mirror of
https://github.com/reactos/reactos.git
synced 2024-12-26 17:14:41 +00:00
[NDK] Match AUX_ACCESS_DATA definition with publicly available version.
Looks like public symbols contain this structure starting with Win7, so we can deduce what it looked like in Win2003. Note that our previous definition was missing a second ULONG at the end, which can be seen in the SeQueryInfoToken kmtest -- if you allocated only sizeof(AUX_ACCESS_DATA), the test would crash with a 4 byte buffer overflow.
This commit is contained in:
Thomas Faber
Timo Kreuzer
parent
ff410211e9
commit
156053cafd
5 changed files with 45 additions and 30 deletions
|
|
@ -279,7 +279,7 @@ START_TEST(SeQueryInfoToken)
|
|||
// Testing SeAppendPrivileges //
|
||||
//----------------------------------------------------------------//
|
||||
|
||||
InitialPrivilegeCount = AuxData->PrivilegeSet->PrivilegeCount;
|
||||
InitialPrivilegeCount = AuxData->PrivilegesUsed->PrivilegeCount;
|
||||
trace("Initial privilege count = %lu\n", InitialPrivilegeCount);
|
||||
|
||||
// Testing SeAppendPrivileges. Must change PrivilegeCount to 2 (1 + 1)
|
||||
|
|
@ -291,7 +291,7 @@ START_TEST(SeQueryInfoToken)
|
|||
|
||||
Status = SeAppendPrivileges(AccessState, NewPrivilegeSet);
|
||||
ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
|
||||
ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount, InitialPrivilegeCount + 1);
|
||||
ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount, InitialPrivilegeCount + 1);
|
||||
ExFreePoolWithTag(NewPrivilegeSet, 'QSmK');
|
||||
|
||||
//----------------------------------------------------------------//
|
||||
|
|
@ -305,7 +305,7 @@ START_TEST(SeQueryInfoToken)
|
|||
|
||||
Status = SeAppendPrivileges(AccessState, NewPrivilegeSet);
|
||||
ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
|
||||
ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount, InitialPrivilegeCount + 5);
|
||||
ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount, InitialPrivilegeCount + 5);
|
||||
ExFreePoolWithTag(NewPrivilegeSet, 'QSmK');
|
||||
|
||||
//----------------------------------------------------------------//
|
||||
|
|
@ -313,14 +313,14 @@ START_TEST(SeQueryInfoToken)
|
|||
//----------------------------------------------------------------//
|
||||
|
||||
// KPROCESSOR_MODE is set to KernelMode ===> Always return TRUE
|
||||
ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n");
|
||||
ok(SePrivilegeCheck(AuxData->PrivilegesUsed, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n");
|
||||
// and call it again
|
||||
ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n");
|
||||
ok(SePrivilegeCheck(AuxData->PrivilegesUsed, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n");
|
||||
|
||||
//----------------------------------------------------------------//
|
||||
|
||||
// KPROCESSOR_MODE is set to UserMode. Expect false
|
||||
ok(!SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck unexpected success with UserMode arg\n");
|
||||
ok(!SePrivilegeCheck(AuxData->PrivilegesUsed, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck unexpected success with UserMode arg\n");
|
||||
|
||||
//----------------------------------------------------------------//
|
||||
|
||||
|
|
@ -345,8 +345,8 @@ START_TEST(SeQueryInfoToken)
|
|||
ok((Privileges != NULL), "Privileges is NULL\n");
|
||||
if (Privileges)
|
||||
{
|
||||
trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
