wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-04-13 14:42:51 -07:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: wine:v5.19
Branches Tags
wine:master wine:v2.10-backports wine:stable wine:acl-rework wine:d3d10 wine:fontsymlinks
wine:v10.5 wine:v10.4 wine:v10.3 wine:v10.2 wine:v10.1 wine:v10.0 wine:v10.0-rc6 wine:v10.0-rc5 wine:v10.0-rc4 wine:v10.0-rc3 wine:v10.0-rc2 wine:v10.0-rc1 wine:v9.22 wine:v9.21 wine:v9.20 wine:v9.19 wine:v9.18 wine:v9.17 wine:v9.16 wine:v9.15 wine:v9.14 wine:v9.13 wine:v9.12 wine:v9.11 wine:v9.10 wine:v9.9 wine:v9.8 wine:v9.7 wine:v9.6 wine:v9.5 wine:v9.4.1 wine:v9.4 wine:v9.3 wine:v9.2 wine:v9.1 wine:v9.0 wine:v9.0-rc5 wine:v9.0-rc4 wine:v9.0-rc3 wine:v9.0-rc2 wine:v9.0-rc1 wine:v8.21 wine:v8.20 wine:v8.19 wine:v8.18 wine:v8.17.1 wine:v8.17 wine:v8.16 wine:v8.15 wine:v8.14 wine:v8.13 wine:v8.12 wine:v8.11 wine:v8.10 wine:v8.9.1 wine:v8.9 wine:v8.8 wine:v8.7 wine:v8.6.1 wine:v8.6 wine:v8.5 wine:v8.4 wine:v8.3 wine:v8.2 wine:v8.1 wine:v8.0 wine:v8.0-rc5 wine:v8.0-rc4 wine:v8.0-rc3 wine:v8.0-rc2 wine:v8.0-rc1 wine:v7.22 wine:v7.21 wine:v7.20 wine:v7.19 wine:v7.18 wine:v7.17 wine:v7.16 wine:v7.15 wine:v7.14 wine:v7.13 wine:v7.12 wine:v7.11 wine:v7.10 wine:v7.9 wine:v7.8 wine:v7.7 wine:v7.6 wine:v7.5 wine:v7.4 wine:v7.3 wine:v7.2 wine:v7.1 wine:v7.0 wine:v7.0-rc6 wine:v7.0-rc5 wine:v7.0-rc4 wine:v7.0-rc3 wine:v7.0-rc2 wine:v7.0-rc1 wine:v6.23 wine:v6.22 wine:v6.21 wine:v6.20 wine:v6.19 wine:v6.18 wine:v6.17 wine:v6.16 wine:v6.15 wine:v6.14 wine:v6.13 wine:v6.12.1 wine:v6.12 wine:v6.11 wine:v6.10 wine:v6.9 wine:v6.8 wine:v6.7 wine:v6.6 wine:v6.5 wine:v6.4 wine:v6.3 wine:v6.2 wine:v6.1 wine:v6.0 wine:v6.0-rc6 wine:v6.0-rc5 wine:v6.0-rc4 wine:v6.0-rc3 wine:v6.0-rc2 wine:v6.0rc1 wine:v5.22 wine:v5.21 wine:v5.20 wine:v5.19 wine:v5.18 wine:v5.17.2 wine:v5.17.1 wine:v5.17 wine:v5.16 wine:v5.15.2 wine:v5.15.1 wine:v5.15 wine:v5.14 wine:v5.13 wine:v5.12.1 wine:v5.12 wine:v5.11 wine:v5.10 wine:v5.9 wine:v5.8 wine:v5.7 wine:v5.6.1 wine:v5.6 wine:v5.5 wine:v5.4 wine:v5.3 wine:v5.2 wine:v5.1 wine:v5.0 wine:v5.0-rc6 wine:v5.0-rc5 wine:v5.0-rc4 wine:v5.0-rc3 wine:v5.0-rc2 wine:v5.0-rc1 wine:v4.21 wine:v4.20 wine:v4.19 wine:v4.18 wine:v4.17 wine:v4.16 wine:v4.15-1 wine:v4.15 wine:v4.14 wine:v4.13 wine:v4.12.1 wine:v4.12 wine:v4.11 wine:v4.10 wine:v4.9 wine:v4.8 wine:v4.7 wine:v4.6 wine:v4.5 wine:v4.4 wine:v4.3 wine:v4.2 wine:v4.1-2 wine:v4.1-1 wine:v4.1 wine:v4.0 wine:v4.0-rc7 wine:v4.0-rc6 wine:v4.0-rc5 wine:v4.0-rc4 wine:v4.0-rc3 wine:v4.0-rc2 wine:v4.0-rc1 wine:v3.21 wine:v3.20 wine:v3.19 wine:v3.18 wine:v3.17 wine:v3.16 wine:v3.15 wine:v3.14 wine:v3.13.1 wine:v3.13 wine:v3.12 wine:v3.11 wine:v3.10 wine:v3.9 wine:v3.8 wine:v3.7 wine:v3.6 wine:v3.5 wine:show wine:v3.4 wine:v3.3 wine:latest-release wine:v2.21 wine:v2.20 wine:v2.19 wine:v2.18 wine:v2.17 wine:v2.16 wine:v2.15 wine:v2.14 wine:v2.13 wine:v2.12 wine:v2.11 wine:v2.10-3 wine:v2.10-2 wine:v2.10 wine:v2.9 wine:v2.8 wine:v2.7 wine:v2.6 wine:v2.5 wine:v2.4 wine:v2.3 wine:v2.2 wine:v2.1 wine:v2.0 wine:v2.0-rc6 wine:v2.0-rc5 wine:v1.8.6-unofficial wine:v1.8.5-unofficial wine:v2.0-rc4 wine:v2.0-rc3 wine:v2.0-rc2 wine:v2.0-rc1 wine:v1.9.23 wine:v1.9.22 wine:v1.9.21 wine:v1.9.20 wine:v1.9.19 wine:v1.9.18 wine:v1.8.4-unofficial wine:v1.9.17 wine:v1.9.16 wine:v1.9.15 wine:v1.9.14 wine:v1.8.3-unofficial wine:v1.9.13 wine:v1.9.12 wine:v1.9.11 wine:v1.9.10 wine:v1.9.9 wine:v1.8.2-unofficial wine:v1.9.8 wine:v1.9.7 wine:v1.8.1-unofficial wine:v1.9.6 wine:v1.9.5 wine:v1.9.4 wine:v1.9.3 wine:v1.9.2 wine:v1.9.1 wine:v1.9.0 wine:v1.8 wine:v1.8-rc4 wine:v1.8-rc3 wine:v1.8-rc2 wine:v1.8-rc1 wine:v1.7.55 wine:v1.7.54 wine:v1.7.53 wine:v1.7.52 wine:v1.7.51 wine:v1.7.50 wine:v1.7.49 wine:v1.7.48 wine:v1.7.47 wine:v1.7.46 wine:v1.7.45 wine:v1.7.44 wine:v1.7.43 wine:v1.7.42 wine:v1.7.41 wine:v1.7.40 wine:v1.7.39 wine:v1.7.38 wine:v1.7.37 wine:v1.7.36 wine:v1.7.35 wine:v1.7.34-1 wine:v1.7.34 wine:v1.7.33 wine:v1.7.32 wine:v1.7.31 wine:v1.7.30 wine:v1.7.29 wine:v1.7.28 wine:v1.7.27 wine:v1.7.26 wine:v1.7.25 wine:v1.7.24 wine:v1.7.23 wine:v1.7.22 wine:v1.7.21 wine:v1.7.20 wine:v1.7.19-1 wine:v1.7.19 wine:v1.7.18-1 wine:v1.7.18 wine:v1.7.17 wine:v1.7.16-1 wine:v1.7.16 wine:v1.7.15 wine:v1.7.14 wine:v1.7.13 wine:v1.7.12 wine:v1.7.11 wine:v1.7.10 wine:v1.7.9 wine:v1.7.8-1 wine:v1.7.8 wine:v1.7.7
..
compare: wine:v5.12.1
Branches Tags
wine:master wine:v2.10-backports wine:stable wine:acl-rework wine:d3d10 wine:fontsymlinks
wine:v10.5 wine:v10.4 wine:v10.3 wine:v10.2 wine:v10.1 wine:v10.0 wine:v10.0-rc6 wine:v10.0-rc5 wine:v10.0-rc4 wine:v10.0-rc3 wine:v10.0-rc2 wine:v10.0-rc1 wine:v9.22 wine:v9.21 wine:v9.20 wine:v9.19 wine:v9.18 wine:v9.17 wine:v9.16 wine:v9.15 wine:v9.14 wine:v9.13 wine:v9.12 wine:v9.11 wine:v9.10 wine:v9.9 wine:v9.8 wine:v9.7 wine:v9.6 wine:v9.5 wine:v9.4.1 wine:v9.4 wine:v9.3 wine:v9.2 wine:v9.1 wine:v9.0 wine:v9.0-rc5 wine:v9.0-rc4 wine:v9.0-rc3 wine:v9.0-rc2 wine:v9.0-rc1 wine:v8.21 wine:v8.20 wine:v8.19 wine:v8.18 wine:v8.17.1 wine:v8.17 wine:v8.16 wine:v8.15 wine:v8.14 wine:v8.13 wine:v8.12 wine:v8.11 wine:v8.10 wine:v8.9.1 wine:v8.9 wine:v8.8 wine:v8.7 wine:v8.6.1 wine:v8.6 wine:v8.5 wine:v8.4 wine:v8.3 wine:v8.2 wine:v8.1 wine:v8.0 wine:v8.0-rc5 wine:v8.0-rc4 wine:v8.0-rc3 wine:v8.0-rc2 wine:v8.0-rc1 wine:v7.22 wine:v7.21 wine:v7.20 wine:v7.19 wine:v7.18 wine:v7.17 wine:v7.16 wine:v7.15 wine:v7.14 wine:v7.13 wine:v7.12 wine:v7.11 wine:v7.10 wine:v7.9 wine:v7.8 wine:v7.7 wine:v7.6 wine:v7.5 wine:v7.4 wine:v7.3 wine:v7.2 wine:v7.1 wine:v7.0 wine:v7.0-rc6 wine:v7.0-rc5 wine:v7.0-rc4 wine:v7.0-rc3 wine:v7.0-rc2 wine:v7.0-rc1 wine:v6.23 wine:v6.22 wine:v6.21 wine:v6.20 wine:v6.19 wine:v6.18 wine:v6.17 wine:v6.16 wine:v6.15 wine:v6.14 wine:v6.13 wine:v6.12.1 wine:v6.12 wine:v6.11 wine:v6.10 wine:v6.9 wine:v6.8 wine:v6.7 wine:v6.6 wine:v6.5 wine:v6.4 wine:v6.3 wine:v6.2 wine:v6.1 wine:v6.0 wine:v6.0-rc6 wine:v6.0-rc5 wine:v6.0-rc4 wine:v6.0-rc3 wine:v6.0-rc2 wine:v6.0rc1 wine:v5.22 wine:v5.21 wine:v5.20 wine:v5.19 wine:v5.18 wine:v5.17.2 wine:v5.17.1 wine:v5.17 wine:v5.16 wine:v5.15.2 wine:v5.15.1 wine:v5.15 wine:v5.14 wine:v5.13 wine:v5.12.1 wine:v5.12 wine:v5.11 wine:v5.10 wine:v5.9 wine:v5.8 wine:v5.7 wine:v5.6.1 wine:v5.6 wine:v5.5 wine:v5.4 wine:v5.3 wine:v5.2 wine:v5.1 wine:v5.0 wine:v5.0-rc6 wine:v5.0-rc5 wine:v5.0-rc4 wine:v5.0-rc3 wine:v5.0-rc2 wine:v5.0-rc1 wine:v4.21 wine:v4.20 wine:v4.19 wine:v4.18 wine:v4.17 wine:v4.16 wine:v4.15-1 wine:v4.15 wine:v4.14 wine:v4.13 wine:v4.12.1 wine:v4.12 wine:v4.11 wine:v4.10 wine:v4.9 wine:v4.8 wine:v4.7 wine:v4.6 wine:v4.5 wine:v4.4 wine:v4.3 wine:v4.2 wine:v4.1-2 wine:v4.1-1 wine:v4.1 wine:v4.0 wine:v4.0-rc7 wine:v4.0-rc6 wine:v4.0-rc5 wine:v4.0-rc4 wine:v4.0-rc3 wine:v4.0-rc2 wine:v4.0-rc1 wine:v3.21 wine:v3.20 wine:v3.19 wine:v3.18 wine:v3.17 wine:v3.16 wine:v3.15 wine:v3.14 wine:v3.13.1 wine:v3.13 wine:v3.12 wine:v3.11 wine:v3.10 wine:v3.9 wine:v3.8 wine:v3.7 wine:v3.6 wine:v3.5 wine:show wine:v3.4 wine:v3.3 wine:latest-release wine:v2.21 wine:v2.20 wine:v2.19 wine:v2.18 wine:v2.17 wine:v2.16 wine:v2.15 wine:v2.14 wine:v2.13 wine:v2.12 wine:v2.11 wine:v2.10-3 wine:v2.10-2 wine:v2.10 wine:v2.9 wine:v2.8 wine:v2.7 wine:v2.6 wine:v2.5 wine:v2.4 wine:v2.3 wine:v2.2 wine:v2.1 wine:v2.0 wine:v2.0-rc6 wine:v2.0-rc5 wine:v1.8.6-unofficial wine:v1.8.5-unofficial wine:v2.0-rc4 wine:v2.0-rc3 wine:v2.0-rc2 wine:v2.0-rc1 wine:v1.9.23 wine:v1.9.22 wine:v1.9.21 wine:v1.9.20 wine:v1.9.19 wine:v1.9.18 wine:v1.8.4-unofficial wine:v1.9.17 wine:v1.9.16 wine:v1.9.15 wine:v1.9.14 wine:v1.8.3-unofficial wine:v1.9.13 wine:v1.9.12 wine:v1.9.11 wine:v1.9.10 wine:v1.9.9 wine:v1.8.2-unofficial wine:v1.9.8 wine:v1.9.7 wine:v1.8.1-unofficial wine:v1.9.6 wine:v1.9.5 wine:v1.9.4 wine:v1.9.3 wine:v1.9.2 wine:v1.9.1 wine:v1.9.0 wine:v1.8 wine:v1.8-rc4 wine:v1.8-rc3 wine:v1.8-rc2 wine:v1.8-rc1 wine:v1.7.55 wine:v1.7.54 wine:v1.7.53 wine:v1.7.52 wine:v1.7.51 wine:v1.7.50 wine:v1.7.49 wine:v1.7.48 wine:v1.7.47 wine:v1.7.46 wine:v1.7.45 wine:v1.7.44 wine:v1.7.43 wine:v1.7.42 wine:v1.7.41 wine:v1.7.40 wine:v1.7.39 wine:v1.7.38 wine:v1.7.37 wine:v1.7.36 wine:v1.7.35 wine:v1.7.34-1 wine:v1.7.34 wine:v1.7.33 wine:v1.7.32 wine:v1.7.31 wine:v1.7.30 wine:v1.7.29 wine:v1.7.28 wine:v1.7.27 wine:v1.7.26 wine:v1.7.25 wine:v1.7.24 wine:v1.7.23 wine:v1.7.22 wine:v1.7.21 wine:v1.7.20 wine:v1.7.19-1 wine:v1.7.19 wine:v1.7.18-1 wine:v1.7.18 wine:v1.7.17 wine:v1.7.16-1 wine:v1.7.16 wine:v1.7.15 wine:v1.7.14 wine:v1.7.13 wine:v1.7.12 wine:v1.7.11 wine:v1.7.10 wine:v1.7.9 wine:v1.7.8-1 wine:v1.7.8 wine:v1.7.7

