diff --git a/src/common/platform/process.hpp b/src/common/platform/process.hpp index 5acc2451..e8d8cd07 100644 --- a/src/common/platform/process.hpp +++ b/src/common/platform/process.hpp @@ -799,6 +799,22 @@ struct ACL WORD AceCount; WORD Sbz2; }; + +struct ACE_HEADER +{ + BYTE AceType; + BYTE AceFlags; + WORD AceSize; +}; + +typedef DWORD ACCESS_MASK; + +struct ACCESS_ALLOWED_ACE +{ + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +}; #endif struct TOKEN_DEFAULT_DACL64 @@ -817,7 +833,7 @@ struct TOKEN_MANDATORY_LABEL64 SID_AND_ATTRIBUTES64 Label; }; -struct TOKEN_PROCESS_TRUST_LEVEL +struct TOKEN_PROCESS_TRUST_LEVEL64 { EMULATOR_CAST(EmulatorTraits::PVOID, PSID) TrustLevelSid; }; @@ -878,6 +894,52 @@ typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION } Attribute; } TOKEN_SECURITY_ATTRIBUTES_INFORMATION, *PTOKEN_SECURITY_ATTRIBUTES_INFORMATION; +#ifndef OS_WINDOWS +#define SECURITY_DESCRIPTOR_REVISION 1 +#define SECURITY_DESCRIPTOR_REVISION1 1 + +typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; + +#define SE_OWNER_DEFAULTED 0x0001 +#define SE_GROUP_DEFAULTED 0x0002 +#define SE_DACL_PRESENT 0x0004 +#define SE_DACL_DEFAULTED 0x0008 +#define SE_SACL_PRESENT 0x0010 +#define SE_SACL_DEFAULTED 0x0020 +#define SE_DACL_AUTO_INHERIT_REQ 0x0100 +#define SE_SACL_AUTO_INHERIT_REQ 0x0200 +#define SE_DACL_AUTO_INHERITED 0x0400 +#define SE_SACL_AUTO_INHERITED 0x0800 +#define SE_DACL_PROTECTED 0x1000 +#define SE_SACL_PROTECTED 0x2000 +#define SE_RM_CONTROL_VALID 0x4000 +#define SE_SELF_RELATIVE 0x8000 + +struct SECURITY_DESCRIPTOR_RELATIVE +{ + BYTE Revision; + BYTE Sbz1; + SECURITY_DESCRIPTOR_CONTROL Control; + DWORD Owner; + DWORD Group; + DWORD Sacl; + DWORD Dacl; +}; + +typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION; + +#define OWNER_SECURITY_INFORMATION 0x00000001L +#define GROUP_SECURITY_INFORMATION 0x00000002L +#define DACL_SECURITY_INFORMATION 0x00000004L +#define SACL_SECURITY_INFORMATION 0x00000008L +#define LABEL_SECURITY_INFORMATION 0x00000010L +#define ATTRIBUTE_SECURITY_INFORMATION 0x00000020L +#define SCOPE_SECURITY_INFORMATION 0x00000040L +#define PROCESS_TRUST_LABEL_SECURITY_INFORMATION 0x00000080L +#define ACCESS_FILTER_SECURITY_INFORMATION 0x00000100L +#define BACKUP_SECURITY_INFORMATION 0x00010000L +#endif + struct GDI_HANDLE_ENTRY64 { union diff --git a/src/windows-emulator/devices/security_support_provider.cpp b/src/windows-emulator/devices/security_support_provider.cpp index 717ae566..9796246f 100644 --- a/src/windows-emulator/devices/security_support_provider.cpp +++ b/src/windows-emulator/devices/security_support_provider.cpp @@ -8,6 +8,7 @@ namespace struct security_support_provider : stateless_device { // RNG Microsoft Primitive Provider + // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,hicpp-avoid-c-arrays,modernize-avoid-c-arrays) std::uint8_t output_data[216] = // {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x50, 0x00, diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index 6a6e9f12..e113455d 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -449,7 +449,7 @@ namespace syscalls } NTSTATUS handle_NtRemoveIoCompletion( - const syscall_context& c, const emulator_object /*io_completion__handle*/, + const syscall_context&, const emulator_object /*io_completion__handle*/, const emulator_object key_context, const emulator_pointer /*apc_context*/, const emulator_object>> /*io_status_block*/, const emulator_object timeout) diff --git a/src/windows-emulator/syscalls/object.cpp b/src/windows-emulator/syscalls/object.cpp index 4e86649d..71ab7b28 100644 --- a/src/windows-emulator/syscalls/object.cpp +++ b/src/windows-emulator/syscalls/object.cpp @@ -214,13 +214,16 @@ namespace syscalls } // Owner SID: S-1-5-32-544 (Administrators) + // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,hicpp-avoid-c-arrays,modernize-avoid-c-arrays) const