wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-11-21 16:46:54 -08:00
Code Issues Packages Projects Releases Wiki Activity

Rebase against b1a3b9e5ce74990777fca94658833802cb7b7a09.

Browse Source
This commit is contained in:
Zebediah Figura 2018-09-20 18:18:30 -05:00
parent 42312b1e3f
commit 3f082c2d0a
10 changed files with 169 additions and 491 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
patches/advapi32-LsaLookupSids/definition
View File

@ -1,2 +1 @@
Depends: server-Misc_ACL
Depends: server-CreateProcess_ACLs

130
patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch
View File

@ -1,4 +1,4 @@
From b534f2d905c3ba205c9a4f895149e6be8425b31e Mon Sep 17 00:00:00 2001
From 378f910689602e3367cc72a0248f38ab76cea7d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Sun, 6 Aug 2017 02:08:05 +0200
Subject: [PATCH] server: Implement support for creating processes using a
@ -15,10 +15,10 @@ Subject: [PATCH] server: Implement support for creating processes using a
7 files changed, 59 insertions(+), 21 deletions(-)
diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
index e270ca7..633065b 100644
index 5fc0d8b..b189036 100644
--- a/dlls/kernel32/process.c
+++ b/dlls/kernel32/process.c
@@ -2036,7 +2036,7 @@ static NTSTATUS create_struct_sd(PSECURITY_DESCRIPTOR nt_sd, struct security_des
@@ -2027,7 +2027,7 @@ static NTSTATUS alloc_object_attributes( const SECURITY_ATTRIBUTES *attr, struct
* Create a new process. If hFile is a valid handle we have an exe
* file, otherwise it is a Winelib app.
*/
@ -27,15 +27,15 @@ index e270ca7..633065b 100644
LPCWSTR cur_dir, LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
LPPROCESS_INFORMATION info, LPCSTR unixdir,
@@ -2182,6 +2182,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
@@ -2140,6 +2140,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
req->access = PROCESS_ALL_ACCESS;
req->cpu = cpu;
req->info_size = startup_info_size;
req->env_size = (env_end - env) * sizeof(WCHAR);
req->process_sd_size = process_sd_size;
+ req->token = wine_server_obj_handle( token );
wine_server_add_data( req, objattr, attr_len );
wine_server_add_data( req, startup_info, startup_info_size );
wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
@@ -2282,7 +2283,7 @@ error:
@@ -2256,7 +2257,7 @@ error:
*
* Create a new VDM process for a 16-bit or DOS application.
*/
@ -44,7 +44,7 @@ index e270ca7..633065b 100644
LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
LPPROCESS_INFORMATION info, LPCSTR unixdir,
@@ -2306,7 +2307,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
@@ -2280,7 +2281,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
return FALSE;
}
sprintfW(new_cmd_line, argsW, winevdmW, buffer, cmd_line);
@ -53,7 +53,7 @@ index e270ca7..633065b 100644
flags, startup, info, unixdir, binary_info, exec_only );
HeapFree( GetProcessHeap(), 0, new_cmd_line );
return ret;
@@ -2318,7 +2319,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
@@ -2292,7 +2293,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
*
* Create a new cmd shell process for a .BAT file.
*/
@ -62,7 +62,7 @@ index e270ca7..633065b 100644
LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
LPPROCESS_INFORMATION info )
@@ -2346,8 +2347,8 @@ static BOOL create_cmd_process( LPCWSTR filename, LPWSTR cmd_line, LPVOID env, L
@@ -2320,8 +2321,8 @@ static BOOL create_cmd_process( LPCWSTR filename, LPWSTR cmd_line, LPVOID env, L
strcatW( newcmdline, quotW );
strcatW( newcmdline, cmd_line );
strcatW( newcmdline, quotW );
@ -73,7 +73,7 @@ index e270ca7..633065b 100644
HeapFree( GetProcessHeap(), 0, newcmdline );
return ret;
}
@@ -2457,7 +2458,9 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
@@ -2431,7 +2432,9 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
TRACE("app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
@ -84,7 +84,7 @@ index e270ca7..633065b 100644
if (new_token) FIXME("No support for returning created process token\n");
if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, ARRAY_SIZE( name ),
@@ -2515,20 +2518,20 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
@@ -2489,20 +2492,20 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32,
wine_dbgstr_longlong(binary_info.res_start), wine_dbgstr_longlong(binary_info.res_end),
binary_info.arch, (binary_info.flags & BINARY_FLAG_FAKEDLL) ? ", fakedll" : "" );
@ -108,7 +108,7 @@ index e270ca7..633065b 100644
inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
break;
case BINARY_UNKNOWN:
@@ -2540,7 +2543,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
@@ -2514,7 +2517,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
TRACE( "starting %s as DOS binary\n", debugstr_w(name) );
binary_info.type = BINARY_DOS;
binary_info.arch = IMAGE_FILE_MACHINE_I386;
@ -117,7 +117,7 @@ index e270ca7..633065b 100644
inherit, flags, startup_info, info, unixdir,
&binary_info, FALSE );
break;
@@ -2548,7 +2551,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
@@ -2522,7 +2525,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
if (!strcmpiW( p, batW ) || !strcmpiW( p, cmdW ) )
{
TRACE( "starting %s as batch binary\n", debugstr_w(name) );
@ -126,7 +126,7 @@ index e270ca7..633065b 100644
inherit, flags, startup_info, info );
break;
}
@@ -2668,12 +2671,12 @@ static void exec_process( LPCWSTR name )
@@ -2642,12 +2645,12 @@ static void exec_process( LPCWSTR name )
debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32,
wine_dbgstr_longlong(binary_info.res_start), wine_dbgstr_longlong(binary_info.res_end),
binary_info.arch );
@ -141,7 +141,7 @@ index e270ca7..633065b 100644
FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
break;
case BINARY_UNKNOWN:
@@ -2687,7 +2690,7 @@ static void exec_process( LPCWSTR name )
@@ -2661,7 +2664,7 @@ static void exec_process( LPCWSTR name )
case BINARY_WIN16:
case BINARY_DOS:
TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(name) );
@ -151,19 +151,19 @@ index e270ca7..633065b 100644
break;
default:
diff --git a/server/process.c b/server/process.c
index 81cea2f..7d2206f 100644
index 00462cf..b7c9da3 100644
--- a/server/process.c
+++ b/server/process.c
@@ -496,7 +496,7 @@ static void start_sigkill_timer( struct process *process )
/* create a new process and its main thread */
@@ -487,7 +487,7 @@ static void start_sigkill_timer( struct process *process )
/* create a new process */
/* if the function fails the fd is closed */
-struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all )
+struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all, struct token *token )
struct process *create_process( int fd, struct thread *parent_thread, int inherit_all,
- const struct security_descriptor *sd )
+ const struct security_descriptor *sd, struct token *token )
{
struct process *process;
struct thread *thread = NULL;
@@ -567,7 +567,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
@@ -562,7 +562,7 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
: alloc_handle_table( process, 0 );
/* Note: for security reasons, starting a new process does not attempt
* to use the current impersonation token for the new process */
@ -172,15 +172,15 @@ index 81cea2f..7d2206f 100644
process->affinity = parent->affinity;
}
if (!process->handles || !process->token) goto error;
@@ -1147,6 +1147,7 @@ DECL_HANDLER(new_process)
struct startup_info *info;
struct thread *thread;
struct process *process;
@@ -1129,6 +1129,7 @@ DECL_HANDLER(new_process)
const struct security_descriptor *sd;
const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL );
struct process *process = NULL;
+ struct token *token = NULL;
struct process *parent = current->process;
int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
const struct security_descriptor *process_sd = NULL, *thread_sd = NULL;
@@ -1182,9 +1183,27 @@ DECL_HANDLER(new_process)
@@ -1169,13 +1170,31 @@ DECL_HANDLER(new_process)
return;
}
@ -203,13 +203,17 @@ index 81cea2f..7d2206f 100644
+
if (!req->info_size) /* create an orphaned process */
{
- create_process( socket_fd, NULL, 0 );
+ create_process( socket_fd, NULL, 0, token );
- if ((process = create_process( socket_fd, NULL, 0, sd )))
+ if ((process = create_process( socket_fd, NULL, 0, sd, token )))
{
create_thread( -1, process, NULL );
release_object( process );
}
+ if (token) release_object( token );
return;
}
@@ -1192,6 +1211,7 @@ DECL_HANDLER(new_process)
@@ -1183,6 +1202,7 @@ DECL_HANDLER(new_process)
if (!(info = alloc_object( &startup_info_ops )))
{
close( socket_fd );
@ -217,61 +221,61 @@ index 81cea2f..7d2206f 100644
return;
}
info->exe_file = NULL;
@@ -1274,7 +1294,7 @@ DECL_HANDLER(new_process)
}
@@ -1237,7 +1257,7 @@ DECL_HANDLER(new_process)
#undef FIXUP_LEN
}
- if (!(thread = create_process( socket_fd, current, req->inherit_all ))) goto done;
+ if (!(thread = create_process( socket_fd, current, req->inherit_all, token ))) goto done;
process = thread->process;
- if (!(process = create_process( socket_fd, current, req->inherit_all, sd ))) goto done;
+ if (!(process = create_process( socket_fd, current, req->inherit_all, sd, token ))) goto done;
process->startup_info = (struct startup_info *)grab_object( info );
@@ -1356,6 +1376,7 @@ DECL_HANDLER(new_process)
}
@@ -1295,6 +1315,7 @@ DECL_HANDLER(new_process)
reply->handle = alloc_handle_no_access_check( parent, process, req->access, objattr->attributes );
done:
+ if (token) release_object( token );
if (process) release_object( process );
release_object( info );
}
diff --git a/server/process.h b/server/process.h
index 78e88ec..313c36a 100644
index f45a427..65196a9 100644
--- a/server/process.h
+++ b/server/process.h
@@ -114,7 +114,7 @@ struct process_snapshot
extern unsigned int alloc_ptid( void *ptr );
@@ -115,7 +115,7 @@ extern unsigned int alloc_ptid( void *ptr );
extern void free_ptid( unsigned int id );
extern void *get_ptid_entry( unsigned int id );
-extern struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all );
+extern struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all, struct token *token );
extern struct process *create_process( int fd, struct thread *parent_thread, int inherit_all,
- const struct security_descriptor *sd );
+ const struct security_descriptor *sd, struct token *token );
extern data_size_t init_process( struct thread *thread );
extern struct thread *get_process_first_thread( struct process *process );
extern struct process *get_process_from_id( process_id_t id );
diff --git a/server/protocol.def b/server/protocol.def
index b29df0a..95a120e 100644
index 49337ce..a20baf8 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -748,6 +748,7 @@ struct rawinput_device
@@ -743,6 +743,7 @@ struct rawinput_device
unsigned int access; /* access rights for process object */
cpu_type_t cpu; /* CPU that the new process will use */
data_size_t info_size; /* size of startup info */
data_size_t env_size; /* size of the environment */
data_size_t process_sd_size;/* size of the process security descriptor */
+ obj_handle_t token; /* token for the new process */
VARARG(objattr,object_attributes); /* object attributes */
VARARG(info,startup_info,info_size); /* startup information */
VARARG(env,unicode_str,env_size); /* environment for new process */
VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */
VARARG(env,unicode_str); /* environment for new process */
diff --git a/server/request.c b/server/request.c
index 6120bc5..a648c30 100644
index c10c4e6..86f293f 100644
--- a/server/request.c
+++ b/server/request.c
@@ -570,7 +570,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
@@ -577,7 +577,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
int client = accept( get_unix_fd( master_socket->fd ), (struct sockaddr *) &dummy, &len );
if (client == -1) return;
fcntl( client, F_SETFL, O_NONBLOCK );
- create_process( client, NULL, 0 );
+ create_process( client, NULL, 0, NULL );
}
}
- if ((process = create_process( client, NULL, 0, NULL )))
+ if ((process = create_process( client, NULL, 0, NULL, NULL )))
{
create_thread( -1, process, NULL );
release_object( process );
diff --git a/server/security.h b/server/security.h
index 21e90cc..32dfe5f 100644
--- a/server/security.h
@ -286,7 +290,7 @@ index 21e90cc..32dfe5f 100644
static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
{
diff --git a/server/token.c b/server/token.c
index de1d624..2804247 100644
index 1184241..5db97b4 100644
--- a/server/token.c
+++ b/server/token.c
@@ -836,6 +836,12 @@ int token_assign_label( struct token *token, PSID label )
@ -302,7 +306,7 @@ index de1d624..2804247 100644
struct token *token_create_admin( void )
{
struct token *token = NULL;
@@ -1263,6 +1269,11 @@ const SID *token_get_primary_group( struct token *token )
@@ -1262,6 +1268,11 @@ const SID *token_get_primary_group( struct token *token )
return token->primary_group;
}
@ -315,5 +319,5 @@ index de1d624..2804247 100644
{
GENERIC_MAPPING mapping;
--
1.9.1
2.7.4

