From 4d5643a96af8ee03c07c32227b8a597ebb45cf0c Mon Sep 17 00:00:00 2001 From: David Welch Date: Sun, 26 Dec 1999 15:50:53 +0000 Subject: [PATCH] Added some security functions Changes to csrss console support Fixed bug in gdt.c svn path=/trunk/; revision=901 --- reactos/apps/utils/shell/shell.c | 6 +- reactos/include/base.h | 7 +- reactos/include/csrss/csrss.h | 5 + reactos/include/ddk/ntddk.h | 2 +- reactos/include/ddk/obtypes.h | 5 +- reactos/include/ddk/psfuncs.h | 6 + reactos/include/ddk/pstypes.h | 19 +- reactos/include/ddk/sefuncs.h | 50 ++++- reactos/include/ddk/setypes.h | 205 ++++++++++++++++--- reactos/include/defines.h | 71 ------- reactos/include/kernel32/kernel32.h | 4 + reactos/include/structs.h | 99 ++------- reactos/lib/kernel32/misc/console.c | 91 ++++----- reactos/lib/kernel32/misc/handle.c | 192 ++++++++++-------- reactos/lib/kernel32/misc/stubs.c | 12 +- reactos/lib/ntdll/csr/api.c | 36 ++++ reactos/lib/ntdll/ldr/utils.c | 3 +- reactos/ntoskrnl/dbg/print.c | 3 +- reactos/ntoskrnl/ke/gdt.c | 8 +- reactos/ntoskrnl/ke/i386/exp.c | 19 +- reactos/ntoskrnl/ke/i386/thread.c | 2 +- reactos/ntoskrnl/ke/timer.c | 4 +- reactos/ntoskrnl/ke/wait.c | 8 +- reactos/ntoskrnl/makefile_rex | 7 +- reactos/ntoskrnl/mm/i386/page.c | 14 +- reactos/ntoskrnl/mm/mm.c | 6 +- reactos/ntoskrnl/nt/ntevent.c | 82 +++++--- reactos/ntoskrnl/ob/handle.c | 77 +++++-- reactos/ntoskrnl/ob/object.c | 40 +++- reactos/ntoskrnl/ob/security.c | 74 +++++++ reactos/ntoskrnl/ps/create.c | 30 ++- reactos/ntoskrnl/ps/kill.c | 24 ++- reactos/ntoskrnl/ps/process.c | 34 +++- reactos/ntoskrnl/se/acl.c | 198 ++++++++++++++++++ reactos/ntoskrnl/se/luid.c | 36 ++++ reactos/ntoskrnl/se/sd.c | 286 ++++++++++++++++++++++++++ reactos/ntoskrnl/se/semgr.c | 301 +++++++++++++++++----------- reactos/ntoskrnl/se/sid.c | 90 +++++++++ reactos/ntoskrnl/se/token.c | 120 +++++++++++ reactos/subsys/csrss/api/handle.c | 20 ++ 40 files changed, 1749 insertions(+), 547 deletions(-) create mode 100644 reactos/lib/ntdll/csr/api.c create mode 100644 reactos/ntoskrnl/ob/security.c create mode 100644 reactos/ntoskrnl/se/acl.c create mode 100644 reactos/ntoskrnl/se/luid.c create mode 100644 reactos/ntoskrnl/se/sd.c create mode 100644 reactos/ntoskrnl/se/sid.c create mode 100644 reactos/ntoskrnl/se/token.c create mode 100644 reactos/subsys/csrss/api/handle.c diff --git a/reactos/apps/utils/shell/shell.c b/reactos/apps/utils/shell/shell.c index 8233a409882..74bdce4ba58 100644 --- a/reactos/apps/utils/shell/shell.c +++ b/reactos/apps/utils/shell/shell.c @@ -124,7 +124,7 @@ int ExecuteProcess(char* name, char* cmdline, BOOL detached) cmdline, NULL, NULL, - TRUE, + FALSE, ((TRUE == detached) ? DETACHED_PROCESS : CREATE_NEW_CONSOLE @@ -162,9 +162,11 @@ int ExecuteProcess(char* name, char* cmdline, BOOL detached) { debug_printf("ProcessInformation.hThread %x\n", ProcessInformation.hThread); - CloseHandle(ProcessInformation.hThread); +// CloseHandle(ProcessInformation.hThread); WaitForSingleObject(ProcessInformation.hProcess, INFINITE); CloseHandle(ProcessInformation.hProcess); + debug_printf("Thandle %x\n", ProcessInformation.hThread); + CloseHandle(ProcessInformation.hThread); } } return(ret); diff --git a/reactos/include/base.h b/reactos/include/base.h index cb6d02f1de3..b08ad1d432b 100644 --- a/reactos/include/base.h +++ b/reactos/include/base.h @@ -304,9 +304,10 @@ typedef char *PTSTR; #endif /* UNICODE */ /* -typedef PWSTR; -typedef REGSAM; -*/ + typedef PWSTR; + */ +typedef PVOID REGSAM; + typedef short RETCODE; diff --git a/reactos/include/csrss/csrss.h b/reactos/include/csrss/csrss.h index e2d4bbaf4a8..bbe179e0f21 100644 --- a/reactos/include/csrss/csrss.h +++ b/reactos/include/csrss/csrss.h @@ -1,6 +1,11 @@ #ifndef __INCLUDE_CSRSS_CSRSS_H #define __INCLUDE_CSRSS_CSRSS_H +typedef struct +{ + +} CONNECT_INFO, *PCONNECT_INFO; + #define CSRSS_CREATE_PROCESS (0x1) #define CSRSS_TERMINATE_PROCESS (0x2) #define CSRSS_WRITE_CONSOLE (0x3) diff --git a/reactos/include/ddk/ntddk.h b/reactos/include/ddk/ntddk.h index d9aa9ee8e3e..aa91761f0ca 100644 --- a/reactos/include/ddk/ntddk.h +++ b/reactos/include/ddk/ntddk.h @@ -35,8 +35,8 @@ extern "C" #include #include #include -#include #include +#include #include #include #include diff --git a/reactos/include/ddk/obtypes.h b/reactos/include/ddk/obtypes.h index 5b4befeb3e1..6f157253c6a 100644 --- a/reactos/include/ddk/obtypes.h +++ b/reactos/include/ddk/obtypes.h @@ -80,7 +80,10 @@ typedef struct _OBJECT_TYPE /* */ - VOID (*Security)(VOID); + NTSTATUS (*Security)(PVOID Object, + ULONG InfoClass, + PVOID Info, + PULONG InfoLength); /* */ diff --git a/reactos/include/ddk/psfuncs.h b/reactos/include/ddk/psfuncs.h index 6d962137071..c1f4d57ce72 100644 --- a/reactos/include/ddk/psfuncs.h +++ b/reactos/include/ddk/psfuncs.h @@ -35,3 +35,9 @@ ULONG PsResumeThread(PETHREAD Thread, PNTSTATUS WaitStatus); PETHREAD PsGetCurrentThread(VOID); struct _EPROCESS* PsGetCurrentProcess(VOID); +PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread, + PULONG Unknown1, + PULONG Unknown2, + SECURITY_IMPERSONATION_LEVEL* + Level); +PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process); diff --git a/reactos/include/ddk/pstypes.h b/reactos/include/ddk/pstypes.h index 05afb2acf19..ab56e427e26 100644 --- a/reactos/include/ddk/pstypes.h +++ b/reactos/include/ddk/pstypes.h @@ -117,7 +117,7 @@ typedef struct _CLIENT_ID } CLIENT_ID, *PCLIENT_ID; typedef struct _NT_TIB { - struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList; // 00h + struct _EXCEPTION_REGISTRATION_RECORD* ExceptionList; // 00h PVOID StackBase; // 04h PVOID StackLimit; // 08h PVOID SubSystemTib; // 0Ch @@ -269,6 +269,15 @@ typedef struct _TOP_LEVEL_IRP ULONG TopLevelIrpConst; } TOP_LEVEL_IRP; +typedef struct +{ + PACCESS_TOKEN Token; + UCHAR Unknown1; + UCHAR Unknown2; + UCHAR Pad[2]; + SECURITY_IMPERSONATION_LEVEL Level; +} IMPERSONATION_INFO, *PIMPERSONATION_INFO; + typedef struct _ETHREAD { KTHREAD Tcb; TIME CreateTime; @@ -282,7 +291,7 @@ typedef struct _ETHREAD { PLARGE_INTEGER LpcReplySemaphore; PVOID LpcReplyMessage; PLARGE_INTEGER LpcReplyMessageId; - PVOID ImpersonationInfo; + PIMPERSONATION_INFO ImpersonationInfo; LIST_ENTRY IrpList; // TOP_LEVEL_IRP TopLevelIrp; ULONG ReadClusterSize; @@ -295,8 +304,10 @@ typedef struct _ETHREAD { PKSTART_ROUTINE StartAddress; LPTHREAD_START_ROUTINE Win32StartAddress; // Should Specify a win32 start func UCHAR LpcExitThreadCalled; - UCHAR HardErrorsAreDisabled; - + UCHAR HardErrorsAreDisabled; + UCHAR LpcReceivedMsgIdValid; + UCHAR ActiveImpersonationInfo; + ULONG PerformanceCountHigh; /* * Added by David Welch (welch@cwcom.net) diff --git a/reactos/include/ddk/sefuncs.h b/reactos/include/ddk/sefuncs.h index e4c2053f060..f9d8ad4830d 100644 --- a/reactos/include/ddk/sefuncs.h +++ b/reactos/include/ddk/sefuncs.h @@ -1,3 +1,50 @@ +NTSTATUS RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + ULONG Revision); + +BOOLEAN RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor); + +ULONG RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor); + +NTSTATUS RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + BOOLEAN DaclPresent, + PACL Dacl, + BOOLEAN DaclDefaulted); + +NTSTATUS RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PBOOLEAN DaclPresent, + PACL* Dacl, + PBOOLEAN DaclDefauted); + +NTSTATUS RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PSID Owner, + BOOLEAN OwnerDefaulted); + +NTSTATUS RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PSID* Owner, + PBOOLEAN OwnerDefaulted); + +NTSTATUS RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PSID Group, + BOOLEAN GroupDefaulted); + +NTSTATUS RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PSID* Group, + PBOOLEAN GroupDefaulted); + +ULONG RtlLengthRequiredSid(UCHAR SubAuthorityCount); + +NTSTATUS RtlInitializeSid(PSID Sid, + PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, + UCHAR SubAuthorityCount); + +PULONG RtlSubAuthoritySid(PSID Sid, ULONG SubAuthority); + +BOOLEAN RtlEqualSid(PSID Sid1, PSID Sid2); + +NTSTATUS RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD, + PSECURITY_DESCRIPTOR RelSD, + PULONG BufferLength); + BOOLEAN SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, @@ -22,4 +69,5 @@ BOOLEAN SeSinglePrivilegeCheck(LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode); - +ULONG RtlLengthSid(PSID Sid); +NTSTATUS RtlCopySid(ULONG BufferLength, PSID Src, PSID Dest); diff --git a/reactos/include/ddk/setypes.h b/reactos/include/ddk/setypes.h index c689f8d5555..ad8fb7a324b 100644 --- a/reactos/include/ddk/setypes.h +++ b/reactos/include/ddk/setypes.h @@ -11,42 +11,199 @@ #ifndef __INCLUDE_DDK_SETYPES_H #define __INCLUDE_DDK_SETYPES_H +/* SID */ +#define SECURITY_NULL_RID (0L) +#define SECURITY_WORLD_RID (0L) +#define SECURITY_LOCAL_RID (0L) +#define SECURITY_CREATOR_OWNER_RID (0L) +#define SECURITY_CREATOR_GROUP_RID (0x1L) +#define SECURITY_DIALUP_RID (0x1L) +#define SECURITY_NETWORK_RID (0x2L) +#define SECURITY_BATCH_RID (0x3L) +#define SECURITY_INTERACTIVE_RID (0x4L) +#define SECURITY_LOGON_IDS_RID (0x5L) +#define SECURITY_LOGON_IDS_RID_COUNT (0x3L) +#define SECURITY_SERVICE_RID (0x6L) +#define SECURITY_LOCAL_SYSTEM_RID (0x12L) +#define SECURITY_BUILTIN_DOMAIN_RID (0x20L) +#define DOMAIN_USER_RID_ADMIN (0x1f4L) +#define DOMAIN_USER_RID_GUEST (0x1f5L) +#define DOMAIN_GROUP_RID_ADMINS (0x200L) +#define DOMAIN_GROUP_RID_USERS (0x201L) +#define DOMAIN_ALIAS_RID_ADMINS (0x220L) +#define DOMAIN_ALIAS_RID_USERS (0x221L) +#define DOMAIN_ALIAS_RID_GUESTS (0x222L) +#define DOMAIN_ALIAS_RID_POWER_USERS (0x223L) +#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L) +#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L) +#define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L) +#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L) +#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L) + +/* TOKEN_GROUPS