Re: [PATCH 7/7] server/kernel32: Marshal security descriptor to server for a new process.
30 Jan
2007
30 Jan
'07
4:32 p.m.
Hi, i cant compile wine with this patch, do you know why?
gcc -c -I. -I. -I../../include -I../../include -D__WINESRC__
-DCOM_NO_WINDOWS_H -D_REENTRANT -fPIC -Wall -pipe -fno-strict-aliasing
-Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -g -O2
-o regsvr.o regsvr.c
make[2]: Leaving directory
`/root/.WineCVS/sources/cvswine/wine/dlls/mmdevldr.vxd'
gcc -c -I. -I. -I../../include -I../../include -D__WINESRC__
-D_KERNEL32_ -D_REENTRANT -fPIC -Wall -pipe -fno-strict-aliasing
-Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -g -O2
-o profile.o profile.c
process.c: In function ‘create_process’:
process.c:1314: error: ‘struct new_process_request’ has no member named
‘sd_len’
process.c:1318: error: ‘struct new_process_request’ has no member named
‘sd_len’
process.c:1320: error: ‘struct new_process_request’ has no member named
‘sd_len’
process.c:1322: error: ‘struct new_process_request’ has no member named
‘sd_len’
process.c:1323: error: ‘struct new_process_request’ has no member named
‘sd_len’
process.c:1325: error: ‘struct new_process_request’ has no member named
‘sd_len’
process.c:1327: error: ‘struct new_process_request’ has no member named
‘sd_len’
make[2]: *** [process.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Entering directory
`/root/.WineCVS/sources/cvswine/wine/dlls/monodebg.vxd'
gcc -c -I. -I. -I../../include -I../../include -D__WINESRC__
-D_REENTRANT -fPIC -Wall -pipe -fno-strict-aliasing
-Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -g -O2
-o monodebg.o monodebg.c
../../tools/winegcc/winegcc -B../../tools/winebuild -shared
./monodebg.vxd.spec monodebg.o -o monodebg.vxd.so -lkernel32
../../libs/port/libwine_port.a
../../tools/winegcc/winegcc -B../../tools/winebuild -shared ./mlang.spec
mlang.o regsvr.o -o mlang.dll.so -loleaut32 -lole32 -luser32
-lgdi32 -ladvapi32 -lkernel32 -lntdll -Wb,-doleaut32 -luuid
../../libs/port/libwine_port.a
make[2]: Leaving directory
`/root/.WineCVS/sources/cvswine/wine/dlls/kernel32'
make[1]: *** [kernel32] Error 2
make[1]: *** Waiting for unfinished jobs....
make[2]: Leaving directory `/root/.WineCVS/sources/cvswine/wine/dlls/mlang'
make[2]: Leaving directory
`/root/.WineCVS/sources/cvswine/wine/dlls/monodebg.vxd'
make[1]: Leaving directory `/root/.WineCVS/sources/cvswine/wine/dlls'
make: *** [dlls] Error 2
Mirek
Vitaliy Margolen napsal(a):
We are limited to only 5 server data calls. Here it
would have been 7.
And possibly 12 in the future. Hence decision to send self-relative
SECURITY_DESCRIPTOR.