uint8_t owner_sid[] = {0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00}; // Group SID: S-1-5-18 (Local System) + // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,hicpp-avoid-c-arrays,modernize-avoid-c-arrays) const uint8_t group_sid[] = {0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00}; // DACL structure + // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,hicpp-avoid-c-arrays,modernize-avoid-c-arrays) const uint8_t dacl_data[] = { 0x02, 0x00, 0x9C, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x0F, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x0F, 0x00, 0x02, 0x00, @@ -233,23 +236,32 @@ namespace syscalls 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00}; // SACL structure - const uint8_t sacl_data[] = {0x02, 0x00, 0x1C, 0x00, 0x01, 0x00, 0x00, 0x00, // ACL header - 0x11, 0x00, 0x14, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00}; + // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,hicpp-avoid-c-arrays,modernize-avoid-c-arrays) + const uint8_t sacl_data[] = {0x02, 0x00, 0x1C, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, + 0x14, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00}; ULONG total_size = sizeof(SECURITY_DESCRIPTOR_RELATIVE); if (security_information & OWNER_SECURITY_INFORMATION) + { total_size += sizeof(owner_sid); + } if (security_information & GROUP_SECURITY_INFORMATION) + { total_size += sizeof(group_sid); + } if (security_information & DACL_SECURITY_INFORMATION) + { total_size += sizeof(dacl_data); + } if (security_information & LABEL_SECURITY_INFORMATION) + { total_size += sizeof(sacl_data); + } length_needed.write(total_size); @@ -267,8 +279,7 @@ namespace syscalls sd.Revision = SECURITY_DESCRIPTOR_REVISION; sd.Control = SE_SELF_RELATIVE; - constexpr ULONG header_size = sizeof(SECURITY_DESCRIPTOR_RELATIVE); - ULONG current_offset = header_size; + ULONG current_offset = sizeof(sd); if (security_information & OWNER_SECURITY_INFORMATION) { diff --git a/src/windows-emulator/syscalls/token.cpp b/src/windows-emulator/syscalls/token.cpp index 98f3f506..f53a37dc 100644 --- a/src/windows-emulator/syscalls/token.cpp +++ b/src/windows-emulator/syscalls/token.cpp @@ -149,7 +149,7 @@ namespace syscalls const auto acl_offset = token_information + sizeof(TOKEN_DEFAULT_DACL64); ACL acl{}; - acl.AclRevision = ACL_REVISION; + acl.AclRevision = 2; // ACL_REVISION acl.Sbz1 = 0; acl.AclSize = static_cast(acl_size); acl.AceCount = 1; @@ -159,7 +159,7 @@ namespace syscalls const auto ace_offset = acl_offset + sizeof(ACL); ACCESS_ALLOWED_ACE ace{}; - ace.Header.AceType = ACCESS_ALLOWED_ACE_TYPE; + ace.Header.AceType = 0; // ACCESS_ALLOWED_ACE_TYPE ace.Header.AceFlags = 0; ace.Header.AceSize = static_cast(sizeof(ACCESS_ALLOWED_ACE) + sizeof(sid) - sizeof(ULONG)); ace.Mask = GENERIC_ALL; @@ -305,7 +305,7 @@ namespace syscalls // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,hicpp-avoid-c-arrays,modernize-avoid-c-arrays) const uint8_t medium_integrity_sid[] = { 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x20, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; constexpr auto required_size = sizeof(medium_integrity_sid) + sizeof(TOKEN_MANDATORY_LABEL64); @@ -328,7 +328,7 @@ namespace syscalls if (token_information_class == TokenProcessTrustLevel) { - constexpr auto required_size = sizeof(TOKEN_PROCESS_TRUST_LEVEL); + constexpr auto required_size = sizeof(TOKEN_PROCESS_TRUST_LEVEL64); return_length.write(required_size); if (required_size > token_information_length) @@ -336,7 +336,7 @@ namespace syscalls return STATUS_BUFFER_TOO_SMALL; } - c.emu.write_memory(token_information, TOKEN_PROCESS_TRUST_LEVEL{ + c.emu.write_memory(token_information, TOKEN_PROCESS_TRUST_LEVEL64{ .TrustLevelSid = 0, });