50
patches/advapi32-Token_Integrity_Level/0013-server-Correctly-assign-security-labels-for-tokens.patch
View File

@ -1,20 +1,20 @@
From b14282d138ff6a5ad1d5c152d0a556c9ca648c36 Mon Sep 17 00:00:00 2001
From 6d8fd34cabbcbc64062675be610fb8704fcdc3ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 7 Aug 2017 03:33:26 +0200
Subject: [PATCH] server: Correctly assign security labels for tokens.
---
dlls/advapi32/tests/security.c | 21 +++++++++--------
server/process.c | 8 +------
dlls/advapi32/tests/security.c | 21 ++++++++++-----------
server/process.c | 8 +-------
server/security.h | 2 +-
server/token.c | 41 ++++++++++++++++++++--------------
server/token.c | 41 ++++++++++++++++++++++++-----------------
4 files changed, 36 insertions(+), 36 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 0271cd72e0..3b07e7cd2f 100644
index bf4161c..0610ec7 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -7215,7 +7215,6 @@ static void test_token_security_descriptor(void)
@@ -7186,7 +7186,6 @@ static void test_token_security_descriptor(void)
defaulted = TRUE;
ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted);
ok(ret, "GetSecurityDescriptorDacl failed with error %u\n", GetLastError());
@ -22,7 +22,7 @@ index 0271cd72e0..3b07e7cd2f 100644
ok(present, "DACL not present\n");
if (present)
@@ -7336,7 +7335,7 @@ static void test_token_security_descriptor(void)
@@ -7307,7 +7306,7 @@ static void test_token_security_descriptor(void)
ok(ret, "GetAce failed with error %u\n", GetLastError());
ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
"Unexpected ACE type %#x\n", ace->Header.AceType);
@ -31,7 +31,7 @@ index 0271cd72e0..3b07e7cd2f 100644
"Expected medium integrity level\n");
}
@@ -7389,8 +7388,8 @@ static void test_token_security_descriptor(void)
@@ -7360,8 +7359,8 @@ static void test_token_security_descriptor(void)
sacl = NULL;
ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@ -42,7 +42,7 @@ index 0271cd72e0..3b07e7cd2f 100644
if (sacl)
{
@@ -7439,8 +7438,8 @@ static void test_token_security_descriptor(void)
@@ -7410,8 +7409,8 @@ static void test_token_security_descriptor(void)
sacl = NULL;
ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@ -53,7 +53,7 @@ index 0271cd72e0..3b07e7cd2f 100644
if (sacl)
{
@@ -7504,8 +7503,8 @@ static void test_token_security_descriptor(void)
@@ -7475,8 +7474,8 @@ static void test_token_security_descriptor(void)
ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@ -64,7 +64,7 @@ index 0271cd72e0..3b07e7cd2f 100644
if (sacl)
{
@@ -7542,8 +7541,8 @@ static void test_token_security_descriptor(void)
@@ -7513,8 +7512,8 @@ static void test_token_security_descriptor(void)
sacl = NULL;
ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@ -75,7 +75,7 @@ index 0271cd72e0..3b07e7cd2f 100644
if (sacl)
{
@@ -7761,7 +7760,7 @@ static void test_child_token_sd_medium(void)
@@ -7732,7 +7731,7 @@ static void test_child_token_sd_medium(void)
ok(ret, "GetAce failed with error %u\n", GetLastError());
ok(ace_label->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
"Unexpected ACE type %#x\n", ace_label->Header.AceType);
@ -85,10 +85,10 @@ index 0271cd72e0..3b07e7cd2f 100644
memset(buffer_integrity, 0, sizeof(buffer_integrity));
diff --git a/server/process.c b/server/process.c
index 7d2206f274..74cc320f44 100644
index b7c9da3..250f777 100644
--- a/server/process.c
+++ b/server/process.c
@@ -567,17 +567,11 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
@@ -562,17 +562,11 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
: alloc_handle_table( process, 0 );
/* Note: for security reasons, starting a new process does not attempt
* to use the current impersonation token for the new process */
@ -104,11 +104,11 @@ index 7d2206f274..74cc320f44 100644
- if (!token_assign_label( process->token, security_high_label_sid ))
- goto error;
-
/* create the main thread */
if (pipe( request_pipe ) == -1)
{
set_fd_events( process->msg_fd, POLLIN ); /* start listening to events */
return process;
diff --git a/server/security.h b/server/security.h
index 32dfe5f8db..87377ccd67 100644
index 32dfe5f..87377cc 100644
--- a/server/security.h
+++ b/server/security.h
@@ -59,7 +59,7 @@ extern int token_assign_label( struct token *token, PSID label );
@ -121,7 +121,7 @@ index 32dfe5f8db..87377ccd67 100644
const LUID_AND_ATTRIBUTES *reqprivs,
unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
diff --git a/server/token.c b/server/token.c
index 28042471b0..e5639fc0d5 100644
index 5db97b4..bd251c7 100644
--- a/server/token.c
+++ b/server/token.c
@@ -668,7 +668,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
@ -146,7 +146,7 @@ index 28042471b0..e5639fc0d5 100644
return token;
}
@@ -907,6 +913,12 @@ struct token *token_create_admin( void )
@@ -906,6 +912,12 @@ struct token *token_create_admin( void )
admin_source, NULL, -1, TokenElevationTypeFull, &high_label_sid );
/* we really need a primary group */
assert( token->primary_group );
@ -159,7 +159,7 @@ index 28042471b0..e5639fc0d5 100644
}
free( logon_sid );
@@ -965,6 +977,12 @@ static struct token *token_create_limited( void )
@@ -964,6 +976,12 @@ static struct token *token_create_limited( void )
admin_source, NULL, -1, TokenElevationTypeLimited, &medium_label_sid );
/* we really need a primary group */
assert( token->primary_group );
@ -172,7 +172,7 @@ index 28042471b0..e5639fc0d5 100644
}
free( logon_sid );
@@ -1433,7 +1451,8 @@ DECL_HANDLER(duplicate_token)
@@ -1432,7 +1450,8 @@ DECL_HANDLER(duplicate_token)
TOKEN_DUPLICATE,
&token_ops )))
{
@ -182,7 +182,7 @@ index 28042471b0..e5639fc0d5 100644
if (token)
{
unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
@@ -1463,7 +1482,7 @@ DECL_HANDLER(filter_token)
@@ -1462,7 +1481,7 @@ DECL_HANDLER(filter_token)
group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
@ -191,7 +191,7 @@ index 28042471b0..e5639fc0d5 100644
if (token)
{
unsigned int access = get_handle_access( current->process, req->handle );
@@ -1789,23 +1808,11 @@ DECL_HANDLER(set_token_default_dacl)
@@ -1788,23 +1807,11 @@ DECL_HANDLER(set_token_default_dacl)
DECL_HANDLER(create_token)
{
struct token *token;
@ -218,5 +218,5 @@ index 28042471b0..e5639fc0d5 100644
}
}
--
2.18.0
2.7.4

1
patches/advapi32-Token_Integrity_Level/definition
View File

@ -1,6 +1,5 @@
Fixes: [40613] Basic implementation for token integrity levels and UAC handling
Fixes: [39262] Run explorer.exe as unevaluated process
Depends: advapi32-CreateRestrictedToken
Depends: server-CreateProcess_ACLs
Depends: server-Misc_ACL
Depends: Staging

62
patches/ntdll-RtlCreateUserThread/0001-ntdll-Refactor-RtlCreateUserThread-into-NtCreateThre.patch
View File

