Drop max_sys_priv wincap
Convert sys_privs to const struct with TOKEN_PRIVILEGES layout. Drop function get_system_priv_list. Just use pointer to sys_privs. Dropping max_sys_priv from wincaps requires to make sure that the bitfield is 8 byte aligned on x86_64, otherwise gcc (5.3 only?) apparently breaks access to the bitfield (off by 4 bytes). Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
@ -598,67 +598,74 @@ get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid,
|
||||
tmp_list += groups.pgsid;
|
||||
}
|
||||
|
||||
static ULONG sys_privs[] = {
|
||||
SE_CREATE_TOKEN_PRIVILEGE,
|
||||
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE,
|
||||
SE_LOCK_MEMORY_PRIVILEGE,
|
||||
SE_INCREASE_QUOTA_PRIVILEGE,
|
||||
SE_TCB_PRIVILEGE,
|
||||
SE_SECURITY_PRIVILEGE,
|
||||
SE_TAKE_OWNERSHIP_PRIVILEGE,
|
||||
SE_LOAD_DRIVER_PRIVILEGE,
|
||||
SE_SYSTEM_PROFILE_PRIVILEGE, /* Vista ONLY */
|
||||
SE_SYSTEMTIME_PRIVILEGE,
|
||||
SE_PROF_SINGLE_PROCESS_PRIVILEGE,
|
||||
SE_INC_BASE_PRIORITY_PRIVILEGE,
|
||||
SE_CREATE_PAGEFILE_PRIVILEGE,
|
||||
SE_CREATE_PERMANENT_PRIVILEGE,
|
||||
SE_BACKUP_PRIVILEGE,
|
||||
SE_RESTORE_PRIVILEGE,
|
||||
SE_SHUTDOWN_PRIVILEGE,
|
||||
SE_DEBUG_PRIVILEGE,
|
||||
SE_AUDIT_PRIVILEGE,
|
||||
SE_SYSTEM_ENVIRONMENT_PRIVILEGE,
|
||||
SE_CHANGE_NOTIFY_PRIVILEGE,
|
||||
SE_UNDOCK_PRIVILEGE,
|
||||
SE_MANAGE_VOLUME_PRIVILEGE,
|
||||
SE_IMPERSONATE_PRIVILEGE,
|
||||
SE_CREATE_GLOBAL_PRIVILEGE,
|
||||
SE_INCREASE_WORKING_SET_PRIVILEGE,
|
||||
SE_TIME_ZONE_PRIVILEGE,
|
||||
SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
|
||||
};
|
||||
|
||||
#define SYSTEM_PRIVILEGES_COUNT (sizeof sys_privs / sizeof *sys_privs)
|
||||
|
||||
static PTOKEN_PRIVILEGES
|
||||
get_system_priv_list (size_t &size)
|
||||
/* Fixed size TOKEN_PRIVILEGES list to reflect privileges given to the
|
||||
SYSTEM account by default. */
|
||||
const struct
|
||||
{
|
||||
ULONG max_idx = 0;
|
||||
while (max_idx < SYSTEM_PRIVILEGES_COUNT
|
||||
&& sys_privs[max_idx] != wincap.max_sys_priv ())
|
||||
++max_idx;
|
||||
if (max_idx >= SYSTEM_PRIVILEGES_COUNT)
|
||||
api_fatal ("Coding error: wincap privilege %u doesn't exist in sys_privs",
|
||||
wincap.max_sys_priv ());
|
||||
size = sizeof (ULONG) + (max_idx + 1) * sizeof (LUID_AND_ATTRIBUTES);
|
||||
PTOKEN_PRIVILEGES privs = (PTOKEN_PRIVILEGES) malloc (size);
|
||||
if (!privs)
|
||||
{
|
||||
debug_printf ("malloc (system_privs) failed.");
|
||||
return NULL;
|
||||
}
|
||||
privs->PrivilegeCount = 0;
|
||||
for (ULONG i = 0; i <= max_idx; ++i)
|
||||
{
|
||||
privs->Privileges[privs->PrivilegeCount].Luid.HighPart = 0L;
|
||||
privs->Privileges[privs->PrivilegeCount].Luid.LowPart = sys_privs[i];
|
||||
privs->Privileges[privs->PrivilegeCount].Attributes =
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT;
|
||||
++privs->PrivilegeCount;
|
||||
}
|
||||
return privs;
|
||||
}
|
||||
DWORD PrivilegeCount;
|
||||
LUID_AND_ATTRIBUTES Privileges[28];
|
||||
} sys_privs =
|
||||
{
|
||||
28,
|
||||
{
|
||||
{ { SE_CREATE_TOKEN_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_LOCK_MEMORY_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_INCREASE_QUOTA_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_TCB_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_SECURITY_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_TAKE_OWNERSHIP_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_LOAD_DRIVER_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_SYSTEM_PROFILE_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_SYSTEMTIME_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_INC_BASE_PRIORITY_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_CREATE_PAGEFILE_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_CREATE_PERMANENT_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_BACKUP_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_RESTORE_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_SHUTDOWN_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_DEBUG_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_AUDIT_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_CHANGE_NOTIFY_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_UNDOCK_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_MANAGE_VOLUME_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_IMPERSONATE_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_CREATE_GLOBAL_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_INCREASE_WORKING_SET_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_TIME_ZONE_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
|
||||
{ { SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, 0 },
|
||||
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
|
||||
}
|
||||
};
|
||||
|
||||
static PTOKEN_PRIVILEGES
|
||||
get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list,
|
||||
@ -672,7 +679,7 @@ get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list,
|
||||
{
|
||||
if (mandatory_integrity_sid)
|
||||
*mandatory_integrity_sid = mandatory_system_integrity_sid;
|
||||
return get_system_priv_list (size);
|
||||
return (PTOKEN_PRIVILEGES) &sys_privs;
|
||||
}
|
||||
|
||||
if (mandatory_integrity_sid)
|
||||
|
Reference in New Issue
Block a user