|
||||
AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount);
|
||||
trace("AuxData->PrivilegesUsed->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
|
||||
AuxData->PrivilegesUsed->PrivilegeCount, Privileges->PrivilegeCount);
|
||||
}
|
||||
if (Privileges) SeFreePrivileges(Privileges);
|
||||
|
||||
|
|
@ -375,16 +375,16 @@ START_TEST(SeQueryInfoToken)
|
|||
NewPrivilegeSet->PrivilegeCount = 14;
|
||||
|
||||
ok((SeAppendPrivileges(AccessState, NewPrivilegeSet)) == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
|
||||
ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount, InitialPrivilegeCount + 19);
|
||||
ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount, InitialPrivilegeCount + 19);
|
||||
ExFreePoolWithTag(NewPrivilegeSet, 'QSmK');
|
||||
for (i = 0; i < AuxData->PrivilegeSet->PrivilegeCount; i++)
|
||||
for (i = 0; i < AuxData->PrivilegesUsed->PrivilegeCount; i++)
|
||||
{
|
||||
AuxData->PrivilegeSet->Privilege[i].Attributes = TPrivileges->Privileges[i].Attributes;
|
||||
AuxData->PrivilegeSet->Privilege[i].Luid = TPrivileges->Privileges[i].Luid;
|
||||
AuxData->PrivilegesUsed->Privilege[i].Attributes = TPrivileges->Privileges[i].Attributes;
|
||||
AuxData->PrivilegesUsed->Privilege[i].Luid = TPrivileges->Privileges[i].Luid;
|
||||
}
|
||||
//trace("AccessState->privCount = %u\n\n", ((PAUX_ACCESS_DATA)(AccessState->AuxData))->PrivilegeSet->PrivilegeCount);
|
||||
//trace("AccessState->privCount = %u\n\n", ((PAUX_ACCESS_DATA)(AccessState->AuxData))->PrivilegesUsed->PrivilegeCount);
|
||||
|
||||
ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck fails in UserMode, but I wish it will success\n");
|
||||
ok(SePrivilegeCheck(AuxData->PrivilegesUsed, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck fails in UserMode, but I wish it will success\n");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -407,8 +407,8 @@ START_TEST(SeQueryInfoToken)
|
|||
ok((Privileges != NULL), "Privileges is NULL\n");
|
||||
if (Privileges)
|
||||
{
|
||||
trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
|
||||
AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount);
|
||||
trace("AuxData->PrivilegesUsed->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
|
||||
AuxData->PrivilegesUsed->PrivilegeCount, Privileges->PrivilegeCount);
|
||||
}
|
||||
if (Privileges) SeFreePrivileges(Privileges);
|
||||
|
||||
|
|
|
|||
|
|
@ -1647,8 +1647,8 @@ ObpCreateHandle(IN OB_OPEN_REASON OpenReason,
|
|||
if (OpenReason == ObCreateHandle)
|
||||
{
|
||||
/* Check if we need to audit the privileges */
|
||||
if ((AuxData->PrivilegeSet) &&
|
||||
(AuxData->PrivilegeSet->PrivilegeCount))
|
||||
if ((AuxData->PrivilegesUsed) &&
|
||||
(AuxData->PrivilegesUsed->PrivilegeCount))
|
||||
{
|
||||
/* Do the audit */
|
||||
#if 0
|
||||
|
|
@ -1656,7 +1656,7 @@ ObpCreateHandle(IN OB_OPEN_REASON OpenReason,
|
|||
&AccessState->
|
||||
SubjectSecurityContext,
|
||||
GrantedAccess,
|
||||
AuxData->PrivilegeSet,
|
||||
AuxData->PrivilegesUsed,
|
||||
TRUE,
|
||||
ExGetPreviousMode());
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ SeCreateAccessStateEx(
|
|||
}
|
||||
|
||||
/* Set the Auxiliary Data */
|
||||
AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
|
||||
AuxData->PrivilegesUsed = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
|
||||
FIELD_OFFSET(ACCESS_STATE,
|
||||
Privileges));
|
||||