@ -1,4 +1,4 @@
From 0a59489fdff7d99e5c2b268117e63319c9df53b8 Mon Sep 17 00:00:00 2001
From 8e50c5f3175aa3df7387e8eb409a3bfc9e889c6e Mon Sep 17 00:00:00 2001
From: Andrew Wesie <awesie@gmail.com>
Date: Fri, 27 Jul 2018 01:22:59 -0500
Subject: [PATCH] ntdll: Refactor RtlCreateUserThread into NtCreateThreadEx.
@ -7,15 +7,15 @@ League of Legends hooks NtCreateThread or NtCreateThreadEx (depending on the
reported version), and expects it to be called whenever a thread is created.
---
dlls/ntdll/ntdll.spec | 2 +-
dlls/ntdll/thread.c | 185 ++++++++++++++++++++++++++++++++++++++++++--------
dlls/ntdll/thread.c | 192 +++++++++++++++++++++++++++++++++++++++++---------
include/winternl.h | 25 +++++++
3 files changed, 183 insertions(+), 29 deletions(-)
3 files changed, 184 insertions(+), 35 deletions(-)
diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
index 61d55da..638fbcf 100644
index e36b1bd..7e19e76 100644
--- a/dlls/ntdll/ntdll.spec
+++ b/dlls/ntdll/ntdll.spec
@@ -154,7 +154,7 @@
@@ -155,7 +155,7 @@
@ stdcall NtCreateSection(ptr long ptr ptr long long long)
@ stdcall NtCreateSemaphore(ptr long ptr long long)
@ stdcall NtCreateSymbolicLinkObject(ptr long ptr ptr)
@ -25,7 +25,7 @@ index 61d55da..638fbcf 100644
@ stdcall NtCreateTimer(ptr long ptr long)
@ stub NtCreateToken
diff --git a/dlls/ntdll/thread.c b/dlls/ntdll/thread.c
index e24a9e1..1664032 100644
index fbae5cc..f7cf80f 100644
--- a/dlls/ntdll/thread.c
+++ b/dlls/ntdll/thread.c
@@ -527,34 +527,18 @@ static void start_thread( struct startup_info *info )
@ -33,7 +33,7 @@ index e24a9e1..1664032 100644
* NtCreateThreadEx (NTDLL.@)
*/
-NTSTATUS WINAPI NtCreateThreadEx( HANDLE *handle_ptr, ACCESS_MASK access, OBJECT_ATTRIBUTES *attr,
+NTSTATUS WINAPI NtCreateThreadEx( HANDLE *handle_ptr, ACCESS_MASK access, OBJECT_ATTRIBUTES *obj_attr,
+NTSTATUS WINAPI NtCreateThreadEx( HANDLE *handle_ptr, ACCESS_MASK access, OBJECT_ATTRIBUTES *thread_attr,
HANDLE process, LPTHREAD_START_ROUTINE start, void *param,
ULONG flags, ULONG zero_bits, ULONG stack_commit,
- ULONG stack_reserve, void *attribute_list )
@ -50,7 +50,7 @@ index e24a9e1..1664032 100644
-/***********************************************************************
- * RtlCreateUserThread (NTDLL.@)
- */
-NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, const SECURITY_DESCRIPTOR *descr,
-NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, SECURITY_DESCRIPTOR *descr,
- BOOLEAN suspended, PVOID stack_addr,
- SIZE_T stack_reserve, SIZE_T stack_commit,
- PRTL_THREAD_START_ROUTINE start, void *param,
@ -68,12 +68,12 @@ index e24a9e1..1664032 100644
HANDLE handle = 0, actctx = 0;
TEB *teb = NULL;
DWORD tid = 0;
@@ -562,6 +546,33 @@ NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, const SECURITY_DESCRIPTOR *
NTSTATUS status;
SIZE_T extra_stack = PTHREAD_STACK_MIN;
@@ -564,6 +548,33 @@ NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, SECURITY_DESCRIPTOR *descr,
data_size_t len = 0;
struct object_attributes *objattr = NULL;
+ TRACE("(%p, %d, %p, %p, %p, %p, %u, %u, %u, %u, %p)\n",
+ handle_ptr, access, obj_attr, process, start, param, flags,
+ handle_ptr, access, thread_attr, process, start, param, flags,
+ zero_bits, stack_commit, stack_reserve, ps_attr_list);
+
+ if (ps_attr_list != NULL)
@ -102,16 +102,30 @@ index e24a9e1..1664032 100644
if (process != NtCurrentProcess())
{
apc_call_t call;
@@ -592,7 +603,7 @@ NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, const SECURITY_DESCRIPTOR *
@@ -589,12 +600,7 @@ NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, SECURITY_DESCRIPTOR *descr,
return result.create_thread.status;
}
- if (descr)
- {
- OBJECT_ATTRIBUTES thread_attr;
- InitializeObjectAttributes( &thread_attr, NULL, 0, NULL, descr );
- if ((status = alloc_object_attributes( &thread_attr, &objattr, &len ))) return status;
- }
+ if ((status = alloc_object_attributes( thread_attr, &objattr, &len ))) return status;
if (server_pipe( request_pipe ) == -1)
{
@@ -606,7 +612,7 @@ NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, SECURITY_DESCRIPTOR *descr,
SERVER_START_REQ( new_thread )
{
req->process = wine_server_obj_handle( process );
- req->access = THREAD_ALL_ACCESS;
+ req->access = access;
req->attributes = 0; /* FIXME */
req->suspend = suspended;
req->request_fd = request_pipe[0];
@@ -649,19 +660,19 @@ NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, const SECURITY_DESCRIPTOR *
wine_server_add_data( req, objattr, len );
@@ -664,19 +670,19 @@ NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, SECURITY_DESCRIPTOR *descr,
thread_data->wait_fd[1] = -1;
thread_data->start_stack = (char *)teb->Tib.StackBase;
@ -137,7 +151,7 @@ index e24a9e1..1664032 100644
pthread_sigmask( SIG_SETMASK, &sigset, NULL );
if (id) id->UniqueThread = ULongToHandle(tid);
@@ -678,6 +689,124 @@ error:
@@ -693,6 +699,124 @@ error:
return status;
}
@ -190,14 +204,14 @@ index e24a9e1..1664032 100644
+/***********************************************************************
+ * RtlCreateUserThread (NTDLL.@)
+ */
+NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, const SECURITY_DESCRIPTOR *descr,
+NTSTATUS WINAPI RtlCreateUserThread( HANDLE process, SECURITY_DESCRIPTOR *descr,
+ BOOLEAN suspended, void *stack_addr,
+ SIZE_T stack_reserve, SIZE_T stack_commit,
+ PRTL_THREAD_START_ROUTINE entry, void *arg,
+ HANDLE *handle_ptr, CLIENT_ID *id )
+{
+ if (descr)
+ FIXME("descr != NULL is unimplemented\n");
+ OBJECT_ATTRIBUTES thread_attr;
+ InitializeObjectAttributes( &thread_attr, NULL, 0, NULL, descr );
+ if (stack_addr)
+ FIXME("stack_addr != NULL is unimplemented\n");
+
@ -230,9 +244,9 @@ index e24a9e1..1664032 100644
+#endif
+
+#if defined(__i386__) || defined(__x86_64__)
+ return __syscall_NtCreateThread(handle_ptr, (ACCESS_MASK)0, NULL, process, id, &context, NULL, suspended);
+ return __syscall_NtCreateThread(handle_ptr, (ACCESS_MASK)0, &thread_attr, process, id, &context, NULL, suspended);
+#else
+ return NtCreateThread(handle_ptr, (ACCESS_MASK)0, NULL, process, id, &context, NULL, suspended);
+ return NtCreateThread(handle_ptr, (ACCESS_MASK)0, &thread_attr, process, id, &context, NULL, suspended);
+#endif
+ }
+ else
@ -252,9 +266,9 @@ index e24a9e1..1664032 100644
+ }
+
+#if defined(__i386__) || defined(__x86_64__)
+ return __syscall_NtCreateThreadEx(handle_ptr, (ACCESS_MASK)0, NULL, process, (LPTHREAD_START_ROUTINE)entry, arg, flags, 0, stack_commit, stack_reserve, pattr_list);
+ return __syscall_NtCreateThreadEx(handle_ptr, (ACCESS_MASK)0, &thread_attr, process, (LPTHREAD_START_ROUTINE)entry, arg, flags, 0, stack_commit, stack_reserve, pattr_list);
+#else
+ return NtCreateThreadEx(handle_ptr, (ACCESS_MASK)0, NULL, process, (LPTHREAD_START_ROUTINE)entry, arg, flags, 0, stack_commit, stack_reserve, pattr_list);
+ return NtCreateThreadEx(handle_ptr, (ACCESS_MASK)0, &thread_attr, process, (LPTHREAD_START_ROUTINE)entry, arg, flags, 0, stack_commit, stack_reserve, pattr_list);
+#endif
+ }
+}
@ -263,7 +277,7 @@ index e24a9e1..1664032 100644
/******************************************************************************
* RtlGetNtGlobalFlags (NTDLL.@)
diff --git a/include/winternl.h b/include/winternl.h
index a10310c..5559be4 100644
index 064293b..9d12d2f 100644
--- a/include/winternl.h
+++ b/include/winternl.h
@@ -2173,6 +2173,31 @@ typedef enum _SYSDBG_COMMAND {

