[PATCH] server: Implement token elevation information.
Vijay Kiran Kamuju
infyquest at gmail.com
Mon Apr 29 18:38:28 CDT 2019
From: Michael Müller <michael at fds-team.de>
From: Michael Müller <michael at fds-team.de>
Signed-off-by: Vijay Kiran Kamuju <infyquest at gmail.com>
---
dlls/ntdll/nt.c | 16 ++++++++++++----
server/protocol.def | 8 ++++++++
server/token.c | 22 +++++++++++++++++++---
3 files changed, 39 insertions(+), 7 deletions(-)
diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index d03c0a122f..a17ee7b55f 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -566,18 +566,26 @@ NTSTATUS WINAPI NtQueryInformationToken(
SERVER_END_REQ;
break;
case TokenElevationType:
+ SERVER_START_REQ( get_token_elevation_type )
{
TOKEN_ELEVATION_TYPE *elevation_type = tokeninfo;
- FIXME("QueryInformationToken( ..., TokenElevationType, ...) semi-stub\n");
- *elevation_type = TokenElevationTypeFull;
+ req->handle = wine_server_obj_handle( token );
+ status = wine_server_call( req );
+ if (status == STATUS_SUCCESS)
+ *elevation_type = reply->elevation;
}
+ SERVER_END_REQ;
break;
case TokenElevation:
+ SERVER_START_REQ( get_token_elevation_type )
{
TOKEN_ELEVATION *elevation = tokeninfo;
- FIXME("QueryInformationToken( ..., TokenElevation, ...) semi-stub\n");
- elevation->TokenIsElevated = TRUE;
+ req->handle = wine_server_obj_handle( token );
+ status = wine_server_call( req );
+ if (status == STATUS_SUCCESS)
+ elevation->TokenIsElevated = (reply->elevation == TokenElevationTypeFull);
}
+ SERVER_END_REQ;
break;
case TokenSessionId:
{
diff --git a/server/protocol.def b/server/protocol.def
index 21008d7a87..d253354722 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -3704,6 +3704,14 @@ struct handle_info
@END
+/* Get elevation level of token */
+ at REQ(get_token_elevation_type)
+ obj_handle_t handle; /* handle to the object */
+ at REPLY
+ unsigned int elevation; /* elevation level */
+ at END
+
+
/* Create I/O completion port */
@REQ(create_completion)
unsigned int access; /* desired access to a port */
diff --git a/server/token.c b/server/token.c
index e0f28c6da6..c27463aa8a 100644
--- a/server/token.c
+++ b/server/token.c
@@ -112,6 +112,7 @@ struct token
ACL *default_dacl; /* the default DACL to assign to objects created by this user */
TOKEN_SOURCE source; /* source of the token */
int impersonation_level; /* impersonation level this token is capable of if non-primary token */
+ TOKEN_ELEVATION_TYPE elevation; /* elevation level */
};
struct privilege
@@ -541,7 +542,7 @@ static struct token *create_token( unsigned primary, const SID *user,
const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
const ACL *default_dacl, TOKEN_SOURCE source,
const luid_t *modified_id,
- int impersonation_level )
+ int impersonation_level, TOKEN_ELEVATION_TYPE elevation )
{
struct token *token = alloc_object( &token_ops );
if (token)
@@ -563,6 +564,7 @@ static struct token *create_token( unsigned primary, const SID *user,
token->impersonation_level = impersonation_level;
token->default_dacl = NULL;
token->primary_group = NULL;
+ token->elevation = elevation;
/* copy user */
token->user = memdup( user, security_sid_len( user ));
@@ -650,7 +652,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
token = create_token( primary, src_token->user, NULL, 0,
NULL, 0, src_token->default_dacl,
src_token->source, modified_id,
- impersonation_level );
+ impersonation_level,
+ src_token->elevation );
if (!token) return token;
/* copy groups */
@@ -847,7 +850,7 @@ struct token *token_create_admin( void )
static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
- admin_source, NULL, -1 );
+ admin_source, NULL, -1, TokenElevationTypeFull );
/* we really need a primary group */
assert( token->primary_group );
}
@@ -1556,6 +1559,19 @@ DECL_HANDLER(get_token_statistics)
}
}
+DECL_HANDLER(get_token_elevation_type)
+{
+ struct token *token;
+
+ if ((token = (struct token *)get_handle_obj( current->process, req->handle,
+ TOKEN_QUERY,
+ &token_ops )))
+ {
+ reply->elevation = token->elevation;
+ release_object( token );
+ }
+}
+
DECL_HANDLER(get_token_default_dacl)
{
struct token *token;
--
2.21.0
More information about the wine-devel
mailing list