wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-09-13 09:17:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Update the CreateProcess ACLs patches.

Browse Source
This commit is contained in:
Erich E. Hoover 2014-08-08 20:30:17 -06:00
parent 9087dedefc
commit 6bd6d630b3
6 changed files with 155 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
patches/Makefile
View File

@ -528,11 +528,10 @@ server-Address_Change_Notification.ok:
# | server/protocol.def
# |
.INTERMEDIATE: server-CreateProcess_ACLs.ok
server-CreateProcess_ACLs.ok:
$(call APPLY_FILE,server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-try.patch)
$(call APPLY_FILE,server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch)
$(call APPLY_FILE,server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch)
$(call APPLY_FILE,server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch)
$(call APPLY_PATCH,server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch)
$(call APPLY_PATCH,server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch)
$(call APPLY_PATCH,server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch)
$(call APPLY_PATCH,server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch)
@( \
echo '+ { "server-CreateProcess_ACLs", "Joris van der Wel", "Implement passing ACLs to CreateProcess." },'; \
) > server-CreateProcess_ACLs.ok

18
patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-try.patch → patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch
View File

@ -1,15 +1,17 @@
From 91fb6970f6b7f5a5c93d066c143e96398fba294e Mon Sep 17 00:00:00 2001
From 30c44423ffde37855f0fd468096aa5fc6aa14912 Mon Sep 17 00:00:00 2001
From: Joris van der Wel <joris@jorisvanderwel.com>
Date: Wed, 9 Jul 2014 00:58:10 +0200
Subject: server: A new function "set_sd_defaults_from_token" (try 3)
Date: Sun, 3 Aug 2014 12:52:06 +0200
Subject: server: A new function "set_sd_defaults_from_token" that sets the
security descriptor along with a token that will be used to gather
defaults, instead of always using the primary token. (try 4)
server: A new function "set_sd_defaults_from_token" that sets the
security descriptor along with a token that will be used to gather
defaults, instead of always using the primary token.
security descriptor along with a token that will be used to gather defaults,
instead of always using the primary token.
Some objects take their defaults not from a primary token but from a
different one
(such as from the impersonation token or the process token).
different one (such as from the impersonation token or the process
token).
This function can be used to create the various set_sd implementations
for the objects that need it.
As a bonus, a NULL token will skip setting any defaults, this is
@ -21,7 +23,7 @@ defaults _only_ upon creation.
2 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/server/object.c b/server/object.c
index 11ef0ce..6389409 100644
index 133c6b5..ec196c1 100644
--- a/server/object.c
+++ b/server/object.c
@@ -423,8 +423,8 @@ struct security_descriptor *default_get_sd( struct object *obj )

167
patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch
View File

@ -1,86 +1,60 @@
From fe16cbc2062778bef273ac84eca992dcc45653e6 Mon Sep 17 00:00:00 2001
From 7c1b44caf023c4120b48a2792a442ca5ac1e3166 Mon Sep 17 00:00:00 2001
From: Joris van der Wel <joris@jorisvanderwel.com>
Date: Wed, 9 Jul 2014 00:58:47 +0200
Date: Sun, 3 Aug 2014 12:52:14 +0200
Subject: server: Support sending process and thread security descriptors for
the "new_process" request in the protocol.
the "new_process" request in the protocol
server: Support sending process and thread security descriptors for
the "new_process" request in the protocol.
