[NTOSKRNL]: Use the token lock acquire/release macros that were already written instead of manually doing it. Also fix the macros since they didn't work in GCC.

No functional change, just code cleanup. svn path=/trunk/; revision=57284
2024-06-29 01:12:06 +00:00 · 2012-09-12 16:29:28 +00:00 · 2012-09-12 16:29:28 +00:00 · 17fd92fc7b
parent a466b50b71
commit 17fd92fc7b
3 changed files with 51 additions and 44 deletions
--- a/reactos/ntoskrnl/include/internal/se.h
+++ b/reactos/ntoskrnl/include/internal/se.h
@ -1,5 +1,29 @@
 #pragma once

+typedef struct _KNOWN_ACE
+{
+    ACE_HEADER Header;
+    ACCESS_MASK Mask;
+    ULONG SidStart;
+} KNOWN_ACE, *PKNOWN_ACE;
+
+typedef struct _KNOWN_OBJECT_ACE
+{
+    ACE_HEADER Header;
+    ACCESS_MASK Mask;
+    ULONG Flags;
+    ULONG SidStart;
+} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
+
+typedef struct _KNOWN_COMPOUND_ACE
+{
+    ACE_HEADER Header;
+    ACCESS_MASK Mask;
+    USHORT CompoundAceType;
+    USHORT Reserved;
+    ULONG SidStart;
+} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
+
 PSID
 FORCEINLINE
 SepGetGroupFromDescriptor(PVOID _Descriptor)
@ -76,6 +100,8 @@ SepGetSaclFromDescriptor(PVOID _Descriptor)
    }
 }

+#ifndef RTL_H
+
 /* SID Authorities */
 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
@ -156,6 +182,19 @@ extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;

+
+#define SepAcquireTokenLockExclusive(Token)                                    \
+    KeEnterCriticalRegion();                                                   \
+    ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);              \
+
+#define SepAcquireTokenLockShared(Token)                                       \
+    KeEnterCriticalRegion();                                                   \
+    ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);                 \
+
+#define SepReleaseTokenLock(Token)                                             \
+    ExReleaseResource(((PTOKEN)Token)->TokenLock);                             \
+    KeLeaveCriticalRegion();                                                   \
+
 //
 // Token Functions
 //
@ -434,24 +473,6 @@ SeCopyClientToken(
    OUT PACCESS_TOKEN* NewToken
 );

-#define SepAcquireTokenLockExclusive(Token)                                    \
-  do {                                                                         \
-    KeEnterCriticalRegion();                                                   \
-    ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);              \
-  while(0)
-
-#define SepAcquireTokenLockShared(Token)                                       \
-  do {                                                                         \
-    KeEnterCriticalRegion();                                                   \
-    ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);                 \
-  while(0)
-
-#define SepReleaseTokenLock(Token)                                             \
-  do {                                                                         \
-    ExReleaseResource(((PTOKEN)Token)->TokenLock);                             \
-    KeLeaveCriticalRegion();                                                   \
-  while(0)
-
 VOID NTAPI
 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
                          OUT PACCESS_MASK DesiredAccess);
@ -460,4 +481,6 @@ VOID NTAPI
 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
                        OUT PACCESS_MASK DesiredAccess);

+#endif
+
 /* EOF */
--- a/reactos/ntoskrnl/se/access.c
+++ b/reactos/ntoskrnl/se/access.c
@ -130,11 +130,7 @@ SepTokenIsOwner(IN PACCESS_TOKEN _Token,
    ASSERT(Sid != NULL);

    /* Lock the token if needed */
-    if (!TokenLocked)
-    {
-        KeEnterCriticalRegion();
-        ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
-    }
+    if (!TokenLocked) SepAcquireTokenLockShared(Token);

    /* Check if the owner SID is found, handling restricted case as well */
    Result = SepSidInToken(Token, Sid);
@ -144,11 +140,7 @@ SepTokenIsOwner(IN PACCESS_TOKEN _Token,
    }

    /* Release the lock if we had acquired it */
-    if (!TokenLocked)
-    {
-        ExReleaseResourceLite(Token->TokenLock);
-        KeLeaveCriticalRegion();
-    }
+    if (!TokenLocked) SepReleaseTokenLock(Token);

    /* Return the result */
    return Result;
@ -168,15 +160,13 @@ SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
    TokenControl->TokenSource = Token->TokenSource;

    /* Lock the token */
-    KeEnterCriticalRegion();
-    ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
+    SepAcquireTokenLockShared(Token);

    /* Capture the modified it */
    TokenControl->ModifiedId = Token->ModifiedId;

    /* Unlock it */
-    ExReleaseResourceLite(Token->TokenLock);
-    KeLeaveCriticalRegion();
+    SepReleaseTokenLock(Token);
 }

 NTSTATUS
@ -327,13 +317,11 @@ SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
    ClientToken = SubjectContext->ClientToken;

    /* Always lock the primary */
-    KeEnterCriticalRegion();
-    ExAcquireResourceSharedLite(PrimaryToken->TokenLock, TRUE);
+    SepAcquireTokenLockShared(PrimaryToken);

    /* Lock the impersonation one if it's there */
    if (!ClientToken) return;
-    KeEnterCriticalRegion();
-    ExAcquireResourceSharedLite(ClientToken->TokenLock, TRUE);
+    SepAcquireTokenLockShared(ClientToken);
 }

 /*
@ -351,13 +339,11 @@ SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
    ClientToken = SubjectContext->ClientToken;

    /* Always unlock the primary one */
-    ExReleaseResourceLite(PrimaryToken->TokenLock);
-    KeLeaveCriticalRegion();
+    SepReleaseTokenLock(PrimaryToken);

    /* Unlock the impersonation one if it's there */
    if (!ClientToken) return;
-    ExReleaseResourceLite(ClientToken->TokenLock);
-    KeLeaveCriticalRegion();
+    SepReleaseTokenLock(ClientToken);
 }

 /*
--- a/reactos/ntoskrnl/se/semgr.c
+++ b/reactos/ntoskrnl/se/semgr.c
@ -952,8 +952,7 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
    SeCaptureSubjectContext(&SubjectSecurityContext);

    /* Lock the token */
-    KeEnterCriticalRegion();
-    ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
+    SepAcquireTokenLockShared(Token);

    /* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
    if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED))
@ -990,8 +989,7 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,

    /* Release subject context and unlock the token */
    SeReleaseSubjectContext(&SubjectSecurityContext);
-    ExReleaseResourceLite(Token->TokenLock);
-    KeLeaveCriticalRegion();
+    SepReleaseTokenLock(Token);

    /* Release the captured security descriptor */
    SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,