Alexandre Julliard : server: Store the session id in the process token.

Alexandre Julliard julliard at winehq.org
Thu Jul 1 15:53:50 CDT 2021 

Module: wine
Branch: master
Commit: 2b5cefc92e1bc78b9e5d73a54454a3cba771b19f
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=2b5cefc92e1bc78b9e5d73a54454a3cba771b19f

Author: Alexandre Julliard <julliard at winehq.org>
Date:   Thu Jul  1 16:20:08 2021 +0200

server: Store the session id in the process token.

Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 server/process.c  |  4 ++--
 server/security.h |  3 ++-
 server/token.c    | 19 +++++++++++++------
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/server/process.c b/server/process.c
index c2131a2d7e2..15387a2affa 100644
--- a/server/process.c
+++ b/server/process.c
@@ -664,7 +664,7 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla
     if (!parent)
     {
         process->handles = alloc_handle_table( process, 0 );
-        process->token = token_create_admin( TRUE, -1, TokenElevationTypeFull );
+        process->token = token_create_admin( TRUE, -1, TokenElevationTypeFull, default_session_id );
         process->affinity = ~0;
     }
     else
@@ -686,7 +686,7 @@ struct process *create_process( int fd, struct process *parent, unsigned int fla
         process->affinity = parent->affinity;
     }
     if (!process->handles || !process->token) goto error;
-    process->session_id = default_session_id;
+    process->session_id = token_get_session_id( process->token );
 
     /* Assign a high security label to the token. The default would be medium
      * but Wine provides admin access to all applications right now so high
diff --git a/server/security.h b/server/security.h
index f7e644aa1b7..5388bc9c419 100644
--- a/server/security.h
+++ b/server/security.h
@@ -54,7 +54,7 @@ extern const PSID security_high_label_sid;
 /* token functions */
 
 extern struct token *get_token_obj( struct process *process, obj_handle_t handle, unsigned int access );
-extern struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation );
+extern struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation, unsigned int session_id );
 extern int token_assign_label( struct token *token, PSID label );
 extern struct token *token_duplicate( struct token *src_token, unsigned primary,
                                       int impersonation_level, const struct security_descriptor *sd,
@@ -66,6 +66,7 @@ extern int token_check_privileges( struct token *token, int all_required,
 extern const ACL *token_get_default_dacl( struct token *token );
 extern const SID *token_get_user( struct token *token );
 extern const SID *token_get_primary_group( struct token *token );
+extern unsigned int token_get_session_id( struct token *token );
 extern int token_sid_present( struct token *token, const SID *sid, int deny);
 
 static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
diff --git a/server/token.c b/server/token.c
index fed7d93753e..9c72c2a6bed 100644
--- a/server/token.c
+++ b/server/token.c
@@ -122,7 +122,8 @@ struct token
     SID           *user;            /* SID of user this token represents */
     SID           *owner;           /* SID of owner (points to user or one of groups) */
     SID           *primary_group;   /* SID of user's primary group (points to one of groups) */
-    unsigned       primary;         /* is this a primary or impersonation token? */
+    unsigned int   primary;         /* is this a primary or impersonation token? */
+    unsigned int   session_id;      /* token session id */
     ACL           *default_dacl;    /* the default DACL to assign to objects created by this user */
     TOKEN_SOURCE   source;          /* source of the token */
     int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
@@ -537,7 +538,7 @@ static void token_destroy( struct object *obj )
  *  modified_id may be NULL, indicating that a new modified_id luid should be
  *   allocated.
  */
-static struct token *create_token( unsigned primary, const SID *user,
+static struct token *create_token( unsigned int primary, unsigned int session_id, const SID *user,
                                    const SID_AND_ATTRIBUTES *groups, unsigned int group_count,
                                    const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
                                    const ACL *default_dacl, TOKEN_SOURCE source,
@@ -557,6 +558,7 @@ static struct token *create_token( unsigned primary, const SID *user,
         list_init( &token->privileges );
         list_init( &token->groups );
         token->primary = primary;
+        token->session_id = session_id;
         /* primary tokens don't have impersonation levels */
         if (primary)
             token->impersonation_level = -1;
@@ -677,7 +679,7 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
         return NULL;
     }
 
-    token = create_token( primary, src_token->user, NULL, 0,
+    token = create_token( primary, src_token->session_id, src_token->user, NULL, 0,
                           NULL, 0, src_token->default_dacl,
                           src_token->source, modified_id,
                           impersonation_level, src_token->elevation );
@@ -830,7 +832,7 @@ struct token *get_token_obj( struct process *process, obj_handle_t handle, unsig
     return (struct token *)get_handle_obj( process, handle, access, &token_ops );
 }
 
-struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation )
+struct token *token_create_admin( unsigned primary, int impersonation_level, int elevation, unsigned int session_id )
 {
     struct token *token = NULL;
     static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };
@@ -890,7 +892,7 @@ struct token *token_create_admin( unsigned primary, int impersonation_level, int
             { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
         };
         static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
-        token = create_token( primary, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
+        token = create_token( primary, session_id, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
                               admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
                               admin_source, NULL, impersonation_level, elevation );
         /* we really need a primary group */
@@ -1197,6 +1199,11 @@ const SID *token_get_primary_group( struct token *token )
     return token->primary_group;
 }
 
+unsigned int token_get_session_id( struct token *token )
+{
+    return token->session_id;
+}
+
 int check_object_access(struct token *token, struct object *obj, unsigned int *access)
 {
     generic_map_t mapping;
@@ -1669,7 +1676,7 @@ DECL_HANDLER(create_linked_token)
             release_object( token );
             return;
         }
-        if ((linked = token_create_admin( FALSE, SecurityIdentification, elevation )))
+        if ((linked = token_create_admin( FALSE, SecurityIdentification, elevation, token->session_id )))
         {
             reply->linked = alloc_handle( current->process, linked, TOKEN_ALL_ACCESS, 0 );
             release_object( linked );

More information about the wine-cvs mailing list