Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-04 23:05:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improvements to NtAdjustPrivilegesToken part 4 (last one):

Browse source 
- SEH-protect all code that writes to PreviousState as it cannot be captured.
- Add a missing ObDereferenceObject and SeReleaseLuidAndAttributesArray.

svn path=/trunk/; revision=48721
This commit is contained in:
Eric Kohl 2010-09-07 15:08:29 +00:00
parent e851b3ba21
commit 340a34cec4
1 changed files with 79 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

128
reactos/ntoskrnl/se/token.c
View file

@ -2117,6 +2117,15 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Dereference the token */
ObDereferenceObject(Token);
/* Release the captured privileges */
if (CapturedPrivileges != NULL)
SeReleaseLuidAndAttributesArray(CapturedPrivileges,
PreviousMode,
TRUE);
/* Return the exception code */
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
@ -2125,7 +2134,10 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
/* Fail, if the buffer length is smaller than the required length */
if (BufferLength < RequiredLength)
{
/* Dereference the token */
ObDereferenceObject(Token);
/* Release the captured privileges */
if (CapturedPrivileges != NULL)
SeReleaseLuidAndAttributesArray(CapturedPrivileges,
PreviousMode,
@ -2137,69 +2149,87 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
/* Change the privilege attributes */
ChangeCount = 0;
for (i = 0; i < Token->PrivilegeCount; i++)
_SEH2_TRY
{
if (DisableAllPrivileges == TRUE)
for (i = 0; i < Token->PrivilegeCount; i++)
{
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
if (DisableAllPrivileges == TRUE)
{
DPRINT ("Privilege enabled\n");
/* Save the current privilege */
if (PreviousState != NULL)
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
{
PreviousState->Privileges[ChangeCount].Luid = Token->Privileges[i].Luid;
PreviousState->Privileges[ChangeCount].Attributes = Token->Privileges[i].Attributes;
}
DPRINT("Privilege enabled\n");
/* Disable the current privlege */
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
ChangeCount++;
}
}
else
{
for (j = 0; j < CapturedCount; j++)
{
if (Token->Privileges[i].Luid.LowPart == CapturedPrivileges[j].Luid.LowPart &&
Token->Privileges[i].Luid.HighPart == CapturedPrivileges[j].Luid.HighPart)
{
DPRINT ("Found privilege\n");
/* Check whether the attributes differ */
if ((Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED) !=
(CapturedPrivileges[j].Attributes & SE_PRIVILEGE_ENABLED))
/* Save the current privilege */
if (PreviousState != NULL)
{
DPRINT ("Attributes differ\n");
DPRINT ("Current attributes %lx New attributes %lx\n",
Token->Privileges[i].Attributes,
CapturedPrivileges[j].Attributes);
PreviousState->Privileges[ChangeCount].Luid = Token->Privileges[i].Luid;
PreviousState->Privileges[ChangeCount].Attributes = Token->Privileges[i].Attributes;
}
/* Save the current privilege */
if (PreviousState != NULL)
/* Disable the current privlege */
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
ChangeCount++;
}
}
else
{
for (j = 0; j < CapturedCount; j++)
{
if (Token->Privileges[i].Luid.LowPart == CapturedPrivileges[j].Luid.LowPart &&
Token->Privileges[i].Luid.HighPart == CapturedPrivileges[j].Luid.HighPart)
{
DPRINT("Found privilege\n");
/* Check whether the attributes differ */
if ((Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED) !=
(CapturedPrivileges[j].Attributes & SE_PRIVILEGE_ENABLED))
{
PreviousState->Privileges[ChangeCount].Luid = Token->Privileges[i].Luid;
PreviousState->Privileges[ChangeCount].Attributes = Token->Privileges[i].Attributes;
DPRINT("Attributes differ\n");
DPRINT("Current attributes %lx New attributes %lx\n",
Token->Privileges[i].Attributes,
CapturedPrivileges[j].Attributes);
/* Save the current privilege */
if (PreviousState != NULL)
{
PreviousState->Privileges[ChangeCount].Luid = Token->Privileges[i].Luid;
PreviousState->Privileges[ChangeCount].Attributes = Token->Privileges[i].Attributes;
}
/* Update the current privlege */
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
Token->Privileges[i].Attributes |=
(CapturedPrivileges[j].Attributes & SE_PRIVILEGE_ENABLED);
DPRINT("New attributes %lx\n",
Token->Privileges[i].Attributes);
ChangeCount++;
}
/* Update the current privlege */
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
Token->Privileges[i].Attributes |=
(CapturedPrivileges[j].Attributes & SE_PRIVILEGE_ENABLED);
DPRINT ("New attributes %lx\n",
Token->Privileges[i].Attributes);
ChangeCount++;
}
}
}
}
}
/* Set the number of saved privileges */
if (PreviousState != NULL)
PreviousState->PrivilegeCount = ChangeCount;
/* Set the number of saved privileges */
if (PreviousState != NULL)
PreviousState->PrivilegeCount = ChangeCount;
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Dereference the token */
ObDereferenceObject(Token);
/* Release the captured privileges */
if (CapturedPrivileges != NULL)
SeReleaseLuidAndAttributesArray(CapturedPrivileges,
PreviousMode,
TRUE);
/* Return the exception code */
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
/* Set the status */
Status = (ChangeCount < CapturedCount) ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS;