p += strlenW( prefixW );
p += sprintfW( p, formatW, sid->Revision );
p += sprintfW( p, formatW, MAKELONG( MAKEWORD( sid->IdentifierAuthority.Value[5],
sid->IdentifierAuthority.Value[4] ),
MAKEWORD( sid->IdentifierAuthority.Value[3],
sid->IdentifierAuthority.Value[2] )));
for (i = 0; i < sid->SubAuthorityCount; i++)
p += sprintfW( p, formatW, sid->SubAuthority[i] );
return memdup( buffer, (p + 1 - buffer) * sizeof(WCHAR) );
}
/* registry initialisation */ /* registry initialisation */
void init_registry(void) void init_registry(void)
{ {
static const WCHAR root_name[] = { 0 }; static const WCHAR root_name[] = { 0 };
static const WCHAR HKLM[] = { 'M','a','c','h','i','n','e' }; static const WCHAR HKLM[] = { 'M','a','c','h','i','n','e' };
static const WCHAR HKU_default[] = { 'U','s','e','r','\\','.','D','e','f','a','u','l','t' }; static const WCHAR HKU_default[] = { 'U','s','e','r','\\','.','D','e','f','a','u','l','t' };
/* FIXME: hardcoded to match what NtQueryTokenInformation currently returns */ WCHAR *current_user_path;
static const WCHAR HKCU[] = {'U','s','e','r','\\','S','-','1','-','5','-','4',0};
const char *config = wine_get_config_dir(); const char *config = wine_get_config_dir();
char *p, *filename; char *p, *filename;
@ -1465,9 +1485,12 @@ void init_registry(void)
/* load user.reg into HKEY_CURRENT_USER */ /* load user.reg into HKEY_CURRENT_USER */
if (!(key = create_key( root_key, copy_path( HKCU, sizeof(HKCU), 0 ), /* FIXME: match default user in token.c. should get from process token instead */
NULL, 0, time(NULL), &dummy ))) current_user_path = format_user_registry_path( security_interactive_sid );
if (!current_user_path ||
!(key = create_key( root_key, current_user_path, NULL, 0, time(NULL), &dummy )))
fatal_error( "could not create HKEY_CURRENT_USER registry key\n" ); fatal_error( "could not create HKEY_CURRENT_USER registry key\n" );
free( current_user_path );
strcpy( p, "/user.reg" ); strcpy( p, "/user.reg" );
load_init_registry_from_file( filename, key ); load_init_registry_from_file( filename, key );
release_object( key ); release_object( key );

View File

@ -302,6 +302,7 @@ DECL_HANDLER(get_token_privileges);
DECL_HANDLER(check_token_privileges); DECL_HANDLER(check_token_privileges);
DECL_HANDLER(duplicate_token); DECL_HANDLER(duplicate_token);
DECL_HANDLER(access_check); DECL_HANDLER(access_check);
DECL_HANDLER(get_token_user);
DECL_HANDLER(create_mailslot); DECL_HANDLER(create_mailslot);
DECL_HANDLER(open_mailslot); DECL_HANDLER(open_mailslot);
DECL_HANDLER(set_mailslot_info); DECL_HANDLER(set_mailslot_info);
@ -510,6 +511,7 @@ static const req_handler req_handlers[REQ_NB_REQUESTS] =
(req_handler)req_check_token_privileges, (req_handler)req_check_token_privileges,
(req_handler)req_duplicate_token, (req_handler)req_duplicate_token,
(req_handler)req_access_check, (req_handler)req_access_check,
(req_handler)req_get_token_user,
(req_handler)req_create_mailslot, (req_handler)req_create_mailslot,
(req_handler)req_open_mailslot, (req_handler)req_open_mailslot,
(req_handler)req_set_mailslot_info, (req_handler)req_set_mailslot_info,

View File

@ -39,6 +39,8 @@ extern const LUID SeManageVolumePrivilege;
extern const LUID SeImpersonatePrivilege; extern const LUID SeImpersonatePrivilege;
extern const LUID SeCreateGlobalPrivilege; extern const LUID SeCreateGlobalPrivilege;
extern const PSID security_interactive_sid;
extern struct token *token_create_admin(void); extern struct token *token_create_admin(void);
extern int token_check_privileges( struct token *token, int all_required, extern int token_check_privileges( struct token *token, int all_required,
const LUID_AND_ATTRIBUTES *reqprivs, const LUID_AND_ATTRIBUTES *reqprivs,

