- ObFindObject should return the actual object being inserted, in the insert case (otherwise it always returns the root-directory instead...)

- Add check for optimized case for objects with no name and no security, but not implemented (ObpIncrementUnnamedHandleCount in Gl00my docs), since I need a better translation then babelfish's. - Fix ObInsertObject to save the Security Descriptor in the Access State structure. Gl00my mentions this isn't absorbed by SeCreateAccessCheck and I just noticed that too. - We only need to perform security checks for a new object, in ObInsertObject, not if the object already existed. - Added proper backout+failure code in ObInsertObject if lookup failed, and also look out for mismatch/exists/collision cases (implemented using simple logic). svn path=/trunk/; revision=22280
2025-02-23 17:05:46 +00:00 · 2006-06-08 06:17:46 +00:00 · 2006-06-08 06:17:46 +00:00 · 028c1dff32
commit 028c1dff32
parent 2173f9e4aa
2 changed files with 108 additions and 50 deletions
--- a/reactos/ntoskrnl/ob/obhandle.c
+++ b/reactos/ntoskrnl/ob/obhandle.c
@ -1175,6 +1175,7 @@ ObInsertObject(IN PVOID Object,
    AUX_DATA AuxData;
    BOOLEAN IsNamed = FALSE;
    OB_OPEN_REASON OpenReason = ObCreateHandle;
+    static int LostOptimizations = 0;
    PAGED_CODE();

    /* Get the Header and Create Info */
@ -1183,6 +1184,22 @@ ObInsertObject(IN PVOID Object,
    ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(Header);
    ObjectType = Header->Type;

+    /* Check if this is an named object */
+    if ((ObjectNameInfo) && (ObjectNameInfo->Name.Buffer)) IsNamed = TRUE;
+
+    /* Check if the object is unnamed and also doesn't have security */
+    if ((!ObjectType->TypeInfo.SecurityRequired) && !(IsNamed))
+    {
+        /*
+         * FIXME: TODO (Optimized path through ObpIncrement*UnNamed*HandleCount).
+         * Described in chapter 6 of Gl00my, but babelfish translation isn't fully
+         * clear, so waiting on Aleksey's translation. Currently just profiling.
+         * (about ~500 calls per boot - not critical atm).
+         */
+        ++LostOptimizations;
+        DPRINT("Optimized case could've be taken: %d times!\n", LostOptimizations);
+    }
+
    /* Check if we didn't get an access state */
    if (!PassedAccessState)
    {
@ -1200,8 +1217,9 @@ ObInsertObject(IN PVOID Object,
        }
    }

-    /* Check if this is an named object */
-    if ((ObjectNameInfo) && (ObjectNameInfo->Name.Buffer)) IsNamed = TRUE;
+    /* Save the security descriptor */
+    PassedAccessState->SecurityDescriptor =
+        ObjectCreateInfo->SecurityDescriptor;

    /* Check if the object is named */
    if (IsNamed)
@ -1218,12 +1236,48 @@ ObInsertObject(IN PVOID Object,
                              ObjectCreateInfo->SecurityQos,
                              ObjectCreateInfo->ParseContext,
                              Object);
-        if (!NT_SUCCESS(Status)) return Status;
-
-        if (FoundObject)
+        /* Check if we found an object that doesn't match the one requested */
+        if ((NT_SUCCESS(Status)) && (FoundObject) && (Object != FoundObject))
        {
-            DPRINT("Getting header: %x\n", FoundObject);
+            /* This means we're opening an object, not creating a new one */
            FoundHeader = OBJECT_TO_OBJECT_HEADER(FoundObject);
+            OpenReason = ObOpenHandle;
+
+            /* Make sure the caller said it's OK to do this */
+            if (ObjectCreateInfo->Attributes & OBJ_OPENIF)
+            {
+                /* He did, but did he want this type? */
+                if (ObjectType != FoundHeader->Type)
+                {
+                    /* Wrong type, so fail */
+                    Status = STATUS_OBJECT_TYPE_MISMATCH;
+                }
+                else
+                {
+                    /* Right type, so warn */
+                    Status = STATUS_OBJECT_NAME_EXISTS;
+                }
+            }
+            else
+            {
+                /* Caller wanted to create a new object, fail */
+                Status = STATUS_OBJECT_NAME_COLLISION;
+            }
+        }
+
+        /* Check if anything until now failed */
+        if (!NT_SUCCESS(Status))
+        {
+            /* We failed, dereference the object and delete the access state */
+            ObDereferenceObject(Object);
+            if (PassedAccessState == &AccessState)
+            {
+                /* We used a local one; delete it */
+                SeDeleteAccessState(PassedAccessState);
+            }
+
+            /* Return failure code */
+            return Status;
        }
    }
    else
@ -1252,6 +1306,9 @@ ObInsertObject(IN PVOID Object,
        }
    }

+    /* Now check if this object is being created */
+    if (FoundObject == Object)
+    {
        /* Check if it's named or forces security */
        if ((IsNamed) || (ObjectType->TypeInfo.SecurityRequired))
        {
@ -1274,7 +1331,6 @@ ObInsertObject(IN PVOID Object,
            if (DirectorySd)
            {
                /* We did, release it */
-            DPRINT1("Here\n");
                ObReleaseObjectSecurity(DirectorySd, SdAllocated);
            }
            else if (NT_SUCCESS(Status))
@ -1304,6 +1360,7 @@ ObInsertObject(IN PVOID Object,
            /* Return failure code */
            return Status;
        }
+    }

    /* HACKHACK: Because of ROS's incorrect startup, this can be called
    * without a valid Process until I finalize the startup patch,
--- a/reactos/ntoskrnl/ob/obname.c
+++ b/reactos/ntoskrnl/ob/obname.c
@ -310,6 +310,7 @@ Next:
            }
        }
        RtlFreeUnicodeString(RemainingPath);
+                    *ReturnedObject = Insert;
    }
    else
    {