[PATCH] server: Implement token elevation information. - wine-devel

29 Apr 2019

From: Michael Müller michael@fds-team.de
From: Michael Müller michael@fds-team.de
Signed-off-by: Vijay Kiran Kamuju infyquest@gmail.com
---
 dlls/ntdll/nt.c     | 16 ++++++++++++----
 server/protocol.def |  8 ++++++++
 server/token.c      | 22 +++++++++++++++++++---
 3 files changed, 39 insertions(+), 7 deletions(-)

diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index d03c0a122f..a17ee7b55f 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -566,18 +566,26 @@ NTSTATUS WINAPI NtQueryInformationToken(
         SERVER_END_REQ;
         break;
     case TokenElevationType:
+        SERVER_START_REQ( get_token_elevation_type )
         {
             TOKEN_ELEVATION_TYPE *elevation_type = tokeninfo;
-            FIXME("QueryInformationToken( ..., TokenElevationType, ...) semi-stub\n");
-            *elevation_type = TokenElevationTypeFull;
+            req->handle = wine_server_obj_handle( token );
+            status = wine_server_call( req );
+            if (status == STATUS_SUCCESS)
+                *elevation_type = reply->elevation;
         }
+        SERVER_END_REQ;
         break;
     case TokenElevation:
+        SERVER_START_REQ( get_token_elevation_type )
         {
             TOKEN_ELEVATION *elevation = tokeninfo;
-            FIXME("QueryInformationToken( ..., TokenElevation, ...) semi-stub\n");
-            elevation->TokenIsElevated = TRUE;
+            req->handle = wine_server_obj_handle( token );
+            status = wine_server_call( req );
+            if (status == STATUS_SUCCESS)
+                elevation->TokenIsElevated = (reply->elevation == TokenElevationTypeFull);
         }
+        SERVER_END_REQ;
         break;
     case TokenSessionId:
         {
diff --git a/server/protocol.def b/server/protocol.def
index 21008d7a87..d253354722 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -3704,6 +3704,14 @@ struct handle_info
 @END
+/* Get elevation level of token */
+@REQ(get_token_elevation_type)
+    obj_handle_t   handle;        /* handle to the object */
+@REPLY
+    unsigned int   elevation;     /* elevation level */
+@END
+
+
 /* Create I/O completion port */
 @REQ(create_completion)
     unsigned int access;          /* desired access to a port */
diff --git a/server/token.c b/server/token.c
index e0f28c6da6..c27463aa8a 100644
--- a/server/token.c
+++ b/server/token.c
@@ -112,6 +112,7 @@ struct token
     ACL           *default_dacl;    /* the default DACL to assign to objects created by this user */
     TOKEN_SOURCE   source;          /* source of the token */
     int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
+    TOKEN_ELEVATION_TYPE elevation; /* elevation level */
 };
struct privilege
@@ -541,7 +542,7 @@ static struct token *create_token( unsigned primary, const SID *user,
                                    const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
                                    const ACL *default_dacl, TOKEN_SOURCE source,
                                    const luid_t *modified_id,
-                                   int impersonation_level )
+                                   int impersonation_level, TOKEN_ELEVATION_TYPE elevation )
 {
     struct token *token = alloc_object( &token_ops );
     if (token)
@@ -563,6 +564,7 @@ static struct token *create_token( unsigned primary, const SID *user,
             token->impersonation_level = impersonation_level;
         token->default_dacl = NULL;
         token->primary_group = NULL;
+        token->elevation = elevation;
/* copy user */
         token->user = memdup( user, security_sid_len( user ));
@@ -650,7 +652,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
     token = create_token( primary, src_token->user, NULL, 0,
                           NULL, 0, src_token->default_dacl,
                           src_token->source, modified_id,
-                          impersonation_level );
+                          impersonation_level,
+                          src_token->elevation );
     if (!token) return token;
/* copy groups */
@@ -847,7 +850,7 @@ struct token *token_create_admin( void )
         static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
         token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
                               admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
-                              admin_source, NULL, -1 );
+                              admin_source, NULL, -1, TokenElevationTypeFull );
         /* we really need a primary group */
         assert( token->primary_group );
     }
@@ -1556,6 +1559,19 @@ DECL_HANDLER(get_token_statistics)
     }
 }
+DECL_HANDLER(get_token_elevation_type)
+{
+    struct token *token;
+
+    if ((token = (struct token *)get_handle_obj( current->process, req->handle,
+                                                 TOKEN_QUERY,
+                                                 &token_ops )))
+    {
+        reply->elevation = token->elevation;
+        release_object( token );
+    }
+}
+
 DECL_HANDLER(get_token_default_dacl)
 {
     struct token *token;
-- 
2.21.0



    