structure */ +#define SE_GROUP_MANDATORY (0x1L) +#define SE_GROUP_ENABLED_BY_DEFAULT (0x2L) +#define SE_GROUP_ENABLED (0x4L) +#define SE_GROUP_OWNER (0x8L) +#define SE_GROUP_LOGON_ID (0xc0000000L) + +/* ACL Defines */ +#define ACL_REVISION (2) + +/* ACE_HEADER structure */ +#define ACCESS_ALLOWED_ACE_TYPE (0x0) +#define ACCESS_DENIED_ACE_TYPE (0x1) +#define SYSTEM_AUDIT_ACE_TYPE (0x2) +#define SYSTEM_ALARM_ACE_TYPE (0x3) + +/* ACE flags in the ACE_HEADER structure */ +#define OBJECT_INHERIT_ACE (0x1) +#define CONTAINER_INHERIT_ACE (0x2) +#define NO_PROPAGATE_INHERIT_ACE (0x4) +#define INHERIT_ONLY_ACE (0x8) +#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) +#define FAILED_ACCESS_ACE_FLAG (0x80) + +/* SECURITY_DESCRIPTOR_CONTROL */ +#define SECURITY_DESCRIPTOR_REVISION (1) +#define SECURITY_DESCRIPTOR_MIN_LENGTH (20) +#define SE_OWNER_DEFAULTED (1) +#define SE_GROUP_DEFAULTED (2) +#define SE_DACL_PRESENT (4) +#define SE_DACL_DEFAULTED (8) +#define SE_SACL_PRESENT (16) +#define SE_SACL_DEFAULTED (32) +#define SE_SELF_RELATIVE (32768) + +/* PRIVILEGE_SET */ +#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L) +#define SE_PRIVILEGE_ENABLED (0x2L) +#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) +#define PRIVILEGE_SET_ALL_NECESSARY (0x1) + +typedef ULONG ACCESS_MASK; typedef ULONG ACCESS_MODE, *PACCESS_MODE; + +typedef struct _SECURITY_QUALITY_OF_SERVICE { + DWORD Length; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; + /* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */ + WINBOOL ContextTrackingMode; + BOOLEAN EffectiveOnly; +} SECURITY_QUALITY_OF_SERVICE; + typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE; +typedef struct _ACE_HEADER +{ + CHAR AceType; + CHAR AceFlags; + USHORT AceSize; + ACCESS_MASK AccessMask; +} ACE_HEADER, *PACE_HEADER; + +typedef struct +{ + ACE_HEADER Header; +} ACE, *PACE; + +typedef struct _SID_IDENTIFIER_AUTHORITY +{ + BYTE Value[6]; +} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; + +#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} + +typedef struct _SID +{ + UCHAR Revision; + UCHAR SubAuthorityCount; + SID_IDENTIFIER_AUTHORITY IdentifierAuthority; + ULONG SubAuthority[1]; +} SID, *PSID; + +typedef struct _ACL { + UCHAR AclRevision; + UCHAR Sbz1; + USHORT AclSize; + USHORT AceCount; + USHORT Sbz2; +} ACL, *PACL; + +typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; + typedef struct _SECURITY_DESCRIPTOR_CONTEXT { } SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT; -typedef struct _ACCESS_TOKEN { - TOKEN_SOURCE TokenSource; - LUID AuthenticationId; - LARGE_INTEGER ExpirationTime; - LUID ModifiedId; - ULONG UserAndGroupCount; - ULONG PrivilegeCount; - ULONG VariableLength; - ULONG DynamicCharged; - ULONG DynamicAvailable; - ULONG DefaultOwnerIndex; - PACL DefaultDacl; - TOKEN_TYPE TokenType; - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; - UCHAR TokenFlags; - UCHAR TokenInUse; - UCHAR Unused[2]; - PVOID ProxyData; - PVOID AuditData; - UCHAR VariablePart[0]; +typedef LARGE_INTEGER LUID, *PLUID; + +typedef struct _LUID_AND_ATTRIBUTES +{ + LUID Luid; + DWORD Attributes; +} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES; + +typedef struct _TOKEN_SOURCE +{ + CHAR SourceName[8]; + LARGE_INTEGER Unknown; + LUID SourceIdentifier; +} TOKEN_SOURCE, *PTOKEN_SOURCE; + + +typedef struct _ACCESS_TOKEN +{ + TOKEN_SOURCE TokenSource; // 0x00 + LUID AuthenticationId; // 0x18 + LARGE_INTEGER ExpirationTime; // 0x20 + LUID ModifiedId; // 0x28 + ULONG UserAndGroupCount; // 0x30 + ULONG PrivilegeCount; // 0x34 + ULONG VariableLength; // 0x38 + ULONG DynamicCharged; // 0x3C + ULONG DynamicAvailable; // 0x40 + ULONG DefaultOwnerIndex; // 0x44 + ULONG Unknown[2]; // 0x48 + PLUID_AND_ATTRIBUTES Privileges; // 0x50 + ULONG Unknown1; // 0x54 + PACL DefaultDacl; // 0x58 + TOKEN_TYPE TokenType; // 0x5C + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60 + UCHAR TokenFlags; // 0x64 + UCHAR TokenInUse; // 0x65 + UCHAR Unused[2]; // 0x66 + PVOID ProxyData; // 0x68 + PVOID AuditData; // 0x6c + UCHAR VariablePart[0]; // 0x70 } ACCESS_TOKEN, *PACCESS_TOKEN; typedef struct _SECURITY_SUBJECT_CONTEXT { - PACCESS_TOKEN ClientToken; - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; - PACCESS_TOKEN PrimaryToken; - PVOID ProcessAuditId; + PACCESS_TOKEN ClientToken; // 0x0 + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x4 + PACCESS_TOKEN PrimaryToken; // 0x8 + PVOID ProcessAuditId; // 0xC } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT; + +typedef struct _SECURITY_DESCRIPTOR { + UCHAR Revision; + UCHAR Sbz1; + SECURITY_DESCRIPTOR_CONTROL Control; + PSID Owner; + PSID Group; + PACL Sacl; + PACL Dacl; +} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR; + +BOOLEAN RtlValidSid(PSID Sid); + +/* + * from ntoskrnl/se/token.c: + */ +extern struct _OBJECT_TYPE* SeTokenType; + + #endif diff --git a/reactos/include/defines.h b/reactos/include/defines.h index 0f22c59f158..64614a8ef54 100644 --- a/reactos/include/defines.h +++ b/reactos/include/defines.h @@ -4149,77 +4149,6 @@ extern "C" { #define TAPE_DRIVE_WRITE_SETMARKS (-2130706432) #define TAPE_DRIVE_WRITE_SHORT_FMKS (-2080374784) - -/* SID */ -#define SECURITY_NULL_RID (0L) -#define SECURITY_WORLD_RID (0L) -#define SECURITY_LOCAL_RID (0L) -#define SECURITY_CREATOR_OWNER_RID (0L) -#define SECURITY_CREATOR_GROUP_RID (0x1L) -#define SECURITY_DIALUP_RID (0x1L) -#define SECURITY_NETWORK_RID (0x2L) -#define SECURITY_BATCH_RID (0x3L) -#define SECURITY_INTERACTIVE_RID (0x4L) -#define SECURITY_LOGON_IDS_RID (0x5L) -#define SECURITY_LOGON_IDS_RID_COUNT (0x3L) -#define SECURITY_SERVICE_RID (0x6L) -#define SECURITY_LOCAL_SYSTEM_RID (0x12L) -#define SECURITY_BUILTIN_DOMAIN_RID (0x20L) -#define DOMAIN_USER_RID_ADMIN (0x1f4L) -#define DOMAIN_USER_RID_GUEST (0x1f5L) -#define DOMAIN_GROUP_RID_ADMINS (0x200L) -#define DOMAIN_GROUP_RID_USERS (0x201L) -#define DOMAIN_ALIAS_RID_ADMINS (0x220L) -#define DOMAIN_ALIAS_RID_USERS (0x221L) -#define DOMAIN_ALIAS_RID_GUESTS (0x222L) -#define DOMAIN_ALIAS_RID_POWER_USERS (0x223L) -#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L) -#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L) -#define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L) -#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L) -#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L) - -/* TOKEN_GROUPS structure */ -#define SE_GROUP_MANDATORY (0x1L) -#define SE_GROUP_ENABLED_BY_DEFAULT (0x2L) -#define SE_GROUP_ENABLED (0x4L) -#define SE_GROUP_OWNER (0x8L) -#define SE_GROUP_LOGON_ID (0xc0000000L) - -/* ACL Defines */ -#define ACL_REVISION (2) - -/* ACE_HEADER structure */ -#define ACCESS_ALLOWED_ACE_TYPE (0x0) -#define ACCESS_DENIED_ACE_TYPE (0x1) -#define SYSTEM_AUDIT_ACE_TYPE (0x2) -#define SYSTEM_ALARM_ACE_TYPE (0x3) - -/* ACE flags in the ACE_HEADER structure */ -#define OBJECT_INHERIT_ACE (0x1) -#define CONTAINER_INHERIT_ACE (0x2) -#define NO_PROPAGATE_INHERIT_ACE (0x4) -#define INHERIT_ONLY_ACE (0x8) -#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) -#define FAILED_ACCESS_ACE_FLAG (0x80) - -/* SECURITY_DESCRIPTOR_CONTROL */ -#define SECURITY_DESCRIPTOR_REVISION (1) -#define SECURITY_DESCRIPTOR_MIN_LENGTH (20) -#define SE_OWNER_DEFAULTED (1) -#define SE_GROUP_DEFAULTED (2) -#define SE_DACL_PRESENT (4) -#define SE_DACL_DEFAULTED (8) -#define SE_SACL_PRESENT (16) -#define SE_SACL_DEFAULTED (32) -#define SE_SELF_RELATIVE (32768) - -/* PRIVILEGE_SET */ -#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L) -#define SE_PRIVILEGE_ENABLED (0x2L) -#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) -#define PRIVILEGE_SET_ALL_NECESSARY (0x1) - /* OPENFILENAME structure */ #define OFN_ALLOWMULTISELECT (0x200) #define OFN_CREATEPROMPT (0x2000) diff --git a/reactos/include/kernel32/kernel32.h b/reactos/include/kernel32/kernel32.h index 3c3cabf1c92..ce811e14beb 100644 --- a/reactos/include/kernel32/kernel32.h +++ b/reactos/include/kernel32/kernel32.h @@ -33,3 +33,7 @@ BOOL KERNEL32_AnsiToUnicode(PWSTR DestStr, LPCSTR SrcStr, ULONG MaxLen); PWSTR InternalAnsiToUnicode(PWSTR Out, LPCSTR In, ULONG MaxLength); + +BOOLEAN IsConsoleHandle(HANDLE Handle); + +WINBOOL STDCALL CloseConsoleHandle(HANDLE Handle); diff --git a/reactos/include/structs.h b/reactos/include/structs.h index 86018dc6247..57c736c2387 100644 --- a/reactos/include/structs.h +++ b/reactos/include/structs.h @@ -29,6 +29,7 @@ 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + #ifndef _GNU_H_WINDOWS32_STRUCTURES #define _GNU_H_WINDOWS32_STRUCTURES @@ -52,64 +53,15 @@ typedef union _ULARGE_INTEGER ULONGLONG QuadPart; } ULARGE_INTEGER, *PULARGE_INTEGER; +#include typedef struct _LIST_ENTRY { struct _LIST_ENTRY *Flink; struct _LIST_ENTRY *Blink; } LIST_ENTRY, *PLIST_ENTRY; -typedef DWORD ACCESS_MASK; -typedef struct _SID_IDENTIFIER_AUTHORITY { - BYTE Value[6]; -} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY, - *LPSID_IDENTIFIER_AUTHORITY; - - -typedef struct _ACL { - BYTE AclRevision; - BYTE Sbz1; - WORD AclSize; - WORD AceCount; - WORD Sbz2; -} ACL, *PACL; - - -typedef struct _SID { - BYTE Revision; - BYTE SubAuthorityCount; - SID_IDENTIFIER_AUTHORITY IdentifierAuthority; - DWORD SubAuthority[ANYSIZE_ARRAY]; -} SID, *PSID; - -typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; - -typedef struct _SECURITY_DESCRIPTOR { - BYTE Revision; - BYTE Sbz1; - SECURITY_DESCRIPTOR_CONTROL Control; - PSID Owner; - PSID Group; - PACL Sacl; - PACL Dacl; -} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR; - -typedef struct _SECURITY_QUALITY_OF_SERVICE { - DWORD Length; - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; - /* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */ - WINBOOL ContextTrackingMode; - BOOLEAN