From 6bd6d630b3a647cd96f76dd22ef25d74da6bf16f Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Fri, 8 Aug 2014 20:30:17 -0600 Subject: [PATCH] Update the CreateProcess ACLs patches. --- patches/Makefile | 9 +- ...tion-set_sd_defaults_from_token-tha.patch} | 18 +- ...ending-process-and-thread-security-d.patch | 167 ++++++------------ ...-passing-a-process-security-descript.patch | 81 +++++---- ...-passing-a-thread-security-descripto.patch | 99 +++++------ patches/server-CreateProcess_ACLs/definition | 1 + 6 files changed, 155 insertions(+), 220 deletions(-) rename patches/server-CreateProcess_ACLs/{0001-server-A-new-function-set_sd_defaults_from_token-try.patch => 0001-server-A-new-function-set_sd_defaults_from_token-tha.patch} (89%) diff --git a/patches/Makefile b/patches/Makefile index c3acaf63..c609f92f 100644 --- a/patches/Makefile +++ b/patches/Makefile @@ -528,11 +528,10 @@ server-Address_Change_Notification.ok: # | server/protocol.def # | .INTERMEDIATE: server-CreateProcess_ACLs.ok -server-CreateProcess_ACLs.ok: - $(call APPLY_FILE,server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-try.patch) - $(call APPLY_FILE,server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch) - $(call APPLY_FILE,server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch) - $(call APPLY_FILE,server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch) + $(call APPLY_PATCH,server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch) + $(call APPLY_PATCH,server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch) + $(call APPLY_PATCH,server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch) + $(call APPLY_PATCH,server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch) @( \ echo '+ { "server-CreateProcess_ACLs", "Joris van der Wel", "Implement passing ACLs to CreateProcess." },'; \ ) > server-CreateProcess_ACLs.ok diff --git a/patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-try.patch b/patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch similarity index 89% rename from patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-try.patch rename to patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch index 93e29895..682c7376 100644 --- a/patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-try.patch +++ b/patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch @@ -1,15 +1,17 @@ -From 91fb6970f6b7f5a5c93d066c143e96398fba294e Mon Sep 17 00:00:00 2001 +From 30c44423ffde37855f0fd468096aa5fc6aa14912 Mon Sep 17 00:00:00 2001 From: Joris van der Wel -Date: Wed, 9 Jul 2014 00:58:10 +0200 -Subject: server: A new function "set_sd_defaults_from_token" (try 3) +Date: Sun, 3 Aug 2014 12:52:06 +0200 +Subject: server: A new function "set_sd_defaults_from_token" that sets the + security descriptor along with a token that will be used to gather + defaults, instead of always using the primary token. (try 4) server: A new function "set_sd_defaults_from_token" that sets the - security descriptor along with a token that will be used to gather -defaults, instead of always using the primary token. + security descriptor along with a token that will be used to gather defaults, + instead of always using the primary token. Some objects take their defaults not from a primary token but from a -different one -(such as from the impersonation token or the process token). +different one (such as from the impersonation token or the process +token). This function can be used to create the various set_sd implementations for the objects that need it. As a bonus, a NULL token will skip setting any defaults, this is @@ -21,7 +23,7 @@ defaults _only_ upon creation. 