---
dlls/kernel32/process.c | 30 +++++++++++++++++-------------
server/process.c | 33 ++++++++++++++++++++-------------
server/protocol.def | 41 +++++++++++++++++++++++------------------
3 files changed, 60 insertions(+), 44 deletions(-)
dlls/kernel32/process.c | 2 ++
server/process.c | 44 ++++++++++++++++++++++++++++++--------------
server/protocol.def | 4 ++++
3 files changed, 36 insertions(+), 14 deletions(-)
diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
index 2566ac4..8bf1934 100644
index 2566ac4..efd0e84 100644
--- a/dlls/kernel32/process.c
+++ b/dlls/kernel32/process.c
@@ -2025,19 +2025,23 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
@@ -2034,6 +2034,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
req->thread_access = THREAD_ALL_ACCESS;
req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0;
req->cpu = cpu;
+ req->process_sd_size= 0;
+ req->thread_sd_size = 0;
req->info_size = startup_info_size;
SERVER_START_REQ( new_process )
{
- req->inherit_all = inherit;
- req->create_flags = flags;
- req->socket_fd = socketfd[1];
- req->exe_file = wine_server_obj_handle( hFile );
- req->process_access = PROCESS_ALL_ACCESS;
- req->process_attr = (psa && (psa->nLength >= sizeof(*psa)) && psa->bInheritHandle) ? OBJ_INHERIT : 0;
- req->thread_access = THREAD_ALL_ACCESS;
- req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0;
- req->cpu = cpu;
- req->info_size = startup_info_size;
-
- wine_server_add_data( req, startup_info, startup_info_size );
- wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
+ req->inherit_all = inherit;
+ req->create_flags = flags;
+ req->socket_fd = socketfd[1];
+ req->exe_file = wine_server_obj_handle( hFile );
+ req->process_access = PROCESS_ALL_ACCESS;
+ req->process_attr = (psa && (psa->nLength >= sizeof(*psa)) && psa->bInheritHandle) ? OBJ_INHERIT : 0;
+ req->thread_access = THREAD_ALL_ACCESS;
+ req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0;
+ req->cpu = cpu;
+ req->process_sd_size = 0;
+ req->thread_sd_size = 0;
+ req->info_size = startup_info_size;
+ req->env_size = (env_end - env) * sizeof(WCHAR);
+
+ wine_server_add_data( req, startup_info, req->info_size );
+ wine_server_add_data( req, env , req->env_size );
+
if (!(status = wine_server_call( req )))
{
info->dwProcessId = (DWORD)reply->pid;
wine_server_add_data( req, startup_info, startup_info_size );
diff --git a/server/process.c b/server/process.c
index 7b9a3b2..9942eb3 100644
index 7b9a3b2..110a38f 100644
--- a/server/process.c
+++ b/server/process.c
@@ -880,6 +880,9 @@ DECL_HANDLER(new_process)
@@ -880,6 +880,24 @@ DECL_HANDLER(new_process)
struct process *process;
struct process *parent = current->process;
int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
+ const startup_info_t *req_info;
+ data_size_t req_info_size;
+ const WCHAR *req_env;
+ data_size_t req_env_size;
+
+ if (req->process_sd_size > get_req_data_size() ||
+ req->thread_sd_size > get_req_data_size() - req->process_sd_size ||
+ req->info_size > get_req_data_size() - req->process_sd_size - req->thread_sd_size)
+ {
+ close( socket_fd );
+ return;
+ }
+
+ req_info = (const startup_info_t *)
+ ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size);
+ req_env = (const WCHAR *)
+ ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size + req->info_size);
+ req_env_size = get_req_data_size() - (req->process_sd_size + req->thread_sd_size + req->info_size);
if (socket_fd == -1)
{
@@ -903,6 +906,12 @@ DECL_HANDLER(new_process)
close( socket_fd );
return;
}
+