1 Commits
v5.19 ... v5.12.1

Author SHA1 Message Date
Alistair Leslie-Hughes
2ecd3b8b8e Release v5.12.1 2020-07-06 07:54:38 +10:00
379 changed files with 24375 additions and 35220 deletions
Expand all files Collapse all files

30
README.md
View File

@@ -79,32 +79,4 @@ Contributing
For information on contributing to Wine-Staging, please see
<https://wiki.winehq.org/Wine-Staging_Contributing>. Note that GitHub pull
requests are strongly dispreferred, especially for patches.
Donations
---------
wine-staging is a large set of experimental patches which provide various
improvements to WINE, but are not quite suitable for upstreaming. This set of
patches has been continuously managed for many years by a small group of
volunteers. The way this works is that we often review patches attached to
various bug reports found at https://bugs.winehq.org/ which may fix bugs, but
may not be quite suitable to be upstreamed due to needing some cleanup or more
proper implementation. In the event that this happens, we add the patches to
wine-staging instead, and keep them updated and maintained as well as attempt to
clean them up to be upstreamed. We also both write and verify patches which fix
various bugs that may not have patches, and in turn allow them run better using
WINE. This includes testing on various hardware, games, and applications.
Any expenses for applications, games, or hardware which we do not own comes out
of pocket. In order to alleviate these expenses, we are now accepting donations.
This in turn allows us to continue to perform testing, provide fixes, and get
them upstreamed, ultimately aiming to provide a better experience for all WINE
users. All of our work is provided publicly for free and can be found at
<https://github.com/wine-staging/wine-staging>. We do not expect to be paid for
any of the work provided, nor will donators receive any special benefits or
compensation.
Donations are recieved through Patreon. Anyone interested may donate here:
https://www.patreon.com/winestaging
requests are strongly dispreferred, especially for patches.

83
patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch
View File

@@ -1,60 +1,49 @@
From 0cf6433af95363c5fbba2af482b2ba50b863dfb7 Mon Sep 17 00:00:00 2001
From aa9cb874b1fb89601d6a5a735b442b8a7aa7b3aa Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Thu, 2 Oct 2014 19:44:31 +0200
Subject: [PATCH] ntdll: Print a warning message specifying the wine-staging
branch name and version.
Subject: [PATCH] kernel32: Add winediag message to show warning, that this
isn't vanilla wine.
---
dlls/ntdll/loader.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
dlls/kernel32/process.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
index 20bc3f977d1..c2187a19397 100644
--- a/dlls/ntdll/loader.c
+++ b/dlls/ntdll/loader.c
@@ -44,6 +44,7 @@ WINE_DECLARE_DEBUG_CHANNEL(relay);
WINE_DECLARE_DEBUG_CHANNEL(snoop);
WINE_DECLARE_DEBUG_CHANNEL(loaddll);
WINE_DECLARE_DEBUG_CHANNEL(imports);
diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
index 8f506fcf1320..45bfe7fe7b5d 100644
--- a/dlls/kernel32/process.c
+++ b/dlls/kernel32/process.c
@@ -60,6 +60,7 @@
WINE_DEFAULT_DEBUG_CHANNEL(process);
WINE_DECLARE_DEBUG_CHANNEL(relay);
+WINE_DECLARE_DEBUG_CHANNEL(winediag);
#ifdef _WIN64
#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
@@ -3456,6 +3457,7 @@ static void process_breakpoint(void)
__ENDTRY
}
+extern const char * CDECL wine_get_version(void);
/******************************************************************
* LdrInitializeThunk (NTDLL.@)
@@ -3465,6 +3467,9 @@ static void process_breakpoint(void)
*/
void WINAPI LdrInitializeThunk( CONTEXT *context, ULONG_PTR unknown2, ULONG_PTR unknown3, ULONG_PTR unknown4 )
typedef struct
{
+ OBJECT_ATTRIBUTES staging_event_attr;
+ UNICODE_STRING staging_event_string;
+ HANDLE staging_event;
static int attach_done;
int i;
NTSTATUS status;
@@ -3483,6 +3488,16 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, ULONG_PTR unknown2, ULONG_PTR
entry = (void **)&context->u.s.X0;
@@ -125,6 +126,7 @@ static inline DWORD call_process_entry( PEB *peb, LPTHREAD_START_ROUTINE entry )
}
#endif
+ RtlInitUnicodeString( &staging_event_string, L"\\__wine_staging_warn_event" );
+ InitializeObjectAttributes( &staging_event_attr, &staging_event_string, OBJ_OPENIF, NULL, NULL );
+ if (NtCreateEvent( &staging_event, EVENT_ALL_ACCESS, &staging_event_attr, NotificationEvent, FALSE ) == STATUS_SUCCESS)
+ {
+ FIXME_(winediag)("wine-staging %s is a testing version containing experimental patches.\n", wine_get_version());
+ FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
+ }
+ else
+ WARN_(winediag)("wine-staging %s is a testing version containing experimental patches.\n", wine_get_version());
+
if (process_detaching) NtTerminateThread( GetCurrentThread(), 0 );
+extern const char * CDECL wine_get_version(void);
/***********************************************************************
* __wine_start_process
*
@@ -150,6 +152,15 @@ void CDECL __wine_start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
__TRY
{
+ if (CreateEventA(0, 0, 0, "__winestaging_warn_event") && GetLastError() != ERROR_ALREADY_EXISTS)
+ {
+ FIXME_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
+ FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
+ }
+ else
+ WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
+
+
if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
being_debugged = FALSE;
RtlEnterCriticalSection( &loader_section );
--
2.28.0
2.26.2

52
patches/Staging/0002-winelib-Append-Staging-at-the-end-of-the-version-s.patch
View File

@@ -1,35 +1,39 @@
From ce5e1fc75139e4de9d92dfe27b4a513a96da013c Mon Sep 17 00:00:00 2001
From c097870c69720ece3874ad4ff987408a8c24ffb2 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Thu, 2 Oct 2014 19:53:46 +0200
Subject: [PATCH] winelib: Append '(Staging)' at the end of the version string.
---
Makefile.in | 2 +-
dlls/ntdll/Makefile.in | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
dlls/ntdll/Makefile.in | 2 +-
libs/wine/Makefile.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index 307a95b3b1a..61019fed949 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -116,7 +116,7 @@ install-manpages:: manpages
# Rules for generated source files
dlls/ntdll/unix/version.c: dummy
- @version=`(GIT_DIR=$(srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || ($(RM) $@ && exit 1)
+ @version=`(GIT_DIR=$(srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1 (Staging)";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
programs/winetest/build.rc: dummy
@build="STRINGTABLE { 1 \"`GIT_DIR=$(srcdir)/.git git rev-parse HEAD 2>/dev/null`\" }" && (echo $$build | cmp -s - $@) || echo $$build >$@ || (rm -f $@ && exit 1)
diff --git a/dlls/ntdll/Makefile.in b/dlls/ntdll/Makefile.in
index f39ffb42c6f..67847bb9392 100644
index ebf607e9d43..de93445d4e3 100644
--- a/dlls/ntdll/Makefile.in
+++ b/dlls/ntdll/Makefile.in
@@ -79,3 +79,4 @@ unix_loader_EXTRADEFS = \
-DBINDIR=\"${bindir}\" \
-DDLL_TO_BINDIR=\"`${MAKEDEP} -R ${dlldir} ${bindir}`\" \
-DBIN_TO_DATADIR=\"`${MAKEDEP} -R ${bindir} ${datadir}/wine`\"
+
@@ -69,7 +69,7 @@ server_EXTRADEFS = \
-DBIN_TO_DATADIR=\"`$(MAKEDEP) -R ${bindir} ${datadir}/wine`\"
unix/version.c: dummy
- version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
+ version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1 (Staging)";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
dummy:
.PHONY: dummy
diff --git a/libs/wine/Makefile.in b/libs/wine/Makefile.in
index fe2a2b45e58..1e55a6b1f46 100644
--- a/libs/wine/Makefile.in
+++ b/libs/wine/Makefile.in
@@ -100,7 +100,7 @@ libwine_LDFLAGS = $(LIBWINE_LDFLAGS)
libwine_DEPS = $(LIBWINE_DEPENDS)
version.c: dummy
- version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
+ version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1 (Staging)";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
dummy:
.PHONY: dummy
--
2.28.0
2.26.2

117
patches/Staging/0003-loader-Add-commandline-option-patches-to-show-the-pa.patch Normal file
View File