46
patches/patchinstall.sh
View File

@ -52,7 +52,7 @@ usage()
# Get the upstream commit sha
upstream_commit()
{
echo "93994dfc0b99789e3a9c1490b4d93082f34b8dcc"
echo "b1a3b9e5ce74990777fca94658833802cb7b7a09"
}
# Show version information
@ -271,7 +271,6 @@ patch_enable_all ()
enable_riched20_Class_Tests="$1"
enable_riched20_IText_Interface="$1"
enable_server_ClipCursor="$1"
enable_server_CreateProcess_ACLs="$1"
enable_server_Desktop_Refcount="$1"
enable_server_FileEndOfFileInformation="$1"
enable_server_File_Permissions="$1"
@ -980,9 +979,6 @@ patch_enable ()
server-ClipCursor)
enable_server_ClipCursor="$2"
;;
server-CreateProcess_ACLs)
enable_server_CreateProcess_ACLs="$2"
;;
server-Desktop_Refcount)
enable_server_Desktop_Refcount="$2"
;;
@ -2242,26 +2238,18 @@ if test "$enable_advapi32_Token_Integrity_Level" -eq 1; then
if test "$enable_advapi32_CreateRestrictedToken" -gt 1; then
abort "Patchset advapi32-CreateRestrictedToken disabled, but advapi32-Token_Integrity_Level depends on that."
fi
if test "$enable_server_CreateProcess_ACLs" -gt 1; then
abort "Patchset server-CreateProcess_ACLs disabled, but advapi32-Token_Integrity_Level depends on that."
fi
if test "$enable_server_Misc_ACL" -gt 1; then
abort "Patchset server-Misc_ACL disabled, but advapi32-Token_Integrity_Level depends on that."
fi
enable_Staging=1
enable_advapi32_CreateRestrictedToken=1
enable_server_CreateProcess_ACLs=1
enable_server_Misc_ACL=1
fi
if test "$enable_advapi32_LsaLookupSids" -eq 1; then
if test "$enable_server_CreateProcess_ACLs" -gt 1; then
abort "Patchset server-CreateProcess_ACLs disabled, but advapi32-LsaLookupSids depends on that."
fi
if test "$enable_server_Misc_ACL" -gt 1; then
abort "Patchset server-Misc_ACL disabled, but advapi32-LsaLookupSids depends on that."
fi
enable_server_CreateProcess_ACLs=1
enable_server_Misc_ACL=1
fi
@ -2394,23 +2382,6 @@ if test "$enable_advapi32_LsaLookupPrivilegeName" -eq 1; then
) >> "$patchlist"
fi
# Patchset server-CreateProcess_ACLs
# |
# | This patchset fixes the following Wine bugs:
# | * [#22006] Support for process ACLs
# |
# | Modified files:
# | * dlls/advapi32/tests/security.c, dlls/kernel32/process.c, server/process.c, server/protocol.def
# |
if test "$enable_server_CreateProcess_ACLs" -eq 1; then
patch_apply server-CreateProcess_ACLs/0001-server-Support-for-thread-and-process-security-descr.patch
patch_apply server-CreateProcess_ACLs/0002-kernel32-Implement-passing-security-descriptors-from.patch
(
printf '%s\n' '+ { "Sebastian Lackner", "server: Support for thread and process security descriptors in new_process wineserver call.", 2 },';
printf '%s\n' '+ { "Sebastian Lackner", "kernel32: Implement passing security descriptors from CreateProcess to the wineserver.", 2 },';
) >> "$patchlist"
fi
# Patchset server-Misc_ACL
# |
# | This patchset fixes the following Wine bugs:
@ -2431,7 +2402,7 @@ fi
# Patchset advapi32-LsaLookupSids
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * server-CreateProcess_ACLs, server-Misc_ACL
# | * server-Misc_ACL
# |
# | Modified files:
# | * dlls/advapi32/lsa.c, dlls/advapi32/security.c, dlls/advapi32/tests/security.c, server/token.c
@ -2475,7 +2446,7 @@ fi
# Patchset advapi32-Token_Integrity_Level
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * Staging, advapi32-CreateRestrictedToken, server-CreateProcess_ACLs, server-Misc_ACL
# | * Staging, advapi32-CreateRestrictedToken, server-Misc_ACL
# |
# | This patchset fixes the following Wine bugs:
# | * [#40613] Basic implementation for token integrity levels and UAC handling
@ -4910,7 +4881,7 @@ fi
# Patchset ntdll-LdrInitializeThunk
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * Staging, advapi32-CreateRestrictedToken, server-CreateProcess_ACLs, server-Misc_ACL, advapi32-Token_Integrity_Level
# | * Staging, advapi32-CreateRestrictedToken, server-Misc_ACL, advapi32-Token_Integrity_Level
# |
# | This patchset fixes the following Wine bugs:
# | * [#45570] League of Legends 8.12+ fails to start a game (anticheat engine, incorrect implementation of
@ -5114,8 +5085,7 @@ fi
# Patchset ntdll-RtlCreateUserThread
# |
# | This patchset has the following (direct or indirect) dependencies:
# | * Staging, advapi32-CreateRestrictedToken, server-CreateProcess_ACLs, server-Misc_ACL, advapi32-Token_Integrity_Level,
# | ntdll-LdrInitializeThunk
# | * Staging, advapi32-CreateRestrictedToken, server-Misc_ACL, advapi32-Token_Integrity_Level, ntdll-LdrInitializeThunk
# |
# | This patchset fixes the following Wine bugs:
# | * [#45571] League of Legends 8.12+ fails to start a game (anticheat engine, hooking of NtCreateThread/Ex)
@ -6310,9 +6280,9 @@ fi
# | * [#34321] Fix Cut/Copy/Paste keyboard shortcuts in Total Commander
# |
# | Modified files:
# | * dlls/shell32/clipboard.c, dlls/shell32/dataobject.c, dlls/shell32/recyclebin.c, dlls/shell32/shell32.rc,
# | dlls/shell32/shell32_main.h, dlls/shell32/shellfolder.h, dlls/shell32/shfldr_fs.c, dlls/shell32/shfldr_unixfs.c,
# | dlls/shell32/shlview.c, dlls/shell32/shlview_cmenu.c
# | * dlls/shell32/brsfolder.c, dlls/shell32/clipboard.c, dlls/shell32/dataobject.c, dlls/shell32/recyclebin.c,
# | dlls/shell32/shell32.rc, dlls/shell32/shell32_main.h, dlls/shell32/shellfolder.h, dlls/shell32/shfldr_fs.c,
# | dlls/shell32/shfldr_unixfs.c, dlls/shell32/shlview.c, dlls/shell32/shlview_cmenu.c
# |
if test "$enable_shell32_Context_Menu" -eq 1; then
patch_apply shell32-Context_Menu/0001-shell32-Fix-copying-of-files-when-using-a-context-me.patch

