diff --git a/patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch b/patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch index 682c7376..b5ef7224 100644 --- a/patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch +++ b/patches/server-CreateProcess_ACLs/0001-server-A-new-function-set_sd_defaults_from_token-tha.patch @@ -1,14 +1,10 @@ -From 30c44423ffde37855f0fd468096aa5fc6aa14912 Mon Sep 17 00:00:00 2001 +From 99fa68f60166b3064371eb8ef68fcb3d733a28dc Mon Sep 17 00:00:00 2001 From: Joris van der Wel Date: Sun, 3 Aug 2014 12:52:06 +0200 Subject: server: A new function "set_sd_defaults_from_token" that sets the security descriptor along with a token that will be used to gather defaults, instead of always using the primary token. (try 4) -server: A new function "set_sd_defaults_from_token" that sets the - security descriptor along with a token that will be used to gather defaults, - instead of always using the primary token. - Some objects take their defaults not from a primary token but from a different one (such as from the impersonation token or the process token). @@ -23,7 +19,7 @@ defaults _only_ upon creation. 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/server/object.c b/server/object.c -index 133c6b5..ec196c1 100644 +index 11ef0ce..6389409 100644 --- a/server/object.c +++ b/server/object.c @@ -423,8 +423,8 @@ struct security_descriptor *default_get_sd( struct object *obj ) @@ -88,14 +84,14 @@ index 133c6b5..ec196c1 100644 unsigned int attr ) { diff --git a/server/object.h b/server/object.h -index bb3ff21..7201ff9 100644 +index bb3ff21..dd93b76e 100644 --- a/server/object.h +++ b/server/object.h @@ -139,6 +139,8 @@ extern struct fd *no_get_fd( struct object *obj ); extern unsigned int no_map_access( struct object *obj, unsigned int access ); extern struct security_descriptor *default_get_sd( struct object *obj ); extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info ); -+extern int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd, ++extern int set_sd_defaults_from_token( struct object *obj, const struct security_descriptor *sd, + unsigned int set_info, struct token *token ); extern struct object *no_lookup_name( struct object *obj, struct unicode_str *name, unsigned int attributes ); extern struct object *no_open_file( struct object *obj, unsigned int access, unsigned int sharing, diff --git a/patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch b/patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch index 471d5441..f71d61c5 100644 --- a/patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch +++ b/patches/server-CreateProcess_ACLs/0002-server-Support-sending-process-and-thread-security-d.patch @@ -1,19 +1,17 @@ -From 7c1b44caf023c4120b48a2792a442ca5ac1e3166 Mon Sep 17 00:00:00 2001 +From 38c3a1a50ca4bdef0b5ec0cf120fd5da889954dd Mon Sep 17 00:00:00 2001 From: Joris van der Wel Date: Sun, 3 Aug 2014 12:52:14 +0200 Subject: server: Support sending process and thread security descriptors for the "new_process" request in the protocol -server: Support sending process and thread security descriptors for - the "new_process" request in the protocol. --- dlls/kernel32/process.c | 2 ++ - server/process.c | 44 ++++++++++++++++++++++++++++++-------------- + server/process.c | 42 +++++++++++++++++++++++++++++------------- server/protocol.def | 4 ++++ - 3 files changed, 36 insertions(+), 14 deletions(-) + 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c -index 2566ac4..efd0e84 100644 +index 301c64a..66e4a31 100644 --- a/dlls/kernel32/process.c +++ b/dlls/kernel32/process.c @@ -2034,6 +2034,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW @@ -26,7 +24,7 @@ index 2566ac4..efd0e84 100644 wine_server_add_data( req, startup_info, startup_info_size ); diff --git a/server/process.c b/server/process.c -index 7b9a3b2..110a38f 100644 +index 7b9a3b2..d7220e1 100644 --- a/server/process.c +++ b/server/process.c @@ -880,6 +880,24 @@ DECL_HANDLER(new_process) @@ -75,7 +73,7 @@ index 7b9a3b2..110a38f 100644 - info->data_size = info->info_size + env_size; + info->info_size = sizeof(*info->data); + info->data_size = sizeof(*info->data) + req_env_size; -+ ++ + req_info_size = min( req->info_size, FIELD_OFFSET( startup_info_t, curdir_len )); + if (!(info->data = mem_alloc( info->data_size ))) goto done; + memset( info->data, 0, info->data_size ); @@ -85,17 +83,16 @@ index 7b9a3b2..110a38f 100644 else { data_size_t pos = sizeof(*info->data); -- -- if (!