@@ -0,0 +1,117 @@
From 599c50c9e339fe04e96fdb665b3d7ccb1a7708b7 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Thu, 29 May 2014 23:43:45 +0200
Subject: [PATCH] loader: Add commandline option --patches to show the patch
list.
---
include/wine/library.h | 1 +
libs/wine/config.c | 6 ++++++
libs/wine/wine.map | 1 +
loader/main.c | 42 +++++++++++++++++++++++++++++++++++++++++-
4 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/include/wine/library.h b/include/wine/library.h
index 090b8349559..b8a4a2df576 100644
--- a/include/wine/library.h
+++ b/include/wine/library.h
@@ -42,6 +42,7 @@ extern "C" {
/* configuration */
extern const char *wine_get_version(void);
+extern const void *wine_get_patches(void);
extern const char *wine_get_build_id(void);
extern void wine_init_argv0_path( const char *argv0 );
extern void wine_exec_wine_binary( const char *name, char **argv, const char *env_var );
diff --git a/libs/wine/config.c b/libs/wine/config.c
index f5b4c0de9af..e52739d55ad 100644
--- a/libs/wine/config.c
+++ b/libs/wine/config.c
@@ -515,6 +515,12 @@ const char *wine_get_version(void)
return PACKAGE_VERSION;
}
+/* return the applied non-standard patches */
+const void *wine_get_patches(void)
+{
+ return NULL;
+}
+
/* return the build id string */
const char *wine_get_build_id(void)
{
diff --git a/libs/wine/wine.map b/libs/wine/wine.map
index 1143b129734..55f874d3e74 100644
--- a/libs/wine/wine.map
+++ b/libs/wine/wine.map
@@ -13,6 +13,7 @@ WINE_1.0
wine_exec_wine_binary;
wine_get_build_id;
wine_get_version;
+ wine_get_patches;
wine_init;
wine_init_argv0_path;
wine_mmap_add_reserved_area;
diff --git a/loader/main.c b/loader/main.c
index 0e6b6f66b50..24bcfff8c4c 100644
--- a/loader/main.c
+++ b/loader/main.c
@@ -55,7 +55,8 @@ static void check_command_line( int argc, char *argv[] )
static const char usage[] =
"Usage: wine PROGRAM [ARGUMENTS...] Run the specified program\n"
" wine --help Display this help and exit\n"
- " wine --version Output version information and exit";
+ " wine --version Output version information and exit\n"
+ " wine --patches Output patch information and exit";
if (argc <= 1)
{
@@ -72,6 +73,45 @@ static void check_command_line( int argc, char *argv[] )
printf( "%s\n", wine_get_build_id() );
exit(0);
}
+ if (!strcmp( argv[1], "--patches" ))
+ {
+ const struct
+ {
+ const char *author;
+ const char *subject;
+ int revision;
+ }
+ *next, *cur = wine_get_patches();
+
+ if (!cur)
+ {
+ fprintf( stderr, "Patchlist not available.\n" );
+ exit(1);
+ }
+
+ while (cur->author)
+ {
+ next = cur + 1;
+ while (next->author)
+ {
+ if (strcmp( cur->author, next->author )) break;
+ next++;
+ }
+
+ printf( "%s (%d):\n", cur->author, (int)(next - cur) );
+ while (cur < next)
+ {
+ printf( " %s", cur->subject );
+ if (cur->revision != 1)
+ printf( " [rev %d]", cur->revision );
+ printf( "\n" );
+ cur++;
+ }
+ printf( "\n" );
+ }
+
+ exit(0);
+ }
}
--
2.26.2

1
patches/Staging/definition
View File

@@ -1 +0,0 @@
#Depends: ntdll-FLS_Callbacks

315
patches/advapi32-CreateRestrictedToken/0001-ntdll-Implement-NtFilterToken.patch Normal file
View File

@@ -0,0 +1,315 @@
From 1eb8acd819f9eee8fdf154d0ef43881008265916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 4 Aug 2017 02:33:14 +0200
Subject: ntdll: Implement NtFilterToken.
---
dlls/ntdll/nt.c | 59 ++++++++++++++++++++++++++++++++++++
dlls/ntdll/ntdll.spec | 2 +-
include/winnt.h | 5 +++
include/winternl.h | 1 +
server/process.c | 2 +-
server/protocol.def | 10 ++++++
server/security.h | 4 ++-
server/token.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++++--
8 files changed, 162 insertions(+), 5 deletions(-)
diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index c3f5df3..59a08de 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -119,6 +119,65 @@ NTSTATUS WINAPI NtDuplicateToken(
}
/******************************************************************************
+ * NtFilterToken [NTDLL.@]
+ * ZwFilterToken [NTDLL.@]
+ */
+NTSTATUS WINAPI NtFilterToken( HANDLE token, ULONG flags, TOKEN_GROUPS *disable_sids,
+ TOKEN_PRIVILEGES *privileges, TOKEN_GROUPS *restrict_sids,
+ HANDLE *new_token )
+{
+ data_size_t privileges_len = 0;
+ data_size_t sids_len = 0;
+ SID *sids = NULL;
+ NTSTATUS status;
+
+ TRACE( "(%p, 0x%08x, %p, %p, %p, %p)\n", token, flags, disable_sids, privileges,
+ restrict_sids, new_token );
+
+ if (flags)
+ FIXME( "flags %x unsupported\n", flags );
+
+ if (restrict_sids)
+ FIXME( "support for restricting sids not yet implemented\n" );
+
+ if (privileges)
+ privileges_len = privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
+
+ if (disable_sids)
+ {
+ DWORD len, i;
+ BYTE *tmp;
+
+ for (i = 0; i < disable_sids->GroupCount; i++)
+ sids_len += RtlLengthSid( disable_sids->Groups[i].Sid );
+
+ sids = RtlAllocateHeap( GetProcessHeap(), 0, sids_len );
+ if (!sids) return STATUS_NO_MEMORY;
+
+ for (i = 0, tmp = (BYTE *)sids; i < disable_sids->GroupCount; i++, tmp += len)
+ {
+ len = RtlLengthSid( disable_sids->Groups[i].Sid );
+ memcpy( tmp, disable_sids->Groups[i].Sid, len );
+ }
+ }
+
+ SERVER_START_REQ( filter_token )
+ {
+ req->handle = wine_server_obj_handle( token );
+ req->flags = flags;
+ req->privileges_size = privileges_len;
+ wine_server_add_data( req, privileges->Privileges, privileges_len );
+ wine_server_add_data( req, sids, sids_len );
+ status = wine_server_call( req );
+ if (!status) *new_token = wine_server_ptr_handle( reply->new_handle );
+ }
+ SERVER_END_REQ;
+
+ RtlFreeHeap( GetProcessHeap(), 0, sids );
+ return status;
+}
+
+/******************************************************************************
* NtOpenProcessToken [NTDLL.@]
* ZwOpenProcessToken [NTDLL.@]
*/
diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
index c260b0d..3c5e69c 100644
--- a/dlls/ntdll/ntdll.spec
+++ b/dlls/ntdll/ntdll.spec
@@ -176,7 +176,7 @@
# @ stub NtEnumerateSystemEnvironmentValuesEx
@ stdcall NtEnumerateValueKey(long long long ptr long ptr)
@ stub NtExtendSection
-# @ stub NtFilterToken
+@ stdcall NtFilterToken(long long ptr ptr ptr ptr)
@ stdcall NtFindAtom(ptr long ptr)
@ stdcall NtFlushBuffersFile(long ptr)
@ stdcall NtFlushInstructionCache(long ptr long)
diff --git a/include/winnt.h b/include/winnt.h
index 16d96d8..4e238f9 100644
--- a/include/winnt.h
+++ b/include/winnt.h
@@ -3904,6 +3904,11 @@ typedef enum _TOKEN_INFORMATION_CLASS {
TOKEN_ADJUST_SESSIONID | \
TOKEN_ADJUST_DEFAULT )
+#define DISABLE_MAX_PRIVILEGE 0x1
+#define SANDBOX_INERT 0x2
+#define LUA_TOKEN 0x4
+#define WRITE_RESTRICTED 0x8
+
#ifndef _SECURITY_DEFINED
#define _SECURITY_DEFINED
diff --git a/include/winternl.h b/include/winternl.h
index c84e6d7..288f93e 100644
--- a/include/winternl.h
+++ b/include/winternl.h
@@ -2303,6 +2303,7 @@ NTSYSAPI NTSTATUS WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES
NTSYSAPI NTSTATUS WINAPI NtEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
NTSYSAPI NTSTATUS WINAPI NtEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtExtendSection(HANDLE,PLARGE_INTEGER);
+NTSYSAPI NTSTATUS WINAPI NtFilterToken(HANDLE,ULONG,TOKEN_GROUPS*,TOKEN_PRIVILEGES*,TOKEN_GROUPS*,HANDLE*);
NTSYSAPI NTSTATUS WINAPI NtFindAtom(const WCHAR*,ULONG,RTL_ATOM*);
NTSYSAPI NTSTATUS WINAPI NtFlushBuffersFile(HANDLE,IO_STATUS_BLOCK*);
NTSYSAPI NTSTATUS WINAPI NtFlushInstructionCache(HANDLE,LPCVOID,SIZE_T);
diff --git a/server/process.c b/server/process.c
index f8739d0..71d9d6d 100644
--- a/server/process.c
+++ b/server/process.c
@@ -566,7 +566,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
: alloc_handle_table( process, 0 );
/* Note: for security reasons, starting a new process does not attempt
* to use the current impersonation token for the new process */
- process->token = token_duplicate( parent->token, TRUE, 0, NULL );
+ process->token = token_duplicate( parent->token, TRUE, 0, NULL, NULL, 0, NULL, 0 );
process->affinity = parent->affinity;
}
if (!process->handles || !process->token) goto error;
diff --git a/server/protocol.def b/server/protocol.def
index 35824ae..6ee6d28 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -3356,6 +3356,16 @@ enum caret_state
obj_handle_t new_handle; /* duplicated handle */
@END
+@REQ(filter_token)
+ obj_handle_t handle; /* handle to the token to duplicate */
+ unsigned int flags; /* flags */
+ data_size_t privileges_size; /* size of privileges */
+ VARARG(privileges,LUID_AND_ATTRIBUTES,privileges_size); /* privileges to remove from new token */
+ VARARG(disable_sids,SID); /* array of groups to remove from new token */
+@REPLY
+ obj_handle_t new_handle; /* filtered handle */
+@END
+
@REQ(access_check)
obj_handle_t handle; /* handle to the token */
unsigned int desired_access; /* desired access to the object */
diff --git a/server/security.h b/server/security.h
index 873bbc6..bc4a8f6 100644
--- a/server/security.h
+++ b/server/security.h
@@ -55,7 +55,9 @@ extern const PSID security_high_label_sid;
extern struct token *token_create_admin(void);
extern int token_assign_label( struct token *token, PSID label );
extern struct token *token_duplicate( struct token *src_token, unsigned primary,
- int impersonation_level, const struct security_descriptor *sd );
+ int impersonation_level, const struct security_descriptor *sd,
+ const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
+ const SID *filter_groups, unsigned int group_count );
extern int token_check_privileges( struct token *token, int all_required,
const LUID_AND_ATTRIBUTES *reqprivs,
unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
diff --git a/server/token.c b/server/token.c
index 0810a61..2f6a467 100644
--- a/server/token.c
+++ b/server/token.c
@@ -276,6 +276,19 @@ static int acl_is_valid( const ACL *acl, data_size_t size )
return TRUE;
}
+static unsigned int get_sid_count( const SID *sid, data_size_t size )
+{
+ unsigned int count;
+
+ for (count = 0; size >= sizeof(SID) && security_sid_len( sid ) <= size; count++)
+ {
+ size -= security_sid_len( sid );
+ sid = (const SID *)((char *)sid + security_sid_len( sid ));
+ }
+
+ return count;
+}
+
/* checks whether all members of a security descriptor fit inside the size
* of memory specified */
int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
@@ -619,8 +632,36 @@ static struct token *create_token( unsigned primary, const SID *user,
return token;
}
+static int filter_group( struct group *group, const SID *filter, unsigned int count )
+{
+ unsigned int i;
+
+ for (i = 0; i < count; i++)
+ {
+ if (security_equal_sid( &group->sid, filter )) return 1;
+ filter = (const SID *)((char *)filter + security_sid_len( filter ));
+ }
+
+ return 0;
+}
+
+static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBUTES *filter, unsigned int count )
+{
+ unsigned int i;
+
+ for (i = 0; i < count; i++)
+ {
+ if (!memcmp( &privilege->luid, &filter[i].Luid, sizeof(LUID) ))
+ return 1;
+ }
+
+ return 0;
+}
+
struct token *token_duplicate( struct token *src_token, unsigned primary,
- int impersonation_level, const struct security_descriptor *sd )
+ int impersonation_level, const struct security_descriptor *sd,
+ const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
+ const SID *filter_groups, unsigned int group_count)
{
const luid_t *modified_id =
primary || (impersonation_level == src_token->impersonation_level) ?
@@ -656,6 +697,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
return NULL;
}
memcpy( newgroup, group, size );
+ if (filter_group( group, filter_groups, group_count ))
+ {
+ newgroup->enabled = 0;
+ newgroup->def = 0;
+ newgroup->deny_only = 1;
+ }
list_add_tail( &token->groups, &newgroup->entry );
if (src_token->primary_group == &group->sid)
{
@@ -667,11 +714,14 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
/* copy privileges */
LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
+ {
+ if (filter_privilege( privilege, filter_privileges, priv_count )) continue;
if (!privilege_add( token, &privilege->luid, privilege->enabled ))
{
release_object( token );
return NULL;
}
+ }
if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
@@ -1304,7 +1354,7 @@ DECL_HANDLER(duplicate_token)
TOKEN_DUPLICATE,
&token_ops )))
{
- struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd );
+ struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd, NULL, 0, NULL, 0 );
if (token)
{
reply->new_handle = alloc_handle_no_access_check( current->process, token, req->access, objattr->attributes );
@@ -1314,6 +1364,36 @@ DECL_HANDLER(duplicate_token)
}
}
+/* creates a restricted version of a token */
+DECL_HANDLER(filter_token)
+{
+ struct token *src_token;
+
+ if ((src_token = (struct token *)get_handle_obj( current->process, req->handle,
+ TOKEN_DUPLICATE,
+ &token_ops )))
+ {
+ const LUID_AND_ATTRIBUTES *filter_privileges = get_req_data();
+ unsigned int priv_count, group_count;
+ const SID *filter_groups;
+ struct token *token;
+
+ priv_count = min( req->privileges_size, get_req_data_size() ) / sizeof(LUID_AND_ATTRIBUTES);
+ filter_groups = (const SID *)((char *)filter_privileges + priv_count * sizeof(LUID_AND_ATTRIBUTES));
+ group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
+
+ token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
+ filter_privileges, priv_count, filter_groups, group_count );
+ if (token)
+ {
+ unsigned int access = get_handle_access( current->process, req->handle );
+ reply->new_handle = alloc_handle_no_access_check( current->process, token, access, 0 );
+ release_object( token );
+ }
+ release_object( src_token );
+ }
+}
+
/* checks the specified privileges are held by the token */
DECL_HANDLER(check_token_privileges)
{
--
2.7.4