131
patches/server-CreateProcess_ACLs/0001-server-Support-for-thread-and-process-security-descr.patch
View File

@ -1,131 +0,0 @@
From 0ff07b77e5658310d1e7a57b1b4b4b7591e3422c Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Wed, 15 Oct 2014 10:02:22 +0200
Subject: server: Support for thread and process security descriptors in
new_process wineserver call. (try 2)
Based on a patch by Joris van der Wel.
Needs ./tools/make_requests
---
dlls/kernel32/process.c | 2 ++
server/process.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-
server/protocol.def | 6 +++++-
3 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
index b0c06e3..03f3bac 100644
--- a/dlls/kernel32/process.c
+++ b/dlls/kernel32/process.c
@@ -2042,6 +2042,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0;
req->cpu = cpu;
req->info_size = startup_info_size;
+ req->env_size = (env_end - env) * sizeof(WCHAR);
+ req->process_sd_size = 0;
wine_server_add_data( req, startup_info, startup_info_size );
wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
diff --git a/server/process.c b/server/process.c
index e00b429..d2b3c48 100644
--- a/server/process.c
+++ b/server/process.c
@@ -1083,6 +1083,7 @@ DECL_HANDLER(new_process)
struct process *process;
struct process *parent = current->process;
int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
+ const struct security_descriptor *process_sd = NULL, *thread_sd = NULL;
if (socket_fd == -1)
{
@@ -1138,7 +1139,7 @@ DECL_HANDLER(new_process)
goto done;
}
- info->data_size = get_req_data_size();
+ info->data_size = min( get_req_data_size(), req->info_size + req->env_size );
info->info_size = min( req->info_size, info->data_size );
if (req->info_size < sizeof(*info->data))
@@ -1179,6 +1180,34 @@ DECL_HANDLER(new_process)
#undef FIXUP_LEN
}
+ if (get_req_data_size() > req->info_size + req->env_size)
+ {
+ data_size_t sd_size, pos = req->info_size + req->env_size;
+
+ /* verify process sd */
+ if ((sd_size = min( get_req_data_size() - pos, req->process_sd_size )))
+ {
+ process_sd = (const struct security_descriptor *)((const char *)get_req_data() + pos);
+ if (!sd_is_valid( process_sd, sd_size ))
+ {
+ set_error( STATUS_INVALID_SECURITY_DESCR );
+ goto done;
+ }
+ pos += sd_size;
+ }
+
+ /* verify thread sd */
+ if ((sd_size = get_req_data_size() - pos))
+ {
+ thread_sd = (const struct security_descriptor *)((const char *)get_req_data() + pos);
+ if (!sd_is_valid( thread_sd, sd_size ))
+ {
+ set_error( STATUS_INVALID_SECURITY_DESCR );
+ goto done;
+ }
+ }
+ }
+
if (!(thread = create_process( socket_fd, current, req->inherit_all ))) goto done;
process = thread->process;
process->startup_info = (struct startup_info *)grab_object( info );
@@ -1241,6 +1270,25 @@ DECL_HANDLER(new_process)
reply->phandle = alloc_handle( parent, process, req->process_access, req->process_attr );
reply->thandle = alloc_handle( parent, thread, req->thread_access, req->thread_attr );
+ if (process_sd)
+ {
+ default_set_sd( &process->obj, process_sd,
+ OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION |
+ SACL_SECURITY_INFORMATION );
+ }
+
+ if (thread_sd)
+ {
+ set_sd_defaults_from_token( &thread->obj, thread_sd,
+ OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION |
+ SACL_SECURITY_INFORMATION,
+ process->token );
+ }
+
done:
release_object( info );
}
diff --git a/server/protocol.def b/server/protocol.def
index c313006..5f9461f 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -715,8 +715,12 @@ struct rawinput_device
unsigned int thread_attr; /* attributes for thread object */
cpu_type_t cpu; /* CPU that the new process will use */
data_size_t info_size; /* size of startup info */
+ data_size_t env_size; /* size of the environment */
+ data_size_t process_sd_size;/* size of the process security descriptor */
VARARG(info,startup_info,info_size); /* startup information */
- VARARG(env,unicode_str); /* environment for new process */
+ VARARG(env,unicode_str,env_size); /* environment for new process */
+ VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */
+ VARARG(thread_sd,security_descriptor); /* security descriptor to set on the thread */
@REPLY
obj_handle_t info; /* new process info handle */
process_id_t pid; /* process id */
--
2.5.0

190
patches/server-CreateProcess_ACLs/0002-kernel32-Implement-passing-security-descriptors-from.patch
View File