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/server/object.c b/server/object.c -index 11ef0ce..6389409 100644 +index 133c6b5..ec196c1 100644 --- a/server/object.c +++ b/server/object.c @@ -423,8 +423,8 @@ struct security_descriptor *default_get_sd( struct object *obj ) diff --git a/patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch b/patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch index c0c3ec4c..471d5441 100644 --- a/patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch +++ b/patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch @@ -1,86 +1,60 @@ -From fe16cbc2062778bef273ac84eca992dcc45653e6 Mon Sep 17 00:00:00 2001 +From 7c1b44caf023c4120b48a2792a442ca5ac1e3166 Mon Sep 17 00:00:00 2001 From: Joris van der Wel -Date: Wed, 9 Jul 2014 00:58:47 +0200 +Date: Sun, 3 Aug 2014 12:52:14 +0200 Subject: server: Support sending process and thread security descriptors for - the "new_process" request in the protocol. + the "new_process" request in the protocol server: Support sending process and thread security descriptors for the "new_process" request in the protocol. --- - dlls/kernel32/process.c | 30 +++++++++++++++++------------- - server/process.c | 33 ++++++++++++++++++++------------- - server/protocol.def | 41 +++++++++++++++++++++++------------------ - 3 files changed, 60 insertions(+), 44 deletions(-) + dlls/kernel32/process.c | 2 ++ + server/process.c | 44 ++++++++++++++++++++++++++++++-------------- + server/protocol.def | 4 ++++ + 3 files changed, 36 insertions(+), 14 deletions(-) diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c -index 2566ac4..8bf1934 100644 +index 2566ac4..efd0e84 100644 --- a/dlls/kernel32/process.c +++ b/dlls/kernel32/process.c -@@ -2025,19 +2025,23 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW +@@ -2034,6 +2034,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW + req->thread_access = THREAD_ALL_ACCESS; + req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0; + req->cpu = cpu; ++ req->process_sd_size= 0; ++ req->thread_sd_size = 0; + req->info_size = startup_info_size; - SERVER_START_REQ( new_process ) - { -- req->inherit_all = inherit; -- req->create_flags = flags; -- req->socket_fd = socketfd[1]; -- req->exe_file = wine_server_obj_handle( hFile ); -- req->process_access = PROCESS_ALL_ACCESS; -- req->process_attr = (psa && (psa->nLength >= sizeof(*psa)) && psa->bInheritHandle) ? OBJ_INHERIT : 0; -- req->thread_access = THREAD_ALL_ACCESS; -- req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0; -- req->cpu = cpu; -- req->info_size = startup_info_size; -- -- wine_server_add_data( req, startup_info, startup_info_size ); -- wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) ); -+ req->inherit_all = inherit; -+ req->create_flags = flags; -+ req->socket_fd = socketfd[1]; -+ req->exe_file = wine_server_obj_handle( hFile ); -+ req->process_access = PROCESS_ALL_ACCESS; -+ req->process_attr = (psa && (psa->nLength >= sizeof(*psa)) && psa->bInheritHandle) ? OBJ_INHERIT : 0; -+ req->thread_access = THREAD_ALL_ACCESS; -+ req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0; -+ req->cpu = cpu; -+ req->process_sd_size = 0; -+ req->thread_sd_size = 0; -+ req->info_size = startup_info_size; -+ req->env_size = (env_end - env) * sizeof(WCHAR); -+ -+ wine_server_add_data( req, startup_info, req->info_size ); -+ wine_server_add_data( req, env , req->env_size ); -+ - if (!(status = wine_server_call( req ))) - { - info->dwProcessId = (DWORD)reply->pid; + wine_server_add_data( req, startup_info, startup_info_size ); diff --git a/server/process.c b/server/process.c -index 7b9a3b2..9942eb3 100644 +index 7b9a3b2..110a38f 100644 --- a/server/process.c +++ b/server/process.c -@@ -880,6 +880,9 @@ DECL_HANDLER(new_process) +@@ -880,6 +880,24 @@ DECL_HANDLER(new_process) struct process *process; struct process *parent = current->process; int socket_fd = thread_get_inflight_fd( current, req->socket_fd ); + const startup_info_t *req_info; + data_size_t req_info_size; + const WCHAR *req_env; ++ data_size_t req_env_size; ++ ++ if (req->process_sd_size > get_req_data_size() || ++ req->thread_sd_size > get_req_data_size() - req->process_sd_size || ++ req->info_size > get_req_data_size() - req->process_sd_size - req->thread_sd_size) ++ { ++ close( socket_fd ); ++ return; ++ } ++ ++ req_info = (const startup_info_t *) ++ ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size); ++ req_env = (const WCHAR *) ++ ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size + req->info_size); ++ req_env_size = get_req_data_size() - (req->process_sd_size + req->thread_sd_size + req->info_size); if (socket_fd == -1) { -@@ -903,6 +906,12 @@ DECL_HANDLER(new_process) - close( socket_fd ); - return; - } -+ -+ req_info = (const startup_info_t *) -+ ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size); -+ -+ req_env = (const WCHAR *) -+ ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size + req->info_size); - - if (!req->info_size) /* create an orphaned process */ - { -@@ -920,27 +929,25 @@ DECL_HANDLER(new_process) +@@ -920,27 +938,25 @@ DECL_HANDLER(new_process) !(info->exe_file = get_file_obj( current->process, req->exe_file, FILE_READ_DATA ))) goto done; @@ -100,77 +74,42 @@ index 7b9a3b2..9942eb3 100644 - info->info_size = sizeof(startup_info_t); - info->data_size = info->info_size + env_size; + info->info_size = sizeof(*info->data); -+ info->data_size = sizeof(*info->data) + req->env_size; ++ info->data_size = sizeof(*info->data) + req_env_size; + + req_info_size = min( req->info_size, FIELD_OFFSET( startup_info_t, curdir_len )); + if (!(info->data = mem_alloc( info->data_size ))) goto done; + memset( info->data, 0, info->data_size ); + memcpy( info->data, req_info, req_info_size ); -+ memcpy( info->data + 1, req_env, req->env_size ); ++ memcpy( info->data + 1, req_env, req_env_size ); } else { data_size_t pos = sizeof(*info->data); -+ info->info_size = req->info_size; -+ info->data_size = req->info_size + req->env_size; - +- - if (!(info->data = memdup( get_req_data(), info->data_size ))) goto done; ++ info->info_size = req->info_size; ++ info->data_size = req->info_size + req_env_size; ++ + if (!(info->data = memdup( req_info, info->data_size ))) goto done; #define FIXUP_LEN(len) do { (len) = min( (len), info->info_size - pos ); pos += (len); } while(0) FIXUP_LEN( info->data->curdir_len ); FIXUP_LEN( info->data->dllpath_len ); diff --git a/server/protocol.def b/server/protocol.def -index a8c1fb9..7b0b769 100644 +index a8c1fb9..d2cfd71 100644 --- a/server/protocol.def +++ b/server/protocol.def -@@ -661,24 +661,29 @@ struct rawinput_device - - /* Create a new process from the context of the parent */ - @REQ(new_process) -- int inherit_all; /* inherit all handles from parent */ -- unsigned int create_flags; /* creation flags */ -- int socket_fd; /* file descriptor for process socket */ -- obj_handle_t exe_file; /* file handle for main exe */ -- unsigned int process_access; /* access rights for process object */ -- unsigned int process_attr; /* attributes for process object */ -- unsigned int thread_access; /* access rights for thread object */ -- unsigned int thread_attr; /* attributes for thread object */ -- cpu_type_t cpu; /* CPU that the new process will use */ -- data_size_t info_size; /* size of startup info */ -- VARARG(info,startup_info,info_size); /* startup information */ -- VARARG(env,unicode_str); /* environment for new process */ --@REPLY -- obj_handle_t info; /* new process info handle */ -- process_id_t pid; /* process id */ -- obj_handle_t phandle; /* process handle (in the current process) */ -- thread_id_t tid; /* thread id */ -- obj_handle_t thandle; /* thread handle (in the current process) */ -+ int inherit_all; /* inherit all handles from parent */ -+ unsigned int create_flags; /* creation flags */ -+ int socket_fd; /* file descriptor for process socket */ -+ obj_handle_t exe_file; /* file handle for main exe */ -+ unsigned int process_access; /* access rights