132
patches/advapi32-CreateRestrictedToken/0002-advapi32-Implement-CreateRestrictedToken.patch Normal file
View File

@@ -0,0 +1,132 @@
From 3c1f5962482e7acf531f57f49d923d9c4e5278b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 4 Aug 2017 02:51:57 +0200
Subject: [PATCH] advapi32: Implement CreateRestrictedToken.
---
dlls/kernelbase/security.c | 103 ++++++++++++++++++++++++++++++-------
1 file changed, 84 insertions(+), 19 deletions(-)
diff --git a/dlls/kernelbase/security.c b/dlls/kernelbase/security.c
index 2e75e81ed77..97f6ee6a2fd 100644
--- a/dlls/kernelbase/security.c
+++ b/dlls/kernelbase/security.c
@@ -592,31 +592,96 @@ exit:
return ret;
}
+static BOOL allocate_groups(TOKEN_GROUPS **groups_ret, SID_AND_ATTRIBUTES *sids, DWORD count)
+{
+ TOKEN_GROUPS *groups;
+ DWORD i;
+
+ if (!count)
+ {
+ *groups_ret = NULL;
+ return TRUE;
+ }
+
+ groups = (TOKEN_GROUPS *)heap_alloc(FIELD_OFFSET(TOKEN_GROUPS, Groups) +
+ count * sizeof(SID_AND_ATTRIBUTES));
+ if (!groups)
+ {
+ SetLastError(ERROR_OUTOFMEMORY);
+ return FALSE;
+ }
+
+ groups->GroupCount = count;
+ for (i = 0; i < count; i++)
+ groups->Groups[i] = sids[i];
+
+ *groups_ret = groups;
+ return TRUE;
+}
+
+static BOOL allocate_privileges(TOKEN_PRIVILEGES **privileges_ret, LUID_AND_ATTRIBUTES *privs, DWORD count)
+{
+ TOKEN_PRIVILEGES *privileges;
+ DWORD i;
+
+ if (!count)
+ {
+ *privileges_ret = NULL;
+ return TRUE;
+ }
+
+ privileges = (TOKEN_PRIVILEGES *)heap_alloc(FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges) +
+ count * sizeof(LUID_AND_ATTRIBUTES));
+ if (!privileges)
+ {
+ SetLastError(ERROR_OUTOFMEMORY);
+ return FALSE;
+ }
+
+ privileges->PrivilegeCount = count;
+ for (i = 0; i < count; i++)
+ privileges->Privileges[i] = privs[i];
+
+ *privileges_ret = privileges;
+ return TRUE;
+}
+
/*************************************************************************
* CreateRestrictedToken (kernelbase.@)
*/
-BOOL WINAPI CreateRestrictedToken( HANDLE token, DWORD flags,
- DWORD disable_count, PSID_AND_ATTRIBUTES disable_sids,
- DWORD delete_count, PLUID_AND_ATTRIBUTES delete_privs,
- DWORD restrict_count, PSID_AND_ATTRIBUTES restrict_sids, PHANDLE ret )
+BOOL WINAPI CreateRestrictedToken( HANDLE baseToken, DWORD flags,
+ DWORD nDisableSids, PSID_AND_ATTRIBUTES disableSids,
+ DWORD nDeletePrivs, PLUID_AND_ATTRIBUTES deletePrivs,
+ DWORD nRestrictSids, PSID_AND_ATTRIBUTES restrictSids, PHANDLE newToken )
{
- TOKEN_TYPE type;
- SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
- DWORD size;
+ TOKEN_PRIVILEGES *delete_privs = NULL;
+ TOKEN_GROUPS *disable_groups = NULL;
+ TOKEN_GROUPS *restrict_sids = NULL;
+ BOOL ret = FALSE;
- FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
- token, flags, disable_count, disable_sids, delete_count, delete_privs,
- restrict_count, restrict_sids, ret );
+ TRACE("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p)\n",
+ baseToken, flags, nDisableSids, disableSids,
+ nDeletePrivs, deletePrivs,
+ nRestrictSids, restrictSids,
+ newToken);
+
+ if (!allocate_groups(&disable_groups, disableSids, nDisableSids))
+ goto done;
+
+ if (!allocate_privileges(&delete_privs, deletePrivs, nDeletePrivs))
+ goto done;
+
+ if (!allocate_groups(&restrict_sids, restrictSids, nRestrictSids))
+ goto done;
+
+ ret = set_ntstatus(NtFilterToken(baseToken, flags, disable_groups, delete_privs, restrict_sids, newToken));
+
+done:
+ heap_free(disable_groups);
+ heap_free(delete_privs);
+ heap_free(restrict_sids);
+ return ret;
- size = sizeof(type);
- if (!GetTokenInformation( token, TokenType, &type, size, &size )) return FALSE;
- if (type == TokenImpersonation)
- {
- size = sizeof(level);
- if (!GetTokenInformation( token, TokenImpersonationLevel, &level, size, &size ))
- return FALSE;
- }
- return DuplicateTokenEx( token, MAXIMUM_ALLOWED, NULL, level, type, ret );
}
/******************************************************************************
--
2.20.1

1
patches/advapi32-CreateRestrictedToken/definition Normal file
View File

@@ -0,0 +1 @@
Fixes: [25834] Implement advapi32.CreateRestrictedToken

51
patches/advapi32-Token_Integrity_Level/0002-server-Implement-token-elevation-information.patch
View File

@@ -1,39 +1,38 @@
From d2e98b2054a5af671fd81ded32f2cf60a062312c Mon Sep 17 00:00:00 2001
From c8dc0ec6406e8449b59c219ede2e9bd88d8a56fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Sat, 5 Aug 2017 00:26:03 +0200
Subject: [PATCH] server: Implement token elevation information.
---
dlls/ntdll/unix/security.c | 16 ++++++++++++----
server/protocol.def | 8 ++++++++
server/token.c | 22 +++++++++++++++++++---
dlls/ntdll/nt.c | 16 ++++++++++++----
server/protocol.def | 8 ++++++++
server/token.c | 22 +++++++++++++++++++---
3 files changed, 39 insertions(+), 7 deletions(-)
diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
index d063d43d6d4..03a81afa46e 100644
--- a/dlls/ntdll/unix/security.c
+++ b/dlls/ntdll/unix/security.c
@@ -390,19 +390,27 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index cd271fde9c..b1dd999cf5 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -625,18 +625,26 @@ NTSTATUS WINAPI NtQueryInformationToken(
SERVER_END_REQ;
break;
case TokenElevationType:
+ SERVER_START_REQ( get_token_elevation_type )
{
TOKEN_ELEVATION_TYPE *type = info;
TOKEN_ELEVATION_TYPE *elevation_type = tokeninfo;
- FIXME("QueryInformationToken( ..., TokenElevationType, ...) semi-stub\n");
- *type = TokenElevationTypeFull;
- *elevation_type = TokenElevationTypeFull;
+ req->handle = wine_server_obj_handle( token );
+ status = wine_server_call( req );
+ if (status == STATUS_SUCCESS)
+ *type = reply->elevation;
+ *elevation_type = reply->elevation;
}
+ SERVER_END_REQ;
break;
case TokenElevation:
+ SERVER_START_REQ( get_token_elevation_type )
{
TOKEN_ELEVATION *elevation = info;
TOKEN_ELEVATION *elevation = tokeninfo;
- FIXME("QueryInformationToken( ..., TokenElevation, ...) semi-stub\n");
- elevation->TokenIsElevated = TRUE;
+ req->handle = wine_server_obj_handle( token );
@@ -43,13 +42,13 @@ index d063d43d6d4..03a81afa46e 100644
}
+ SERVER_END_REQ;
break;
case TokenSessionId:
{
diff --git a/server/protocol.def b/server/protocol.def
index ee07b1eca14..84f0b577d72 100644
index 90af9df7f4..93afaabca1 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -3566,6 +3566,14 @@ struct handle_info
@@ -3643,6 +3643,14 @@ struct handle_info
@END
@@ -65,10 +64,10 @@ index ee07b1eca14..84f0b577d72 100644
@REQ(create_completion)
unsigned int access; /* desired access to a port */
diff --git a/server/token.c b/server/token.c
index 38a4c203d54..14343637af5 100644
index 6d193603b4..64f20e1b57 100644
--- a/server/token.c
+++ b/server/token.c
@@ -110,6 +110,7 @@ struct token
@@ -112,6 +112,7 @@ struct token
ACL *default_dacl; /* the default DACL to assign to objects created by this user */
TOKEN_SOURCE source; /* source of the token */
int impersonation_level; /* impersonation level this token is capable of if non-primary token */
@@ -76,7 +75,7 @@ index 38a4c203d54..14343637af5 100644
};
struct privilege
@@ -552,7 +553,7 @@ static struct token *create_token( unsigned primary, const SID *user,
@@ -545,7 +546,7 @@ static struct token *create_token( unsigned primary, const SID *user,
const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
const ACL *default_dacl, TOKEN_SOURCE source,
const luid_t *modified_id,
@@ -85,7 +84,7 @@ index 38a4c203d54..14343637af5 100644
{
struct token *token = alloc_object( &token_ops );
if (token)
@@ -574,6 +575,7 @@ static struct token *create_token( unsigned primary, const SID *user,
@@ -567,6 +568,7 @@ static struct token *create_token( unsigned primary, const SID *user,
token->impersonation_level = impersonation_level;
token->default_dacl = NULL;
token->primary_group = NULL;
@@ -93,7 +92,7 @@ index 38a4c203d54..14343637af5 100644
/* copy user */
token->user = memdup( user, security_sid_len( user ));
@@ -689,7 +691,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
@@ -682,7 +684,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
token = create_token( primary, src_token->user, NULL, 0,
NULL, 0, src_token->default_dacl,
src_token->source, modified_id,
@@ -103,7 +102,7 @@ index 38a4c203d54..14343637af5 100644
if (!token) return token;
/* copy groups */
@@ -895,7 +898,7 @@ struct token *token_create_admin( void )
@@ -888,7 +891,7 @@ struct token *token_create_admin( void )
static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
@@ -112,7 +111,7 @@ index 38a4c203d54..14343637af5 100644
/* we really need a primary group */
assert( token->primary_group );
}
@@ -1634,6 +1637,19 @@ DECL_HANDLER(get_token_statistics)
@@ -1627,6 +1630,19 @@ DECL_HANDLER(get_token_statistics)
}
}
@@ -133,5 +132,5 @@ index 38a4c203d54..14343637af5 100644
{
struct token *token;
--
2.27.0
2.19.1

50
patches/advapi32-Token_Integrity_Level/0004-server-Implement-token-integrity-level.patch
View File