@ -1,190 +0,0 @@
From 116bf59039367e09f1409e5a4df5f64d9667749f Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Wed, 15 Oct 2014 10:02:27 +0200
Subject: kernel32: Implement passing security descriptors from CreateProcess
to the wineserver. (try 2)
Based on a patch by Joris van der Wel.
Unfortunately we have to duplicate create_struct_sd from ntdll, but thats the easiest solution right now. In long term we should probably think about moving process creation logic to ntdll.
---
dlls/advapi32/tests/security.c | 3 --
dlls/kernel32/process.c | 102 ++++++++++++++++++++++++++++++++++++++++-
2 files changed, 101 insertions(+), 4 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index b44496a..b1b35aa 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -2696,7 +2696,6 @@ static void test_process_security_child(void)
ret = DuplicateHandle( GetCurrentProcess(), handle, GetCurrentProcess(),
&handle1, PROCESS_ALL_ACCESS, TRUE, 0 );
err = GetLastError();
- todo_wine
ok(!ret && err == ERROR_ACCESS_DENIED, "duplicating handle should have failed "
"with STATUS_ACCESS_DENIED, instead of err:%d\n", err);
@@ -2704,10 +2703,8 @@ static void test_process_security_child(void)
/* These two should fail - they are denied by ACL */
handle = OpenProcess( PROCESS_VM_READ, FALSE, GetCurrentProcessId() );
- todo_wine
ok(handle == NULL, "OpenProcess(PROCESS_VM_READ) should have failed\n");
handle = OpenProcess( PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId() );
- todo_wine
ok(handle == NULL, "OpenProcess(PROCESS_ALL_ACCESS) should have failed\n");
/* Documented privilege elevation */
diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
index 5de8b59..d1746a5 100644
--- a/dlls/kernel32/process.c
+++ b/dlls/kernel32/process.c
@@ -1916,6 +1916,70 @@ static pid_t exec_loader( LPCWSTR cmd_line, unsigned int flags, int socketfd,
return pid;
}
+/* creates a struct security_descriptor and contained information in one contiguous piece of memory */
+static NTSTATUS create_struct_sd(PSECURITY_DESCRIPTOR nt_sd, struct security_descriptor **server_sd,
+ data_size_t *server_sd_len)
+{
+ unsigned int len;
+ PSID owner, group;
+ ACL *dacl, *sacl;
+ BOOLEAN owner_present, group_present, dacl_present, sacl_present;
+ BOOLEAN defaulted;
+ NTSTATUS status;
+ unsigned char *ptr;
+
+ if (!nt_sd)
+ {
+ *server_sd = NULL;
+ *server_sd_len = 0;
+ return STATUS_SUCCESS;
+ }
+
+ len = sizeof(struct security_descriptor);
+
+ status = RtlGetOwnerSecurityDescriptor(nt_sd, &owner, &owner_present);
+ if (status != STATUS_SUCCESS) return status;
+ status = RtlGetGroupSecurityDescriptor(nt_sd, &group, &group_present);
+ if (status != STATUS_SUCCESS) return status;
+ status = RtlGetSaclSecurityDescriptor(nt_sd, &sacl_present, &sacl, &defaulted);
+ if (status != STATUS_SUCCESS) return status;
+ status = RtlGetDaclSecurityDescriptor(nt_sd, &dacl_present, &dacl, &defaulted);
+ if (status != STATUS_SUCCESS) return status;
+
+ if (owner_present)
+ len += RtlLengthSid(owner);
+ if (group_present)
+ len += RtlLengthSid(group);
+ if (sacl_present && sacl)
+ len += sacl->AclSize;
+ if (dacl_present && dacl)
+ len += dacl->AclSize;
+
+ /* fix alignment for the Unicode name that follows the structure */
+ len = (len + sizeof(WCHAR) - 1) & ~(sizeof(WCHAR) - 1);
+ *server_sd = RtlAllocateHeap(GetProcessHeap(), 0, len);
+ if (!*server_sd) return STATUS_NO_MEMORY;
+
+ (*server_sd)->control = ((SECURITY_DESCRIPTOR *)nt_sd)->Control & ~SE_SELF_RELATIVE;
+ (*server_sd)->owner_len = owner_present ? RtlLengthSid(owner) : 0;
+ (*server_sd)->group_len = group_present ? RtlLengthSid(group) : 0;
+ (*server_sd)->sacl_len = (sacl_present && sacl) ? sacl->AclSize : 0;
+ (*server_sd)->dacl_len = (dacl_present && dacl) ? dacl->AclSize : 0;
+
+ ptr = (unsigned char *)(*server_sd + 1);
+ memcpy(ptr, owner, (*server_sd)->owner_len);
+ ptr += (*server_sd)->owner_len;
+ memcpy(ptr, group, (*server_sd)->group_len);
+ ptr += (*server_sd)->group_len;
+ memcpy(ptr, sacl, (*server_sd)->sacl_len);
+ ptr += (*server_sd)->sacl_len;
+ memcpy(ptr, dacl, (*server_sd)->dacl_len);
+
+ *server_sd_len = len;
+
+ return STATUS_SUCCESS;
+}
+
/***********************************************************************
* create_process
*
@@ -1939,6 +2003,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
int socketfd[2], stdin_fd = -1, stdout_fd = -1;
pid_t pid;
int err, cpu;
+ struct security_descriptor *process_sd = NULL, *thread_sd = NULL;
+ data_size_t process_sd_size = 0, thread_sd_size = 0;
if ((cpu = get_process_cpu( filename, binary_info )) == -1)
{
@@ -1993,12 +2059,41 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
return FALSE;
}
+ if (psa && (psa->nLength >= sizeof(*psa)))
+ {
+ status = create_struct_sd( psa->lpSecurityDescriptor, &process_sd, &process_sd_size );
+ if (status != STATUS_SUCCESS)
+ {
+ close( socketfd[0] );
+ close( socketfd[1] );
+ WARN( "Invalid process security descriptor: Status %x\n", status );
+ SetLastError( RtlNtStatusToDosError(status) );
+ return FALSE;
+ }
+ }
+
+ if (tsa && (tsa->nLength >= sizeof(*tsa)))
+ {
+ status = create_struct_sd( tsa->lpSecurityDescriptor, &thread_sd, &thread_sd_size );
+ if (status != STATUS_SUCCESS)
+ {
+ RtlFreeHeap( GetProcessHeap(), 0, process_sd );
+ close( socketfd[0] );
+ close( socketfd[1] );
+ WARN( "Invalid thread security descriptor: Status %x\n", status );
+ SetLastError( RtlNtStatusToDosError(status) );
+ return FALSE;
+ }
+ }
+
RtlAcquirePebLock();
if (!(startup_info = create_startup_info( filename, cmd_line, cur_dir, env, flags, startup,
&startup_info_size )))
{
RtlReleasePebLock();
+ RtlFreeHeap( GetProcessHeap(), 0, process_sd );
+ RtlFreeHeap( GetProcessHeap(), 0, thread_sd );
close( socketfd[0] );
close( socketfd[1] );
return FALSE;
@@ -2036,10 +2131,12 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
req->cpu = cpu;
req->info_size = startup_info_size;
req->env_size = (env_end - env) * sizeof(WCHAR);
- req->process_sd_size = 0;
+ req->process_sd_size = process_sd_size;
wine_server_add_data( req, startup_info, startup_info_size );
wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
+ wine_server_add_data( req, process_sd, process_sd_size );
+ wine_server_add_data( req, thread_sd, thread_sd_size );
if (!(status = wine_server_call( req )))
{
info->dwProcessId = (DWORD)reply->pid;
@@ -2052,6 +2149,9 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
SERVER_END_REQ;
RtlReleasePebLock();
+ RtlFreeHeap( GetProcessHeap(), 0, process_sd );
+ RtlFreeHeap( GetProcessHeap(), 0, thread_sd );
+
if (status)
{
switch (status)
--
2.1.2

1
patches/server-CreateProcess_ACLs/definition
View File

@ -1 +0,0 @@
Fixes: [22006] Support for process ACLs

48
patches/shell32-Context_Menu/0006-shell32-Add-parameter-to-ISFHelper-DeleteItems-to-al.patch
View File