+ req_info = (const startup_info_t *)
+ ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size);
+
+ req_env = (const WCHAR *)
+ ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size + req->info_size);
if (!req->info_size) /* create an orphaned process */
{
@@ -920,27 +929,25 @@ DECL_HANDLER(new_process)
@@ -920,27 +938,25 @@ DECL_HANDLER(new_process)
!(info->exe_file = get_file_obj( current->process, req->exe_file, FILE_READ_DATA )))
goto done;
@ -100,77 +74,42 @@ index 7b9a3b2..9942eb3 100644
- info->info_size = sizeof(startup_info_t);
- info->data_size = info->info_size + env_size;
+ info->info_size = sizeof(*info->data);
+ info->data_size = sizeof(*info->data) + req->env_size;
+ info->data_size = sizeof(*info->data) + req_env_size;
+
+ req_info_size = min( req->info_size, FIELD_OFFSET( startup_info_t, curdir_len ));
+ if (!(info->data = mem_alloc( info->data_size ))) goto done;
+ memset( info->data, 0, info->data_size );
+ memcpy( info->data, req_info, req_info_size );
+ memcpy( info->data + 1, req_env, req->env_size );
+ memcpy( info->data + 1, req_env, req_env_size );
}
else
{
data_size_t pos = sizeof(*info->data);
+ info->info_size = req->info_size;
+ info->data_size = req->info_size + req->env_size;
-
- if (!(info->data = memdup( get_req_data(), info->data_size ))) goto done;
+ info->info_size = req->info_size;
+ info->data_size = req->info_size + req_env_size;
+
+ if (!(info->data = memdup( req_info, info->data_size ))) goto done;
#define FIXUP_LEN(len) do { (len) = min( (len), info->info_size - pos ); pos += (len); } while(0)
FIXUP_LEN( info->data->curdir_len );
FIXUP_LEN( info->data->dllpath_len );
diff --git a/server/protocol.def b/server/protocol.def
index a8c1fb9..7b0b769 100644
index a8c1fb9..d2cfd71 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -661,24 +661,29 @@ struct rawinput_device
/* Create a new process from the context of the parent */
@REQ(new_process)
- int inherit_all; /* inherit all handles from parent */
- unsigned int create_flags; /* creation flags */
- int socket_fd; /* file descriptor for process socket */
- obj_handle_t exe_file; /* file handle for main exe */
- unsigned int process_access; /* access rights for process object */
- unsigned int process_attr; /* attributes for process object */
- unsigned int thread_access; /* access rights for thread object */
- unsigned int thread_attr; /* attributes for thread object */
- cpu_type_t cpu; /* CPU that the new process will use */
- data_size_t info_size; /* size of startup info */
- VARARG(info,startup_info,info_size); /* startup information */
- VARARG(env,unicode_str); /* environment for new process */
-@REPLY
- obj_handle_t info; /* new process info handle */
- process_id_t pid; /* process id */
- obj_handle_t phandle; /* process handle (in the current process) */
- thread_id_t tid; /* thread id */
- obj_handle_t thandle; /* thread handle (in the current process) */
+ int inherit_all; /* inherit all handles from parent */
+ unsigned int create_flags; /* creation flags */
+ int socket_fd; /* file descriptor for process socket */
+ obj_handle_t exe_file; /* file handle for main exe */
+ unsigned int process_access; /* access rights for process object */
+ unsigned int process_attr; /* attributes for process object */
+ unsigned int thread_access; /* access rights for thread object */
+ unsigned int thread_attr; /* attributes for thread object */
+ cpu_type_t cpu; /* CPU that the new process will use */
+ data_size_t process_sd_size; /* size of the process security descriptor */