@@ -1,19 +1,19 @@
From 6dc1b7d9e533379133857629bb9c09e1045a9020 Mon Sep 17 00:00:00 2001
From ae503e8e7eb8f4fcb9bf3e642458c2a1bba6ccaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 7 Aug 2017 02:28:35 +0200
Subject: [PATCH] server: Implement token integrity level.
---
dlls/ntdll/unix/security.c | 23 ++++++++++++++---------
server/protocol.def | 7 +++++++
server/token.c | 30 +++++++++++++++++++++++++++---
dlls/ntdll/nt.c | 23 ++++++++++++++---------
server/protocol.def | 7 +++++++
server/token.c | 30 +++++++++++++++++++++++++++---
3 files changed, 48 insertions(+), 12 deletions(-)
diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
index 03a81afa46e..f0057116dee 100644
--- a/dlls/ntdll/unix/security.c
+++ b/dlls/ntdll/unix/security.c
@@ -172,7 +172,7 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index ca26ab15..8aab0a48 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -400,7 +400,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
0, /* TokenAccessInformation */
0, /* TokenVirtualizationAllowed */
sizeof(DWORD), /* TokenVirtualizationEnabled */
@@ -22,9 +22,9 @@ index 03a81afa46e..f0057116dee 100644
0, /* TokenUIAccess */
0, /* TokenMandatoryPolicy */
0, /* TokenLogonSid */
@@ -428,18 +428,23 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
@@ -659,18 +659,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
}
break;
case TokenIntegrityLevel:
+ SERVER_START_REQ( get_token_integrity )
{
@@ -32,14 +32,14 @@ index 03a81afa46e..f0057116dee 100644
- static const SID high_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
- {SECURITY_MANDATORY_HIGH_RID}};
-
TOKEN_MANDATORY_LABEL *tml = info;
TOKEN_MANDATORY_LABEL *tml = tokeninfo;
- PSID psid = tml + 1;
+ PSID sid = tml + 1;
+ DWORD sid_len = length < sizeof(*tml) ? 0 : length - sizeof(*tml);
+ DWORD sid_len = tokeninfolength < sizeof(*tml) ? 0 : tokeninfolength - sizeof(*tml);
- tml->Label.Sid = psid;
- tml->Label.Attributes = SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED;
- memcpy( psid, &high_level, sizeof(SID) );
- memcpy(psid, &high_level, sizeof(SID));
+ req->handle = wine_server_obj_handle( token );
+ wine_server_set_reply( req, sid, sid_len );
+ status = wine_server_call( req );
@@ -52,13 +52,13 @@ index 03a81afa46e..f0057116dee 100644
}
+ SERVER_END_REQ;
break;
case TokenAppContainerSid:
{
diff --git a/server/protocol.def b/server/protocol.def
index 84f0b577d72..4d37a0df348 100644
index 11221d7d..1bfe3234 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -3296,6 +3296,13 @@ enum caret_state
@@ -3405,6 +3405,13 @@ enum caret_state
VARARG(sid,SID); /* the sid specified by which_sid from the token */
@END
@@ -73,10 +73,10 @@ index 84f0b577d72..4d37a0df348 100644
obj_handle_t handle; /* handle to the token */
@REPLY
diff --git a/server/token.c b/server/token.c
index 7c510fbdad9..d267991f751 100644
index ccde0c2d..2d81118a 100644
--- a/server/token.c
+++ b/server/token.c
@@ -111,6 +111,7 @@ struct token
@@ -113,6 +113,7 @@ struct token
TOKEN_SOURCE source; /* source of the token */
int impersonation_level; /* impersonation level this token is capable of if non-primary token */
TOKEN_ELEVATION_TYPE elevation; /* elevation level */
@@ -84,7 +84,7 @@ index 7c510fbdad9..d267991f751 100644
};
struct privilege
@@ -553,7 +554,8 @@ static struct token *create_token( unsigned primary, const SID *user,
@@ -546,7 +547,8 @@ static struct token *create_token( unsigned primary, const SID *user,
const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
const ACL *default_dacl, TOKEN_SOURCE source,
const luid_t *modified_id,
@@ -94,7 +94,7 @@ index 7c510fbdad9..d267991f751 100644
{
struct token *token = alloc_object( &token_ops );
if (token)
@@ -637,6 +639,7 @@ static struct token *create_token( unsigned primary, const SID *user,
@@ -630,6 +632,7 @@ static struct token *create_token( unsigned primary, const SID *user,
}
token->source = source;
@@ -102,7 +102,7 @@ index 7c510fbdad9..d267991f751 100644
}
return token;
}
@@ -692,7 +695,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
@@ -685,7 +688,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
NULL, 0, src_token->default_dacl,
src_token->source, modified_id,
impersonation_level,
@@ -112,7 +112,7 @@ index 7c510fbdad9..d267991f751 100644
if (!token) return token;
/* copy groups */
@@ -898,7 +902,7 @@ struct token *token_create_admin( void )
@@ -890,7 +894,7 @@ struct token *token_create_admin( void )
static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
@@ -121,7 +121,7 @@ index 7c510fbdad9..d267991f751 100644
/* we really need a primary group */
assert( token->primary_group );
}
@@ -1532,6 +1536,26 @@ DECL_HANDLER(get_token_sid)
@@ -1524,6 +1528,26 @@ DECL_HANDLER(get_token_sid)
}
}
@@ -149,5 +149,5 @@ index 7c510fbdad9..d267991f751 100644
DECL_HANDLER(get_token_groups)
{
--
2.27.0
2.19.1

30
patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch
View File

@@ -1,4 +1,4 @@
From c47977a8bbd739483589d1f01cfece435be1c100 Mon Sep 17 00:00:00 2001
From 2588eb4eb5fe56aca7d229ea42b0eaa3786ff600 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Sat, 5 Aug 2017 01:45:29 +0200
Subject: [PATCH] ntdll: Add function to create new tokens for elevation
@@ -14,10 +14,10 @@ Subject: [PATCH] ntdll: Add function to create new tokens for elevation
6 files changed, 117 insertions(+)
diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
index 0997c310110..8e3786e1972 100644
index e5db07f0a4e..d52f6b76aa4 100644
--- a/dlls/ntdll/ntdll.spec
+++ b/dlls/ntdll/ntdll.spec
@@ -1600,6 +1600,9 @@
@@ -1594,6 +1594,9 @@
# Virtual memory
@ cdecl __wine_locked_recvmsg(long ptr long)
@@ -28,24 +28,24 @@ index 0997c310110..8e3786e1972 100644
@ cdecl wine_get_version()
@ cdecl wine_get_build_id()
diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
index 63ceac42e94..5a98501381b 100644
index 92fcde95a8a..80be882e76d 100644
--- a/dlls/ntdll/ntdll_misc.h
+++ b/dlls/ntdll/ntdll_misc.h
@@ -67,6 +67,9 @@ extern void init_user_process_params(void) DECLSPEC_HIDDEN;
@@ -69,6 +69,9 @@ extern void init_locale( HMODULE module ) DECLSPEC_HIDDEN;
extern void init_user_process_params(void) DECLSPEC_HIDDEN;
extern NTSTATUS restart_process( RTL_USER_PROCESS_PARAMETERS *params, NTSTATUS status ) DECLSPEC_HIDDEN;
extern void CDECL DECLSPEC_NORETURN signal_start_thread( CONTEXT *ctx ) DECLSPEC_HIDDEN;
+/* token */
+extern HANDLE CDECL __wine_create_default_token(BOOL admin);
+
/* server support */
extern BOOL is_wow64 DECLSPEC_HIDDEN;
extern NTSTATUS alloc_object_attributes( const OBJECT_ATTRIBUTES *attr, struct object_attributes **ret,
diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
index 77ba5b371e2..3e91a1fa9c4 100644
index 992721d133f..24cb8f53de2 100644
--- a/dlls/ntdll/process.c
+++ b/dlls/ntdll/process.c
@@ -72,6 +72,24 @@ HANDLE CDECL __wine_make_process_system(void)
@@ -82,6 +82,24 @@ HANDLE CDECL __wine_make_process_system(void)
return ret;
}
@@ -67,14 +67,14 @@ index 77ba5b371e2..3e91a1fa9c4 100644
+ return ret;
+}
+
/***********************************************************************
* restart_process
*/
/******************************************************************************
* NtQueryInformationProcess [NTDLL.@]
* ZwQueryInformationProcess [NTDLL.@]
diff --git a/server/protocol.def b/server/protocol.def
index 30a102d7b82..a9308904afc 100644
index 96bc9250ab0..14b811684d8 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -3481,6 +3481,14 @@ struct handle_info
@@ -3759,6 +3759,14 @@ struct handle_info
@END
@@ -215,5 +215,5 @@ index c4f1cd943c2..970ed1838da 100644
+ }
+}
--
2.28.0
2.27.0

34
patches/advapi32-Token_Integrity_Level/0008-ntdll-Implement-process-token-elevation-through-mani.patch
View File

@@ -1,4 +1,4 @@
From 51cde3dff5de27d1aebc964a4802758534d56773 Mon Sep 17 00:00:00 2001
From 1f2b1bafabfd457836f18741f178b3745e129c36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Sat, 5 Aug 2017 03:39:55 +0200
Subject: [PATCH] ntdll: Implement process token elevation through manifests.
@@ -12,10 +12,10 @@ Subject: [PATCH] ntdll: Implement process token elevation through manifests.
5 files changed, 67 insertions(+)
diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
index 6290cbcb4e6..9a8f13901b2 100644
index 0c8f05285c4..92ae87c6e6d 100644
--- a/dlls/ntdll/loader.c
+++ b/dlls/ntdll/loader.c
@@ -3489,6 +3489,32 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, void **entry, ULONG_PTR unknow
@@ -3898,6 +3898,32 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, void **entry, ULONG_PTR unknow
}
@@ -48,7 +48,7 @@ index 6290cbcb4e6..9a8f13901b2 100644
/***********************************************************************
* load_global_options
*/
@@ -3900,6 +3926,7 @@ void __wine_process_init(void)
@@ -4359,6 +4385,7 @@ void __wine_process_init(void)
'k','e','r','n','e','l','3','2','.','d','l','l',0};
void (WINAPI *kernel32_start_process)(LPTHREAD_START_ROUTINE,void*) = NULL;
RTL_USER_PROCESS_PARAMETERS *params;
@@ -56,9 +56,9 @@ index 6290cbcb4e6..9a8f13901b2 100644
WINE_MODREF *wm;
NTSTATUS status;
ANSI_STRING func_name;
@@ -4021,6 +4048,16 @@ void __wine_process_init(void)
}
#endif
@@ -4453,6 +4480,16 @@ void __wine_process_init(void)
unix_funcs->virtual_set_large_address_space();
+ /* elevate process if necessary */
+ status = RtlQueryInformationActivationContext( 0, NULL, 0, RunlevelInformationInActivationContext,
@@ -74,11 +74,11 @@ index 6290cbcb4e6..9a8f13901b2 100644
RemoveEntryList( &wm->ldr.InLoadOrderLinks );
InsertHeadList( &peb->LdrData->InLoadOrderModuleList, &wm->ldr.InLoadOrderLinks );
diff --git a/server/process.c b/server/process.c
index fa8495511e0..df72efdecc8 100644
index ac85cace95d..52604ec4d61 100644
--- a/server/process.c
+++ b/server/process.c
@@ -1086,6 +1086,14 @@ int set_process_debug_flag( struct process *process, int flag )
return write_process_memory( process, process->peb + 2, 1, &data );
@@ -1115,6 +1115,14 @@ struct process_snapshot *process_snap( int *count )
return snapshot;
}
+/* replace the token of a process */
@@ -93,22 +93,22 @@ index fa8495511e0..df72efdecc8 100644
DECL_HANDLER(new_process)
{
diff --git a/server/process.h b/server/process.h
index 0fdf070b78e..43e8cc1ad7e 100644
index 5b83e111a6f..dfe5c4e52d8 100644
--- a/server/process.h
+++ b/server/process.h
@@ -129,6 +129,7 @@ extern void kill_console_processes( struct thread *renderer, int exit_code );
extern void kill_debugged_processes( struct thread *debugger, int exit_code );
@@ -139,6 +139,7 @@ extern void kill_debugged_processes( struct thread *debugger, int exit_code );
extern void detach_debugged_processes( struct thread *debugger );
extern struct process_snapshot *process_snap( int *count );
extern void enum_processes( int (*cb)(struct process*, void*), void *user);
+extern void replace_process_token( struct process *process, struct token *token );
/* console functions */
extern obj_handle_t inherit_console( struct thread *parent_thread, obj_handle_t handle,
extern void inherit_console( struct thread *parent_thread, struct process *parent,
diff --git a/server/protocol.def b/server/protocol.def
index a9308904afc..8c40fba8d0a 100644
index 7315f8ac4ea..901c380b721 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -3489,6 +3489,13 @@ struct handle_info
@@ -3763,6 +3763,13 @@ struct handle_info
@END
@@ -145,5 +145,5 @@ index 970ed1838da..1c1d49989b3 100644
+ }
+}
--
2.28.0
2.26.2

310
patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch Normal file
View File