@ -1,20 +1,34 @@
From 60a000e4b5c59b93db1ea24566ad4d7eeea9408b Mon Sep 17 00:00:00 2001
From c785e3546c79d3247a0bc3abb5deee8b36d65951 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Sat, 2 Apr 2016 04:17:19 +0200
Subject: shell32: Add parameter to ISFHelper::DeleteItems to allow deleting
files without confirmation.
---
dlls/shell32/brsfolder.c | 2 +-
dlls/shell32/recyclebin.c | 6 +++---
dlls/shell32/shellfolder.h | 4 ++--
dlls/shell32/shfldr_fs.c | 3 ++-
dlls/shell32/shfldr_unixfs.c | 7 ++++---
dlls/shell32/shlview.c | 2 +-
dlls/shell32/shlview_cmenu.c | 2 +-
6 files changed, 13 insertions(+), 11 deletions(-)
7 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/dlls/shell32/brsfolder.c b/dlls/shell32/brsfolder.c
index d771d0b..d8926e3 100644
--- a/dlls/shell32/brsfolder.c
+++ b/dlls/shell32/brsfolder.c
@@ -658,7 +658,7 @@ static LRESULT BrsFolder_Treeview_Keydown(browse_info *info, LPNMTVKEYDOWN keydo
return 0;
/* perform the item deletion - tree view gets updated over shell notification */
- ISFHelper_DeleteItems(psfhlp, 1, &item_id);
+ ISFHelper_DeleteItems(psfhlp, 1, &item_id, TRUE);
ISFHelper_Release(psfhlp);
}
break;
diff --git a/dlls/shell32/recyclebin.c b/dlls/shell32/recyclebin.c
index 28098af..f890d97 100644
index 0d80e63..66c5cc2 100644
--- a/dlls/shell32/recyclebin.c
+++ b/dlls/shell32/recyclebin.c
@@ -182,7 +182,7 @@ static void DoErase(RecycleBinMenu *This)
@ -26,7 +40,7 @@ index 28098af..f890d97 100644
}
static void DoRestore(RecycleBinMenu *This)
@@ -824,10 +824,10 @@ static HRESULT erase_items(HWND parent,const LPCITEMIDLIST * apidl, UINT cidl, B
@@ -815,10 +815,10 @@ static HRESULT erase_items(HWND parent,const LPCITEMIDLIST * apidl, UINT cidl, B
}
static HRESULT WINAPI RecycleBin_DeleteItems(ISFHelper * iface, UINT cidl,
@ -62,10 +76,10 @@ index 942e0e7..b8083a2 100644
#endif
diff --git a/dlls/shell32/shfldr_fs.c b/dlls/shell32/shfldr_fs.c
index d8bcb4c..3d88fbd 100644
index 66150f4..32178be 100644
--- a/dlls/shell32/shfldr_fs.c
+++ b/dlls/shell32/shfldr_fs.c
@@ -1230,7 +1230,7 @@ static WCHAR *build_paths_list(LPCWSTR wszBasePath, int cidl, const LPCITEMIDLIS
@@ -1225,7 +1225,7 @@ static WCHAR *build_paths_list(LPCWSTR wszBasePath, int cidl, const LPCITEMIDLIS
* deletes items in folder
*/
static HRESULT WINAPI
@ -74,7 +88,7 @@ index d8bcb4c..3d88fbd 100644
{
IGenericSFImpl *This = impl_from_ISFHelper(iface);
UINT i;
@@ -1255,6 +1255,7 @@ ISFHelper_fnDeleteItems (ISFHelper * iface, UINT cidl, LPCITEMIDLIST * apidl)
@@ -1250,6 +1250,7 @@ ISFHelper_fnDeleteItems (ISFHelper * iface, UINT cidl, LPCITEMIDLIST * apidl)
op.wFunc = FO_DELETE;
op.pFrom = wszPathsList;
op.fFlags = FOF_ALLOWUNDO;
@ -83,10 +97,10 @@ index d8bcb4c..3d88fbd 100644
{
WARN("SHFileOperation failed\n");
diff --git a/dlls/shell32/shfldr_unixfs.c b/dlls/shell32/shfldr_unixfs.c
index 17998f2..d558efb 100644
index 732a103..a2ca852 100644
--- a/dlls/shell32/shfldr_unixfs.c
+++ b/dlls/shell32/shfldr_unixfs.c
@@ -1939,7 +1939,7 @@ static HRESULT WINAPI SFHelper_AddFolder(ISFHelper* iface, HWND hwnd, LPCWSTR pw
@@ -1942,7 +1942,7 @@ static HRESULT WINAPI SFHelper_AddFolder(ISFHelper* iface, HWND hwnd, LPCWSTR pw
* be converted, S_FALSE is returned. In such situation DeleteItems will try to delete
* the files using syscalls
*/
@ -95,7 +109,7 @@ index 17998f2..d558efb 100644
{
char szAbsolute[FILENAME_MAX], *pszRelative;
LPWSTR wszPathsList, wszListPos;
@@ -1981,6 +1981,7 @@ static HRESULT UNIXFS_delete_with_shfileop(UnixFolder *This, UINT cidl, const LP
@@ -1984,6 +1984,7 @@ static HRESULT UNIXFS_delete_with_shfileop(UnixFolder *This, UINT cidl, const LP
op.wFunc = FO_DELETE;
op.pFrom = wszPathsList;
op.fFlags = FOF_ALLOWUNDO;
@ -103,7 +117,7 @@ index 17998f2..d558efb 100644
if (SHFileOperationW(&op))
{
WARN("SHFileOperationW failed\n");
@@ -2019,7 +2020,7 @@ static HRESULT UNIXFS_delete_with_syscalls(UnixFolder *This, UINT cidl, const LP
@@ -2022,7 +2023,7 @@ static HRESULT UNIXFS_delete_with_syscalls(UnixFolder *This, UINT cidl, const LP
return S_OK;
}
@ -112,7 +126,7 @@ index 17998f2..d558efb 100644
{
UnixFolder *This = impl_from_ISFHelper(iface);
char szAbsolute[FILENAME_MAX], *pszRelative;
@@ -2030,7 +2031,7 @@ static HRESULT WINAPI SFHelper_DeleteItems(ISFHelper* iface, UINT cidl, LPCITEMI
@@ -2033,7 +2034,7 @@ static HRESULT WINAPI SFHelper_DeleteItems(ISFHelper* iface, UINT cidl, LPCITEMI
TRACE("(%p)->(%d %p)\n", This, cidl, apidl);
@ -122,10 +136,10 @@ index 17998f2..d558efb 100644
hr = UNIXFS_delete_with_syscalls(This, cidl, apidl);
diff --git a/dlls/shell32/shlview.c b/dlls/shell32/shlview.c
index b763468..1770e6f 100644
index c0c027f..9f23bfe 100644
--- a/dlls/shell32/shlview.c
+++ b/dlls/shell32/shlview.c
@@ -1579,7 +1579,7 @@ static LRESULT ShellView_OnNotify(IShellViewImpl * This, UINT CtlID, LPNMHDR lpn
@@ -1577,7 +1577,7 @@ static LRESULT ShellView_OnNotify(IShellViewImpl * This, UINT CtlID, LPNMHDR lpn
}
/* perform the item deletion */
@ -135,10 +149,10 @@ index b763468..1770e6f 100644
/* free pidl array memory */
diff --git a/dlls/shell32/shlview_cmenu.c b/dlls/shell32/shlview_cmenu.c
index d972922..494d95b 100644
index 0daa5ef..0d380a8 100644
--- a/dlls/shell32/shlview_cmenu.c
+++ b/dlls/shell32/shlview_cmenu.c
@@ -275,7 +275,7 @@ static void DoDelete(ContextMenu *This)
@@ -294,7 +294,7 @@ static void DoDelete(ContextMenu *This)
IShellFolder_QueryInterface(This->parent, &IID_ISFHelper, (void**)&helper);
if (helper)
{
@ -148,5 +162,5 @@ index d972922..494d95b 100644
}
}
--
2.7.1
2.7.4