EffectiveOnly; -} SECURITY_QUALITY_OF_SERVICE; - -typedef LARGE_INTEGER LUID, *PLUID; - -typedef struct _TOKEN_SOURCE { - CHAR SourceName[8]; - LUID SourceIdentifier; -} TOKEN_SOURCE, *PTOKEN_SOURCE; - typedef struct _PARTITION_INFORMATION { BYTE PartitionType; BOOLEAN BootIndicator; @@ -152,11 +104,6 @@ typedef struct _GENERIC_MAPPING { ACCESS_MASK GenericAll; } GENERIC_MAPPING, *PGENERIC_MAPPING; -typedef struct _LUID_AND_ATTRIBUTES { - LUID Luid; - DWORD Attributes; -} LUID_AND_ATTRIBUTES; - typedef struct _PRIVILEGE_SET { DWORD PrivilegeCount; DWORD Control; @@ -418,27 +365,7 @@ typedef struct tagACCEL { BYTE fVirt; WORD key; WORD cmd; -} ACCEL, *LPACCEL; - -typedef struct _ACE_HEADER { - BYTE AceType; - BYTE AceFlags; - WORD AceSize; -} ACE_HEADER; - -typedef ACCESS_MASK REGSAM; - -typedef struct _ACCESS_ALLOWED_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_ALLOWED_ACE; - -typedef struct _ACCESS_DENIED_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_DENIED_ACE; +} ACCEL, *LPACCEL; typedef struct tagACCESSTIMEOUT { UINT cbSize; @@ -2551,7 +2478,7 @@ typedef struct _JOB_INFO_1 { SYSTEMTIME Submitted; } JOB_INFO_1; - +#if 0 typedef struct _JOB_INFO_2 { DWORD JobId; LPTSTR pPrinterName; @@ -2577,7 +2504,8 @@ typedef struct _JOB_INFO_2 { DWORD Time; DWORD PagesPrinted ; } JOB_INFO_2; - +#endif + typedef struct tagKERNINGPAIR { WORD wFirst; WORD wSecond; @@ -2619,11 +2547,13 @@ typedef struct tagLOCALESIGNATURE { DWORD lsCsbDefault[2]; DWORD lsCsbSupported[2]; } LOCALESIGNATURE; - + + #if 0 typedef struct _LOCALGROUP_MEMBERS_INFO_0 { PSID lgrmi0_sid; } LOCALGROUP_MEMBERS_INFO_0; - + #endif + typedef struct _LOCALGROUP_MEMBERS_INFO_3 { LPWSTR lgrmi3_domainandname; } LOCALGROUP_MEMBERS_INFO_3; @@ -3461,7 +3391,8 @@ typedef struct _PRINTER_INFO_1 { LPTSTR pName; LPTSTR pComment; } PRINTER_INFO_1, *PPRINTER_INFO_1, *LPPRINTER_INFO_1; - + + #if 0 typedef struct _PRINTER_INFO_2 { LPTSTR pServerName; LPTSTR pPrinterName; @@ -3485,11 +3416,13 @@ typedef struct _PRINTER_INFO_2 { DWORD cJobs; DWORD AveragePPM; } PRINTER_INFO_2; - + + typedef struct _PRINTER_INFO_3 { PSECURITY_DESCRIPTOR pSecurityDescriptor; } PRINTER_INFO_3; - + #endif + typedef struct _PRINTER_INFO_4 { LPTSTR pPrinterName; LPTSTR pServerName; diff --git a/reactos/lib/kernel32/misc/console.c b/reactos/lib/kernel32/misc/console.c index 09eb7a4d2cb..3772194afb9 100644 --- a/reactos/lib/kernel32/misc/console.c +++ b/reactos/lib/kernel32/misc/console.c @@ -9,6 +9,9 @@ * 19990204 EA SetConsoleTitleA * 19990306 EA Stubs */ + +/* INCLUDES ******************************************************************/ + #include #include #include @@ -18,20 +21,26 @@ #define NDEBUG #include +/* GLOBALS ******************************************************************/ -/* What is this? -#define EXTENDED_CONSOLE */ - -HANDLE StdInput = INVALID_HANDLE_VALUE; -HANDLE StdOutput = INVALID_HANDLE_VALUE; -HANDLE StdError = INVALID_HANDLE_VALUE; -#ifdef EXTENDED_CONSOLE -HANDLE StdAux = INVALID_HANDLE_VALUE; -HANDLE StdPrint = INVALID_HANDLE_VALUE; -#endif +static HANDLE StdInput = INVALID_HANDLE_VALUE; +static HANDLE StdOutput = INVALID_HANDLE_VALUE; +static HANDLE StdError = INVALID_HANDLE_VALUE; +/* FUNCTIONS *****************************************************************/ +WINBOOL STDCALL CloseConsoleHandle(HANDLE Handle) +{ +} +BOOLEAN IsConsoleHandle(HANDLE Handle) +{ + if ((((ULONG)Handle) & 0x10000003) == 0x3) + { + return(TRUE); + } + return(FALSE); +} /*-------------------------------------------------------------- @@ -47,10 +56,6 @@ HANDLE STDCALL GetStdHandle(DWORD nStdHandle) case STD_INPUT_HANDLE: return StdInput; case STD_OUTPUT_HANDLE: return StdOutput; case STD_ERROR_HANDLE: return StdError; -#ifdef EXTENDED_CONSOLE - case STD_AUX_HANDLE: return StdError; - case STD_PRINT_HANDLE: return StdError; -#endif } SetLastError(0); /* FIXME: What error code? */ return INVALID_HANDLE_VALUE; @@ -60,43 +65,31 @@ HANDLE STDCALL GetStdHandle(DWORD nStdHandle) /*-------------------------------------------------------------- * SetStdHandle */ -WINBASEAPI -BOOL -WINAPI -SetStdHandle( - DWORD nStdHandle, - HANDLE hHandle - ) +WINBASEAPI BOOL WINAPI SetStdHandle(DWORD nStdHandle, + HANDLE hHandle) { - /* More checking needed? */ - if (hHandle == INVALID_HANDLE_VALUE) - { - SetLastError(0); /* FIXME: What error code? */ - return FALSE; - } - SetLastError(ERROR_SUCCESS); /* OK */ - switch (nStdHandle) - { - case STD_INPUT_HANDLE: - StdInput = hHandle; - return TRUE; - case STD_OUTPUT_HANDLE: - StdOutput = hHandle; - return TRUE; - case STD_ERROR_HANDLE: - StdError = hHandle; - return TRUE; -#ifdef EXTENDED_CONSOLE - case STD_AUX_HANDLE: - StdError = hHandle; - return TRUE; - case STD_PRINT_HANDLE: - StdError = hHandle; - return TRUE; -#endif - } - SetLastError(0); /* FIXME: What error code? */ + /* More checking needed? */ + if (hHandle == INVALID_HANDLE_VALUE) + { + SetLastError(0); /* FIXME: What error code? */ return FALSE; + } + + SetLastError(ERROR_SUCCESS); /* OK */ + switch (nStdHandle) + { + case STD_INPUT_HANDLE: + StdInput = hHandle; + return TRUE; + case STD_OUTPUT_HANDLE: + StdOutput = hHandle; + return TRUE; + case STD_ERROR_HANDLE: + StdError = hHandle; + return TRUE; + } + SetLastError(0); /* FIXME: What error code? */ + return FALSE; } diff --git a/reactos/lib/kernel32/misc/handle.c b/reactos/lib/kernel32/misc/handle.c index 7c47ff3a63b..9cf13369077 100644 --- a/reactos/lib/kernel32/misc/handle.c +++ b/reactos/lib/kernel32/misc/handle.c @@ -7,110 +7,136 @@ * UPDATE HISTORY: * Created 01/11/98 */ + +/* INCLUDES ******************************************************************/ + #include #include +#define NDEBUG +#include +/* FUNCTIONS *****************************************************************/ -WINBOOL -WINAPI -GetHandleInformation( - HANDLE hObject, - LPDWORD lpdwFlags - ) +WINBOOL WINAPI GetHandleInformation(HANDLE hObject, LPDWORD lpdwFlags) { - OBJECT_DATA_INFORMATION HandleInfo; - ULONG BytesWritten; - NTSTATUS errCode; - - errCode = NtQueryObject(hObject,ObjectDataInformation, &HandleInfo, sizeof(OBJECT_DATA_INFORMATION),&BytesWritten); - if (!NT_SUCCESS(errCode) ) { - SetLastError(RtlNtStatusToDosError(errCode)); - return FALSE; - } - if ( HandleInfo.bInheritHandle ) - *lpdwFlags &= HANDLE_FLAG_INHERIT; - if ( HandleInfo.bProtectFromClose ) - *lpdwFlags &= HANDLE_FLAG_PROTECT_FROM_CLOSE; - return TRUE; + OBJECT_DATA_INFORMATION HandleInfo; + ULONG BytesWritten; + NTSTATUS errCode; + + errCode = NtQueryObject(hObject, + ObjectDataInformation, + &HandleInfo, + sizeof(OBJECT_DATA_INFORMATION), + &BytesWritten); + if (!NT_SUCCESS(errCode)) + { + SetLastError(RtlNtStatusToDosError(errCode)); + return FALSE; + } + if ( HandleInfo.bInheritHandle ) + *lpdwFlags &= HANDLE_FLAG_INHERIT; + if ( HandleInfo.bProtectFromClose ) + *lpdwFlags &= HANDLE_FLAG_PROTECT_FROM_CLOSE; + return TRUE; } -WINBOOL -STDCALL -SetHandleInformation( - HANDLE hObject, - DWORD dwMask, - DWORD dwFlags - ) +WINBOOL STDCALL SetHandleInformation(HANDLE hObject, + DWORD dwMask, + DWORD dwFlags) { - OBJECT_DATA_INFORMATION HandleInfo; - NTSTATUS errCode; - ULONG BytesWritten; + OBJECT_DATA_INFORMATION HandleInfo; + NTSTATUS errCode; + ULONG BytesWritten; - errCode = NtQueryObject(hObject,ObjectDataInformation,&HandleInfo,sizeof(OBJECT_DATA_INFORMATION),&BytesWritten); - if (!NT_SUCCESS(errCode) ) { - SetLastError(RtlNtStatusToDosError(errCode)); - return FALSE; - } - if ( (dwMask & HANDLE_FLAG_INHERIT)== HANDLE_FLAG_INHERIT) { - HandleInfo.bInheritHandle = (BOOLEAN)((dwFlags & HANDLE_FLAG_INHERIT) == HANDLE_FLAG_INHERIT); - } - if ( (dwMask & HANDLE_FLAG_PROTECT_FROM_CLOSE) == HANDLE_FLAG_PROTECT_FROM_CLOSE ) { - HandleInfo.bProtectFromClose = (BOOLEAN)((dwFlags & HANDLE_FLAG_PROTECT_FROM_CLOSE) == HANDLE_FLAG_PROTECT_FROM_CLOSE ) ; - } - - errCode = NtSetInformationObject(hObject,ObjectDataInformation,&HandleInfo,sizeof(OBJECT_DATA_INFORMATION)); - if (!NT_SUCCESS(errCode) ) { - SetLastError(RtlNtStatusToDosError(errCode)); - return FALSE; - } - - return TRUE; + errCode = NtQueryObject(hObject, + ObjectDataInformation, + &HandleInfo, + sizeof(OBJECT_DATA_INFORMATION), + &BytesWritten); + if (!NT_SUCCESS(errCode)) + { + SetLastError(RtlNtStatusToDosError(errCode)); + return FALSE; + } + if (dwMask & HANDLE_FLAG_INHERIT) + { + HandleInfo.bInheritHandle = TRUE; + } + if (dwMask & HANDLE_FLAG_PROTECT_FROM_CLOSE) + { + HandleInfo.bProtectFromClose = TRUE; + } + + errCode = NtSetInformationObject(hObject, + ObjectDataInformation, + &HandleInfo, + sizeof(OBJECT_DATA_INFORMATION)); + if (!NT_SUCCESS(errCode)) + { + SetLastError(RtlNtStatusToDosError(errCode)); + return FALSE; + } + + return TRUE; } -WINBOOL -STDCALL -CloseHandle( HANDLE hObject ) +WINBOOL STDCALL CloseHandle(HANDLE hObject) +/* + * FUNCTION: Closes an open object handle + * PARAMETERS: + * hObject = Identifies an open object handle + * RETURNS: If the function succeeds, the return value is nonzero + * If the function fails, the return value is zero + */ { - NTSTATUS errCode; - - errCode = NtClose(hObject); - if(!NT_SUCCESS(errCode)) { - SetLastError(RtlNtStatusToDosError(errCode)); - return FALSE; - } - - return TRUE; + NTSTATUS errCode; + + if (IsConsoleHandle(hObject)) + { + return(CloseConsoleHandle(hObject)); + } + + errCode = NtClose(hObject); + if (!NT_SUCCESS(errCode)) + { + SetLastError(RtlNtStatusToDosError(errCode)); + return FALSE; + } + + return TRUE; } -WINBOOL -STDCALL -DuplicateHandle( - HANDLE hSourceProcessHandle, - HANDLE hSourceHandle, - HANDLE hTargetProcessHandle, - LPHANDLE lpTargetHandle, - DWORD dwDesiredAccess, - BOOL bInheritHandle, - DWORD dwOptions - ) +WINBOOL STDCALL DuplicateHandle(HANDLE hSourceProcessHandle, + HANDLE hSourceHandle, + HANDLE hTargetProcessHandle, + LPHANDLE