Commit Graph

65 Commits

Author SHA1 Message Date
Ben Peddell
b419df1de4 server: Include user groups in file mode calculation when user is file owner. 2009-12-11 17:47:30 +01:00
Rob Shearman
bd56916f90 server: Extend get_token_user server call to also retrieve SIDs for the token's owner or primary group. 2009-11-17 15:14:54 +01:00
Hans Leidekker
24af6f3e01 server: Add requests to set and retrieve default dacl. 2009-04-21 15:40:26 +02:00
Alexandre Julliard
f6d871eecf server: impersonation_level should be an int since we store -1 in it.
Make sure we don't check the impersonation level for primary tokens.
2008-03-26 14:38:49 +01:00
H. Verbeet
3120c0861c server: Don't drop the SE_GROUP_LOGON_ID attribute. 2008-03-18 11:15:06 +01:00
Alexandre Julliard
8382eb01b2 server: Return correct object types in the get_directory_entry request. 2007-12-05 18:16:42 +01:00
Rob Shearman
f98556c119 server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes. 2007-10-30 14:18:05 +01:00
Rob Shearman
e51f8490f2 server: Ignore ACEs with the INHERIT_ONLY_ACE flag set during access checks. 2007-10-26 12:46:30 +02:00
Rob Shearman
dd9e392796 server: Use the security descriptor passed in when creating events. 2007-10-25 12:47:22 +02:00
Rob Shearman
12e44bf299 server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs. 2007-10-16 13:17:22 +02:00
Rob Shearman
cb124c9b12 server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions. 2007-10-04 12:30:52 +02:00
Rob Shearman
c1707d8938 server: Add get_sd and set_sd object operations to allow the security descriptor to be stored somewhere other than server memory, such as on disk. 2007-10-04 12:30:52 +02:00
Rob Shearman
8184bcc91a server: Add a simple mapping from Unix uids to NT SIDs. 2007-10-04 12:30:52 +02:00
Rob Shearman
45b6706a32 server: Use ACL_REVISION in create_default_dacl instead of MAX_ACL_REVISION since we don't use any features from later ACL revisions. 2007-10-03 11:16:53 +02:00
Rob Shearman
5af809abfd server: Move set_security_object to handle.c and set_object_sd to object.c.
These both don't operate on tokens so token.c is not the right place for 
them to be implemented.
2007-10-03 11:04:43 +02:00
Rob Shearman
3f431a0646 server: Add get_token_statistics server call and use it to implement the TokenStatistics and TokenType levels for NtQueryInformationToken. 2007-09-14 14:43:46 +02:00
Peter Dons Tychsen
ec4d8903ef server: Added the install driver privilege to the default user. 2007-07-31 20:32:40 +02:00
Rob Shearman
bdf964dce8 server: Move most of the duplicate_token request to a new function, token_duplicate, to enable the code to be used inside wineserver. 2007-05-30 11:46:32 +02:00
Rob Shearman
fa074bc544 server: Add the logon SID to the default admin token's groups. 2007-05-18 14:11:44 +02:00
Alexandre Julliard
7e71c1ddee server: Add an open_file() function to the object operations. 2007-03-22 11:44:29 +01:00
Alexandre Julliard
bf17ce86d4 server: Use internal luid_t type where appropriate. 2007-03-07 13:45:11 +01:00
Juan Lang
c2cb296277 ntdll: Implement NtAllocateLocallyUniqueId with server call. 2007-03-07 13:45:11 +01:00
Rob Shearman
221e01abd2 server: A general solution for handling MAXIMUM_ALLOWED access right has been implemented so remove the workarounds. 2007-03-06 22:17:39 +01:00
Rob Shearman
d342d1413c server: Add get_token_impersonation_level server call for retrieving the impersonation level from a token.
Add tests for GetTokenInformation(TokenImpersonationLevel).
2007-02-21 19:49:37 +01:00
Rob Shearman
6a76a0ac7a server: Check object's security when creating handles.
Don't check object's security when duplicating a handle of the same or 
lower access rights. Based on a patch by Vitaliy Margolen.
2007-02-21 19:49:02 +01:00
Rob Shearman
c9b9847dce server: Track the impersonation level of tokens. 2007-02-16 13:09:55 +01:00
Rob Shearman
df0d625351 server: Track IDs for tokens and modifications made to tokens. 2007-02-16 13:09:49 +01:00
Vitaliy Margolen
b0e9d7e0b5 ntdll/server: Implement NtSetSecurityObject. With tests. 2007-02-15 14:19:24 +01:00
Vitaliy Margolen
6413a9c193 server: Get the primary group from the token's groups. 2007-02-13 17:47:43 +01:00
Vitaliy Margolen
aa28ed0162 server: Fix typo. Should be group not owner. 2007-02-08 11:56:12 +01:00
Vitaliy Margolen
55fdda4c3e server: Prevent a crash on error while creating a token. 2007-01-25 12:52:39 +01:00
Vitaliy Margolen
fad936c7c5 server: Reverse return value and status in token_access_check to be consistent. 2007-01-25 12:44:35 +01:00
Vitaliy Margolen
2cf11ef771 advapi32: Add few more tests for token access check and fix it on Wine. 2007-01-25 12:42:32 +01:00
Vitaliy Margolen
97b122c03f server: User correct user sid for the default_dacl. 2007-01-22 12:02:10 +01:00
Andrew Talbot
53dae9b7f5 server: Cast-qual warnings fix. 2006-12-18 11:40:03 +01:00
Michael Stefaniuc
5cecceccb2 server: Remove redundant NULL check before free() (found by Smatch). 2006-10-10 12:56:16 +02:00
Michael Stefaniuc
a624977f21 server: Fix some comparisons between signed and unsigned. 2006-07-26 11:11:04 +02:00
Alexandre Julliard
0f273c17ff server: Added data_size_t type to represent sizes in the server protocol.
Make it an unsigned int to save some space on Win64, if we need to
transfer more than 4Gb over the server pipe something is seriously
wrong.
2006-07-26 11:11:03 +02:00
Francois Gouget
11ae0f6386 Assorted spelling fixes. 2006-06-16 11:32:29 +02:00
Jonathan Ernst
360a3f9142 Update the address of the Free Software Foundation. 2006-05-23 14:11:13 +02:00
Robert Shearman
3396a66ee7 server: Retrieve the groups for a token from the server. 2006-05-15 14:25:43 +02:00
Robert Shearman
0bf1c22cad server: Handle failure of mem_alloc in duplicate_token. 2006-04-07 13:08:33 +02:00
Robert Shearman
9e0d0563c1 server: Handle possible mem_alloc failure in create_token. 2006-04-07 13:07:54 +02:00
Robert Shearman
d18711e282 server: Store the token source. 2006-03-30 12:41:23 +02:00
Alexandre Julliard
5fb2e68bb2 server: Added access rights mapping to token objects. 2005-12-12 15:01:08 +01:00
Alexandre Julliard
28beba31d6 server: Added infrastructure for access rights mapping. 2005-12-12 14:57:40 +01:00
Alexandre Julliard
24560e70bb server: Make alloc_handle use attributes instead of inherit flag. 2005-12-09 13:58:25 +01:00
Alexandre Julliard
836d07c369 server: Use attributes instead of inherit flag in token requests.
Also use the specified access rights in the open_token request.
2005-12-09 12:17:19 +01:00
Ge van Geldorp
1a1583a364 Match PSDK STATUS_* definitions. 2005-11-28 17:32:54 +01:00
Vitaliy Margolen
baffcb95d3 Add name_lookup function in object_ops. 2005-11-22 14:55:42 +00:00