View File

@ -34,6 +34,8 @@
#include "request.h" #include "request.h"
#include "security.h" #include "security.h"
#include "wine/unicode.h"
#define MAX_SUBAUTH_COUNT 1 #define MAX_SUBAUTH_COUNT 1
const LUID SeIncreaseQuotaPrivilege = { 5, 0 }; const LUID SeIncreaseQuotaPrivilege = { 5, 0 };
@ -62,10 +64,11 @@ static const SID local_sid = { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }
static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } }; static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } };
static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } }; static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } }; static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
static PSID security_world_sid = (PSID)&world_sid; static const PSID security_world_sid = (PSID)&world_sid;
static PSID security_local_sid = (PSID)&local_sid; static const PSID security_local_sid = (PSID)&local_sid;
static PSID security_interactive_sid = (PSID)&interactive_sid; const PSID security_interactive_sid = (PSID)&interactive_sid;
static PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid; static const PSID security_authenticated_user_sid = (PSID)&authenticated_user_sid;
static const PSID security_local_system_sid = (PSID)&local_system_sid;
struct token struct token
{ {
@ -557,9 +560,9 @@ struct token *token_create_admin( void )
{ alias_admins_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY }, { alias_admins_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
{ alias_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY }, { alias_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
}; };
/* note: we just set the user sid to be the local system builtin sid - /* note: we just set the user sid to be the interactive builtin sid -
* telling us what this should be is the job of a client-side program */ * we should really translate the UNIX user id to a sid */
token = create_token( TRUE, &local_system_sid, token = create_token( TRUE, &interactive_sid,
admin_groups, sizeof(admin_groups)/sizeof(admin_groups[0]), admin_groups, sizeof(admin_groups)/sizeof(admin_groups[0]),
admin_privs, sizeof(admin_privs)/sizeof(admin_privs[0]), admin_privs, sizeof(admin_privs)/sizeof(admin_privs[0]),
default_dacl ); default_dacl );
@ -1091,3 +1094,29 @@ DECL_HANDLER(access_check)
release_object( token ); release_object( token );
} }
} }
/* */
DECL_HANDLER(get_token_user)
{
struct token *token;
reply->user_len = 0;
if ((token = (struct token *)get_handle_obj( current->process, req->handle,
TOKEN_QUERY,
&token_ops )))
{
const SID *user = token->user;
reply->user_len = FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]);
if (reply->user_len <= get_reply_max_size())
{
SID *user_reply = set_reply_data_size( reply->user_len );
if (user_reply)
memcpy( user_reply, user, reply->user_len );
}
else set_error( STATUS_BUFFER_TOO_SMALL );
release_object( token );
}
}

View File

@ -446,6 +446,13 @@ static void dump_inline_sid( const SID *sid, size_t size )
fputc( '}', stderr ); fputc( '}', stderr );
} }
static void dump_varargs_SID( size_t size )
{
const SID *sid = cur_data;
dump_inline_sid( sid, size );
remove_data( size );
}
static void dump_inline_acl( const ACL *acl, size_t size ) static void dump_inline_acl( const ACL *acl, size_t size )
{ {
const ACE_HEADER *ace; const ACE_HEADER *ace;
@ -3011,6 +3018,18 @@ static void dump_access_check_reply( const struct access_check_reply *req )
dump_varargs_LUID_AND_ATTRIBUTES( cur_size ); dump_varargs_LUID_AND_ATTRIBUTES( cur_size );
} }
static void dump_get_token_user_request( const struct get_token_user_request *req )
{
fprintf( stderr, " handle=%p", req->handle );
}
static void dump_get_token_user_reply( const struct get_token_user_reply *req )
{
fprintf( stderr, " user_len=%d,", req->user_len );
fprintf( stderr, " user=" );
dump_varargs_SID( cur_size );
}
static void dump_create_mailslot_request( const struct create_mailslot_request *req ) static void dump_create_mailslot_request( const struct create_mailslot_request *req )
{ {
fprintf( stderr, " max_msgsize=%08x,", req->max_msgsize ); fprintf( stderr, " max_msgsize=%08x,", req->max_msgsize );
@ -3254,6 +3273,7 @@ static const dump_func req_dumpers[REQ_NB_REQUESTS] = {
(dump_func)dump_check_token_privileges_request, (dump_func)dump_check_token_privileges_request,
(dump_func)dump_duplicate_token_request, (dump_func)dump_duplicate_token_request,
(dump_func)dump_access_check_request, (dump_func)dump_access_check_request,
(dump_func)dump_get_token_user_request,
(dump_func)dump_create_mailslot_request, (dump_func)dump_create_mailslot_request,
(dump_func)dump_open_mailslot_request, (dump_func)dump_open_mailslot_request,
(dump_func)dump_set_mailslot_info_request, (dump_func)dump_set_mailslot_info_request,
@ -3459,6 +3479,7 @@ static const dump_func reply_dumpers[REQ_NB_REQUESTS] = {
(dump_func)dump_check_token_privileges_reply, (dump_func)dump_check_token_privileges_reply,
(dump_func)dump_duplicate_token_reply, (dump_func)dump_duplicate_token_reply,
(dump_func)dump_access_check_reply, (dump_func)dump_access_check_reply,
(dump_func)dump_get_token_user_reply,
(dump_func)dump_create_mailslot_reply, (dump_func)dump_create_mailslot_reply,
(dump_func)dump_open_mailslot_reply, (dump_func)dump_open_mailslot_reply,
(dump_func)dump_set_mailslot_info_reply, (dump_func)dump_set_mailslot_info_reply,
@ -3664,6 +3685,7 @@ static const char * const req_names[REQ_NB_REQUESTS] = {
"check_token_privileges", "check_token_privileges",
"duplicate_token", "duplicate_token",
"access_check", "access_check",
"get_token_user",
"create_mailslot", "create_mailslot",
"open_mailslot", "open_mailslot",
"set_mailslot_info", "set_mailslot_info",