(info->data = memdup( get_req_data(), info->data_size ))) goto done; + info->info_size = req->info_size; + info->data_size = req->info_size + req_env_size; -+ + +- if (!(info->data = memdup( get_req_data(), info->data_size ))) goto done; + if (!(info->data = memdup( req_info, info->data_size ))) goto done; #define FIXUP_LEN(len) do { (len) = min( (len), info->info_size - pos ); pos += (len); } while(0) FIXUP_LEN( info->data->curdir_len ); FIXUP_LEN( info->data->dllpath_len ); diff --git a/server/protocol.def b/server/protocol.def -index a8c1fb9..d2cfd71 100644 +index c9270ea..dca98a4 100644 --- a/server/protocol.def +++ b/server/protocol.def @@ -670,7 +670,11 @@ struct rawinput_device diff --git a/patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch b/patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch index b5e8491a..7eab4c9d 100644 --- a/patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch +++ b/patches/server-CreateProcess_ACLs/0003-server-implement-passing-a-process-security-descript.patch @@ -1,11 +1,9 @@ -From 43eb6734382c298997573522244de3daf3a52a78 Mon Sep 17 00:00:00 2001 +From 31d68ddd963e008e73e31c661556cd76b78da17e Mon Sep 17 00:00:00 2001 From: Joris van der Wel Date: Sun, 3 Aug 2014 12:52:32 +0200 Subject: server: implement passing a process security descriptor to CreateProcess -server: implement passing a process security descriptor to CreateProcess. - For now the function "NTDLL_create_struct_sd" has been duplicated in kernel32. This is needed because kernel32 makes the server call. Kernel32 currently makes the server call because NtCreateProcess(Ex) @@ -43,7 +41,7 @@ index b44496a..b1b35aa 100644 /* Documented privilege elevation */ diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c -index efd0e84..44e7711 100644 +index 66e4a31..65e6978 100644 --- a/dlls/kernel32/process.c +++ b/dlls/kernel32/process.c @@ -1916,6 +1916,70 @@ static pid_t exec_loader( LPCWSTR cmd_line, unsigned int flags, int socketfd, @@ -117,7 +115,7 @@ index efd0e84..44e7711 100644 /*********************************************************************** * create_process * -@@ -1939,17 +2003,31 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW +@@ -1939,6 +2003,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW int socketfd[2], stdin_fd = -1, stdout_fd = -1; pid_t pid; int err, cpu; @@ -126,10 +124,10 @@ index efd0e84..44e7711 100644 if ((cpu = get_process_cpu( filename, binary_info )) == -1) { - SetLastError( ERROR_BAD_EXE_FORMAT ); +@@ -1946,10 +2012,22 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW return FALSE; } -+ + + if (psa && (psa->nLength >= sizeof(*psa)) && psa->lpSecurityDescriptor) + { + status = create_struct_sd( psa->lpSecurityDescriptor, &psd, &psd_len ); @@ -140,7 +138,7 @@ index efd0e84..44e7711 100644 + return FALSE; + } + } - ++ /* create the socket for the new process */ if (socketpair( PF_UNIX, SOCK_STREAM, 0, socketfd ) == -1) @@ -188,7 +186,7 @@ index efd0e84..44e7711 100644 if (status) { diff --git a/server/process.c b/server/process.c -index 110a38f..571f05a 100644 +index d7220e1..2119a08 100644 --- a/server/process.c +++ b/server/process.c @@ -880,6 +880,7 @@ DECL_HANDLER(new_process) @@ -199,37 +197,37 @@ index 110a38f..571f05a 100644 const startup_info_t *req_info; data_size_t req_info_size; const WCHAR *req_env; -@@ -892,6 +893,16 @@ DECL_HANDLER(new_process) - close( socket_fd ); +@@ -893,6 +894,16 @@ DECL_HANDLER(new_process) return; } -+ + + if (req->process_sd_size) + { -+ req_psd = get_req_data(); ++ req_psd = get_req_data(); + if (!sd_is_valid( req_psd, req->process_sd_size )) + { + set_error( STATUS_INVALID_SECURITY_DESCR ); + return; + } + } - ++ req_info = (const startup_info_t *) ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size); + req_env = (const WCHAR *) @@ -1020,6 +1031,19 @@ DECL_HANDLER(new_process) reply->phandle = alloc_handle( parent, process, req->process_access, req->process_attr ); reply->thandle = alloc_handle( parent, thread, req->thread_access, req->thread_attr ); -+ /* note: alloc_handle might fail with access denied ++ /* note: alloc_handle might fail with access denied + * if the security descriptor is set before that call */ -+ ++ + if (req_psd) + { + default_set_sd( &process->obj, + req_psd, -+ OWNER_SECURITY_INFORMATION| -+ GROUP_SECURITY_INFORMATION| -+ DACL_SECURITY_INFORMATION| ++ OWNER_SECURITY_INFORMATION | ++ GROUP_SECURITY_INFORMATION | ++ DACL_SECURITY_INFORMATION | + SACL_SECURITY_INFORMATION ); + } + diff --git a/patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch b/patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch index 1f812df4..bd0cece9 100644 --- a/patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch +++ b/patches/server-CreateProcess_ACLs/0004-server-implement-passing-a-thread-security-descripto.patch @@ -1,10 +1,9 @@ -From 649ce4e95f5ea671857d5c62eb220c95a6af35d7 Mon Sep 17 00:00:00 2001 +From c4b089e56ea5ace923a69428c1a96c838e94a2aa Mon Sep 17 00:00:00 2001 From: Joris van der Wel Date: Sun, 3 Aug 2014 12:52:44 +0200 Subject: server: implement passing a thread security descriptor to CreateProcess -server: implement passing a thread security descriptor to CreateProcess --- dlls/advapi32/tests/security.c | 44 ++++++++++++++++++++++++++++++++++++---- dlls/kernel32/process.c | 24 +++++++++++++++++++--- @@ -12,7 +11,7 @@ server: implement passing a thread security descriptor to CreateProcess 3 files changed, 84 insertions(+), 9 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index b1b35aa..244844f 100644 +index b1b35aa..eb9b8cb 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -2532,12 +2532,12 @@ static void test_process_security(void) @@ -38,7 +37,7 @@ index b1b35aa..244844f 100644 + ThreadSecurityDescriptor = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH); + res = InitializeSecurityDescriptor(ThreadSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION); + ok(res, "InitializeSecurityDescriptor failed with error %d\n", GetLastError()); -+ ++ + ThreadAcl = HeapAlloc(GetProcessHeap(), 0, 256); + res = InitializeAcl(ThreadAcl, 256, ACL_REVISION); + ok(res, "InitializeAcl failed with error %d\n", GetLastError()); @@ -46,14 +45,14 @@ index b1b35aa..244844f 100644 + ok(res, "AddAccessDeniedAce failed with error %d\n", GetLastError()); + res = AddAccessAllowedAce(ThreadAcl, ACL_REVISION, THREAD_ALL_ACCESS, AdminSid); + ok(res, "AddAccessAllowedAce failed with error %d\n", GetLastError()); -+ ++ + res = SetSecurityDescriptorOwner(ThreadSecurityDescriptor, AdminSid, FALSE); + ok(res, "SetSecurityDescriptorOwner failed with error %d\n", GetLastError()); + res = SetSecurityDescriptorGroup(ThreadSecurityDescriptor, UsersSid, FALSE); + ok(res, "SetSecurityDescriptorGroup failed with error %d\n", GetLastError()); + res = SetSecurityDescriptorDacl(ThreadSecurityDescriptor, TRUE, ThreadAcl, FALSE); + ok(res, "SetSecurityDescriptorDacl failed with error %d\n", GetLastError()); -+ ++ + tsa.nLength = sizeof(tsa); + tsa.lpSecurityDescriptor = ThreadSecurityDescriptor; + tsa.bInheritHandle = TRUE; @@ -95,7 +94,7 @@ index b1b35aa..244844f 100644 static void test_impersonation_level(void) diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c -index 44e7711..dd21100 100644 +index 65e6978..f2d11ba 100644 --- a/dlls/kernel32/process.c +++ b/dlls/kernel32/process.c @@ -2003,8 +2003,8 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW @@ -116,7 +115,7 @@ index 44e7711..dd21100 100644 + if (tsa && (tsa->nLength >= sizeof(*tsa)) && tsa->lpSecurityDescriptor) + { + status = create_struct_sd( tsa->lpSecurityDescriptor, &tsd, &tsd_len ); -+ ++ + if (status != STATUS_SUCCESS) + { + RtlFreeHeap(GetProcessHeap(), 0, psd); @@ -174,7 +173,7 @@ index 44e7711..dd21100 100644 RtlReleasePebLock(); if (status) diff --git a/server/process.c b/server/process.c -index 571f05a..52c04f7 100644 +index 2119a08..c0b82d1 100644 --- a/server/process.c +++ b/server/process.c @@ -880,7 +880,7 @@ DECL_HANDLER(new_process) @@ -205,7 +204,7 @@ index 571f05a..52c04f7 100644 ((char*)get_req_data() + req->process_sd_size + req->thread_sd_size); req_env = (const WCHAR *) @@ -1043,7 +1053,18 @@ DECL_HANDLER(new_process) - DACL_SECURITY_INFORMATION| + DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION ); } - @@ -214,10 +213,10 @@ index 571f05a..52c04f7 100644 + /* In CreateProcess the thread defaults come from the process token, + * (this is not the case during CreateThread however) */ + set_sd_defaults_from_token( &thread->obj, -+ req_tsd, -+ OWNER_SECURITY_INFORMATION| -+ GROUP_SECURITY_INFORMATION| -+ DACL_SECURITY_INFORMATION| ++ req_tsd, ++ OWNER_SECURITY_INFORMATION | ++ GROUP_SECURITY_INFORMATION | ++ DACL_SECURITY_INFORMATION | + SACL_SECURITY_INFORMATION, + process->token ); + }