+ data_size_t thread_sd_size; /* size of the thread security descriptor */
+ data_size_t info_size; /* size of startup info */
+ data_size_t env_size; /* size of the environment */
+ VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */
+ VARARG(thread_sd,security_descriptor,thread_sd_size); /* security descriptor to set on the thread */
+ VARARG(info,startup_info,info_size); /* startup information */
+ VARARG(env,unicode_str,env_size); /* environment for new process */
+@REPLY
+ obj_handle_t info; /* new process info handle */
+ process_id_t pid; /* process id */
+ obj_handle_t phandle; /* process handle (in the current process) */
+ thread_id_t tid; /* thread id */
+ obj_handle_t thandle; /* thread handle (in the current process) */
@END
@@ -670,7 +670,11 @@ struct rawinput_device
unsigned int thread_access; /* access rights for thread object */
unsigned int thread_attr; /* attributes for thread object */
cpu_type_t cpu; /* CPU that the new process will use */
+ data_size_t process_sd_size;/* size of the process security descriptor */
+ data_size_t thread_sd_size; /* size of the thread security descriptor */
data_size_t info_size; /* size of startup info */
+ VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */
+ VARARG(thread_sd,security_descriptor,thread_sd_size); /* security descriptor to set on the thread */
VARARG(info,startup_info,info_size); /* startup information */
VARARG(env,unicode_str); /* environment for new process */
@REPLY
--
1.7.9.5

81
patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch
View File

@ -1,18 +1,18 @@
From d565d8b72c9f57d5553f72dfd7d18e2e05033c0c Mon Sep 17 00:00:00 2001
From 43eb6734382c298997573522244de3daf3a52a78 Mon Sep 17 00:00:00 2001
From: Joris van der Wel <joris@jorisvanderwel.com>
Date: Wed, 9 Jul 2014 00:59:30 +0200
Date: Sun, 3 Aug 2014 12:52:32 +0200
Subject: server: implement passing a process security descriptor to
CreateProcess.
CreateProcess
server: implement passing a process security descriptor to CreateProcess.
For now the function "NTDLL_create_struct_sd" has been duplicated in
kernel32.
This is needed because kernel32 makes the server call. kernel32 currently
makes the server call because NtCreateProcess(Ex) has not been implemented in
ntdll. When NtCreateProcessEx (and NtCreateThreadEx) gets implemented, the
server call will be made from within ntdll instead, and this extra function
in kernel32 will no longer be needed.
kernel32. This is needed because kernel32 makes the server call.
Kernel32 currently makes the server call because NtCreateProcess(Ex)
has not been implemented in ntdll. When NtCreateProcessEx (and
NtCreateThreadEx) gets implemented,
the server call will be made from within ntdll instead, and this extra
function in kernel32 will no longer be needed.
---
dlls/advapi32/tests/security.c | 3 --
dlls/kernel32/process.c | 85 +++++++++++++++++++++++++++++++++++++++-
@ -43,7 +43,7 @@ index b44496a..b1b35aa 100644
/* Documented privilege elevation */
diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
index 8bf1934..5f6c2e5 100644
index efd0e84..44e7711 100644
--- a/dlls/kernel32/process.c
+++ b/dlls/kernel32/process.c
@@ -1916,6 +1916,70 @@ static pid_t exec_loader( LPCWSTR cmd_line, unsigned int flags, int socketfd,
@ -128,8 +128,8 @@ index 8bf1934..5f6c2e5 100644
{
SetLastError( ERROR_BAD_EXE_FORMAT );
return FALSE;
+ }
+
}
+
+ if (psa && (psa->nLength >= sizeof(*psa)) && psa->lpSecurityDescriptor)
+ {
+ status = create_struct_sd( psa->lpSecurityDescriptor, &psd, &psd_len );