for process object */ -+ unsigned int process_attr; /* attributes for process object */ -+ unsigned int thread_access; /* access rights for thread object */ -+ unsigned int thread_attr; /* attributes for thread object */ -+ cpu_type_t cpu; /* CPU that the new process will use */ -+ data_size_t process_sd_size; /* size of the process security descriptor */ -+ data_size_t thread_sd_size; /* size of the thread security descriptor */ -+ data_size_t info_size; /* size of startup info */ -+ data_size_t env_size; /* size of the environment */ -+ VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */ -+ VARARG(thread_sd,security_descriptor,thread_sd_size); /* security descriptor to set on the thread */ -+ VARARG(info,startup_info,info_size); /* startup information */ -+ VARARG(env,unicode_str,env_size); /* environment for new process */ -+@REPLY -+ obj_handle_t info; /* new process info handle */ -+ process_id_t pid; /* process id */ -+ obj_handle_t phandle; /* process handle (in the current process) */ -+ thread_id_t tid; /* thread id */ -+ obj_handle_t thandle; /* thread handle (in the current process) */ - @END - - +@@ -670,7 +670,11 @@ struct rawinput_device + unsigned int thread_access; /* access rights for thread object */ + unsigned int thread_attr; /* attributes for thread object */ + cpu_type_t cpu; /* CPU that the new process will use */ ++ data_size_t process_sd_size;/* size of the process security descriptor */ ++ data_size_t thread_sd_size; /* size of the thread security descriptor */ + data_size_t info_size; /* size of startup info */ ++ VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */ ++ VARARG(thread_sd,security_descriptor,thread_sd_size); /* security descriptor to set on the thread */ + VARARG(info,startup_info,info_size); /* startup information */ + VARARG(env,unicode_str); /* environment for new process */ + @REPLY -- 1.7.9.5 diff --git a/patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch b/patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch index 6add19f4..b5e8491a 100644 --- a/patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch +++ b/patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch @@ -1,18 +1,18 @@ -From d565d8b72c9f57d5553f72dfd7d18e2e05033c0c Mon Sep 17 00:00:00 2001 +From 43eb6734382c298997573522244de3daf3a52a78 Mon Sep 17 00:00:00 2001 From: Joris van der Wel -Date: Wed, 9 Jul 2014 00:59:30 +0200 +Date: Sun, 3 Aug 2014 12:52:32 +0200 Subject: server: implement passing a process security descriptor to - CreateProcess. + CreateProcess server: implement passing a process security descriptor to CreateProcess. For now the function "NTDLL_create_struct_sd" has been duplicated in -kernel32. -This is needed because kernel32 makes the server call. kernel32 currently -makes the server call because NtCreateProcess(Ex) has not been implemented in -ntdll. When NtCreateProcessEx (and NtCreateThreadEx) gets implemented, the -server call will be made from within ntdll instead, and this extra function -in kernel32 will no longer be needed. +kernel32. This is needed because kernel32 makes the server call. +Kernel32 currently makes the server call because NtCreateProcess(Ex) +has not been implemented in ntdll. When NtCreateProcessEx (and +NtCreateThreadEx) gets implemented, +the server call will be made from within ntdll instead, and this extra +function in kernel32 will no longer be needed. --- dlls/advapi32/tests/security.c | 3 -- dlls/kernel32/process.c | 85 +++++++++++++++++++++++++++++++++++++++- @@ -43,7 +43,7 @@ index b44496a..b1b35aa 100644 /* Documented privilege elevation */ diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c -index 8bf1934..5f6c2e5 100644 +index efd0e84..44e7711 100644 --- a/dlls/kernel32/process.c +++ b/dlls/kernel32/process.c @@ -1916,6 +1916,70 @@ static pid_t exec_loader( LPCWSTR cmd_line, unsigned int flags, int socketfd, @@ -128,8 +128,8 @@ index 8bf1934..5f6c2e5 100644 { SetLastError( ERROR_BAD_EXE_FORMAT ); return FALSE; -+ } -+ + } ++ + if (psa && (psa->nLength >= sizeof(*psa)) && psa->lpSecurityDescriptor) + { + status = create_struct_sd( psa->lpSecurityDescriptor, &psd, &psd_len ); @@ -139,7 +139,7 @@ index 8bf1934..5f6c2e5 100644 + SetLastError( RtlNtStatusToDosError(status) ); + return FALSE; + } - } ++ } /* create the socket for the new process */ @@ -165,21 +165,20 @@ index 8bf1934..5f6c2e5 100644 return FALSE; } if (!env) env = NtCurrentTeb()->Peb->ProcessParameters->Environment; -@@ -2034,11 +2114,12 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW - req->thread_access = THREAD_ALL_ACCESS; - req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0; - req->cpu = cpu; -- req->process_sd_size = 0; -+ req->process_sd_size = psd_len; - req->thread_sd_size = 0; - req->info_size = startup_info_size; - req->env_size = (env_end - env) * sizeof(WCHAR); - -+ wine_server_add_data( req, psd , req->process_sd_size ); - wine_server_add_data( req, startup_info, req->info_size ); - wine_server_add_data( req, env , req->env_size ); - -@@ -2053,6 +2134,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW +@@ -2034,10 +2114,11 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW + req->thread_access = THREAD_ALL_ACCESS; + req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0; + req->cpu = cpu; +- req->process_sd_size= 0; ++ req->process_sd_size= psd_len; + req->thread_sd_size = 0; + req->info_size = startup_info_size; + ++ wine_server_add_data( req, psd, psd_len ); + wine_server_add_data( req, startup_info, startup_info_size ); + wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) ); + if (!(status = wine_server_call( req ))) +@@ -2051,6 +2132,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW } SERVER_END_REQ; @@ -189,36 +188,35 @@ index 8bf1934..5f6c2e5 100644 if (status) { diff --git a/server/process.c b/server/process.c -index 9942eb3..1fba134 100644 +index 110a38f..571f05a 100644 --- a/server/process.c +++ b/server/process.c -@@ -883,6 +883,7 @@ DECL_HANDLER(new_process) +@@ -880,6 +880,7 @@ DECL_HANDLER(new_process) + struct process *process; + struct process *parent = current->process; + int socket_fd = thread_get_inflight_fd( current, req->socket_fd ); ++ const struct security_descriptor *req_psd = NULL; const startup_info_t *req_info; data_size_t req_info_size; const WCHAR *req_env; -+ const struct security_descriptor *req_psd = NULL; - - if (socket_fd == -1) - { -@@ -907,6 +908,17 @@ DECL_HANDLER(new_process) +@@ -892,6 +893,16 @@ DECL_HANDLER(new_process) + close( socket_fd ); return; } - ++ + if (req->process_sd_size) + { -+ req_psd = get_req_data(); -+ ++ req_psd = get_req_data(); + if (!sd_is_valid( req_psd, req->process_sd_size )) + { + set_error( STATUS_INVALID_SECURITY_DESCR ); + return; + } + } -+ + req_info = (const startup_info_t *) ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size); - -@@ -1011,6 +1023,18 @@ DECL_HANDLER(new_process) +@@ -1020,6 +1031,19 @@ DECL_HANDLER(new_process) reply->phandle = alloc_handle( parent, process, req->process_access, req->process_attr ); reply->thandle = alloc_handle( parent, thread, req->thread_access, req->thread_attr ); @@ -234,6 +232,7 @@ index 9942eb3..1fba134 100644 + DACL_SECURITY_INFORMATION| + SACL_SECURITY_INFORMATION ); + } ++ done: release_object( info ); } diff --git a/patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch b/patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch index 2c8db7f4..1f812df4 100644 --- a/patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch +++ b/patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch @@ -1,18 +1,18 @@ -From e924e19cc72127f16b64bef300e394a7f641dba1 Mon Sep 17 00:00:00 2001 +From 649ce4e95f5ea671857d5c62eb220c95a6af35d7 Mon Sep 17 00:00:00 2001 From: Joris van der Wel -Date: Wed, 9 Jul 2014 01:00:02 +0200 +Date: Sun, 3 Aug 2014 12:52:44 +0200 Subject: server: implement passing a thread security descriptor to CreateProcess server: implement passing a thread security descriptor to CreateProcess --- - dlls/advapi32/tests/security.c | 45 ++++++++++++++++++++++++++++++++++++---- - dlls/kernel32/process.c | 24 ++++++++++++++++++--- - server/process.c | 28 ++++++++++++++++++++++++- - 3 files changed, 89 insertions(+), 8 deletions(-) + dlls/advapi32/tests/security.c | 44 ++++++++++++++++++++++++++++++++++++---- + dlls/kernel32/process.c | 24 +++++++++++++++++++--- + server/process.c | 25 +++++++++++++++++++++-- + 3 files changed, 84 insertions(+), 9 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index b1b35aa..aab63f3 100644 +index b1b35aa..244844f 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -2532,12 +2532,12 @@ static void test_process_security(void) @@ -31,12 +31,10 @@ index b1b35aa..aab63f3 100644 HANDLE token, event; DWORD size; SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY }; -@@ -2657,12 +2657,38 @@ static void test_process_security(void) - psa.nLength = sizeof(psa); +@@ -2658,11 +2658,36 @@ static void test_process_security(void) psa.lpSecurityDescriptor = SecurityDescriptor; psa.bInheritHandle = TRUE; -+ -+ + + ThreadSecurityDescriptor = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH); + res = InitializeSecurityDescriptor(ThreadSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION); + ok(res, "InitializeSecurityDescriptor failed with error %d\n", GetLastError()); @@ -59,7 +57,7 @@ index b1b35aa..aab63f3 100644 + tsa.nLength = sizeof(tsa); + tsa.lpSecurityDescriptor = ThreadSecurityDescriptor; + tsa.bInheritHandle = TRUE; - ++ /* Doesn't matter what ACL say we should get full access for ourselves */ - res = CreateProcessA( NULL, buffer, &psa, NULL, FALSE, 0, NULL, NULL, &startup, &info ); + res = CreateProcessA( NULL, buffer, &psa, &tsa, FALSE, 0, NULL, NULL, &startup, &info ); @@ -71,7 +69,7 @@ index b1b35aa..aab63f3 100644 winetest_wait_child_process( info.hProcess ); FreeSid(EveryoneSid); -@@ -2673,6 +2699,8 @@ static void test_process_security(void) +@@ -2673,6 +2698,8 @@ static void test_process_security(void) HeapFree(GetProcessHeap(), 0, owner); HeapFree(GetProcessHeap(), 0, Acl); HeapFree(GetProcessHeap(), 0, SecurityDescriptor); @@ -80,24 +78,24 @@ index b1b35aa..aab63f3 100644 } static void test_process_security_child(void) -@@ -2728,6 +2756,15 @@ static void test_process_security_child(void) +@@ -2728,6 +2755,15 @@ static void test_process_security_child(void) TEST_GRANTED_ACCESS( handle1, PROCESS_VM_READ ); CloseHandle( handle1 ); CloseHandle( handle ); -+ -+ ++ ++ + handle = OpenThread( THREAD_TERMINATE, FALSE, GetCurrentThreadId() ); + ok(handle != NULL, "OpenThread(THREAD_TERMINATE) with err:%d\n", GetLastError()); + TEST_GRANTED_ACCESS( handle, PROCESS_TERMINATE ); + CloseHandle( handle ); -+ ++ + handle = OpenThread( THREAD_SET_THREAD_TOKEN, FALSE, GetCurrentThreadId() ); + ok(handle == NULL, "OpenThread(THREAD_SET_THREAD_TOKEN) should have failed\n"); } static void test_impersonation_level(void) diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c -index 5f6c2e5..a01e681 100644 +index 44e7711..dd21100 100644 --- a/dlls/kernel32/process.c +++ b/dlls/kernel32/process.c @@ -2003,8 +2003,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW @@ -114,8 +112,7 @@ index 5f6c2e5..a01e681 100644 @@ -2022,12 +2022,26 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW return FALSE; } - } -+ + } + if (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->lpSecurityDescriptor) + { + status = create_struct_sd( tsa->lpSecurityDescriptor, &tsd, &tsd_len ); @@ -123,6 +120,7 @@ index 5f6c2e5..a01e681 100644 + if (status != STATUS_SUCCESS) + { + RtlFreeHeap(GetProcessHeap(), 0, psd); ++ RtlFreeHeap(GetProcessHeap(), 0, tsd); + WARN("Invalid