rpcrt4_create_pipe_security function will be held in charge to set up security descriptors specific for each named pipe upon creation in rpcrt4_conn_create_pipe. The descriptor is then freed after the pipe is no longer needed.
Currently CreateProcessAsUserCommon doesn't set a default descriptor for the newly duplicated token object for the new process nor it sets any security information for both the process and thread. This is wrong, because when the process is created on behalf of the user's security context,
it still uses the previous security information of the creator that initially gave birth to the process. CreateDefaultProcessSecurityCommon function will serve as a placeholder until CreatePrivateObjectSecurity is implemented.
Refactor the function in such a way that it can jump to a single exit but most importantly, implement a "rinse and repeat" mechanism where we assign a primary token to process by disabling impersonation first and retry with impersonation later.
More info can be found in the documention within the code.
Currently Kernel32 doesn't make any server call to Basesrv in order to create NLS section names, instead it's Kernel32 itself that handles the job of NLS section names. With that said, let Kernel32 assign a security descriptor to NLS section names. See the FIXME comment on code for further dtails
Implement code that deals with the security side of NLS, more specifically, create two security descriptors for NLS directory and NLS section names and let the server use such code.
HHHHHHHHHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCKKKKKKKKKKKKKKKKKK!!!
There are two problems concerning with network services. First, a window station should be created for every network service process that gets started although this doesn't happen. Instead, network services like RPCSS and DNS service host process (svchost.exe) attempt to access the default window station (Winsta0).
This is because the access token of these two network service processes have an authentication ID that is uniquely generated. This is incorrect, because NetworkService is a special account with its own designed authentication ID for it. As a matter of fact, no window station is created for a network service and as such
both RPCSS and DNS svchost.exe attempt to access Winsta0 which they cannot.
The second problem, albeit not quite relevant to the first one but still worth mentioning nevertheless, is that network services have an access token that is primary which it should be an impersonation token. These problems all come from LSASS as LSA infrastructure is responsible for creating access tokens with security
context for objects.
For the moment being, add a hack on Winlogon that gives allow access to the default window station to network services. When LSASS and involved components are fixed, this hack must be removed.
Refactor the security related code of Winlogon and move it to its own dedicated place, security.c. This includes code for preparation of security descriptors for window station and desktop objects when their created, helper functions which give allow access to such objects for the logged in user and whatnot.
==== DO NOTE ====
Currently new desktop security assignment fails because for whatever reason the system thinks the application desktop has no prior security even though a descriptor has been created for it before. See the FIXME comment on code for information.
When creating a window station with CreateWindowStationW, the function ignores the security descriptor provided by the caller and instead it uses whatever descriptor the system can find.
Implement a base security infrastructure with code that sets up a security descriptor for the service that we're going to connect through it. Such service is based upon a desktop and a window station.
=== DOCUMENTATION REMARKS ===
The authenticated user, represented by an access token that describes its security context, is the main holder and has ultimate power against the default created desktop and window station objects in USER. The authenticated user in question
is the actual logged in user, this is the case when the server is impersonating a client. Administrators on the other hand have some share of power against default desktop but their power in question is extremely limited against the default
window station as admins can only just enumerate the available and valid handle stations within a desktop.
LSASS implements a default ACL inside the token structure field but it doesn't actually set a protective security descriptor for the token object itself. This happens so that the kernel gets whatever default ACLs it finds for the object which is incorrect.
SYSTEM has full and supreme control over tokens, administrators can only read the token as such. The logged in user of their own token has full access. Credits and courtesy goes to Thomas Faber for the patch.
