server: Add get_sd and set_sd object operations to allow the security descriptor to be stored somewhere other than server memory, such as on disk.
diff --git a/server/async.c b/server/async.c
index 24cbd2a..3a99f80 100644
--- a/server/async.c
+++ b/server/async.c
@@ -59,6 +59,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -86,6 +88,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/atom.c b/server/atom.c
index d23ec3e..336e6e3 100644
--- a/server/atom.c
+++ b/server/atom.c
@@ -83,6 +83,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/change.c b/server/change.c
index c8966da..dc44980 100644
--- a/server/change.c
+++ b/server/change.c
@@ -171,6 +171,8 @@
no_signal, /* signal */
dir_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
fd_close_handle, /* close_handle */
diff --git a/server/clipboard.c b/server/clipboard.c
index 764d89c..44ca7bd 100644
--- a/server/clipboard.c
+++ b/server/clipboard.c
@@ -59,6 +59,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/completion.c b/server/completion.c
index 13f5939..bff2ada 100644
--- a/server/completion.c
+++ b/server/completion.c
@@ -66,6 +66,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/console.c b/server/console.c
index b0a3424..a94c881 100644
--- a/server/console.c
+++ b/server/console.c
@@ -83,6 +83,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
console_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -112,6 +114,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
console_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -152,6 +156,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
console_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/debugger.c b/server/debugger.c
index 4d0ac3d..a64a17a 100644
--- a/server/debugger.c
+++ b/server/debugger.c
@@ -76,6 +76,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -97,6 +99,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/device.c b/server/device.c
index e4fa595..46b2796 100644
--- a/server/device.c
+++ b/server/device.c
@@ -65,6 +65,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -94,6 +96,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -131,6 +135,8 @@
no_signal, /* signal */
device_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
device_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/directory.c b/server/directory.c
index f170711..f53ffe5 100644
--- a/server/directory.c
+++ b/server/directory.c
@@ -63,6 +63,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
directory_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/event.c b/server/event.c
index a7d65b3..5d49845 100644
--- a/server/event.c
+++ b/server/event.c
@@ -59,6 +59,8 @@
event_signal, /* signal */
no_get_fd, /* get_fd */
event_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/fd.c b/server/fd.c
index 4779475..dc292cb 100644
--- a/server/fd.c
+++ b/server/fd.c
@@ -198,6 +198,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -232,6 +234,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -265,6 +269,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -300,6 +306,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/file.c b/server/file.c
index d65ff44..11fa005 100644
--- a/server/file.c
+++ b/server/file.c
@@ -82,6 +82,8 @@
no_signal, /* signal */
file_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
fd_close_handle, /* close_handle */
diff --git a/server/handle.c b/server/handle.c
index 65b4205..763870e 100644
--- a/server/handle.c
+++ b/server/handle.c
@@ -111,6 +111,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -612,7 +614,7 @@
if (!(obj = get_handle_obj( current->process, req->handle, access, NULL ))) return;
- set_object_sd( obj, sd, req->security_info );
+ obj->ops->set_sd( obj, sd, req->security_info );
release_object( obj );
}
@@ -631,7 +633,7 @@
if (!(obj = get_handle_obj( current->process, req->handle, access, NULL ))) return;
- sd = obj->sd;
+ sd = obj->ops->get_sd( obj );
if (sd)
{
req_sd.control = sd->control & ~SE_SELF_RELATIVE;
diff --git a/server/hook.c b/server/hook.c
index 9a20043..19c1ca8 100644
--- a/server/hook.c
+++ b/server/hook.c
@@ -84,6 +84,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/mailslot.c b/server/mailslot.c
index fd50080..ee891ff 100644
--- a/server/mailslot.c