thread security descriptor with status %x\n", status); + SetLastError( RtlNtStatusToDosError(status) ); + return FALSE; @@ -154,21 +152,20 @@ index 5f6c2e5..a01e681 100644 return FALSE; } if (!env) env = NtCurrentTeb()->Peb->ProcessParameters->Environment; -@@ -2115,11 +2131,12 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW - req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0; - req->cpu = cpu; - req->process_sd_size = psd_len; -- req->thread_sd_size = 0; -+ req->thread_sd_size = tsd_len; - req->info_size = startup_info_size; - req->env_size = (env_end - env) * sizeof(WCHAR); - - wine_server_add_data( req, psd , req->process_sd_size ); -+ wine_server_add_data( req, tsd , req->thread_sd_size ); - wine_server_add_data( req, startup_info, req->info_size ); - wine_server_add_data( req, env , req->env_size ); - -@@ -2135,6 +2152,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW +@@ -2115,10 +2131,11 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW + req->thread_attr = (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->bInheritHandle) ? OBJ_INHERIT : 0; + req->cpu = cpu; + req->process_sd_size= psd_len; +- req->thread_sd_size = 0; ++ req->thread_sd_size = tsd_len; + req->info_size = startup_info_size; + + wine_server_add_data( req, psd, psd_len ); ++ wine_server_add_data( req, tsd, tsd_len ); + wine_server_add_data( req, startup_info, startup_info_size ); + wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) ); + if (!(status = wine_server_call( req ))) +@@ -2133,6 +2150,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW SERVER_END_REQ; RtlFreeHeap(GetProcessHeap(), 0, psd); @@ -177,42 +174,41 @@ index 5f6c2e5..a01e681 100644 RtlReleasePebLock(); if (status) diff --git a/server/process.c b/server/process.c -index 1fba134..f9a4611 100644 +index 571f05a..52c04f7 100644 --- a/server/process.c +++ b/server/process.c -@@ -883,7 +883,7 @@ DECL_HANDLER(new_process) +@@ -880,7 +880,7 @@ DECL_HANDLER(new_process) + struct process *process; + struct process *parent = current->process; + int socket_fd = thread_get_inflight_fd( current, req->socket_fd ); +- const struct security_descriptor *req_psd = NULL; ++ const struct security_descriptor *req_psd = NULL, *req_tsd = NULL; const startup_info_t *req_info; data_size_t req_info_size; const WCHAR *req_env; -- const struct security_descriptor *req_psd = NULL; -+ const struct security_descriptor *req_psd = NULL, *req_tsd = NULL; - - if (socket_fd == -1) - { -@@ -919,6 +919,18 @@ DECL_HANDLER(new_process) +@@ -903,7 +903,17 @@ DECL_HANDLER(new_process) + return; } } - + if (req->thread_sd_size) + { -+ req_tsd = (const struct security_descriptor *) -+ ((char*)get_req_data() + req->process_sd_size); -+ ++ req_tsd = (const struct security_descriptor *) ++ ((char*)get_req_data() + req->process_sd_size); + + if (!sd_is_valid( req_tsd, req->thread_sd_size )) + { + set_error( STATUS_INVALID_SECURITY_DESCR ); + return; + } + } -+ req_info = (const startup_info_t *) ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size); - -@@ -1035,6 +1047,20 @@ DECL_HANDLER(new_process) + req_env = (const WCHAR *) +@@ -1043,7 +1053,18 @@ DECL_HANDLER(new_process) DACL_SECURITY_INFORMATION| SACL_SECURITY_INFORMATION ); } -+ +- + if (req_tsd) + { + /* In CreateProcess the thread defaults come from the process token, @@ -225,7 +221,6 @@ index 1fba134..f9a4611 100644 + SACL_SECURITY_INFORMATION, + process->token ); + } -+ done: release_object( info ); } diff --git a/patches/server-CreateProcess_ACLs/definition b/patches/server-CreateProcess_ACLs/definition index 72e68063..c3d441c4 100644 --- a/patches/server-CreateProcess_ACLs/definition +++ b/patches/server-CreateProcess_ACLs/definition @@ -1,4 +1,5 @@ Author: Joris van der Wel Subject: Implement passing ACLs to CreateProcess. Revision: 1 +Depends: Miscellaneous Fixes: [22006] Support for process ACLs