lpTargetHandle, + DWORD dwDesiredAccess, + BOOL bInheritHandle, + DWORD dwOptions) { - NTSTATUS errCode; + NTSTATUS errCode; - errCode = NtDuplicateObject(hSourceProcessHandle,hSourceHandle,hTargetProcessHandle,lpTargetHandle, dwDesiredAccess, (BOOLEAN)bInheritHandle,dwOptions); - if ( !NT_SUCCESS(errCode) ) { - SetLastError(RtlNtStatusToDosError(errCode)); - return FALSE; - } - - return TRUE; + errCode = NtDuplicateObject(hSourceProcessHandle, + hSourceHandle, + hTargetProcessHandle, + lpTargetHandle, + dwDesiredAccess, + (BOOLEAN)bInheritHandle, + dwOptions); + if (!NT_SUCCESS(errCode)) + { + SetLastError(RtlNtStatusToDosError(errCode)); + return FALSE; + } + + return TRUE; } -UINT STDCALL -SetHandleCount(UINT nCount) +UINT STDCALL SetHandleCount(UINT nCount) { - return nCount; + return(nCount); } diff --git a/reactos/lib/kernel32/misc/stubs.c b/reactos/lib/kernel32/misc/stubs.c index 1e86c36322c..3e42ca45c7c 100644 --- a/reactos/lib/kernel32/misc/stubs.c +++ b/reactos/lib/kernel32/misc/stubs.c @@ -1,4 +1,4 @@ -/* $Id: stubs.c,v 1.10 1999/11/17 21:28:08 ariadne Exp $ +/* $Id: stubs.c,v 1.11 1999/12/26 15:50:44 dwelch Exp $ * * KERNEL32.DLL stubs (unimplemented functions) * Remove from this file, if you implement them. @@ -241,16 +241,6 @@ ClearCommError ( } -BOOL -STDCALL -CloseConsoleHandle ( - HANDLE hConsole - ) -{ - SetLastError(ERROR_CALL_NOT_IMPLEMENTED); - return FALSE; -} - BOOL STDCALL CloseProfileUserMapping ( VOID) diff --git a/reactos/lib/ntdll/csr/api.c b/reactos/lib/ntdll/csr/api.c new file mode 100644 index 00000000000..6b0c49cd856 --- /dev/null +++ b/reactos/lib/ntdll/csr/api.c @@ -0,0 +1,36 @@ +/* $Id: api.c,v 1.1 1999/12/26 15:50:46 dwelch Exp $ + * + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS kernel + * FILE: lib/ntdll/csr/api.c + * PURPOSE: CSRSS API + */ + +/* INCLUDES *****************************************************************/ + +#include + +#define NDEBUG +#include + +/* GLOBALS *******************************************************************/ + +static HANDLE WindowsApiPort; + +/* FUNCTIONS *****************************************************************/ + +NTSTATUS CsrConnectToServer(VOID) +{ + NTSTATUS Status; + UNICODE_STRING PortName; + + RtlInitUnicodeString(&PortName, L"\\Windows\\ApiPort"); + + Status = NtConnectPort(&WindowsApiPort, + &PortName, + NULL, + NULL, + NULL, + NULL, + +} diff --git a/reactos/lib/ntdll/ldr/utils.c b/reactos/lib/ntdll/ldr/utils.c index 26d6d4106a3..0bded1647a4 100644 --- a/reactos/lib/ntdll/ldr/utils.c +++ b/reactos/lib/ntdll/ldr/utils.c @@ -1,4 +1,4 @@ -/* $Id: utils.c,v 1.21 1999/12/20 02:14:37 dwelch Exp $ +/* $Id: utils.c,v 1.22 1999/12/26 15:50:46 dwelch Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -702,7 +702,6 @@ static NTSTATUS LdrFixupImports(PIMAGE_NT_HEADERS NTHeaders, ImageBase + NTHeaders->OptionalHeader .DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT] .VirtualAddress); - DPRINT1("ImportModuleDirectory %x\n", ImportModuleDirectory); DPRINT("ImportModuleDirectory %x\n", ImportModuleDirectory); while (ImportModuleDirectory->dwRVAModuleName) diff --git a/reactos/ntoskrnl/dbg/print.c b/reactos/ntoskrnl/dbg/print.c index d2a2cc66fc7..abc22538139 100644 --- a/reactos/ntoskrnl/dbg/print.c +++ b/reactos/ntoskrnl/dbg/print.c @@ -1,4 +1,4 @@ -/* $Id: print.c,v 1.4 1999/12/06 05:48:34 phreak Exp $ +/* $Id: print.c,v 1.5 1999/12/26 15:50:47 dwelch Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -43,6 +43,7 @@ #define SERIAL_DEBUG_BAUD_RATE 19200 +#define BOCHS_DEBUGGING #ifdef BOCHS_DEBUGGING #define BOCHS_LOGGER_PORT (0xe9) #endif diff --git a/reactos/ntoskrnl/ke/gdt.c b/reactos/ntoskrnl/ke/gdt.c index 3a4870d9a0e..f854996c59b 100644 --- a/reactos/ntoskrnl/ke/gdt.c +++ b/reactos/ntoskrnl/ke/gdt.c @@ -42,7 +42,13 @@ VOID KeFreeGdtSelector(ULONG Entry) { KIRQL oldIrql; - DPRINT("KeFreeGdtSelector(Entry %x)\n",Entry); + DPRINT("KeFreeGdtSelector(Entry %d)\n",Entry); + + if (Entry > (6 + NR_TASKS)) + { + DPRINT1("Entry too large\n"); + KeBugCheck(0); + } KeAcquireSpinLock(&GdtLock, &oldIrql); KiGdt[Entry*4] = 0; diff --git a/reactos/ntoskrnl/ke/i386/exp.c b/reactos/ntoskrnl/ke/i386/exp.c index 70924b93669..bd5796bd7e4 100644 --- a/reactos/ntoskrnl/ke/i386/exp.c +++ b/reactos/ntoskrnl/ke/i386/exp.c @@ -325,15 +325,18 @@ asmlinkage void exception_handler(unsigned int edi, } DbgPrint("\n"); - DbgPrint("Killing current task\n"); -// for(;;); - KeLowerIrql(PASSIVE_LEVEL); - if ((cs&0xffff) == USER_CS) + if ((cs&0xffff) == USER_CS && + eip < KERNEL_BASE) { - ZwTerminateProcess(NtCurrentProcess(), - STATUS_NONCONTINUABLE_EXCEPTION); - } - + DbgPrint("Killing current task\n"); + // for(;;); + KeLowerIrql(PASSIVE_LEVEL); + if ((cs&0xffff) == USER_CS) + { + ZwTerminateProcess(NtCurrentProcess(), + STATUS_NONCONTINUABLE_EXCEPTION); + } + } for(;;); } diff --git a/reactos/ntoskrnl/ke/i386/thread.c b/reactos/ntoskrnl/ke/i386/thread.c index a01abc3845f..561d5157c2f 100644 --- a/reactos/ntoskrnl/ke/i386/thread.c +++ b/reactos/ntoskrnl/ke/i386/thread.c @@ -140,7 +140,7 @@ NTSTATUS HalReleaseTask(PETHREAD Thread) * NOTE: The thread had better not be running when this is called */ { - KeFreeGdtSelector(Thread->Tcb.Context.nr); + KeFreeGdtSelector(Thread->Tcb.Context.nr / 8); ExFreePool(Thread->Tcb.Context.KernelStackBase); if (Thread->Tcb.Context.SavedKernelStackBase != NULL) { diff --git a/reactos/ntoskrnl/ke/timer.c b/reactos/ntoskrnl/ke/timer.c index 9978b471802..fe4f93a6317 100644 --- a/reactos/ntoskrnl/ke/timer.c +++ b/reactos/ntoskrnl/ke/timer.c @@ -1,4 +1,4 @@ -/* $Id: timer.c,v 1.25 1999/12/18 17:48:22 dwelch Exp $ +/* $Id: timer.c,v 1.26 1999/12/26 15:50:48 dwelch Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -137,7 +137,7 @@ NTSTATUS STDCALL NtDelayExecution(IN ULONG Alertable, IntervalP = (PLARGE_INTEGER)Interval; - DPRINT1("NtDelayExecution(Alertable %d, Internal %x) IntervalP %x\n", + DPRINT("NtDelayExecution(Alertable %d, Internal %x) IntervalP %x\n", Alertable, Internal, IntervalP); Status = KeDelayExecutionThread(UserMode, Alertable, IntervalP); diff --git a/reactos/ntoskrnl/ke/wait.c b/reactos/ntoskrnl/ke/wait.c index 0e8fd54906a..ddabfe54ce0 100644 --- a/reactos/ntoskrnl/ke/wait.c +++ b/reactos/ntoskrnl/ke/wait.c @@ -19,6 +19,7 @@ #include #include #include +#include #define NDEBUG #include @@ -600,17 +601,22 @@ NTSTATUS STDCALL NtWaitForSingleObject (IN HANDLE Object, UserMode, &ObjectPtr, NULL); - if (Status != STATUS_SUCCESS) + if (!NT_SUCCESS(Status)) { return(Status); } + DPRINT("ObjectPtr %x\n", ObjectPtr); + Status = KeWaitForSingleObject(ObjectPtr, UserMode, UserMode, Alertable, Time); + DPRINT("Returned from wait (status is %x) ObjectPtr %x(%d)\n", + Status, ObjectPtr, ObGetReferenceCount(ObjectPtr)); + ObDereferenceObject(ObjectPtr); return(Status); diff --git a/reactos/ntoskrnl/makefile_rex b/reactos/ntoskrnl/makefile_rex index 6fa3f1c7e05..5bedb6d2902 100644 --- a/reactos/ntoskrnl/makefile_rex +++ b/reactos/ntoskrnl/makefile_rex @@ -1,4 +1,4 @@ -# $Id: makefile_rex,v 1.40 1999/12/13 22:04:35 dwelch Exp $ +# $Id: makefile_rex,v 1.41 1999/12/26 15:50:47 dwelch Exp $ # # ReactOS Operating System # @@ -45,7 +45,8 @@ IO_OBJECTS = io/iomgr.o io/create.o io/irp.o io/device.o io/rw.o \ io/fs.o io/vpb.o io/buildirp.o io/flush.o io/dir.o io/iocomp.o \ io/mailslot.o io/npipe.o io/lock.o io/page.o io/cleanup.o -OB_OBJECTS = ob/object.o ob/handle.o ob/namespc.o ob/ntobj.o ob/dirobj.o +OB_OBJECTS = ob/object.o ob/handle.o ob/namespc.o ob/ntobj.o ob/dirobj.o \ + ob/security.o PS_OBJECTS = ps/psmgr.o ps/thread.o ps/process.o ps/idle.o ps/kill.o \ ps/tinfo.o ps/create.o @@ -54,7 +55,7 @@ EX_OBJECTS = ex/work.o ex/fmutex.o ex/resource.o ex/time.o ex/interlck.o \ ex/callback.o ex/napi.o ex/power.o ex/sysinfo.o ex/locale.o \ ex/stamp.o ex/init.o -SE_OBJECTS = se/semgr.o +SE_OBJECTS = se/semgr.o se/acl.o se/sid.o se/sd.o se/token.o se/luid.o CM_OBJECTS = cm/registry.o diff --git a/reactos/ntoskrnl/mm/i386/page.c b/reactos/ntoskrnl/mm/i386/page.c index dc96434add9..598fbbe16b1 100644 --- a/reactos/ntoskrnl/mm/i386/page.c +++ b/reactos/ntoskrnl/mm/i386/page.c @@ -29,7 +29,7 @@ extern ULONG MiNrFreePages; #define PA_BIT_READWRITE (1) #define PA_BIT_USER (2) -#define PA_PRESENT (1<= 0x400000) + if (((ULONG)PhysicalAddress) >= 0x400000) { DbgPrint("MmSetPage(Process %x, Address %x, PhysicalAddress %x)\n", Process, Address, PhysicalAddress); diff --git a/reactos/ntoskrnl/mm/mm.c b/reactos/ntoskrnl/mm/mm.c index 3914848b9b3..a81f0942c5b 100644 --- a/reactos/ntoskrnl/mm/mm.c +++ b/reactos/ntoskrnl/mm/mm.c @@ -249,8 +249,12 @@ ULONG MmPageFault(ULONG cs, ULONG eip, ULONG error_code) */ __asm__("movl %%cr2,%0\n\t" : "=d" (cr2)); // DbgPrint("Page fault address %x eip %x process %x code %x\n",cr2,eip, -// PsGetCurrentProcess(), error_code); +// PsGetCurrentProcess(), error_code); + MmSetPageProtect(PsGetCurrentProcess(), + (PVOID)PAGE_ROUND_DOWN(PsGetCurrentProcess()), + 0x7); + cr2 = PAGE_ROUND_DOWN(cr2); if (error_code & 0x1) diff --git a/reactos/ntoskrnl/nt/ntevent.c b/reactos/ntoskrnl/nt/ntevent.c index c62ba7529c7..1a4ddab3921 100644 --- a/reactos/ntoskrnl/nt/ntevent.c +++ b/reactos/ntoskrnl/nt/ntevent.c @@ -3,7 +3,7 @@ * PROJECT: ReactOS kernel * FILE: ntoskrnl/nt/event.c * PURPOSE: Named event support - * PROGRAMMER: David Welch (welch@mcmail.com) + * PROGRAMMER: Philip Susi and David Welch * UPDATE HISTORY: * Created 22/05/98 */ @@ -13,6 +13,7 @@ #include #include +#define NDEBUG #include /* GLOBALS *******************************************************************/ @@ -21,6 +22,27 @@ POBJECT_TYPE ExEventType = NULL; /* FUNCTIONS *****************************************************************/ +NTSTATUS NtpCreateEvent(PVOID ObjectBody, + PVOID Parent, + PWSTR RemainingPath, + POBJECT_ATTRIBUTES ObjectAttributes) +{ + + DPRINT("NtpCreateDevice(ObjectBody %x, Parent %x, RemainingPath %w)\n", + ObjectBody, Parent, RemainingPath); + + if (RemainingPath != NULL && wcschr(RemainingPath+1, '\\') != NULL) + { + return(STATUS_UNSUCCESSFUL); + } + + if (Parent != NULL && RemainingPath != NULL) + { + ObAddEntryDirectory(Parent, ObjectBody, RemainingPath+1); + } + return(STATUS_SUCCESS); +} + VOID NtInitializeEventImplementation(VOID) { ANSI_STRING AnsiName; @@ -44,6 +66,7 @@ VOID NtInitializeEventImplementation(VOID) ExEventType->Security = NULL; ExEventType->QueryName = NULL; ExEventType->OkayToClose = NULL; + ExEventType->Create = NtpCreateEvent; } NTSTATUS STDCALL NtClearEvent (IN HANDLE EventHandle) @@ -74,13 +97,16 @@ NTSTATUS STDCALL NtCreateEvent (OUT PHANDLE EventHandle, IN BOOLEAN InitialState) { PKEVENT Event; - DbgPrint( "Creating Event\n" ); + + DPRINT("NtCreateEvent()\n"); Event = ObCreateObject(EventHandle, DesiredAccess, ObjectAttributes, ExEventType); - KeInitializeEvent( Event, ManualReset ? NotificationEvent : SynchronizationEvent, InitialState ); - ObDereferenceObject( Event ); + KeInitializeEvent(Event, + ManualReset ? NotificationEvent : SynchronizationEvent, + InitialState ); + ObDereferenceObject(Event); return(STATUS_SUCCESS); } @@ -117,41 +143,31 @@ NTSTATUS STDCALL NtOpenEvent (OUT PHANDLE EventHandle, } -NTSTATUS -STDCALL -NtPulseEvent ( - IN HANDLE EventHandle, - IN PULONG PulseCount OPTIONAL - ) +NTSTATUS STDCALL NtPulseEvent(IN HANDLE EventHandle, + IN PULONG PulseCount OPTIONAL) { - UNIMPLEMENTED; + UNIMPLEMENTED; } -NTSTATUS -STDCALL -NtQueryEvent ( - IN HANDLE EventHandle, - IN CINT EventInformationClass, - OUT PVOID EventInformation, - IN ULONG EventInformationLength, - OUT PULONG ReturnLength - ) +NTSTATUS STDCALL NtQueryEvent (IN HANDLE EventHandle, + IN CINT EventInformationClass, + OUT PVOID EventInformation, + IN ULONG EventInformationLength, + OUT PULONG ReturnLength) { - UNIMPLEMENTED; + UNIMPLEMENTED; } -NTSTATUS -STDCALL -NtResetEvent ( - HANDLE EventHandle, - PULONG NumberOfWaitingThreads OPTIONAL - ) +NTSTATUS STDCALL NtResetEvent(HANDLE EventHandle, + PULONG NumberOfWaitingThreads OPTIONAL) { PKEVENT Event; NTSTATUS Status; + DPRINT("NtResetEvent(EventHandle %x)\n", EventHandle); + Status = ObReferenceObjectByHandle(EventHandle, EVENT_MODIFY_STATE, ExEventType, @@ -168,16 +184,14 @@ NtResetEvent ( } -NTSTATUS -STDCALL -NtSetEvent ( - IN HANDLE EventHandle, - PULONG NumberOfThreadsReleased - ) +NTSTATUS STDCALL NtSetEvent(IN HANDLE EventHandle, + PULONG NumberOfThreadsReleased) { PKEVENT Event; NTSTATUS Status; + DPRINT("NtSetEvent(EventHandle %x)\n", EventHandle); + Status = ObReferenceObjectByHandle(EventHandle, EVENT_MODIFY_STATE, ExEventType, @@ -189,6 +203,8 @@ NtSetEvent ( return(Status); } KeSetEvent(Event,IO_NO_INCREMENT,FALSE); + + ObDereferenceObject(Event); return(STATUS_SUCCESS); } diff --git a/reactos/ntoskrnl/ob/handle.c b/reactos/ntoskrnl/ob/handle.c index 9ae99163c87..3bf9147bb9f 100644 --- a/reactos/ntoskrnl/ob/handle.c +++ b/reactos/ntoskrnl/ob/handle.c @@ -1,4 +1,4 @@ -/* $Id: handle.c,v 1.16 1999/12/22 14:48:25 dwelch Exp $ +/* $Id: handle.c,v 1.17 1999/12/26 15:50:50 dwelch Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -47,7 +47,7 @@ static PHANDLE_REP ObpGetObjectByHandle(PHANDLE_TABLE HandleTable, HANDLE h) */ { PLIST_ENTRY current; - unsigned int handle = ((unsigned int)h) - 1; + unsigned int handle = (((unsigned int)h) - 1) >> 3; unsigned int count=handle/HANDLE_BLOCK_ENTRIES; HANDLE_BLOCK* blk = NULL; unsigned int i; @@ -130,10 +130,15 @@ NTSTATUS STDCALL NtDuplicateObject (IN HANDLE SourceProcessHandle, if (SourceHandleRep == NULL) { KeReleaseSpinLock(&SourceProcess->Pcb.HandleTable.ListLock, oldIrql); + ObDereferenceObject(SourceProcess); + ObDereferenceObject(TargetProcess); return(STATUS_INVALID_HANDLE); } ObjectBody = SourceHandleRep->ObjectBody; - BODY_TO_HEADER(ObjectBody)->RefCount++; + ObReferenceObjectByPointer(ObjectBody, + GENERIC_ALL, + NULL, + UserMode); if (Options & DUPLICATE_SAME_ACCESS) { @@ -187,13 +192,30 @@ VOID ObCloseAllHandles(PEPROCESS Process) if (ObjectBody != NULL) { - DPRINT("Deleting handle to %x\n", Object); + POBJECT_HEADER Header = BODY_TO_HEADER(ObjectBody); - BODY_TO_HEADER(ObjectBody)->RefCount++; - BODY_TO_HEADER(ObjectBody)->HandleCount--; + if (Header->ObjectType == PsProcessType || + Header->ObjectType == PsThreadType) + { + DPRINT("Deleting handle to %x\n", ObjectBody); + } + + ObReferenceObjectByPointer(ObjectBody, + GENERIC_ALL, + NULL, + UserMode); + Header->HandleCount--; current->handles[i].ObjectBody = NULL; KeReleaseSpinLock(&HandleTable->ListLock, oldIrql); + + if ((Header->ObjectType != NULL) && + (Header->ObjectType->Close != NULL)) + { + Header->ObjectType->Close(ObjectBody, + Header->HandleCount); + } + ObDereferenceObject(ObjectBody); KeAcquireSpinLock(&HandleTable->ListLock, &oldIrql); current_entry = &HandleTable->ListHead; @@ -205,6 +227,7 @@ VOID ObCloseAllHandles(PEPROCESS Process) } KeReleaseSpinLock(&HandleTable->ListLock, oldIrql); DPRINT("ObCloseAllHandles() finished\n"); + DPRINT("Type %x\n", BODY_TO_HEADER(Process)->ObjectType); } VOID ObDeleteHandleTable(PEPROCESS Process) @@ -304,6 +327,7 @@ PVOID ObDeleteHandle(PEPROCESS Process, HANDLE Handle) PVOID ObjectBody; KIRQL oldIrql; PHANDLE_TABLE HandleTable; + POBJECT_HEADER Header; DPRINT("ObDeleteHandle(Handle %x)\n",Handle); @@ -313,12 +337,22 @@ PVOID ObDeleteHandle(PEPROCESS Process, HANDLE Handle) Rep = ObpGetObjectByHandle(HandleTable, Handle); ObjectBody = Rep->ObjectBody; + Header = BODY_TO_HEADER(ObjectBody); BODY_TO_HEADER(ObjectBody)->HandleCount--; - BODY_TO_HEADER(ObjectBody)->RefCount++; + ObReferenceObjectByPointer(ObjectBody, + GENERIC_ALL, + NULL, + UserMode); Rep->ObjectBody = NULL; KeReleaseSpinLock(&HandleTable->ListLock, oldIrql); + if ((Header->ObjectType != NULL) && + (Header->ObjectType->Close != NULL)) + { + Header->ObjectType->Close(ObjectBody, Header->HandleCount); + } + DPRINT("Finished ObDeleteHandle()\n"); return(ObjectBody); } @@ -375,7 +409,7 @@ NTSTATUS ObCreateHandle(PEPROCESS Process, blk->handles[i].GrantedAccess = GrantedAccess; blk->handles[i].Inherit = Inherit; KeReleaseSpinLock(&HandleTable->ListLock, oldlvl); - *HandleReturn = (HANDLE)(handle + i); + *HandleReturn = (HANDLE)((handle + i) << 3); return(STATUS_SUCCESS); } } @@ -395,7 +429,7 @@ NTSTATUS ObCreateHandle(PEPROCESS Process, new_blk->handles[0].ObjectBody = ObjectBody; new_blk->handles[0].GrantedAccess = GrantedAccess; new_blk->handles[0].Inherit = Inherit; - *HandleReturn = (HANDLE)handle; + *HandleReturn = (HANDLE)(handle << 3); return(STATUS_SUCCESS); } @@ -440,7 +474,10 @@ NTSTATUS ObReferenceObjectByHandle(HANDLE Handle, if (Handle == NtCurrentProcess() && (ObjectType == PsProcessType || ObjectType == NULL)) { - BODY_TO_HEADER(PsGetCurrentProcess())->RefCount++; + ObReferenceObjectByPointer(PsGetCurrentProcess(), + PROCESS_ALL_ACCESS, + PsProcessType, + UserMode); *Object = PsGetCurrentProcess(); DPRINT("Referencing current process %x\n", PsGetCurrentProcess()); return(STATUS_SUCCESS); @@ -453,7 +490,10 @@ NTSTATUS ObReferenceObjectByHandle(HANDLE Handle, if (Handle == NtCurrentThread() && (ObjectType == PsThreadType || ObjectType == NULL)) { - BODY_TO_HEADER(PsGetCurrentThread())->RefCount++; + ObReferenceObjectByPointer(PsGetCurrentThread(), + THREAD_ALL_ACCESS, + PsThreadType, + UserMode); *Object = PsGetCurrentThread(); CHECKPOINT; return(STATUS_SUCCESS); @@ -475,7 +515,10 @@ NTSTATUS ObReferenceObjectByHandle(HANDLE Handle, return(STATUS_INVALID_HANDLE); } ObjectBody = HandleRep->ObjectBody; - BODY_TO_HEADER(ObjectBody)->RefCount++; + ObReferenceObjectByPointer(ObjectBody, + GENERIC_ALL, + NULL, + UserMode); GrantedAccess = HandleRep->GrantedAccess; KeReleaseSpinLock(&PsGetCurrentProcess()->Pcb.HandleTable.ListLock, oldIrql); @@ -488,7 +531,8 @@ NTSTATUS ObReferenceObjectByHandle(HANDLE Handle, return(STATUS_OBJECT_TYPE_MISMATCH); } - if (!(GrantedAccess & DesiredAccess)) + if (!(GrantedAccess & DesiredAccess) && + !((~GrantedAccess) & DesiredAccess)) { CHECKPOINT; return(STATUS_ACCESS_DENIED); @@ -528,12 +572,7 @@ NTSTATUS STDCALL NtClose(HANDLE Handle) Header = BODY_TO_HEADER(ObjectBody); - if ((Header->ObjectType != NULL) && - (Header->ObjectType->Close != NULL)) - { - Header->ObjectType->Close(ObjectBody, Header->HandleCount); - } - + DPRINT("Dereferencing %x\n", ObjectBody); ObDereferenceObject(ObjectBody); return STATUS_SUCCESS; diff --git a/reactos/ntoskrnl/ob/object.c b/reactos/ntoskrnl/ob/object.c index 1fb1477a54e..cf14510f950 100644 --- a/reactos/ntoskrnl/ob/object.c +++ b/reactos/ntoskrnl/ob/object.c @@ -14,7 +14,9 @@ #include #include #include +#include #include +#include #define NDEBUG #include @@ -166,6 +168,8 @@ PVOID ObCreateObject(PHANDLE Handle, if (Header->ObjectType != NULL && Header->ObjectType->Create != NULL) { + DPRINT("Calling %x\n", Header->ObjectType); + DPRINT("Calling %x\n", Header->ObjectType->Create); Status = Header->ObjectType->Create(HEADER_TO_BODY(Header), Parent, RemainingPath, @@ -201,10 +205,26 @@ NTSTATUS ObReferenceObjectByPointer(PVOID ObjectBody, if (ObjectType != NULL && ObjectHeader->ObjectType != ObjectType) { - DPRINT("Failed (type was %x %w)\n",ObjectHeader->ObjectType, - ObjectHeader->ObjectType->TypeName.Buffer); + DPRINT("Failed %x (type was %x %w) should %x\n", + ObjectHeader, + ObjectHeader->ObjectType, + ObjectHeader->ObjectType->TypeName.Buffer, + ObjectType); + KeBugCheck(0); return(STATUS_UNSUCCESSFUL); } + if (ObjectHeader->ObjectType == PsProcessType) + { + DPRINT("Ref p 0x%x refcount %d type %x ", + ObjectBody, ObjectHeader->RefCount, PsProcessType); + DPRINT("eip %x\n", ((PULONG)&ObjectBody)[-1]); + } + if (ObjectHeader->ObjectType == PsThreadType) + { + DPRINT("Deref t 0x%x with refcount %d type %x ", + ObjectBody, ObjectHeader->RefCount, PsThreadType); + DPRINT("eip %x\n", ((PULONG)&ObjectBody)[-1]); + } ObjectHeader->RefCount++; @@ -270,10 +290,24 @@ VOID ObDereferenceObject(PVOID ObjectBody) */ { POBJECT_HEADER Header = BODY_TO_HEADER(ObjectBody); + extern POBJECT_TYPE PsProcessType; // DPRINT("ObDeferenceObject(ObjectBody %x) RefCount %d\n",ObjectBody, // Header->RefCount); - + + if (Header->ObjectType == PsProcessType) + { + DPRINT("Deref p 0x%x with refcount %d type %x ", + ObjectBody, Header->RefCount, PsProcessType); + DPRINT("eip %x\n", ((PULONG)&ObjectBody)[-1]); + } + if (Header->ObjectType == PsThreadType) + { + DPRINT("Deref t 0x%x with refcount %d type %x ", + ObjectBody, Header->RefCount, PsThreadType); + DPRINT("eip %x\n", ((PULONG)&ObjectBody)[-1]); + } + Header->RefCount--; ObPerformRetentionChecks(Header); diff --git a/reactos/ntoskrnl/ob/security.c b/reactos/ntoskrnl/ob/security.c new file mode 100644 index 00000000000..65256f0dfe2 --- /dev/null +++ b/reactos/ntoskrnl/ob/security.c @@ -0,0 +1,74 @@ +/* + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS kernel + * PURPOSE: Security manager + * FILE: kernel/ob/object.c + * PROGRAMER: ? + * REVISION HISTORY: + * 26/07/98: Added stubs for security functions + */ + +/* INCLUDES *****************************************************************/ + +#include + +#include + +#include + +/* FUNCTIONS ***************************************************************/ + +NTSTATUS STDCALL NtQuerySecurityObject(IN HANDLE ObjectHandle, + IN CINT SecurityObjectInformationClass, + OUT PVOID SecurityObjectInformation, + IN ULONG Length, + OUT PULONG ReturnLength) +{ + NTSTATUS Status; + PVOID Object; + OBJECT_HANDLE_INFORMATION HandleInfo; + POBJECT_HEADER Header; + + Status = ObReferenceObjectByHandle(ObjectHandle, + 0, + NULL, + KeGetPreviousMode(), + &Object, + &HandleInfo); + if (!NT_SUCCESS(Status)) + { + return(Status); + } + + Header = BODY_TO_HEADER(Object); + if (Header->ObjectType != NULL && + Header->ObjectType->Security != NULL) + { + Status = Header->ObjectType->Security(Object, + SecurityObjectInformationClass, + SecurityObjectInformation, + &Length); + *ReturnLength = Length; + } + else + { + Status = STATUS_NOT_IMPLEMENTED; + } + ObDereferenceObject(Object); + return(Status); +} + + +NTSTATUS +STDCALL +NtSetSecurityObject( + IN HANDLE Handle, + IN SECURITY_INFORMATION SecurityInformation, + IN PSECURITY_DESCRIPTOR SecurityDescriptor + ) +{ + UNIMPLEMENTED; +} + + + diff --git a/reactos/ntoskrnl/ps/create.c b/reactos/ntoskrnl/ps/create.c index 1652ece0bae..ec496d3dab6 100644 --- a/reactos/ntoskrnl/ps/create.c +++ b/reactos/ntoskrnl/ps/create.c @@ -1,4 +1,4 @@ -/* $Id: create.c,v 1.5 1999/12/22 14:48:26 dwelch Exp $ +/* $Id: create.c,v 1.6 1999/12/26 15:50:51 dwelch Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -43,11 +43,35 @@ extern LIST_ENTRY PiThreadListHead; /* FUNCTIONS ***************************************************************/ +PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread, + PULONG Unknown1, + PULONG Unknown2, + SECURITY_IMPERSONATION_LEVEL* + Level) +{ + if (Thread->ActiveImpersonationInfo == 0) + { + return(NULL); + } + + *Level = Thread->ImpersonationInfo->Level; + *Unknown1 = Thread->ImpersonationInfo->Unknown1; + *Unknown2 = Thread->ImpersonationInfo->Unknown2; + ObReferenceObjectByPointer(Thread->ImpersonationInfo->Token, + GENERIC_ALL, + SeTokenType, + KernelMode); + return(Thread->ImpersonationInfo->Token); +} + static VOID PiTimeoutThread( struct _KDPC *dpc, PVOID Context, PVOID arg1, PVOID arg2 ) { // wake up the thread, and tell it it timed out NTSTATUS Status = STATUS_TIMEOUT; - PsUnfreezeThread( (ETHREAD *)Context, &Status ); + + DPRINT("PiTimeoutThread()\n"); + + KeRemoveAllWaitsThread((PETHREAD)Context, Status); } VOID PiBeforeBeginThread(VOID) @@ -76,6 +100,8 @@ VOID PiDeleteThread(PVOID ObjectBody) DPRINT("PiDeleteThread(ObjectBody %x)\n",ObjectBody); KeAcquireSpinLock(&PiThreadListLock, &oldIrql); + DPRINT("Process %x(%d)\n", ((PETHREAD)ObjectBody)->ThreadsProcess, + ObGetReferenceCount(((PETHREAD)ObjectBody)->ThreadsProcess)); ObDereferenceObject(((PETHREAD)ObjectBody)->ThreadsProcess); ((PETHREAD)ObjectBody)->ThreadsProcess = NULL; PiNrThreads--; diff --git a/reactos/ntoskrnl/ps/kill.c b/reactos/ntoskrnl/ps/kill.c index 77657b15c82..94b84007495 100644 --- a/reactos/ntoskrnl/ps/kill.c +++ b/reactos/ntoskrnl/ps/kill.c @@ -78,17 +78,19 @@ VOID PsReapThreads(VOID) PEPROCESS Process = current->ThreadsProcess; NTSTATUS Status = current->ExitStatus; + DPRINT("PsProcessType %x\n", PsProcessType); ObReferenceObjectByPointer(Process, 0, PsProcessType, - KernelMode ); + KernelMode); DPRINT("Reaping thread %x\n", current); + DPRINT("Ref count %d\n", ObGetReferenceCount(Process)); current->Tcb.State = THREAD_STATE_TERMINATED_2; RemoveEntryList(¤t->Tcb.ProcessThreadListEntry); KeReleaseSpinLock(&PiThreadListLock, oldIrql); ObDereferenceObject(current); KeAcquireSpinLock(&PiThreadListLock, &oldIrql); - if(IsListEmpty( &Process->Pcb.ThreadListHead)) + if(IsListEmpty(&Process->Pcb.ThreadListHead)) { /* * TODO: Optimize this so it doesnt jerk the IRQL around so @@ -99,6 +101,7 @@ VOID PsReapThreads(VOID) PiTerminateProcess(Process, Status); KeAcquireSpinLock(&PiThreadListLock, &oldIrql); } + DPRINT("Ref count %d\n", ObGetReferenceCount(Process)); ObDereferenceObject(Process); current_entry = PiThreadListHead.Flink; } @@ -129,6 +132,9 @@ VOID PsTerminateCurrentThread(NTSTATUS ExitStatus) CurrentThread->Tcb.DispatcherHeader.SignalState = TRUE; KeDispatcherObjectWake(&CurrentThread->Tcb.DispatcherHeader); + DPRINT("Type %x\n", + BODY_TO_HEADER(CurrentThread->ThreadsProcess)->ObjectType); + PsDispatchThreadNoLock(THREAD_STATE_TERMINATED_1); KeBugCheck(0); } @@ -145,10 +151,15 @@ VOID PsTerminateOtherThread(PETHREAD Thread, NTSTATUS ExitStatus) { RemoveEntryList(&Thread->Tcb.QueueListEntry); } + RemoveEntryList(&Thread->Tcb.ProcessThreadListEntry); Thread->Tcb.State = THREAD_STATE_TERMINATED_2; Thread->Tcb.DispatcherHeader.SignalState = TRUE; KeDispatcherObjectWake(&Thread->Tcb.DispatcherHeader); KeReleaseSpinLock(&PiThreadListLock, oldIrql); + if (IsListEmpty(&Thread->ThreadsProcess->Pcb.ThreadListHead)) + { + PiTerminateProcess(Thread->ThreadsProcess, ExitStatus); + } ObDereferenceObject(Thread); } @@ -160,13 +171,20 @@ NTSTATUS STDCALL PiTerminateProcess(PEPROCESS Process, DPRINT("PsTerminateProcess(Process %x, ExitStatus %x)\n", Process, ExitStatus); + if (Process->Pcb.ProcessState == PROCESS_STATE_TERMINATED) + { + return(STATUS_SUCCESS); + } + PiTerminateProcessThreads(Process, ExitStatus); ObCloseAllHandles(Process); KeRaiseIrql(DISPATCH_LEVEL, &oldlvl); Process->Pcb.ProcessState = PROCESS_STATE_TERMINATED; Process->Pcb.DispatcherHeader.SignalState = TRUE; + DPRINT("Type %x\n", BODY_TO_HEADER(Process)->ObjectType); KeDispatcherObjectWake(&Process->Pcb.DispatcherHeader); KeLowerIrql(oldlvl); + DPRINT("Type %x\n", BODY_TO_HEADER(Process)->ObjectType); return(STATUS_SUCCESS); } @@ -193,7 +211,9 @@ NTSTATUS STDCALL NtTerminateProcess(IN HANDLE ProcessHandle, PiTerminateProcess(Process, ExitStatus); if (PsGetCurrentThread()->ThreadsProcess == Process) { + DPRINT("Type %x\n", BODY_TO_HEADER(Process)->ObjectType); ObDereferenceObject(Process); + DPRINT("Type %x\n", BODY_TO_HEADER(Process)->ObjectType); PsTerminateCurrentThread(ExitStatus); } ObDereferenceObject(Process); diff --git a/reactos/ntoskrnl/ps/process.c b/reactos/ntoskrnl/ps/process.c index 3c8f1f33cf9..79724d66283 100644 --- a/reactos/ntoskrnl/ps/process.c +++ b/reactos/ntoskrnl/ps/process.c @@ -36,6 +36,36 @@ static ULONG PiNextProcessUniqueId = 0; /* FUNCTIONS *****************************************************************/ +PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process) +{ + ObReferenceObjectByPointer(Process->Token, + GENERIC_ALL, + SeTokenType, + UserMode); + return(Process->Token); +} + +NTSTATUS PsOpenTokenOfProcess(HANDLE ProcessHandle, + PACCESS_TOKEN* Token) +{ + PEPROCESS Process; + NTSTATUS Status; + + Status = ObReferenceObjectByHandle(ProcessHandle, + PROCESS_QUERY_INFORMATION, + PsProcessType, + UserMode, + (PVOID*)&Process, + NULL); + if (!NT_SUCCESS(Status)) + { + return(Status); + } + *Token = PsReferencePrimaryToken(Process); + ObDereferenceObject(Process); + return(STATUS_SUCCESS); +} + VOID PiKillMostProcesses(VOID) { KIRQL oldIrql; @@ -205,9 +235,7 @@ struct _EPROCESS* PsGetCurrentProcess(VOID) } } -NTSTATUS -STDCALL -NtCreateProcess ( +NTSTATUS STDCALL NtCreateProcess ( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, diff --git a/reactos/ntoskrnl/se/acl.c b/reactos/ntoskrnl/se/acl.c new file mode 100644 index 00000000000..9e5bdc70dee --- /dev/null +++ b/reactos/ntoskrnl/se/acl.c @@ -0,0 +1,198 @@ +/* + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS kernel + * PURPOSE: Security manager + * FILE: kernel/se/acl.c + * PROGRAMER: David Welch + * REVISION HISTORY: + * 26/07/98: Added stubs for security functions + */ + +/* INCLUDES *****************************************************************/ + +#include + +#include + +/* FUNCTIONS ***************************************************************/ + +BOOLEAN RtlFirstFreeAce(PACL Acl, PACE* Ace) +{ + PACE Current; + PVOID AclEnd; + ULONG i; + + Current = (PACE)(Acl + 1); + *Ace = NULL; + i = 0; + if (Acl->AceCount == 0) + { + *Ace = Current; + return(TRUE); + } + AclEnd = Acl->AclSize + Acl; + do + { + if ((PVOID)Current >= AclEnd) + { + return(FALSE); + } + if (Current->Header.AceType == 4) + { + if (Acl->AclRevision < 3) + { + return(FALSE); + } + } + Current = (PACE)((PVOID)Current + (ULONG)Current->Header.AceSize); + i++; + } while (i < Acl->AceCount); + if ((PVOID)Current >= AclEnd) + { + return(FALSE); + } + *Ace = Current; + return(TRUE); +} + +NTSTATUS RtlpAddKnownAce(PACL Acl, + ULONG Revision, + ACCESS_MASK AccessMask, + PSID Sid, + ULONG Type) +{ + PACE Ace; + + if (!RtlValidSid(Sid)) + { + return(STATUS_UNSUCCESSFUL); + } + if (Acl->AclRevision > 3 || + Revision > 3) + { + return(STATUS_UNSUCCESSFUL); + } + if (Revision < Acl->AclRevision) + { + Revision = Acl->AclRevision; + } + if (!RtlFirstFreeAce(Acl, &Ace)) + { + return(STATUS_UNSUCCESSFUL); + } + if (Ace == NULL) + { + return(STATUS_UNSUCCESSFUL); + } + if (((PVOID)Ace + RtlLengthSid(Sid) + sizeof(ACE)) >= + ((PVOID)Acl + Acl->AclSize)) + { + return(STATUS_UNSUCCESSFUL); + } + Ace->Header.AceFlags = 0; + Ace->Header.AceType = Type; + Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE); + Ace->Header.AccessMask = AccessMask; + RtlCopySid(RtlLengthSid(Sid), Sid, (PSID)Ace + 1); + Acl->AceCount++; + Acl->AclRevision = Revision; + return(STATUS_SUCCESS); +} + +NTSTATUS RtlAddAccessAllowedAce(PACL Acl, + ULONG Revision, + ACCESS_MASK AccessMask, + PSID Sid) +{ + return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0)); +} + +NTSTATUS RtlAddAcl(PACL Acl, + ULONG AclRevision, + ULONG StartingIndex, + PACE AceList, + ULONG AceListLength) +{ + PACE Ace; + ULONG i; + PACE Current; + ULONG j; + + if (Acl->AclRevision != 2 && + Acl->AclRevision != 3) + { + return(STATUS_UNSUCCESSFUL); + } + if (!RtlFirstFreeAce(Acl,&Ace)) + { + return(STATUS_UNSUCCESSFUL); + } + if (Acl->AclRevision <= AclRevision) + { + AclRevision = Acl->AclRevision; + } + if (((PVOID)AceList + AceListLength) <= (PVOID)AceList) + { + return(STATUS_UNSUCCESSFUL); + } + i = 0; + Current = (PACE)(Acl + 1); + while ((PVOID)Current < ((PVOID)AceList + AceListLength)) + { + if (AceList->Header.AceType == 4 && + AclRevision < 3) + { + return(STATUS_UNSUCCESSFUL); + } + Current = (PACE)((PVOID)Current + Current->Header.AceSize); + } + if (Ace == NULL) + { + return(STATUS_UNSUCCESSFUL); + } + if (((PVOID)Ace + AceListLength) >= ((PVOID)Acl + Acl->AclSize)) + { + return(STATUS_UNSUCCESSFUL); + } + if (StartingIndex != 0) + { + if (Acl->AceCount > 0) + { + Current = (PACE)(Acl + 1); + for (j = 0; j < StartingIndex; j++) + { + Current = (PACE)((PVOID)Current + Current->Header.AceSize); + } + } + } + /* RtlpAddData(AceList, AceListLength, Current, (PVOID)Ace - Current)); */ + memcpy(Current, AceList, AceListLength); + Acl->AceCount = Acl->AceCount + i; + Acl->AclRevision = AclRevision; + return(TRUE); +} + + +NTSTATUS RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision) +{ + if (AclSize < 8) + { + return(STATUS_UNSUCCESSFUL); + } + if (AclRevision != 2 || + AclRevision != 3) + { + return(STATUS_UNSUCCESSFUL); + } + if (AclSize > 0xffff) + { + return(STATUS_UNSUCCESSFUL); + } + AclSize = AclSize & ~(0x3); + Acl->AclSize = AclSize; + Acl->AclRevision = AclRevision; + Acl->AceCount = 0; + Acl->Sbz1 = 0; + Acl->Sbz2 = 0; + return(STATUS_SUCCESS); +} diff --git a/reactos/ntoskrnl/se/luid.c b/reactos/ntoskrnl/se/luid.c new file mode 100644 index 00000000000..dde4325bbbc --- /dev/null +++ b/reactos/ntoskrnl/se/luid.c @@ -0,0 +1,36 @@ +/* + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS kernel + * PURPOSE: Security manager + * FILE: kernel/se/semgr.c + * PROGRAMER: ? + * REVISION HISTORY: + * 26/07/98: Added stubs for security functions + */ + +/* INCLUDES *****************************************************************/ + +#include + +#include + +/* GLOBALS *******************************************************************/ + +static KSPIN_LOCK LuidLock; +static LARGE_INTEGER LuidIncrement; +static LUID Luid; + +/* FUNCTIONS *****************************************************************/ + +NTSTATUS STDCALL NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId) +{ + KIRQL oldIrql; + LUID ReturnedLuid; + + KeAcquireSpinLock(&LuidLock, &oldIrql); + ReturnedLuid = Luid; + Luid = RtlLargeIntegerAdd(Luid, LuidIncrement); + KeReleaseSpinLock(&LuidLock, oldIrql); + *LocallyUniqueId = ReturnedLuid; + return(STATUS_SUCCESS); +} diff --git a/reactos/ntoskrnl/se/sd.c b/reactos/ntoskrnl/se/sd.c new file mode 100644 index 00000000000..229991c3c8d --- /dev/null +++ b/reactos/ntoskrnl/se/sd.c @@ -0,0 +1,286 @@ +/* + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS kernel + * PURPOSE: Security manager + * FILE: kernel/se/sd.c + * PROGRAMER: David Welch + * REVISION HISTORY: + * 26/07/98: Added stubs for security functions + */ + +/* INCLUDES *****************************************************************/ + +#include + +#include + +/* FUNCTIONS ***************************************************************/ + +NTSTATUS RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + ULONG Revision) +{ + if (Revision != 1) + { + return(STATUS_UNSUCCESSFUL); + } + SecurityDescriptor->Revision = 1; + SecurityDescriptor->Sbz1 = 0; + SecurityDescriptor->Control = 0; + SecurityDescriptor->Owner = NULL; + SecurityDescriptor->Group = NULL; + SecurityDescriptor->Sacl = NULL; + SecurityDescriptor->Dacl = NULL; + return(STATUS_SUCCESS); +} + +ULONG RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor) +{ + PSID Owner; + PSID Group; + ULONG Length; + PACL Dacl; + PACL Sacl; + + Length = sizeof(SECURITY_DESCRIPTOR); + + if (SecurityDescriptor->Owner != NULL) + { + Owner = SecurityDescriptor->Owner; + if (SecurityDescriptor->Control & 0x80) + { + Owner = (PSID)((ULONG)Owner + + (ULONG)SecurityDescriptor); + } + Length = Length + ((sizeof(SID) + (Owner->SubAuthorityCount - 1) * + sizeof(ULONG) + 3) & 0xfc); + } + if (SecurityDescriptor->Group != NULL) + { + Group = SecurityDescriptor->Group; + if (SecurityDescriptor->Control & 0x8000) + { + Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor); + } + Length = Length + ((sizeof(SID) + (Group->SubAuthorityCount - 1) * + sizeof(ULONG) + 3) & 0xfc); + } + if (SecurityDescriptor->Control & 0x4 && + SecurityDescriptor->Dacl != NULL) + { + Dacl = SecurityDescriptor->Dacl; + if (SecurityDescriptor->Control & 0x8000) + { + Dacl = (PACL)((ULONG)Dacl + (PVOID)SecurityDescriptor); + } + Length = Length + ((Dacl->AclSize + 3) & 0xfc); + } + if (SecurityDescriptor->Control & 0x10 && + SecurityDescriptor->Sacl != NULL) + { + Sacl = SecurityDescriptor->Sacl; + if (SecurityDescriptor->Control & 0x8000) + { + Sacl = (PACL)((ULONG)Sacl + (PVOID)SecurityDescriptor); + } + Length = Length + ((Sacl->AclSize + 3) & 0xfc); + } + return(Length); +} + +NTSTATUS RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PBOOLEAN DaclPresent, + PACL* Dacl, + PBOOLEAN DaclDefaulted) +{ + if (SecurityDescriptor->Revision != 1) + { + return(STATUS_UNSUCCESSFUL); + } + if (!(SecurityDescriptor->Control & 0x4)) + { + *DaclPresent = 0; + return(STATUS_SUCCESS); + } + *DaclPresent = 1; + if (SecurityDescriptor->Dacl == NULL) + { + *Dacl = NULL; + } + else + { + if (SecurityDescriptor->Control & 0x8000) + { + *Dacl = (PACL)((ULONG)SecurityDescriptor->Dacl + + (PVOID)SecurityDescriptor); + } + else + { + *Dacl = SecurityDescriptor->Dacl; + } + } + if (SecurityDescriptor->Control & 0x8) + { + *DaclDefaulted = 1; + } + else + { + *DaclDefaulted = 0; + } + return(STATUS_SUCCESS); +} + +NTSTATUS RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + BOOLEAN DaclPresent, + PACL Dacl, + BOOLEAN DaclDefaulted) +{ + if (SecurityDescriptor->Revision != 1) + { + return(STATUS_UNSUCCESSFUL); + } + if (SecurityDescriptor->Control & 0x8000) + { + return(STATUS_UNSUCCESSFUL); + } + if (!DaclPresent) + { + SecurityDescriptor->Control = SecurityDescriptor->Control & ~(0x4); + return(STATUS_SUCCESS); + } + SecurityDescriptor->Control = SecurityDescriptor->Control | 0x4; + SecurityDescriptor->Dacl = Dacl; + SecurityDescriptor->Control = SecurityDescriptor->Control & ~(0x8); + if (DaclDefaulted) + { + SecurityDescriptor->Control = SecurityDescriptor->Control | 0x80; + } + return(STATUS_SUCCESS); +} + +BOOLEAN RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor) +{ + UNIMPLEMENTED; +} + +NTSTATUS RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PSID Owner, + BOOLEAN OwnerDefaulted) +{ + if (SecurityDescriptor->Revision != 1) + { + return(STATUS_UNSUCCESSFUL); + } + if (SecurityDescriptor->Control & 0x8000) + { + return(STATUS_UNSUCCESSFUL); + } + SecurityDescriptor->Owner = Owner; + SecurityDescriptor->Control = SecurityDescriptor->Control & ~(0x1); + if (OwnerDefaulted) + { + SecurityDescriptor->Control = SecurityDescriptor->Control | 0x1; + } + return(STATUS_SUCCESS); +} + +NTSTATUS RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PSID* Owner, + PBOOLEAN OwnerDefaulted) +{ + if (SecurityDescriptor->Revision != 1) + { + return(STATUS_UNSUCCESSFUL); + } + if (SecurityDescriptor->Owner != NULL) + { + if (SecurityDescriptor->Control & 0x8000) + { + *Owner = (PSID)((ULONG)SecurityDescriptor->Owner + + (PVOID)SecurityDescriptor); + } + else + { + *Owner = SecurityDescriptor->Owner; + } + } + else + { + *Owner = NULL; + } + if (SecurityDescriptor->Control & 0x1) + { + *OwnerDefaulted = 1; + } + else + { + *OwnerDefaulted = 0; + } + return(STATUS_SUCCESS); +} + +NTSTATUS RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PSID Group, + BOOLEAN GroupDefaulted) +{ + if (SecurityDescriptor->Revision != 1) + { + return(STATUS_UNSUCCESSFUL); + } + if (SecurityDescriptor->Control & 0x8000) + { + return(STATUS_UNSUCCESSFUL); + } + SecurityDescriptor->Group = Group; + SecurityDescriptor->Control = SecurityDescriptor->Control & ~(0x2); + if (GroupDefaulted) + { + SecurityDescriptor->Control = SecurityDescriptor->Control | 0x2; + } + return(STATUS_SUCCESS); +} + +NTSTATUS RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, + PSID* Group, + PBOOLEAN GroupDefaulted) +{ + if (SecurityDescriptor->Revision != 1) + { + return(STATUS_UNSUCCESSFUL); + } + if (SecurityDescriptor->Group != NULL) + { + if (SecurityDescriptor->Control & 