+++ b/server/mailslot.c
@@ -81,6 +81,8 @@
no_signal, /* signal */
mailslot_get_fd, /* get_fd */
mailslot_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
mailslot_open_file, /* open_file */
fd_close_handle, /* close_handle */
@@ -129,6 +131,8 @@
no_signal, /* signal */
mail_writer_get_fd, /* get_fd */
mail_writer_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
fd_close_handle, /* close_handle */
@@ -177,6 +181,8 @@
no_signal, /* signal */
mailslot_device_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
mailslot_device_lookup_name, /* lookup_name */
mailslot_device_open_file, /* open_file */
fd_close_handle, /* close_handle */
diff --git a/server/mapping.c b/server/mapping.c
index 7b99134..8c1e6b0 100644
--- a/server/mapping.c
+++ b/server/mapping.c
@@ -67,6 +67,8 @@
no_signal, /* signal */
mapping_get_fd, /* get_fd */
mapping_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
fd_close_handle, /* close_handle */
diff --git a/server/mutex.c b/server/mutex.c
index 7d330e2..e128dfc 100644
--- a/server/mutex.c
+++ b/server/mutex.c
@@ -62,6 +62,8 @@
mutex_signal, /* signal */
no_get_fd, /* get_fd */
mutex_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/named_pipe.c b/server/named_pipe.c
index e39f85a..51da895 100644
--- a/server/named_pipe.c
+++ b/server/named_pipe.c
@@ -124,6 +124,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
named_pipe_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
named_pipe_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -150,6 +152,8 @@
no_signal, /* signal */
pipe_server_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
fd_close_handle, /* close_handle */
@@ -186,6 +190,8 @@
no_signal, /* signal */
pipe_client_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
fd_close_handle, /* close_handle */
@@ -226,6 +232,8 @@
no_signal, /* signal */
named_pipe_device_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
named_pipe_device_lookup_name, /* lookup_name */
named_pipe_device_open_file, /* open_file */
fd_close_handle, /* close_handle */
diff --git a/server/object.c b/server/object.c
index d10b878..eb21ef1 100644
--- a/server/object.c
+++ b/server/object.c
@@ -367,7 +367,12 @@
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
-void set_object_sd( struct object *obj, const struct security_descriptor *sd,
+struct security_descriptor *default_get_sd( struct object *obj )
+{
+ return obj->sd;
+}
+
+int default_set_sd( struct object *obj, const struct security_descriptor *sd,
unsigned int set_info )
{
struct security_descriptor new_sd, *new_sd_ptr;
@@ -376,7 +381,7 @@
const ACL *sacl, *dacl;
char *ptr;
- if (!set_info) return;
+ if (!set_info) return 1;
new_sd.control = sd->control & ~SE_SELF_RELATIVE;
@@ -437,7 +442,7 @@
ptr = mem_alloc( sizeof(new_sd) + new_sd.owner_len + new_sd.group_len +
new_sd.sacl_len + new_sd.dacl_len );
- if (!ptr) return;
+ if (!ptr) return 0;
new_sd_ptr = (struct security_descriptor*)ptr;
memcpy( ptr, &new_sd, sizeof(new_sd) );
@@ -452,6 +457,7 @@
free( obj->sd );
obj->sd = new_sd_ptr;
+ return 1;
}
struct object *no_lookup_name( struct object *obj, struct unicode_str *name,
diff --git a/server/object.h b/server/object.h
index c40b633..cb5822a 100644
--- a/server/object.h
+++ b/server/object.h
@@ -74,6 +74,10 @@
struct fd *(*get_fd)(struct object *);
/* map access rights to the specific rights for this object */
unsigned int (*map_access)(struct object *, unsigned int);
+ /* returns the security descriptor of the object */
+ struct security_descriptor *(*get_sd)( struct object * );
+ /* sets the security descriptor of the object */
+ int (*set_sd)( struct object *, const struct security_descriptor *, unsigned int );
/* lookup a name if an object has a namespace */
struct object *(*lookup_name)(struct object *, struct unicode_str *,unsigned int);
/* open a file object to access this object */
@@ -127,7 +131,8 @@
extern int no_signal( struct object *obj, unsigned int access );
extern struct fd *no_get_fd( struct object *obj );
extern unsigned int no_map_access( struct object *obj, unsigned int access );
-extern void set_object_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info );
+extern struct security_descriptor *default_get_sd( struct object *obj );