@@ -0,0 +1,310 @@
From 9c61f6acfa2c43e43f07fae1a5cd447573b9529b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Sun, 6 Aug 2017 02:08:05 +0200
Subject: [PATCH] server: Implement support for creating processes using a
token.
---
dlls/kernelbase/process.c | 24 +++++++++++++-----------
dlls/ntdll/unix/process.c | 1 +
server/process.c | 39 +++++++++++++++++++++++++++++++++++----
server/process.h | 2 +-
server/protocol.def | 1 +
server/request.c | 2 +-
server/security.h | 2 ++
server/token.c | 11 +++++++++++
8 files changed, 65 insertions(+), 17 deletions(-)
diff --git a/dlls/kernelbase/process.c b/dlls/kernelbase/process.c
index a3b168543fc..b5c8b47239d 100644
--- a/dlls/kernelbase/process.c
+++ b/dlls/kernelbase/process.c
@@ -244,7 +244,7 @@ static RTL_USER_PROCESS_PARAMETERS *create_process_params( const WCHAR *filename
/***********************************************************************
* create_nt_process
*/
-static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
+static NTSTATUS create_nt_process( HANDLE token, SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
RTL_USER_PROCESS_INFORMATION *info, HANDLE parent )
{
@@ -259,7 +259,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES
status = RtlCreateUserProcess( &nameW, OBJ_CASE_INSENSITIVE, params,
psa ? psa->lpSecurityDescriptor : NULL,
tsa ? tsa->lpSecurityDescriptor : NULL,
- parent, inherit, 0, 0, info );
+ parent, inherit, 0, token, info );
RtlFreeUnicodeString( &nameW );
}
return status;
@@ -269,7 +269,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES
/***********************************************************************
* create_vdm_process
*/
-static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
+static NTSTATUS create_vdm_process( HANDLE token, SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
RTL_USER_PROCESS_INFORMATION *info )
{
@@ -290,7 +290,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
winevdm, params->ImagePathName.Buffer, params->CommandLine.Buffer );
RtlInitUnicodeString( &params->ImagePathName, winevdm );
RtlInitUnicodeString( &params->CommandLine, newcmdline );
- status = create_nt_process( psa, tsa, inherit, flags, params, info, NULL );
+ status = create_nt_process( token, psa, tsa, inherit, flags, params, info, NULL );
HeapFree( GetProcessHeap(), 0, newcmdline );
return status;
}
@@ -299,7 +299,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
/***********************************************************************
* create_cmd_process
*/
-static NTSTATUS create_cmd_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
+static NTSTATUS create_cmd_process( HANDLE token, SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES *tsa,
BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
RTL_USER_PROCESS_INFORMATION *info )
{
@@ -318,7 +318,7 @@ static NTSTATUS create_cmd_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
swprintf( newcmdline, len, L"%s /s/c \"%s\"", comspec, params->CommandLine.Buffer );
RtlInitUnicodeString( &params->ImagePathName, comspec );
RtlInitUnicodeString( &params->CommandLine, newcmdline );
- status = create_nt_process( psa, tsa, inherit, flags, params, info, NULL );
+ status = create_nt_process( token, psa, tsa, inherit, flags, params, info, NULL );
RtlFreeHeap( GetProcessHeap(), 0, newcmdline );
return status;
}
@@ -450,7 +450,9 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
TRACE( "app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
- if (token) FIXME( "Creating a process with a token is not yet implemented\n" );
+ /* FIXME: Starting a process which requires admin rights should fail
+ * with ERROR_ELEVATION_REQUIRED when no token is passed. */
+
if (new_token) FIXME( "No support for returning created process token\n" );
if (app_name)
@@ -523,7 +525,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
}
}
- status = create_nt_process( process_attr, thread_attr, inherit, flags, params, &rtl_info, parent );
+ status = create_nt_process( token, process_attr, thread_attr, inherit, flags, params, &rtl_info, parent );
switch (status)
{
case STATUS_SUCCESS:
@@ -532,7 +534,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
case STATUS_INVALID_IMAGE_NE_FORMAT:
case STATUS_INVALID_IMAGE_PROTECT:
TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(app_name) );
- status = create_vdm_process( process_attr, thread_attr, inherit, flags, params, &rtl_info );
+ status = create_vdm_process( token, process_attr, thread_attr, inherit, flags, params, &rtl_info );
break;
case STATUS_INVALID_IMAGE_NOT_MZ:
/* check for .com or .bat extension */
@@ -540,12 +542,12 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
if (!wcsicmp( p, L".com" ) || !wcsicmp( p, L".pif" ))
{
TRACE( "starting %s as DOS binary\n", debugstr_w(app_name) );
- status = create_vdm_process( process_attr, thread_attr, inherit, flags, params, &rtl_info );
+ status = create_vdm_process( token, process_attr, thread_attr, inherit, flags, params, &rtl_info );
}
else if (!wcsicmp( p, L".bat" ) || !wcsicmp( p, L".cmd" ))
{
TRACE( "starting %s as batch binary\n", debugstr_w(app_name) );
- status = create_cmd_process( process_attr, thread_attr, inherit, flags, params, &rtl_info );
+ status = create_cmd_process( token, process_attr, thread_attr, inherit, flags, params, &rtl_info );
}
break;
}
diff --git a/dlls/ntdll/unix/process.c b/dlls/ntdll/unix/process.c
index cca6c2747bf..379a0036b63 100644
--- a/dlls/ntdll/unix/process.c
+++ b/dlls/ntdll/unix/process.c
@@ -827,6 +827,7 @@ NTSTATUS WINAPI NtCreateUserProcess( HANDLE *process_handle_ptr, HANDLE *thread_
req->access = process_access;
req->cpu = pe_info.cpu;
req->info_size = startup_info_size;
+ req->token = wine_server_obj_handle( token );
wine_server_add_data( req, objattr, attr_len );
wine_server_add_data( req, startup_info, startup_info_size );
wine_server_add_data( req, params->Environment, env_size );
diff --git a/server/process.c b/server/process.c
index 52604ec4d61..047916ffd09 100644
--- a/server/process.c
+++ b/server/process.c
@@ -499,7 +499,7 @@ static void start_sigkill_timer( struct process *process )
/* create a new process */
/* if the function fails the fd is closed */
struct process *create_process( int fd, struct process *parent, int inherit_all,
- const struct security_descriptor *sd )
+ const struct security_descriptor *sd, struct token *token )
{
struct process *process;
@@ -576,7 +576,7 @@ struct process *create_process( int fd, struct process *parent, int inherit_all,
: alloc_handle_table( process, 0 );
/* Note: for security reasons, starting a new process does not attempt
* to use the current impersonation token for the new process */
- process->token = token_duplicate( parent->token, TRUE, 0, NULL, NULL, 0, NULL, 0 );
+ process->token = token_duplicate( token ? token : parent->token, TRUE, 0, NULL, NULL, 0, NULL, 0 );
process->affinity = parent->affinity;
}
if (!process->handles || !process->token) goto error;
@@ -1132,6 +1132,7 @@ DECL_HANDLER(new_process)
const struct security_descriptor *sd;
const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL );
struct process *process = NULL;
+ struct token *token = NULL;
struct process *parent;
struct thread *parent_thread = current;
int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
@@ -1185,10 +1186,39 @@ DECL_HANDLER(new_process)
return;
}
+ if (req->token)
+ {
+ token = get_token_from_handle( req->token, TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY );
+ if (!token)
+ {
+ close( socket_fd );
+ return;
+ }
+ if (!token_is_primary( token ))
+ {
+ set_error( STATUS_BAD_TOKEN_TYPE );
+ release_object( token );
+ close( socket_fd );
+ return;
+ }
+ }
+
+ if (!req->info_size) /* create an orphaned process */
+ {
+ if ((process = create_process( socket_fd, NULL, 0, sd, token )))
+ {
+ create_thread( -1, process, NULL );
+ release_object( process );
+ }
+ if (token) release_object( token );
+ return;
+ }
+
/* build the startup info for a new process */
if (!(info = alloc_object( &startup_info_ops )))
{
close( socket_fd );
+ if (token) release_object( token );
release_object( parent );
return;
}
@@ -1236,7 +1266,7 @@ DECL_HANDLER(new_process)
#undef FIXUP_LEN
}
- if (!(process = create_process( socket_fd, parent, req->inherit_all, sd ))) goto done;
+ if (!(process = create_process( socket_fd, parent, req->inherit_all, sd, token ))) goto done;
process->startup_info = (struct startup_info *)grab_object( info );
@@ -1297,6 +1327,7 @@ DECL_HANDLER(new_process)
reply->handle = alloc_handle_no_access_check( current->process, process, req->access, objattr->attributes );
done:
+ if (token) release_object( token );
if (process) release_object( process );
release_object( parent );
release_object( info );
@@ -1330,7 +1361,7 @@ DECL_HANDLER(exec_process)
close( socket_fd );
return;
}
- if (!(process = create_process( socket_fd, NULL, 0, NULL ))) return;
+ if (!(process = create_process( socket_fd, NULL, 0, NULL, NULL ))) return;
create_thread( -1, process, NULL );
release_object( process );
}
diff --git a/server/process.h b/server/process.h
index dfe5c4e52d8..61b83abf693 100644
--- a/server/process.h
+++ b/server/process.h
@@ -118,7 +118,7 @@ extern unsigned int alloc_ptid( void *ptr );
extern void free_ptid( unsigned int id );
extern void *get_ptid_entry( unsigned int id );
extern struct process *create_process( int fd, struct process *parent, int inherit_all,
- const struct security_descriptor *sd );
+ const struct security_descriptor *sd, struct token *token );
extern data_size_t init_process( struct thread *thread );
extern struct thread *get_process_first_thread( struct process *process );
extern struct process *get_process_from_id( process_id_t id );
diff --git a/server/protocol.def b/server/protocol.def
index 901c380b721..8c86967609f 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -801,6 +801,7 @@ struct rawinput_device
unsigned int access; /* access rights for process object */
client_cpu_t cpu; /* CPU that the new process will use */
data_size_t info_size; /* size of startup info */
+ obj_handle_t token; /* token for the new process */
VARARG(objattr,object_attributes); /* object attributes */
VARARG(info,startup_info,info_size); /* startup information */
VARARG(env,unicode_str); /* environment for new process */
diff --git a/server/request.c b/server/request.c
index 4c1f30a5fe7..321bb6cfa81 100644
--- a/server/request.c
+++ b/server/request.c
@@ -582,7 +582,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
int client = accept( get_unix_fd( master_socket->fd ), (struct sockaddr *) &dummy, &len );
if (client == -1) return;
fcntl( client, F_SETFL, O_NONBLOCK );
- if ((process = create_process( client, NULL, 0, NULL )))
+ if ((process = create_process( client, NULL, 0, NULL, NULL )))
{
create_thread( -1, process, NULL );
release_object( process );
diff --git a/server/security.h b/server/security.h
index 21e90ccf23f..32dfe5f8db9 100644
--- a/server/security.h
+++ b/server/security.h
@@ -67,6 +67,8 @@ extern const ACL *token_get_default_dacl( struct token *token );
extern const SID *token_get_user( struct token *token );
extern const SID *token_get_primary_group( struct token *token );
extern int token_sid_present( struct token *token, const SID *sid, int deny);
+extern struct token *get_token_from_handle( obj_handle_t handle, unsigned int access );
+extern int token_is_primary( struct token *token );
static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
{
diff --git a/server/token.c b/server/token.c
index 1c1d49989b3..2f466aa1b25 100644
--- a/server/token.c
+++ b/server/token.c
@@ -843,6 +843,12 @@ int token_assign_label( struct token *token, PSID label )
return ret;
}
+struct token *get_token_from_handle( obj_handle_t handle, unsigned int access )
+{
+ return (struct token *)get_handle_obj( current->process, handle,
+ access, &token_ops );
+}
+
struct token *token_create_admin( void )
{
struct token *token = NULL;
@@ -1269,6 +1275,11 @@ const SID *token_get_primary_group( struct token *token )
return token->primary_group;
}
+int token_is_primary( struct token *token )
+{
+ return token->primary;
+}
+
int check_object_access(struct object *obj, unsigned int *access)
{
GENERIC_MAPPING mapping;
--
2.27.0

64
patches/advapi32-Token_Integrity_Level/XX13-server-Correctly-assign-security-labels-for-tokens.patch → patches/advapi32-Token_Integrity_Level/0013-server-Correctly-assign-security-labels-for-tokens.patch
View File