if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
|
||||
|
|
@ -158,7 +158,7 @@ SeDeleteAccessState(
|
|||
|
||||
/* Deallocate Privileges */
|
||||
if (AccessState->PrivilegesAllocated)
|
||||
ExFreePoolWithTag(AuxData->PrivilegeSet, TAG_PRIVILEGE_SET);
|
||||
ExFreePoolWithTag(AuxData->PrivilegesUsed, TAG_PRIVILEGE_SET);
|
||||
|
||||
/* Deallocate Name and Type Name */
|
||||
if (AccessState->ObjectName.Buffer)
|
||||
|
|
|
|||
|
|
@ -601,9 +601,9 @@ SeAppendPrivileges(
|
|||
|
||||
/* Calculate the size of the old privilege set */
|
||||
OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
|
||||
(AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
|
||||
(AuxData->PrivilegesUsed->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
|
||||
|
||||
if (AuxData->PrivilegeSet->PrivilegeCount +
|
||||
if (AuxData->PrivilegesUsed->PrivilegeCount +
|
||||
Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
|
||||
{
|
||||
/* Calculate the size of the new privilege set */
|
||||
|
|
@ -619,7 +619,7 @@ SeAppendPrivileges(
|
|||
|
||||
/* Copy original privileges from the acess state */
|
||||
RtlCopyMemory(PrivilegeSet,
|
||||
AuxData->PrivilegeSet,
|
||||
AuxData->PrivilegesUsed,
|
||||
OldPrivilegeSetSize);
|
||||
|
||||
/* Append privileges from the privilege set*/
|
||||
|
|
@ -632,23 +632,23 @@ SeAppendPrivileges(
|
|||
|
||||
/* Free the old privilege set if it was allocated */
|
||||
if (AccessState->PrivilegesAllocated != FALSE)
|
||||
ExFreePoolWithTag(AuxData->PrivilegeSet, TAG_PRIVILEGE_SET);
|
||||
ExFreePoolWithTag(AuxData->PrivilegesUsed, TAG_PRIVILEGE_SET);
|
||||
|
||||
/* Now we are using an allocated privilege set */
|
||||
AccessState->PrivilegesAllocated = TRUE;
|
||||
|
||||
/* Assign the new privileges to the access state */
|
||||
AuxData->PrivilegeSet = PrivilegeSet;
|
||||
AuxData->PrivilegesUsed = PrivilegeSet;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Append privileges */
|
||||
RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize),
|
||||
RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegesUsed + OldPrivilegeSetSize),
|
||||
(PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES)),
|
||||
Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
|
||||
|
||||
/* Adjust the number of privileges in the target privilege set */
|
||||
AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
|
||||
AuxData->PrivilegesUsed->PrivilegeCount += Privileges->PrivilegeCount;
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
|
|
|
|||
|
|
@ -255,9 +255,24 @@ typedef struct _TOKEN
|
|||
|
||||
typedef struct _AUX_ACCESS_DATA
|
||||
{
|
||||
PPRIVILEGE_SET PrivilegeSet;
|
||||
PPRIVILEGE_SET PrivilegesUsed;
|
||||
GENERIC_MAPPING GenericMapping;
|
||||
ULONG Reserved;
|
||||
ACCESS_MASK AccessesToAudit;
|
||||
ACCESS_MASK MaximumAuditMask;
|
||||
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
||||
GUID TransactionId;
|
||||
#endif
|
||||
#if (NTDDI_VERSION >= NTDDI_WIN7)
|
||||
PVOID NewSecurityDescriptor;
|
||||
PVOID ExistingSecurityDescriptor;
|
||||
PVOID ParentSecurityDescriptor;
|
||||
VOID (NTAPI *DerefSecurityDescriptor)(PVOID, PVOID);
|
||||
PVOID SDLock;
|
||||
ACCESS_REASONS AccessReasons;
|
||||
#endif
|
||||
#if (NTDDI_VERSION >= NTDDI_WIN8)
|
||||
BOOLEAN GenerateStagingEvents;
|
||||
#endif
|
||||
} AUX_ACCESS_DATA, *PAUX_ACCESS_DATA;
|
||||
|
||||
//
|
||||
|
|
|
|||
Loading…
Reference in a new issue