@ -139,7 +139,7 @@ index 8bf1934..5f6c2e5 100644
+ SetLastError( RtlNtStatusToDosError(status) );
+ return FALSE;
+ }
}
+ }
/* create the socket for the new process */
@ -165,21 +165,20 @@ index 8bf1934..5f6c2e5 100644
return FALSE;
}
if (!env) env = NtCurrentTeb()->Peb->ProcessParameters->Environment;
@@ -2034,11 +2114,12 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
req->thread_access = THREAD_ALL_ACCESS;
req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0;
req->cpu = cpu;
- req->process_sd_size = 0;
+ req->process_sd_size = psd_len;
req->thread_sd_size = 0;
req->info_size = startup_info_size;
req->env_size = (env_end - env) * sizeof(WCHAR);
+ wine_server_add_data( req, psd , req->process_sd_size );
wine_server_add_data( req, startup_info, req->info_size );
wine_server_add_data( req, env , req->env_size );
@@ -2053,6 +2134,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
@@ -2034,10 +2114,11 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
req->thread_access = THREAD_ALL_ACCESS;
req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0;
req->cpu = cpu;
- req->process_sd_size= 0;
+ req->process_sd_size= psd_len;
req->thread_sd_size = 0;
req->info_size = startup_info_size;
+ wine_server_add_data( req, psd, psd_len );
wine_server_add_data( req, startup_info, startup_info_size );
wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
if (!(status = wine_server_call( req )))
@@ -2051,6 +2132,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
}
SERVER_END_REQ;
@ -189,36 +188,35 @@ index 8bf1934..5f6c2e5 100644
if (status)
{
diff --git a/server/process.c b/server/process.c
index 9942eb3..1fba134 100644
index 110a38f..571f05a 100644
--- a/server/process.c
+++ b/server/process.c
@@ -883,6 +883,7 @@ DECL_HANDLER(new_process)
@@ -880,6 +880,7 @@ DECL_HANDLER(new_process)
struct process *process;
struct process *parent = current->process;
int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
+ const struct security_descriptor *req_psd = NULL;
const startup_info_t *req_info;
data_size_t req_info_size;
const WCHAR *req_env;
+ const struct security_descriptor *req_psd = NULL;
if (socket_fd == -1)
{
@@ -907,6 +908,17 @@ DECL_HANDLER(new_process)
@@ -892,6 +893,16 @@ DECL_HANDLER(new_process)
close( socket_fd );
return;
}
+
+ if (req->process_sd_size)
+ {
+ req_psd = get_req_data();
+
+ req_psd = get_req_data();
+ if (!sd_is_valid( req_psd, req->process_sd_size ))
+ {
+ set_error( STATUS_INVALID_SECURITY_DESCR );
+ return;
+ }
+ }
+
req_info = (const startup_info_t *)
((char*)get_req_data() + req->process_sd_size + req->thread_sd_size);
@@ -1011,6 +1023,18 @@ DECL_HANDLER(new_process)
@@ -1020,6 +1031,19 @@ DECL_HANDLER(new_process)
reply->phandle = alloc_handle( parent, process, req->process_access, req->process_attr );
reply->thandle = alloc_handle( parent, thread, req->thread_access, req->thread_attr );
@ -234,6 +232,7 @@ index 9942eb3..1fba134 100644
+ DACL_SECURITY_INFORMATION|
+ SACL_SECURITY_INFORMATION );
+ }
+
done:
release_object( info );
}

99
patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch
View File

@ -1,18 +1,18 @@
From e924e19cc72127f16b64bef300e394a7f641dba1 Mon Sep 17 00:00:00 2001
From 649ce4e95f5ea671857d5c62eb220c95a6af35d7 Mon Sep 17 00:00:00 2001
From: Joris van der Wel <joris@jorisvanderwel.com>
Date: Wed, 9 Jul 2014 01:00:02 +0200
Date: Sun, 3 Aug 2014 12:52:44 +0200
Subject: server: implement passing a thread security descriptor to
CreateProcess
server: implement passing a thread security descriptor to CreateProcess