v1.8 (2022-03-12):
- Added minimal support for fs-verity
- ~~Added test suite~~ Not in ReactOS
- Fixed incorrect disk usage statistics
- Fixed potential crashes when renaming stream to file or file to stream
- Fixed potential crashes when querying hard links on file
- Fixed potential hang when opening oplocked file
- Fixed minor issues also uncovered by test suite
v1.7.9 (2021-10-02):
- Fixed deadlock when mounting on Windows 11
- Added support for BitLocker-encrypted volumes
- Improved filename checks when renaming or creating hard links
- Miscellaneous bug fixes
v1.7.8.1 (2021-06-13):
- Fixed bug preventing new directories from appearing in listings
- Fixed Release version of driver still not working on XP
v1.7.8 (2021-06-09):
- ~~Upgraded zstd to version 1.5.0~~ Not in ReactOS as it introduces deprecated code
- Fixed regression stopping driver from working under XP
- Fixed compilation on clang
- Fixed corruption issue when Linux mount option inode_cache had been used
- Fixed recursion issue involving virtual directory \$Root
v1.7.7 (2021-04-12):
- Fixed deadlock on high load
- Fixed free space issue when installing Genshin Impact
- Fixed issue when copying files with wildcards in command prompt
- Increased speed of directory lookups
v1.7.6 (2021-01-14):
- Fixed race condition when booting with Quibble
- No longer need to restart Windows after initial installation
- Forced maximum file name to 255 UTF-8 characters, to match Linux driver
- Fixed issue where directories could be created with trailing backslash
- Fixed potential deadlock when Windows calls NtCreateSection during flush
- Miscellaneous bug fixes
v1.7.5 (2020-10-31):
- Fixed text display issue in shell extension
- Added support for mingw 8
- Fixed LXSS permissions not working in new versions of Windows
- Fixed issue where truncating an inline file wouldn't change its size
- Fixed crash with Quibble where driver would try to use AVX2 before Windows had enabled it
v1.7.4 (2020-08-23):
- Fixed issue when running compressed EXEs
- Changed build system to cmake
- Upgraded zstd to version 1.4.5
- Added support for FSCTL_GET_RETRIEVAL_POINTERS
- Miscellaneous bug fixes
v1.7.3 (2020-05-24):
- Fixed crash when sending file change notifications
- Improved symlink handling with LXSS
- Added support for undocumented flag SL_IGNORE_READONLY_ATTRIBUTE
- Fixed corruption caused by edge case, where address allocated and freed in same flush
- Improved handling of free space tree
- Improved handling of very full volumes
- Fixed spurious warnings raised by GCC 10 static analyser
- Replaced multiplications and divisions with bit shift operations where appropriate
- Fixed combobox stylings in shell extension
CORE-18166
The update driver wizard should not change the device class by default,
especially when there is already a class set. This is the case when the
wizard gets called from the device manager.
Display the control panel applet in the taskbar to allow better navigation between programs.
CORE-18137
This is proceeded by manipulating the window of the current instance of 'rundll32.exe':
- Set title text
- Set icon
- Show window (minimal)
- Engaging the corresponding button in the Taskbar.
This fixes the last GetObjectW apitest case:
ok_long(GetObjectA(hBrush, 0, &TestStruct), 0);
- When "cbSize" is "0", GetObjectW shouldn't return "sizeof(LOGBRUSH)" but 0.
- Rely in BRUSH::cjGetObject behavior which returns 0 when cjSize is 0.
Co-authored-by: Víctor Martínez Calvo <victormartinez@alub.io>
The file browser now has a status bar like Windows Server 2003 does.
This includes the sizes of the files, as well as the location.
In certain folders (Network, Desktop, etc.) the status bar is hidden.
Currently it does not handle this in the same way as Windows Shell does,
however it's a good first step to make it work properly.
CORE-17603
Signed-off-by: Russell Johnson <russell.johnson@superdark.net>
Reviewed-by: Katayama Hirofumi MZ <katayama.hirofumi.mz@gmail.com>
Reviewed-by: Mark Jansen <mark.jansen@reactos.org>
Reviewed-by: Hermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
Reviewed-by: Giannis Adamopoulos <gadamopoulos@reactos.org>
Reviewed-by: Stanislav Motylkov <x86corez@gmail.com>
When changing current devmode, we must not only change ppdev->pdmwDev
pointer, but also update lots of other structures. This work is done by
PDEVOBJ_lChangeDisplaySettings.
CORE-18169
This effectively reverts a6005299c6, and
parts of c3da00c42c.
This call is not required, as umpnpmgr already does what is needed.
However, keep the call to EnumDisplayDevices(), so win32k knows that a
new graphic card has been installed.
CORE-18168
A little bug were in the CRT, found with RosBE and cegcc compiler:
../sdk/include/crt/mingw32/intrin_arm.h:44:32: error: '<<' in boolean context, did you mean '<' ? [-Werror=int-in-bool-context]
Thanks to @HBelusca for suggesting the fix. CORE-17604
Fix regression crash in wine_dbgstr_wn. ROSTESTS-377
This brings most of Wine's current wine_dbgstr_wn code into ReactOS.
It's not possible to completely sync this with latest Wine because
there is Wine-specific code regarding "debug_info" and their TEB
in remaining code. Confirmed by @ThFabba.
