mirror of
https://github.com/reactos/reactos.git
synced 2024-06-29 01:12:06 +00:00
[NTOSKRNL]: Use the token lock acquire/release macros that were already written instead of manually doing it. Also fix the macros since they didn't work in GCC.
No functional change, just code cleanup. svn path=/trunk/; revision=57284
This commit is contained in:
parent
a466b50b71
commit
17fd92fc7b
|
@ -1,5 +1,29 @@
|
|||
#pragma once
|
||||
|
||||
typedef struct _KNOWN_ACE
|
||||
{
|
||||
ACE_HEADER Header;
|
||||
ACCESS_MASK Mask;
|
||||
ULONG SidStart;
|
||||
} KNOWN_ACE, *PKNOWN_ACE;
|
||||
|
||||
typedef struct _KNOWN_OBJECT_ACE
|
||||
{
|
||||
ACE_HEADER Header;
|
||||
ACCESS_MASK Mask;
|
||||
ULONG Flags;
|
||||
ULONG SidStart;
|
||||
} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
|
||||
|
||||
typedef struct _KNOWN_COMPOUND_ACE
|
||||
{
|
||||
ACE_HEADER Header;
|
||||
ACCESS_MASK Mask;
|
||||
USHORT CompoundAceType;
|
||||
USHORT Reserved;
|
||||
ULONG SidStart;
|
||||
} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
|
||||
|
||||
PSID
|
||||
FORCEINLINE
|
||||
SepGetGroupFromDescriptor(PVOID _Descriptor)
|
||||
|
@ -76,6 +100,8 @@ SepGetSaclFromDescriptor(PVOID _Descriptor)
|
|||
}
|
||||
}
|
||||
|
||||
#ifndef RTL_H
|
||||
|
||||
/* SID Authorities */
|
||||
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
|
||||
extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
|
||||
|
@ -156,6 +182,19 @@ extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
|
|||
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
|
||||
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
|
||||
|
||||
|
||||
#define SepAcquireTokenLockExclusive(Token) \
|
||||
KeEnterCriticalRegion(); \
|
||||
ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
|
||||
|
||||
#define SepAcquireTokenLockShared(Token) \
|
||||
KeEnterCriticalRegion(); \
|
||||
ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
|
||||
|
||||
#define SepReleaseTokenLock(Token) \
|
||||
ExReleaseResource(((PTOKEN)Token)->TokenLock); \
|
||||
KeLeaveCriticalRegion(); \
|
||||
|
||||
//
|
||||
// Token Functions
|
||||
//
|
||||
|
@ -434,24 +473,6 @@ SeCopyClientToken(
|
|||
OUT PACCESS_TOKEN* NewToken
|
||||
);
|
||||
|
||||
#define SepAcquireTokenLockExclusive(Token) \
|
||||
do { \
|
||||
KeEnterCriticalRegion(); \
|
||||
ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
|
||||
while(0)
|
||||
|
||||
#define SepAcquireTokenLockShared(Token) \
|
||||
do { \
|
||||
KeEnterCriticalRegion(); \
|
||||
ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
|
||||
while(0)
|
||||
|
||||
#define SepReleaseTokenLock(Token) \
|
||||
do { \
|
||||
ExReleaseResource(((PTOKEN)Token)->TokenLock); \
|
||||
KeLeaveCriticalRegion(); \
|
||||
while(0)
|
||||
|
||||
VOID NTAPI
|
||||
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess);
|
||||
|
@ -460,4 +481,6 @@ VOID NTAPI
|
|||
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess);
|
||||
|
||||
#endif
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -130,11 +130,7 @@ SepTokenIsOwner(IN PACCESS_TOKEN _Token,
|
|||
ASSERT(Sid != NULL);
|
||||
|
||||
/* Lock the token if needed */
|
||||
if (!TokenLocked)
|
||||
{
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
|
||||
}
|
||||
if (!TokenLocked) SepAcquireTokenLockShared(Token);
|
||||
|
||||
/* Check if the owner SID is found, handling restricted case as well */
|
||||
Result = SepSidInToken(Token, Sid);
|
||||
|
@ -144,11 +140,7 @@ SepTokenIsOwner(IN PACCESS_TOKEN _Token,
|
|||
}
|
||||
|
||||
/* Release the lock if we had acquired it */
|
||||
if (!TokenLocked)
|
||||
{
|
||||
ExReleaseResourceLite(Token->TokenLock);
|
||||
KeLeaveCriticalRegion();
|
||||
}
|
||||
if (!TokenLocked) SepReleaseTokenLock(Token);
|
||||
|
||||
/* Return the result */
|
||||
return Result;
|
||||
|
@ -168,15 +160,13 @@ SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
|
|||
TokenControl->TokenSource = Token->TokenSource;
|
||||
|
||||
/* Lock the token */
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
|
||||
SepAcquireTokenLockShared(Token);
|
||||
|
||||
/* Capture the modified it */
|
||||
TokenControl->ModifiedId = Token->ModifiedId;
|
||||
|
||||
/* Unlock it */
|
||||
ExReleaseResourceLite(Token->TokenLock);
|
||||
KeLeaveCriticalRegion();
|
||||
SepReleaseTokenLock(Token);
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
|
@ -327,13 +317,11 @@ SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
|||
ClientToken = SubjectContext->ClientToken;
|
||||
|
||||
/* Always lock the primary */
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceSharedLite(PrimaryToken->TokenLock, TRUE);
|
||||
SepAcquireTokenLockShared(PrimaryToken);
|
||||
|
||||
/* Lock the impersonation one if it's there */
|
||||
if (!ClientToken) return;
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceSharedLite(ClientToken->TokenLock, TRUE);
|
||||
SepAcquireTokenLockShared(ClientToken);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -351,13 +339,11 @@ SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
|||
ClientToken = SubjectContext->ClientToken;
|
||||
|
||||
/* Always unlock the primary one */
|
||||
ExReleaseResourceLite(PrimaryToken->TokenLock);
|
||||
KeLeaveCriticalRegion();
|
||||
SepReleaseTokenLock(PrimaryToken);
|
||||
|
||||
/* Unlock the impersonation one if it's there */
|
||||
if (!ClientToken) return;
|
||||
ExReleaseResourceLite(ClientToken->TokenLock);
|
||||
KeLeaveCriticalRegion();
|
||||
SepReleaseTokenLock(ClientToken);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -952,8 +952,7 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
SeCaptureSubjectContext(&SubjectSecurityContext);
|
||||
|
||||
/* Lock the token */
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
|
||||
SepAcquireTokenLockShared(Token);
|
||||
|
||||
/* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
|
||||
if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED))
|
||||
|
@ -990,8 +989,7 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
|
||||
/* Release subject context and unlock the token */
|
||||
SeReleaseSubjectContext(&SubjectSecurityContext);
|
||||
ExReleaseResourceLite(Token->TokenLock);
|
||||
KeLeaveCriticalRegion();
|
||||
SepReleaseTokenLock(Token);
|
||||
|
||||
/* Release the captured security descriptor */
|
||||
SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
|
||||
|
|
Loading…
Reference in a new issue