---
dlls/advapi32/tests/security.c | 45 ++++++++++++++++++++++++++++++++++++----
dlls/kernel32/process.c | 24 ++++++++++++++++++---
server/process.c | 28 ++++++++++++++++++++++++-
3 files changed, 89 insertions(+), 8 deletions(-)
dlls/advapi32/tests/security.c | 44 ++++++++++++++++++++++++++++++++++++----
dlls/kernel32/process.c | 24 +++++++++++++++++++---
server/process.c | 25 +++++++++++++++++++++--
3 files changed, 84 insertions(+), 9 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index b1b35aa..aab63f3 100644
index b1b35aa..244844f 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -2532,12 +2532,12 @@ static void test_process_security(void)
@ -31,12 +31,10 @@ index b1b35aa..aab63f3 100644
HANDLE token, event;
DWORD size;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY };
@@ -2657,12 +2657,38 @@ static void test_process_security(void)
psa.nLength = sizeof(psa);
@@ -2658,11 +2658,36 @@ static void test_process_security(void)
psa.lpSecurityDescriptor = SecurityDescriptor;
psa.bInheritHandle = TRUE;
+
+
+ ThreadSecurityDescriptor = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH);
+ res = InitializeSecurityDescriptor(ThreadSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
+ ok(res, "InitializeSecurityDescriptor failed with error %d\n", GetLastError());
@ -59,7 +57,7 @@ index b1b35aa..aab63f3 100644
+ tsa.nLength = sizeof(tsa);
+ tsa.lpSecurityDescriptor = ThreadSecurityDescriptor;
+ tsa.bInheritHandle = TRUE;
+
/* Doesn't matter what ACL say we should get full access for ourselves */
- res = CreateProcessA( NULL, buffer, &psa, NULL, FALSE, 0, NULL, NULL, &startup, &info );
+ res = CreateProcessA( NULL, buffer, &psa, &tsa, FALSE, 0, NULL, NULL, &startup, &info );
@ -71,7 +69,7 @@ index b1b35aa..aab63f3 100644
winetest_wait_child_process( info.hProcess );
FreeSid(EveryoneSid);
@@ -2673,6 +2699,8 @@ static void test_process_security(void)
@@ -2673,6 +2698,8 @@ static void test_process_security(void)
HeapFree(GetProcessHeap(), 0, owner);
HeapFree(GetProcessHeap(), 0, Acl);
HeapFree(GetProcessHeap(), 0, SecurityDescriptor);
@ -80,24 +78,24 @@ index b1b35aa..aab63f3 100644
}
static void test_process_security_child(void)
@@ -2728,6 +2756,15 @@ static void test_process_security_child(void)
@@ -2728,6 +2755,15 @@ static void test_process_security_child(void)
TEST_GRANTED_ACCESS( handle1, PROCESS_VM_READ );
CloseHandle( handle1 );
CloseHandle( handle );
+
+
+
+
+ handle = OpenThread( THREAD_TERMINATE, FALSE, GetCurrentThreadId() );
+ ok(handle != NULL, "OpenThread(THREAD_TERMINATE) with err:%d\n", GetLastError());
+ TEST_GRANTED_ACCESS( handle, PROCESS_TERMINATE );
+ CloseHandle( handle );
+
+
+ handle = OpenThread( THREAD_SET_THREAD_TOKEN, FALSE, GetCurrentThreadId() );
+ ok(handle == NULL, "OpenThread(THREAD_SET_THREAD_TOKEN) should have failed\n");
}
static void test_impersonation_level(void)
diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
index 5f6c2e5..a01e681 100644
index 44e7711..dd21100 100644
--- a/dlls/kernel32/process.c
+++ b/dlls/kernel32/process.c
@@ -2003,8 +2003,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
@ -114,8 +112,7 @@ index 5f6c2e5..a01e681 100644
@@ -2022,12 +2022,26 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
return FALSE;
}
}
+
}
+ if (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->lpSecurityDescriptor)
+ {
+ status = create_struct_sd( tsa->lpSecurityDescriptor, &tsd, &tsd_len );
@ -123,6 +120,7 @@ index 5f6c2e5..a01e681 100644
+ if (status != STATUS_SUCCESS)
