diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2015-12-15 18:34:40 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2016-06-24 22:00:04 +0300 |
| commit | 67fd2101ab764dff2a9ce919a59d09108ae09281 (patch) | |
| tree | f80310de6d87d15ff9329d213514173def013533 /winsup/cygwin/sec_auth.cc | |
| parent | b15d129559cad52b13cb6c54fbe19a78031b7411 (diff) | |
Drop max_sys_priv wincap
Convert sys_privs to const struct with TOKEN_PRIVILEGES layout.
Drop function get_system_priv_list. Just use pointer to sys_privs.
Dropping max_sys_priv from wincaps requires to make sure that the
bitfield is 8 byte aligned on x86_64, otherwise gcc (5.3 only?)
apparently breaks access to the bitfield (off by 4 bytes).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'winsup/cygwin/sec_auth.cc')
| -rw-r--r-- | winsup/cygwin/sec_auth.cc | 129 |
1 files changed, 68 insertions, 61 deletions
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index e8d1d9138..a3fbece40 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -598,67 +598,74 @@ get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid, tmp_list += groups.pgsid; } -static ULONG sys_privs[] = { - SE_CREATE_TOKEN_PRIVILEGE, - SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, - SE_LOCK_MEMORY_PRIVILEGE, - SE_INCREASE_QUOTA_PRIVILEGE, - SE_TCB_PRIVILEGE, - SE_SECURITY_PRIVILEGE, - SE_TAKE_OWNERSHIP_PRIVILEGE, - SE_LOAD_DRIVER_PRIVILEGE, - SE_SYSTEM_PROFILE_PRIVILEGE, /* Vista ONLY */ - SE_SYSTEMTIME_PRIVILEGE, - SE_PROF_SINGLE_PROCESS_PRIVILEGE, - SE_INC_BASE_PRIORITY_PRIVILEGE, - SE_CREATE_PAGEFILE_PRIVILEGE, - SE_CREATE_PERMANENT_PRIVILEGE, - SE_BACKUP_PRIVILEGE, - SE_RESTORE_PRIVILEGE, - SE_SHUTDOWN_PRIVILEGE, - SE_DEBUG_PRIVILEGE, - SE_AUDIT_PRIVILEGE, - SE_SYSTEM_ENVIRONMENT_PRIVILEGE, - SE_CHANGE_NOTIFY_PRIVILEGE, - SE_UNDOCK_PRIVILEGE, - SE_MANAGE_VOLUME_PRIVILEGE, - SE_IMPERSONATE_PRIVILEGE, - SE_CREATE_GLOBAL_PRIVILEGE, - SE_INCREASE_WORKING_SET_PRIVILEGE, - SE_TIME_ZONE_PRIVILEGE, - SE_CREATE_SYMBOLIC_LINK_PRIVILEGE -}; - -#define SYSTEM_PRIVILEGES_COUNT (sizeof sys_privs / sizeof *sys_privs) - -static PTOKEN_PRIVILEGES -get_system_priv_list (size_t &size) +/* Fixed size TOKEN_PRIVILEGES list to reflect privileges given to the + SYSTEM account by default. */ +const struct { - ULONG max_idx = 0; - while (max_idx < SYSTEM_PRIVILEGES_COUNT - && sys_privs[max_idx] != wincap.max_sys_priv ()) - ++max_idx; - if (max_idx >= SYSTEM_PRIVILEGES_COUNT) - api_fatal ("Coding error: wincap privilege %u doesn't exist in sys_privs", - wincap.max_sys_priv ()); - size = sizeof (ULONG) + (max_idx + 1) * sizeof (LUID_AND_ATTRIBUTES); - PTOKEN_PRIVILEGES privs = (PTOKEN_PRIVILEGES) malloc (size); - if (!privs) - { - debug_printf ("malloc (system_privs) failed."); - return NULL; - } - privs->PrivilegeCount = 0; - for (ULONG i = 0; i <= max_idx; ++i) - { - privs->Privileges[privs->PrivilegeCount].Luid.HighPart = 0L; - privs->Privileges[privs->PrivilegeCount].Luid.LowPart = sys_privs[i]; - privs->Privileges[privs->PrivilegeCount].Attributes = - SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT; - ++privs->PrivilegeCount; - } - return privs; -} + DWORD PrivilegeCount; + LUID_AND_ATTRIBUTES Privileges[28]; +} sys_privs = +{ + 28, + { + { { SE_CREATE_TOKEN_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_LOCK_MEMORY_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_INCREASE_QUOTA_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_TCB_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SECURITY_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_TAKE_OWNERSHIP_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_LOAD_DRIVER_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SYSTEM_PROFILE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SYSTEMTIME_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_INC_BASE_PRIORITY_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CREATE_PAGEFILE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CREATE_PERMANENT_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_BACKUP_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_RESTORE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SHUTDOWN_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_DEBUG_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_AUDIT_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CHANGE_NOTIFY_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_UNDOCK_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_MANAGE_VOLUME_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_IMPERSONATE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CREATE_GLOBAL_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_INCREASE_WORKING_SET_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_TIME_ZONE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT } + } +}; static PTOKEN_PRIVILEGES get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list, @@ -672,7 +679,7 @@ get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list, { if (mandatory_integrity_sid) *mandatory_integrity_sid = mandatory_system_integrity_sid; - return get_system_priv_list (size); + return (PTOKEN_PRIVILEGES) &sys_privs; } if (mandatory_integrity_sid) |