@@ -1,21 +1,20 @@
From a8915b8ebd4c06b0216fc82d1ba8d958a677eccf Mon Sep 17 00:00:00 2001
From 6d8fd34cabbcbc64062675be610fb8704fcdc3ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 7 Aug 2017 03:33:26 +0200
Subject: [PATCH] server: Correctly assign security labels for tokens.
---
dlls/advapi32/tests/security.c | 21 +++++++++--------
server/named_pipe.c | 2 +-
server/process.c | 8 +------
dlls/advapi32/tests/security.c | 21 ++++++++++-----------
server/process.c | 8 +-------
server/security.h | 2 +-
server/token.c | 41 ++++++++++++++++++++--------------
5 files changed, 37 insertions(+), 37 deletions(-)
server/token.c | 41 ++++++++++++++++++++++++-----------------
4 files changed, 36 insertions(+), 36 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 94f3ea4601a..ab572421a73 100644
index bf4161c..0610ec7 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -7105,7 +7105,6 @@ static void test_token_security_descriptor(void)
@@ -7186,7 +7186,6 @@ static void test_token_security_descriptor(void)
defaulted = TRUE;
ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted);
ok(ret, "GetSecurityDescriptorDacl failed with error %u\n", GetLastError());
@@ -23,7 +22,7 @@ index 94f3ea4601a..ab572421a73 100644
ok(present, "DACL not present\n");
if (present)
@@ -7226,7 +7225,7 @@ static void test_token_security_descriptor(void)
@@ -7307,7 +7306,7 @@ static void test_token_security_descriptor(void)
ok(ret, "GetAce failed with error %u\n", GetLastError());
ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
"Unexpected ACE type %#x\n", ace->Header.AceType);
@@ -32,7 +31,7 @@ index 94f3ea4601a..ab572421a73 100644
"Expected medium integrity level\n");
}
@@ -7279,8 +7278,8 @@ static void test_token_security_descriptor(void)
@@ -7360,8 +7359,8 @@ static void test_token_security_descriptor(void)
sacl = NULL;
ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -43,7 +42,7 @@ index 94f3ea4601a..ab572421a73 100644
if (sacl)
{
@@ -7329,8 +7328,8 @@ static void test_token_security_descriptor(void)
@@ -7410,8 +7409,8 @@ static void test_token_security_descriptor(void)
sacl = NULL;
ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -54,7 +53,7 @@ index 94f3ea4601a..ab572421a73 100644
if (sacl)
{
@@ -7394,8 +7393,8 @@ static void test_token_security_descriptor(void)
@@ -7475,8 +7474,8 @@ static void test_token_security_descriptor(void)
ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -65,7 +64,7 @@ index 94f3ea4601a..ab572421a73 100644
if (sacl)
{
@@ -7432,8 +7431,8 @@ static void test_token_security_descriptor(void)
@@ -7513,8 +7512,8 @@ static void test_token_security_descriptor(void)
sacl = NULL;
ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -76,7 +75,7 @@ index 94f3ea4601a..ab572421a73 100644
if (sacl)
{
@@ -7652,7 +7651,7 @@ static void test_child_token_sd_medium(void)
@@ -7732,7 +7731,7 @@ static void test_child_token_sd_medium(void)
ok(ret, "GetAce failed with error %u\n", GetLastError());
ok(ace_label->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
"Unexpected ACE type %#x\n", ace_label->Header.AceType);
@@ -85,24 +84,11 @@ index 94f3ea4601a..ab572421a73 100644
"Expected medium integrity level\n");
memset(buffer_integrity, 0, sizeof(buffer_integrity));
diff --git a/server/named_pipe.c b/server/named_pipe.c
index 4cd4d7dc4a8..06bf8402aea 100644
--- a/server/named_pipe.c
+++ b/server/named_pipe.c
@@ -1142,7 +1142,7 @@ static int pipe_server_ioctl( struct fd *fd, ioctl_code_t code, struct async *as
if (current->process->token) /* FIXME: use the client token */
{
struct token *token;
- if (!(token = token_duplicate( current->process->token, 0, SecurityImpersonation, NULL, NULL, 0, NULL, 0 )))
+ if (!(token = token_duplicate( current->process->token, 0, SecurityImpersonation, NULL, NULL, 0, NULL, 0, NULL )))
return 0;
if (current->token) release_object( current->token );
current->token = token;
diff --git a/server/process.c b/server/process.c
index 31d5b96a25d..2c485831e33 100644
index b7c9da3..250f777 100644
--- a/server/process.c
+++ b/server/process.c
@@ -577,17 +577,11 @@ struct process *create_process( int fd, struct process *parent, int inherit_all,
@@ -562,17 +562,11 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
: alloc_handle_table( process, 0 );
/* Note: for security reasons, starting a new process does not attempt
* to use the current impersonation token for the new process */
@@ -122,7 +108,7 @@ index 31d5b96a25d..2c485831e33 100644
return process;
diff --git a/server/security.h b/server/security.h
index 32dfe5f8db9..87377ccd673 100644
index 32dfe5f..87377cc 100644
--- a/server/security.h
+++ b/server/security.h
@@ -59,7 +59,7 @@ extern int token_assign_label( struct token *token, PSID label );
@@ -135,10 +121,10 @@ index 32dfe5f8db9..87377ccd673 100644
const LUID_AND_ATTRIBUTES *reqprivs,
unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
diff --git a/server/token.c b/server/token.c
index 2f466aa1b25..23bc1cc13f7 100644
index 5db97b4..bd251c7 100644
--- a/server/token.c
+++ b/server/token.c
@@ -675,7 +675,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
@@ -668,7 +668,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
struct token *token_duplicate( struct token *src_token, unsigned primary,
int impersonation_level, const struct security_descriptor *sd,
const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
@@ -147,7 +133,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
{
const luid_t *modified_id =
primary || (impersonation_level == src_token->impersonation_level) ?
@@ -742,6 +742,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
@@ -735,6 +735,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
@@ -160,7 +146,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
return token;
}
@@ -913,6 +919,12 @@ struct token *token_create_admin( void )
@@ -906,6 +912,12 @@ struct token *token_create_admin( void )
admin_source, NULL, -1, TokenElevationTypeFull, &high_label_sid );
/* we really need a primary group */
assert( token->primary_group );
@@ -173,7 +159,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
}
free( logon_sid );
@@ -971,6 +983,12 @@ static struct token *token_create_limited( void )
@@ -964,6 +976,12 @@ static struct token *token_create_limited( void )
admin_source, NULL, -1, TokenElevationTypeLimited, &medium_label_sid );
/* we really need a primary group */
assert( token->primary_group );
@@ -186,7 +172,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
}
free( logon_sid );
@@ -1439,7 +1457,8 @@ DECL_HANDLER(duplicate_token)
@@ -1432,7 +1450,8 @@ DECL_HANDLER(duplicate_token)
TOKEN_DUPLICATE,
&token_ops )))
{
@@ -196,7 +182,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
if (token)
{
unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
@@ -1469,7 +1488,7 @@ DECL_HANDLER(filter_token)
@@ -1462,7 +1481,7 @@ DECL_HANDLER(filter_token)
group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
@@ -205,7 +191,7 @@ index 2f466aa1b25..23bc1cc13f7 100644
if (token)
{
unsigned int access = get_handle_access( current->process, req->handle );
@@ -1795,23 +1814,11 @@ DECL_HANDLER(set_token_default_dacl)
@@ -1788,23 +1807,11 @@ DECL_HANDLER(set_token_default_dacl)
DECL_HANDLER(create_token)
{
struct token *token;
@@ -232,5 +218,5 @@ index 2f466aa1b25..23bc1cc13f7 100644
}
}
--
2.27.0
2.7.4

35
patches/advapi32-Token_Integrity_Level/0015-ntdll-Add-semi-stub-for-TokenLinkedToken-info-class.patch
View File

@@ -1,25 +1,17 @@
From e34d019222909281390f83149be755a4145024c4 Mon Sep 17 00:00:00 2001
From 6d4621ddba8139747345c05f6251bae9b3c68e39 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 7 Aug 2017 15:28:33 +0200
Subject: [PATCH] ntdll: Add semi-stub for TokenLinkedToken info class.
Subject: ntdll: Add semi-stub for TokenLinkedToken info class.
---
dlls/ntdll/unix/security.c | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
dlls/ntdll/nt.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
index f0057116dee..2769e5f6a7b 100644
--- a/dlls/ntdll/unix/security.c
+++ b/dlls/ntdll/unix/security.c
@@ -138,6 +138,7 @@ NTSTATUS WINAPI NtDuplicateToken( HANDLE token, ACCESS_MASK access, OBJECT_ATTRI
return status;
}
+extern HANDLE CDECL __wine_create_default_token(BOOL admin);
/***********************************************************************
* NtQueryInformationToken (NTDLL.@)
@@ -166,7 +167,7 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index 6f2b24e6ba4..99dba58b426 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -366,7 +366,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
0, /* TokenAuditPolicy */
0, /* TokenOrigin */
sizeof(TOKEN_ELEVATION_TYPE), /* TokenElevationType */
@@ -28,14 +20,14 @@ index f0057116dee..2769e5f6a7b 100644
sizeof(TOKEN_ELEVATION), /* TokenElevation */
0, /* TokenHasRestrictions */
0, /* TokenAccessInformation */
@@ -401,6 +402,33 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
@@ -607,6 +607,32 @@ NTSTATUS WINAPI NtQueryInformationToken(
}
SERVER_END_REQ;
break;
+ case TokenLinkedToken:
+ SERVER_START_REQ( get_token_elevation_type )
+ {
+ TOKEN_LINKED_TOKEN *linked_token = info;
+ TOKEN_LINKED_TOKEN *linked_token = tokeninfo;
+ req->handle = wine_server_obj_handle( token );
+ status = wine_server_call( req );
+ if (status == STATUS_SUCCESS)
@@ -58,10 +50,9 @@ index f0057116dee..2769e5f6a7b 100644
+ }
+ SERVER_END_REQ;
+ break;
+
case TokenElevation:
SERVER_START_REQ( get_token_elevation_type )
{
--
2.27.0
2.13.1

5
patches/advapi32-Token_Integrity_Level/definition
View File

@@ -1,7 +1,4 @@
Fixes: [40613] Basic implementation for token integrity levels and UAC handling
Fixes: [39262] Run explorer.exe as unevaluated process
Depends: advapi32-CreateRestrictedToken
Depends: Staging
# Broken due to ntdll.so <- ntdll.dll imports. This isn't particularly difficult
# to fix, but it was already broken for some more obscure reason, and the whole
# patch set needs to be rewritten anyway.
Disabled: true

339
patches/bcrypt-ECDHSecretAgreement/0001-bcrypt-Allow-multiple-backends-to-coexist.patch
View File