+ {
+ RtlFreeHeap(GetProcessHeap(), 0, psd);
+ RtlFreeHeap(GetProcessHeap(), 0, tsd);
+ WARN("Invalid thread security descriptor with status %x\n", status);
+ SetLastError( RtlNtStatusToDosError(status) );
+ return FALSE;
@ -154,21 +152,20 @@ index 5f6c2e5..a01e681 100644
return FALSE;
}
if (!env) env = NtCurrentTeb()->Peb->ProcessParameters->Environment;
@@ -2115,11 +2131,12 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0;
req->cpu = cpu;
req->process_sd_size = psd_len;
- req->thread_sd_size = 0;
+ req->thread_sd_size = tsd_len;
req->info_size = startup_info_size;
req->env_size = (env_end - env) * sizeof(WCHAR);
wine_server_add_data( req, psd , req->process_sd_size );
+ wine_server_add_data( req, tsd , req->thread_sd_size );
wine_server_add_data( req, startup_info, req->info_size );
wine_server_add_data( req, env , req->env_size );
@@ -2135,6 +2152,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
@@ -2115,10 +2131,11 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0;
req->cpu = cpu;
req->process_sd_size= psd_len;
- req->thread_sd_size = 0;
+ req->thread_sd_size = tsd_len;
req->info_size = startup_info_size;
wine_server_add_data( req, psd, psd_len );
+ wine_server_add_data( req, tsd, tsd_len );
wine_server_add_data( req, startup_info, startup_info_size );
wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
if (!(status = wine_server_call( req )))
@@ -2133,6 +2150,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
SERVER_END_REQ;
RtlFreeHeap(GetProcessHeap(), 0, psd);
@ -177,42 +174,41 @@ index 5f6c2e5..a01e681 100644
RtlReleasePebLock();
if (status)
diff --git a/server/process.c b/server/process.c
index 1fba134..f9a4611 100644
index 571f05a..52c04f7 100644
--- a/server/process.c
+++ b/server/process.c
@@ -883,7 +883,7 @@ DECL_HANDLER(new_process)
@@ -880,7 +880,7 @@ DECL_HANDLER(new_process)
struct process *process;
struct process *parent = current->process;
int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
- const struct security_descriptor *req_psd = NULL;
+ const struct security_descriptor *req_psd = NULL, *req_tsd = NULL;
const startup_info_t *req_info;
data_size_t req_info_size;
const WCHAR *req_env;
- const struct security_descriptor *req_psd = NULL;
+ const struct security_descriptor *req_psd = NULL, *req_tsd = NULL;
if (socket_fd == -1)
{
@@ -919,6 +919,18 @@ DECL_HANDLER(new_process)
@@ -903,7 +903,17 @@ DECL_HANDLER(new_process)
return;
}
}
+ if (req->thread_sd_size)
+ {
+ req_tsd = (const struct security_descriptor *)
+ ((char*)get_req_data() + req->process_sd_size);
+
+ req_tsd = (const struct security_descriptor *)
+ ((char*)get_req_data() + req->process_sd_size);
+ if (!sd_is_valid( req_tsd, req->thread_sd_size ))
+ {
+ set_error( STATUS_INVALID_SECURITY_DESCR );
+ return;
+ }
+ }
+
req_info = (const startup_info_t *)
((char*)get_req_data() + req->process_sd_size + req->thread_sd_size);
@@ -1035,6 +1047,20 @@ DECL_HANDLER(new_process)
req_env = (const WCHAR *)
@@ -1043,7 +1053,18 @@ DECL_HANDLER(new_process)
DACL_SECURITY_INFORMATION|
SACL_SECURITY_INFORMATION );
}
+
-
+ if (req_tsd)
+ {
+ /* In CreateProcess the thread defaults come from the process token,
@ -225,7 +221,6 @@ index 1fba134..f9a4611 100644
+ SACL_SECURITY_INFORMATION,
+ process->token );
+ }
+
done:
release_object( info );
}

1
patches/server-CreateProcess_ACLs/definition
View File

@ -1,4 +1,5 @@
Author: Joris van der Wel
Subject: Implement passing ACLs to CreateProcess.
Revision: 1
Depends: Miscellaneous
Fixes: [22006] Support for process ACLs