---
dlls/kernel32/process.c | 25 +++++++++++++++++++++++++
server/process.c | 8 ++++++--
server/protocol.def | 2 ++
3 files changed, 33 insertions(+), 2 deletions(-)
------------------------------------------------------------------------
diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
index 8cdcd72..463071d 100644
--- a/dlls/kernel32/process.c
+++ b/dlls/kernel32/process.c
@@ -1277,6 +1277,8 @@ static BOOL create_process( HANDLE hFile
SERVER_START_REQ( new_process )
{
+ PSECURITY_DESCRIPTOR p_sd = NULL;
+
req->inherit_all = inherit;
req->create_flags = flags;
req->socket_fd = socketfd[1];
@@ -1303,6 +1305,27 @@ static BOOL create_process( HANDLE hFile
if (is_console_handle(req->hstderr)) req->hstderr =
console_handle_unmap(req->hstderr);
}
+ /* marshal security descriptor */
+ if (psa && psa->lpSecurityDescriptor)
+ {
+ SECURITY_DESCRIPTOR_CONTROL control;
+ DWORD revision;
+
+ req->sd_len = RtlLengthSecurityDescriptor( psa->lpSecurityDescriptor
);
+ RtlGetControlSecurityDescriptor( psa->lpSecurityDescriptor, &control,
&revision );
+
+ if (control & SE_SELF_RELATIVE)
+ wine_server_add_data( req, psa->lpSecurityDescriptor, req->sd_len
);
+ else
+ if ((p_sd = HeapAlloc( GetProcessHeap(), 0, req->sd_len )))
+ {
+ RtlMakeSelfRelativeSD( psa->lpSecurityDescriptor, p_sd,
&req->sd_len );
+ wine_server_add_data( req, p_sd, req->sd_len );
+ }
+ else req->sd_len = 0;
+ }
+ else req->sd_len = 0;
+
wine_server_add_data( req, params, params->Size );
wine_server_add_data( req, params->Environment,
(env_end-params->Environment)*sizeof(WCHAR) );
if ((ret = !wine_server_call_err( req )))
@@ -1313,6 +1336,8 @@ static BOOL create_process( HANDLE hFile
info->hThread = reply->thandle;
}
process_info = reply->info;
+
+ HeapFree( GetProcessHeap(), 0, p_sd );
}
SERVER_END_REQ;
diff --git a/server/process.c b/server/process.c
index 1c53f49..21dd8cb 100644
--- a/server/process.c
+++ b/server/process.c
@@ -820,6 +820,7 @@ DECL_HANDLER(new_process)
struct thread *thread;
struct process *process;
struct process *parent = current->process;
+ const SECURITY_DESCRIPTOR *p_sd = get_req_data();
int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
if (socket_fd == -1)
@@ -841,14 +842,14 @@ DECL_HANDLER(new_process)
info->hstderr = req->hstderr;
info->exe_file = NULL;
info->process = NULL;
- info->data_size = get_req_data_size();
+ info->data_size = get_req_data_size() - req->sd_len;
info->data = NULL;
if (req->exe_file &&
!(info->exe_file = get_file_obj( current->process, req->exe_file,
FILE_READ_DATA )))
goto done;
- if (!(info->data = memdup( get_req_data(), info->data_size ))) goto done;
+ if (!(info->data = memdup( (char*)get_req_data() + req->sd_len,
info->data_size ))) goto done;
if (!(thread = create_process( socket_fd, current, req->inherit_all ))) goto
done;
process = thread->process;
@@ -900,6 +901,9 @@ DECL_HANDLER(new_process)
reply->phandle = alloc_handle( parent, process, req->process_access,
req->process_attr );
reply->thandle = alloc_handle( parent, thread, req->thread_access,
req->thread_attr );
+ if (req->sd_len)
+ set_object_sd( &process->obj, p_sd, OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
+ SACL_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION );
done:
release_object( info );
}
diff --git a/server/protocol.def b/server/protocol.def
index f49f331..9ebbcbc 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -436,6 +436,8 @@ typedef union
unsigned int process_attr; /* attributes for process object */
unsigned int thread_access; /* access rights for thread object */
unsigned int thread_attr; /* attributes for thread object */
+ data_size_t sd_len; /* length of process' security descriptor */
+ VARARG(sd,bytes,sd_len); /* process' security descriptor to set */
VARARG(info,startup_info); /* startup information */
VARARG(env,unicode_str); /* environment for new process */
@REPLY
------------------------------------------------------------------------
30 Jan
30 Jan
4:44 p.m.
New subject: [PATCH 7/7] server/kernel32: Marshal security descriptor to server for a new process.
Mirek wrote:
Hi, i cant compile wine with this patch, do you know
why?
You need to run `tools/make_requests`. All patches to wineserver sent to
wine-patches don't have auto-generated parts.
Vitaliy.
6319
days inactive
6319
days old
1 comments
2 participants
participants (2)
-
Mirek -
Vitaliy Margolen