@@ -1,339 +0,0 @@
From 104e3d8f36af9bc2179f7878b4f99b7417f59376 Mon Sep 17 00:00:00 2001
From: Derek Lesho <dlesho@codeweavers.com>
Date: Fri, 2 Oct 2020 11:29:24 -0500
Subject: [PATCH] bcrypt: Allow multiple backends to coexist.
Signed-off-by: Derek Lesho <dlesho@codeweavers.com>
---
dlls/bcrypt/Makefile.in | 3 +-
dlls/bcrypt/bcrypt_internal.h | 3 +
dlls/bcrypt/gnutls.c | 34 +++++--
dlls/bcrypt/macos.c | 20 +++-
dlls/bcrypt/unixlib.c | 186 ++++++++++++++++++++++++++++++++++
5 files changed, 229 insertions(+), 17 deletions(-)
create mode 100644 dlls/bcrypt/unixlib.c
diff --git a/dlls/bcrypt/Makefile.in b/dlls/bcrypt/Makefile.in
index 24803fb2d7c..46a20d473dd 100644
--- a/dlls/bcrypt/Makefile.in
+++ b/dlls/bcrypt/Makefile.in
@@ -11,6 +11,7 @@ C_SRCS = \
macos.c \
md2.c \
sha256.c \
- sha512.c
+ sha512.c \
+ unixlib.c
RC_SRCS = version.rc
diff --git a/dlls/bcrypt/bcrypt_internal.h b/dlls/bcrypt/bcrypt_internal.h
index 5edc9e6c9c6..29db7210b59 100644
--- a/dlls/bcrypt/bcrypt_internal.h
+++ b/dlls/bcrypt/bcrypt_internal.h
@@ -210,4 +210,7 @@ struct key_funcs
NTSTATUS (CDECL *key_import_ecc)( struct key *, UCHAR *, ULONG );
};
+struct key_funcs *gnutls_lib_init(DWORD reason);
+struct key_funcs *macos_lib_init(DWORD reason);
+
#endif /* __BCRYPT_INTERNAL_H */
diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c
index 21520bb4a84..b761c732acf 100644
--- a/dlls/bcrypt/gnutls.c
+++ b/dlls/bcrypt/gnutls.c
@@ -332,9 +332,12 @@ fail:
static void gnutls_uninitialize(void)
{
- pgnutls_global_deinit();
- dlclose( libgnutls_handle );
- libgnutls_handle = NULL;
+ if (libgnutls_handle)
+ {
+ pgnutls_global_deinit();
+ dlclose( libgnutls_handle );
+ libgnutls_handle = NULL;
+ }
}
struct buffer
@@ -1568,7 +1571,7 @@ static void CDECL key_asymmetric_destroy( struct key *key )
if (key_data(key)->privkey) pgnutls_privkey_deinit( key_data(key)->privkey );
}
-static const struct key_funcs key_funcs =
+static struct key_funcs key_funcs =
{
key_set_property,
key_symmetric_init,
@@ -1589,19 +1592,28 @@ static const struct key_funcs key_funcs =
key_import_ecc
};
-NTSTATUS CDECL __wine_init_unix_lib( HMODULE module, DWORD reason, const void *ptr_in, void *ptr_out )
+struct key_funcs * gnutls_lib_init( DWORD reason )
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
- if (!gnutls_initialize()) return STATUS_DLL_NOT_FOUND;
- *(const struct key_funcs **)ptr_out = &key_funcs;
- break;
+ if (!gnutls_initialize()) return NULL;
+ return &key_funcs;
case DLL_PROCESS_DETACH:
gnutls_uninitialize();
- break;
}
- return STATUS_SUCCESS;
+ return NULL;
}
-#endif /* HAVE_GNUTLS_CIPHER_INIT */
+#else /* HAVE_GNUTLS_CIPHER_INIT */
+#include "ntstatus.h"
+#define WIN32_NO_STATUS
+#include "windef.h"
+#include "winbase.h"
+#include "winternl.h"
+
+struct key_funcs * gnutls_lib_init( DWORD reason )
+{
+ return NULL;
+}
+#endif
diff --git a/dlls/bcrypt/macos.c b/dlls/bcrypt/macos.c
index 37615e97689..5868b445625 100644
--- a/dlls/bcrypt/macos.c
+++ b/dlls/bcrypt/macos.c
@@ -259,7 +259,7 @@ static void CDECL key_asymmetric_destroy( struct key *key )
{
}
-static const struct key_funcs key_funcs =
+static struct key_funcs key_funcs =
{
key_set_property,
key_symmetric_init,
@@ -280,11 +280,21 @@ static const struct key_funcs key_funcs =
key_import_ecc
};
-NTSTATUS CDECL __wine_init_unix_lib( HMODULE module, DWORD reason, const void *ptr_in, void *ptr_out )
+struct key_funcs * macos_lib_init( DWORD reason )
{
- if (reason != DLL_PROCESS_ATTACH) return STATUS_SUCCESS;
- *(const struct key_funcs **)ptr_out = &key_funcs;
- return STATUS_SUCCESS;
+ if (reason != DLL_PROCESS_ATTACH) return NULL;
+ return &key_funcs;
}
+#else
+#include "ntstatus.h"
+#define WIN32_NO_STATUS
+#include "windef.h"
+#include "winbase.h"
+#include "winternl.h"
+
+struct key_funcs * macos_lib_init( DWORD reason )
+{
+ return NULL;
+}
#endif
diff --git a/dlls/bcrypt/unixlib.c b/dlls/bcrypt/unixlib.c
new file mode 100644
index 00000000000..791b5d54188
--- /dev/null
+++ b/dlls/bcrypt/unixlib.c
@@ -0,0 +1,186 @@
+#if 0
+#pragma makedep unix
+#endif
+
+#include "config.h"
+#include "wine/port.h"
+
+#include <stdarg.h>
+
+#include "ntstatus.h"
+#define WIN32_NO_STATUS
+#include "windef.h"
+#include "winbase.h"
+#include "ntsecapi.h"
+#include "bcrypt.h"
+
+#include "bcrypt_internal.h"
+
+#include "wine/debug.h"
+#include "wine/unicode.h"
+
+#if defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 || defined(HAVE_GNUTLS_CIPHER_INIT)
+WINE_DEFAULT_DEBUG_CHANNEL(bcrypt);
+
+static NTSTATUS CDECL key_set_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_symmetric_init( struct key *key )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static void CDECL key_symmetric_vector_reset( struct key *key )
+{
+ FIXME( "not implemented\n" );
+}
+
+static NTSTATUS CDECL key_symmetric_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_symmetric_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, ULONG output_len )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_symmetric_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, ULONG output_len )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_symmetric_get_tag( struct key *key, UCHAR *tag, ULONG len )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static void CDECL key_symmetric_destroy( struct key *key )
+{
+ FIXME( "not implemented\n" );
+}
+
+static NTSTATUS CDECL key_asymmetric_init( struct key *key )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_asymmetric_sign( struct key *key, void *padding, UCHAR *input, ULONG input_len, UCHAR *output,
+ ULONG output_len, ULONG *ret_len, ULONG flags )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len,
+ UCHAR *signature, ULONG signature_len, DWORD flags )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_export_dsa_capi( struct key *key, UCHAR *buf, ULONG len, ULONG *ret_len )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_export_ecc( struct key *key, UCHAR *output, ULONG len, ULONG *ret_len )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_import_dsa_capi( struct key *key, UCHAR *buf, ULONG len )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_import_ecc( struct key *key, UCHAR *input, ULONG len )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS CDECL key_asymmetric_generate( struct key *key )
+{
+ FIXME( "not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static void CDECL key_asymmetric_destroy( struct key *key )
+{
+ FIXME( "not implemented\n" );
+}
+
+static struct key_funcs key_funcs =
+{
+ key_set_property,
+ key_symmetric_init,
+ key_symmetric_vector_reset,
+ key_symmetric_set_auth_data,
+ key_symmetric_encrypt,
+ key_symmetric_decrypt,
+ key_symmetric_get_tag,
+ key_symmetric_destroy,
+ key_asymmetric_init,
+ key_asymmetric_generate,
+ key_asymmetric_sign,
+ key_asymmetric_verify,
+ key_asymmetric_destroy,
+ key_export_dsa_capi,
+ key_export_ecc,
+ key_import_dsa_capi,
+ key_import_ecc
+};
+
+NTSTATUS CDECL __wine_init_unix_lib( HMODULE module, DWORD reason, const void *ptr_in, void *ptr_out )
+{
+ struct key_funcs *gnutls_funcs = gnutls_lib_init(reason);
+ struct key_funcs *macos_funcs = macos_lib_init(reason);
+
+ if (reason == DLL_PROCESS_ATTACH)
+ {
+#define RESOLVE_FUNC(name) \
+ if (macos_funcs && macos_funcs->key_##name) \
+ key_funcs.key_##name = macos_funcs->key_##name; \
+ if (gnutls_funcs && gnutls_funcs->key_##name) \
+ key_funcs.key_##name = gnutls_funcs->key_##name;
+
+ RESOLVE_FUNC(set_property)
+ RESOLVE_FUNC(symmetric_init)
+ RESOLVE_FUNC(symmetric_vector_reset)
+ RESOLVE_FUNC(symmetric_set_auth_data)
+ RESOLVE_FUNC(symmetric_encrypt)
+ RESOLVE_FUNC(symmetric_decrypt)
+ RESOLVE_FUNC(symmetric_get_tag)
+ RESOLVE_FUNC(symmetric_destroy)
+ RESOLVE_FUNC(asymmetric_init)
+ RESOLVE_FUNC(asymmetric_generate)
+ RESOLVE_FUNC(asymmetric_sign)
+ RESOLVE_FUNC(asymmetric_verify)
+ RESOLVE_FUNC(asymmetric_destroy)
+ RESOLVE_FUNC(export_dsa_capi)
+ RESOLVE_FUNC(export_ecc)
+ RESOLVE_FUNC(import_dsa_capi)
+ RESOLVE_FUNC(import_ecc)
+
+#undef RESOLVE_FUNC
+
+ *(struct key_funcs **)ptr_out = &key_funcs;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+#endif
--
2.28.0

449
patches/bcrypt-ECDHSecretAgreement/0002-bcrypt-Implement-BCryptSecretAgreement-with-libgcryp.patch → patches/bcrypt-ECDHSecretAgreement/0001-bcrypt-Implement-BCryptSecretAgreement-with-libgcryp.patch
View File

File diff suppressed because it is too large Load Diff

44
patches/bcrypt-ECDHSecretAgreement/0003-bcrypt-Implement-BCRYPT_KDF_HASH.patch → patches/bcrypt-ECDHSecretAgreement/0002-bcrypt-Implement-BCRYPT_KDF_HASH.patch
View File

@@ -1,4 +1,4 @@
From 01530fae68970b0c0af8811c5f6c5ea85c14372c Mon Sep 17 00:00:00 2001
From d0c4ac467f5e85e29ae407b29b6a93c85f375fd3 Mon Sep 17 00:00:00 2001
From: Derek Lesho <dlesho@codeweavers.com>
Date: Tue, 7 Jan 2020 14:22:49 -0600
Subject: [PATCH] bcrypt: Implement BCRYPT_KDF_HASH.
@@ -6,22 +6,24 @@ Subject: [PATCH] bcrypt: Implement BCRYPT_KDF_HASH.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=47699
Signed-off-by: Derek Lesho <dlesho at codeweavers.com>
---
dlls/bcrypt/bcrypt_main.c | 108 ++++++++++++++++++++++++++++++++++++-
dlls/bcrypt/tests/bcrypt.c | 3 +-
2 files changed, 108 insertions(+), 3 deletions(-)
dlls/bcrypt/bcrypt_main.c | 110 +++++++++++++++++++++++++++++++++++++
dlls/bcrypt/tests/bcrypt.c | 2 +-
2 files changed, 111 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 8dae41a2e2e..67be417aa61 100644
index 15b934247d..57d552a4c0 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1837,7 +1837,113 @@ NTSTATUS WINAPI BCryptDeriveKey(BCRYPT_SECRET_HANDLE handle, LPCWSTR kdf, BCrypt
if (!secret || secret->hdr.magic != MAGIC_SECRET) return STATUS_INVALID_HANDLE;
if (!kdf) return STATUS_INVALID_PARAMETER;
@@ -1773,6 +1773,116 @@ NTSTATUS WINAPI BCryptDeriveKey(BCRYPT_SECRET_HANDLE hSecret, LPCWSTR deriv_func
return STATUS_INVALID_HANDLE;
}
- if (!(lstrcmpW( kdf, BCRYPT_KDF_RAW_SECRET )))
+ if (flags) FIXME("flags ignored: %08x\n", flags);
+ if (flags)
+ {
+ FIXME("flags ignored: %08x\n", flags);
+ }
+
+ if (!(lstrcmpW( kdf, BCRYPT_KDF_HASH )))
+ if (!(strcmpW(deriv_func, BCRYPT_KDF_HASH)))
+ {
+ unsigned int i;
+ BCryptBuffer *hash_algorithm = NULL;
@@ -67,7 +69,7 @@ index 8dae41a2e2e..67be417aa61 100644
+ {
+ for (i = 0; i < ARRAY_SIZE( builtin_algorithms ); i++)
+ {
+ if (!lstrcmpW( hash_algorithm->pvBuffer, builtin_algorithms[i].name))
+ if (!strcmpW( hash_algorithm->pvBuffer, builtin_algorithms[i].name))
+ {
+ hash_alg_id = i;
+ break;
@@ -125,15 +127,15 @@ index 8dae41a2e2e..67be417aa61 100644
+
+ return STATUS_SUCCESS;
+ }
+ else if (!(lstrcmpW( kdf, BCRYPT_KDF_RAW_SECRET )))
+ else
if (!(strcmpW(deriv_func, BCRYPT_KDF_RAW_SECRET)))
{
ULONG n;
ULONG secret_length = secret->len;
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 5701a0a30ce..d4ffb3fe69c 100644
index d9509f2c49..edc59a8a97 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -2132,7 +2132,7 @@ static void test_ECDH(void)
@@ -2084,7 +2084,7 @@ static void test_ECDH(void)
raw_secret_end:
status = pBCryptDeriveKey(secret, BCRYPT_KDF_HASH, &hash_params, NULL, 0, &size, 0);
@@ -142,14 +144,6 @@ index 5701a0a30ce..d4ffb3fe69c 100644
if (status != STATUS_SUCCESS)
{
@@ -2666,7 +2666,6 @@ static void test_SecretAgreement(void)
ok(status == STATUS_INVALID_PARAMETER, "got %08x\n", status);
status = pBCryptDeriveKey(secret, L"HASH", NULL, NULL, 0, &size, 0);
- todo_wine
ok(status == STATUS_SUCCESS, "got %08x\n", status);
status = pBCryptDestroyHash(secret);
--
2.28.0
2.24.1

5
patches/bcrypt-ECDHSecretAgreement/definition
View File

@@ -1,5 +1,2 @@
Fixes: [47699] Multiple games fail to connect to online services (missing BCryptSecretAgreement / BCryptDeriveKey implementation)
# Needs to be moved to the unix lib, but that's a nontrivial amount of work, and
# using gcrypt is the wrong way forward (we should expose the missing APIs from
# gnutls instead).
#Disabled: true

Some files were not shown because too many files have changed in this diff Show More