[WIN32K:NTUSER] Implement security infrastructure for NTUSER component

Implement a base security infrastructure with code that sets up a security descriptor for the service that we're going to connect through it. Such service is based upon a desktop and a window station.

=== DOCUMENTATION REMARKS ===
The authenticated user, represented by an access token that describes its security context, is the main holder and has ultimate power against the default created desktop and window station objects in USER. The authenticated user in question
is the actual logged in user, this is the case when the server is impersonating a client. Administrators on the other hand have some share of power against default desktop but their power in question is extremely limited against the default
window station as admins can only just enumerate the available and valid handle stations within a desktop.

Author: GeoB99

win32ss/CMakeLists.txt

@@ -144,6 +144,7 @@ list(APPEND SOURCE
     user/ntuser/prop.c
     user/ntuser/scrollbar.c
     user/ntuser/scrollex.c
+    user/ntuser/security.c
     user/ntuser/session.c
     user/ntuser/shutdown.c
     user/ntuser/simplecall.c

win32ss/gdi/ntgdi/gdidbg.c

@@ -87,6 +87,7 @@ DBG_CHANNEL DbgChannels[DbgChCount] = {
     {L"UserProcess", DbgChUserProcess},
     {L"UserProp", DbgChUserProp},
     {L"UserScrollbar", DbgChUserScrollbar},
+    {L"UserSecurity", DbgChUserSecurity},
     {L"UserShutdown", DbgChUserShutdown},
     {L"UserSysparams", DbgChUserSysparams},
     {L"UserTimer", DbgChUserTimer},

win32ss/pch.h

@@ -25,6 +25,7 @@
 #include <ndk/mmfuncs.h>
 #include <ndk/obfuncs.h>
 #include <ndk/psfuncs.h>
+#include <ndk/sefuncs.h>
 #include <ndk/rtlfuncs.h>
 #include <ntstrsafe.h>
 #include <ntintsafe.h>

win32ss/user/ntuser/desktop.c

@@ -555,6 +555,7 @@ IntResolveDesktop(
     LUID ProcessLuid;
     USHORT StrSize;
     SIZE_T MemSize;
+    PSECURITY_DESCRIPTOR ServiceSD = NULL;
     POBJECT_ATTRIBUTES ObjectAttributes = NULL;
     PUNICODE_STRING ObjectName;
     UNICODE_STRING WinStaName, DesktopName;
@@ -1012,16 +1013,29 @@ IntResolveDesktop(
             }
             ObjectName->Length = (USHORT)(wcslen(ObjectName->Buffer) * sizeof(WCHAR));
 
+            /*
+             * Set up a security descriptor for the service.
+             * A service is generally based upon a desktop
+             * and a window station. The newly created window
+             * station and desktop will get this security descriptor
+             * if such objects weren't created before.
+             */
+            Status = IntCreateServiceSecurity(&ServiceSD);
+            if (!NT_SUCCESS(Status))
+            {
+                ERR("Failed to create a security descriptor for default window station, Status 0x%08lx\n", Status);
+                goto Quit;
+            }
+
             /*
              * Create or open the non-interactive window station.
              * NOTE: The non-interactive window station handle is never inheritable.
              */
-            // FIXME: Set security!
             InitializeObjectAttributes(ObjectAttributes,
                                        ObjectName,
                                        OBJ_CASE_INSENSITIVE | OBJ_OPENIF,
                                        NULL,
-                                       NULL);
+                                       ServiceSD);
 
             Status = IntCreateWindowStation(&hWinSta,
                                             ObjectAttributes,
@@ -1054,8 +1068,11 @@ IntResolveDesktop(
             }
             ObjectName->Length = (USHORT)(wcslen(ObjectName->Buffer) * sizeof(WCHAR));
 
-            /* NOTE: The non-interactive desktop handle is never inheritable. */
-            // FIXME: Set security!
+            /*
+             * NOTE: The non-interactive desktop handle is never inheritable.
+             * The security descriptor is inherited from the newly created
+             * window station for the desktop.
+             */
             InitializeObjectAttributes(ObjectAttributes,
                                        ObjectName,
                                        OBJ_CASE_INSENSITIVE | OBJ_OPENIF,
@@ -1175,6 +1192,8 @@ IntResolveDesktop(
     {
         *phWinSta  = hWinSta;
         *phDesktop = hDesktop;
+
+        IntFreeSecurityBuffer(ServiceSD);
         return STATUS_SUCCESS;
     }
     else
@@ -1191,6 +1210,9 @@ IntResolveDesktop(
         if (hWinSta)
             ObCloseHandle(hWinSta, UserMode);
 
+        if (ServiceSD)
+            IntFreeSecurityBuffer(ServiceSD);
+
         SetLastNtError(Status);
         return Status;
     }

win32ss/user/ntuser/desktop.h

@@ -55,32 +55,6 @@ typedef struct _DESKTOP
 #define DT_GWL_PROCESSID 0
 #define DT_GWL_THREADID  4
 
-#define DESKTOP_READ       STANDARD_RIGHTS_READ      | \
-                           DESKTOP_ENUMERATE         | \
-                           DESKTOP_READOBJECTS
-
-#define DESKTOP_WRITE       STANDARD_RIGHTS_WRITE    | \
-                            DESKTOP_CREATEMENU       | \
-                            DESKTOP_CREATEWINDOW     | \
-                            DESKTOP_HOOKCONTROL      | \
-                            DESKTOP_JOURNALPLAYBACK  | \
-                            DESKTOP_JOURNALRECORD    | \
-                            DESKTOP_WRITEOBJECTS
-
-#define DESKTOP_EXECUTE     STANDARD_RIGHTS_EXECUTE  | \
-                            DESKTOP_SWITCHDESKTOP
-
-#define DESKTOP_ALL_ACCESS  STANDARD_RIGHTS_REQUIRED | \
-                            DESKTOP_CREATEMENU       | \
-                            DESKTOP_CREATEWINDOW     | \
-                            DESKTOP_ENUMERATE        | \
-                            DESKTOP_HOOKCONTROL      | \
-                            DESKTOP_JOURNALPLAYBACK  | \
-                            DESKTOP_JOURNALRECORD    | \
-                            DESKTOP_READOBJECTS      | \
-                            DESKTOP_SWITCHDESKTOP    | \
-                            DESKTOP_WRITEOBJECTS
-
 extern PDESKTOP gpdeskInputDesktop;
 extern PCLS DesktopWindowClass;
 extern HDC ScreenDeviceContext;