+extern int default_set_sd( struct object *obj, const struct security_descriptor *sd, unsigned int set_info );
extern struct object *no_lookup_name( struct object *obj, struct unicode_str *name, unsigned int attributes );
extern struct object *no_open_file( struct object *obj, unsigned int access, unsigned int sharing,
unsigned int options );
diff --git a/server/process.c b/server/process.c
index 623d2ae..8ca20d8 100644
--- a/server/process.c
+++ b/server/process.c
@@ -74,6 +74,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
process_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -121,6 +123,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/queue.c b/server/queue.c
index cdab2a8..7e6da57 100644
--- a/server/queue.c
+++ b/server/queue.c
@@ -156,6 +156,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -186,6 +188,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/registry.c b/server/registry.c
index 8d17309..ac740ef 100644
--- a/server/registry.c
+++ b/server/registry.c
@@ -149,6 +149,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
key_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
key_close_handle, /* close_handle */
diff --git a/server/request.c b/server/request.c
index 2f15b9e..dbe483a 100644
--- a/server/request.c
+++ b/server/request.c
@@ -96,6 +96,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/semaphore.c b/server/semaphore.c
index cd4080f..af651e9 100644
--- a/server/semaphore.c
+++ b/server/semaphore.c
@@ -59,6 +59,8 @@
semaphore_signal, /* signal */
no_get_fd, /* get_fd */
semaphore_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/serial.c b/server/serial.c
index 5a1e3ca..239a9c5 100644
--- a/server/serial.c
+++ b/server/serial.c
@@ -94,6 +94,8 @@
no_signal, /* signal */
serial_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
fd_close_handle, /* close_handle */
diff --git a/server/signal.c b/server/signal.c
index c8120ac..912c6c6 100644
--- a/server/signal.c
+++ b/server/signal.c
@@ -70,6 +70,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/snapshot.c b/server/snapshot.c
index 14ec97b..552cc02 100644
--- a/server/snapshot.c
+++ b/server/snapshot.c
@@ -68,6 +68,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/sock.c b/server/sock.c
index 0694c51..66ab0d1 100644
--- a/server/sock.c
+++ b/server/sock.c
@@ -113,6 +113,8 @@
no_signal, /* signal */
sock_get_fd, /* get_fd */
default_fd_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
fd_close_handle, /* close_handle */
diff --git a/server/symlink.c b/server/symlink.c
index 4c06b85..183497c 100644
--- a/server/symlink.c
+++ b/server/symlink.c
@@ -62,6 +62,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
symlink_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
symlink_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/thread.c b/server/thread.c
index 2ae78c9..99cf896 100644
--- a/server/thread.c
+++ b/server/thread.c
@@ -93,6 +93,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
no_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
@@ -119,6 +121,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
thread_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/timer.c b/server/timer.c
index 05c0e81..fb2a2a8 100644
--- a/server/timer.c
+++ b/server/timer.c
@@ -67,6 +67,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
timer_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/token.c b/server/token.c
index 892fbab..3a713e5 100644
--- a/server/token.c
+++ b/server/token.c
@@ -129,6 +129,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
token_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
no_close_handle, /* close_handle */
diff --git a/server/winstation.c b/server/winstation.c
index 64ae718..5755ba9 100644
--- a/server/winstation.c
+++ b/server/winstation.c
@@ -63,6 +63,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
winstation_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
winstation_close_handle, /* close_handle */
@@ -81,6 +83,8 @@
no_signal, /* signal */
no_get_fd, /* get_fd */
desktop_map_access, /* map_access */
+ default_get_sd, /* get_sd */
+ default_set_sd, /* set_sd */
no_lookup_name, /* lookup_name */
no_open_file, /* open_file */
desktop_close_handle, /* close_handle */