0x8000) + { + *Group = (PSID)((ULONG)SecurityDescriptor->Group + + (PVOID)SecurityDescriptor); + } + else + { + *Group = SecurityDescriptor->Group; + } + } + else + { + *Group = NULL; + } + if (SecurityDescriptor->Control & 0x2) + { + *GroupDefaulted = 1; + } + else + { + *GroupDefaulted = 0; + } + return(STATUS_SUCCESS); +} + +NTSTATUS RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD, + PSECURITY_DESCRIPTOR RelSD, + PULONG BufferLength) +{ + if (AbsSD->Control & 0x8000) + { + return(STATUS_UNSUCCESSFUL); + } + UNIMPLEMENTED; +} diff --git a/reactos/ntoskrnl/se/semgr.c b/reactos/ntoskrnl/se/semgr.c index 036e6b061c1..daeda548b55 100644 --- a/reactos/ntoskrnl/se/semgr.c +++ b/reactos/ntoskrnl/se/semgr.c @@ -17,66 +17,10 @@ /* FUNCTIONS ***************************************************************/ -NTSTATUS -STDCALL -NtQueryInformationToken ( - IN HANDLE TokenHandle, - IN TOKEN_INFORMATION_CLASS TokenInformationClass, - OUT PVOID TokenInformation, - IN ULONG TokenInformationLength, - OUT PULONG ReturnLength - ) -{ - UNIMPLEMENTED; -} - -NTSTATUS -STDCALL -NtQuerySecurityObject ( - IN HANDLE Object, - IN CINT SecurityObjectInformationClass, - OUT PVOID SecurityObjectInformation, - IN ULONG Length, - OUT PULONG ReturnLength - ) -{ - UNIMPLEMENTED; -} - - -NTSTATUS -STDCALL -NtSetSecurityObject( - IN HANDLE Handle, - IN SECURITY_INFORMATION SecurityInformation, - IN PSECURITY_DESCRIPTOR SecurityDescriptor - ) -{ - UNIMPLEMENTED; -} - - -NTSTATUS -STDCALL -NtSetInformationToken( - IN HANDLE TokenHandle, - IN TOKEN_INFORMATION_CLASS TokenInformationClass, - OUT PVOID TokenInformation, - IN ULONG TokenInformationLength - ) -{ - UNIMPLEMENTED; -} - - -NTSTATUS -STDCALL -NtPrivilegeCheck ( - IN HANDLE ClientToken, - IN PPRIVILEGE_SET RequiredPrivileges, - IN PBOOLEAN Result - ) +NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken, + IN PPRIVILEGE_SET RequiredPrivileges, + IN PBOOLEAN Result) { UNIMPLEMENTED; } @@ -155,19 +99,6 @@ NtOpenThreadToken ( } -NTSTATUS -STDCALL -NtDuplicateToken ( - IN HANDLE ExistingToken, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, - IN TOKEN_TYPE TokenType, - OUT PHANDLE NewToken - ) -{ - UNIMPLEMENTED; -} NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle, @@ -179,37 +110,6 @@ NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle, } -NTSTATUS -STDCALL -NtCreateToken ( - OUT PHANDLE TokenHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - IN TOKEN_TYPE TokenType, - IN PLUID AuthenticationId, - IN PLARGE_INTEGER ExpirationTime, - IN PTOKEN_USER TokenUser, - IN PTOKEN_GROUPS TokenGroups, - IN PTOKEN_PRIVILEGES TokenPrivileges, - IN PTOKEN_OWNER TokenOwner, - IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, - IN PTOKEN_DEFAULT_DACL TokenDefaultDacl, - IN PTOKEN_SOURCE TokenSource - ) -{ - UNIMPLEMENTED; -} - - -NTSTATUS -STDCALL -NtAllocateLocallyUniqueId ( - OUT LUID * LocallyUniqueId - ) -{ - UNIMPLEMENTED; -} - NTSTATUS STDCALL @@ -299,34 +199,135 @@ NtDeleteObjectAuditAlarm ( UNIMPLEMENTED; } -NTSTATUS RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, - ULONG Revision) +VOID SeReleaseSubjectContext(PSECURITY_SUBJECT_CONTEXT SubjectContext) { - UNIMPLEMENTED; + } -ULONG RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor) +VOID SeCaptureSubjectContext(PSECURITY_SUBJECT_CONTEXT SubjectContext) { - UNIMPLEMENTED; + PEPROCESS Process; + ULONG a; + ULONG b; + + Process = PsGetCurrentThread()->ThreadsProcess; + + SubjectContext->ProcessAuditId = Process; + SubjectContext->ClientToken = + PsReferenceImpersonationToken(PsGetCurrentThread(), + &a, + &b, + &SubjectContext->ImpersonationLevel); + SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process); } -NTSTATUS RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, - BOOLEAN DaclPresent, - PACL Dacl, - BOOLEAN DaclDefaulted) +BOOLEAN SepPrivilegeCheck(PACCESS_TOKEN Token, + PLUID_AND_ATTRIBUTES Privileges, + ULONG PrivilegeCount, + ULONG PrivilegeControl, + KPROCESSOR_MODE PreviousMode) { - UNIMPLEMENTED; -} + ULONG i; + PLUID_AND_ATTRIBUTES Current; + ULONG j; + ULONG k; + + if (PreviousMode == KernelMode) + { + return(TRUE); + } + + j = 0; + if (PrivilegeCount != 0) + { + k = PrivilegeCount; + do + { + i = Token->PrivilegeCount; + Current = Token->Privileges; + for (i = 0; i < Token->PrivilegeCount; i++) + { + if (!(Current[i].Attributes & 2) && + Privileges[i].Luid.u.LowPart == + Current[i].Luid.u.LowPart && + Privileges[i].Luid.u.HighPart == + Current[i].Luid.u.HighPart) + { + Privileges[i].Attributes = + Privileges[i].Attributes | 0x80; + j++; + break; + } + } + k--; + } while (k > 0); + } + + if ((PrivilegeControl & 0x2) && PrivilegeCount == j) + { + return(TRUE); + } + + if (j > 0 && !(PrivilegeControl & 0x2)) + { + return(TRUE); + } -BOOLEAN RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor) + return(FALSE); +} + +BOOLEAN SePrivilegeCheck(PPRIVILEGE_SET Privileges, + PSECURITY_SUBJECT_CONTEXT SubjectContext, + KPROCESSOR_MODE PreviousMode) { - UNIMPLEMENTED; + PACCESS_TOKEN Token = NULL; + + if (SubjectContext->ClientToken == NULL) + { + Token = SubjectContext->PrimaryToken; + } + else + { + Token = SubjectContext->ClientToken; + if (SubjectContext->ImpersonationLevel < 2) + { + return(FALSE); + } + } + + return(SepPrivilegeCheck(Token, + Privileges->Privilege, + Privileges->PrivilegeCount, + Privileges->Control, + PreviousMode)); } BOOLEAN SeSinglePrivilegeCheck(LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode) { - UNIMPLEMENTED; + SECURITY_SUBJECT_CONTEXT SubjectContext; + BOOLEAN r; + PRIVILEGE_SET Priv; + + SeCaptureSubjectContext(&SubjectContext); + + Priv.PrivilegeCount = 1; + Priv.Control = 1; + Priv.Privilege[0].Luid = PrivilegeValue; + Priv.Privilege[0].Attributes = 0; + + r = SePrivilegeCheck(&Priv, + &SubjectContext, + PreviousMode); + + if (PreviousMode != KernelMode) + { +/* SePrivilegeServiceAuditAlarm(0, + &SubjectContext, + &PrivilegeValue);*/ + } + SeReleaseSubjectContext(&SubjectContext); + return(r); } NTSTATUS SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor) @@ -358,12 +359,12 @@ BOOLEAN SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, * FUNCTION: Determines whether the requested access rights can be granted * to an object protected by a security descriptor and an object owner * ARGUMENTS: - * SecurityDescriptor = Security descriptor protected the object + * SecurityDescriptor = Security descriptor protecting the object * SubjectSecurityContext = Subject's captured security context * SubjectContextLocked = Indicates the user's subject context is locked * DesiredAccess = Access rights the caller is trying to acquire * PreviouslyGrantedAccess = Specified the access rights already granted - * Priveleges = ? + * Privileges = ? * GenericMapping = Generic mapping associated with the object * AccessMode = Access mode used for the check * GrantedAccess (OUT) = On return specifies the access granted @@ -371,7 +372,67 @@ BOOLEAN SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, * RETURNS: If access was granted, returns TRUE */ { - UNIMPLEMENTED; + ULONG i; + PACL Dacl; + BOOLEAN Present; + BOOLEAN Defaulted; + NTSTATUS Status; + PACE CurrentAce; + PSID Sid; + ACCESS_MASK CurrentAccess; + + CurrentAccess = PreviouslyGrantedAccess; + + /* + * Ignore the SACL for now + */ + + /* + * Check the DACL + */ + Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor, + &Present, + &Dacl, + &Defaulted); + if (!NT_SUCCESS(Status)) + { + return(Status); + } + + CurrentAce = (PACE)(Dacl + 1); + for (i = 0; i < Dacl->AceCount; i++) + { + Sid = (PSID)(CurrentAce + 1); + if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE) + { + if (RtlEqualSid(Sid, NULL)) + { + *AccessStatus = STATUS_ACCESS_DENIED; + *GrantedAccess = 0; + return(STATUS_SUCCESS); + } + } + if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE) + { + if (RtlEqualSid(Sid, NULL)) + { + CurrentAccess = CurrentAccess | + CurrentAce->Header.AccessMask; + } + } + } + if (!(CurrentAccess & DesiredAccess) && + !((~CurrentAccess) & DesiredAccess)) + { + *AccessStatus = STATUS_ACCESS_DENIED; + } + else + { + *AccessStatus = STATUS_SUCCESS; + } + *GrantedAccess = CurrentAccess; + + return(STATUS_SUCCESS); } diff --git a/reactos/ntoskrnl/se/sid.c b/reactos/ntoskrnl/se/sid.c new file mode 100644 index 00000000000..2f09824d434 --- /dev/null +++ b/reactos/ntoskrnl/se/sid.c @@ -0,0 +1,90 @@ +/* + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS kernel + * PURPOSE: Security manager + * FILE: kernel/se/sid.c + * PROGRAMER: David Welch + * REVISION HISTORY: + * 26/07/98: Added stubs for security functions + */ + +/* INCLUDES *****************************************************************/ + +#include + +#include + +/* FUNCTIONS ***************************************************************/ + +BOOLEAN RtlValidSid(PSID Sid) +{ + if ((Sid->Revision & 0xf) != 1) + { + return(FALSE); + } + if (Sid->SubAuthorityCount > 15) + { + return(FALSE); + } + return(TRUE); +} + +ULONG RtlLengthRequiredSid(UCHAR SubAuthorityCount) +{ + return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG)); +} + +NTSTATUS RtlInitializeSid(PSID Sid, + PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, + UCHAR SubAuthorityCount) +{ + Sid->Revision = 1; + Sid->SubAuthorityCount = SubAuthorityCount; + memcpy(&Sid->IdentifierAuthority, IdentifierAuthority, + sizeof(SID_IDENTIFIER_AUTHORITY)); + return(STATUS_SUCCESS); +} + +PULONG RtlSubAuthoritySid(PSID Sid, ULONG SubAuthority) +{ + return(&Sid->SubAuthority[SubAuthority]); +} + +PUCHAR RtlSubAuthorityCountSid(PSID Sid) +{ + return(&Sid->SubAuthorityCount); +} + +BOOLEAN RtlEqualSid(PSID Sid1, PSID Sid2) +{ + if (Sid1->Revision != Sid2->Revision) + { + return(FALSE); + } + if ((*RtlSubAuthorityCountSid(Sid1)) != + (*RtlSubAuthorityCountSid(Sid2))) + { + return(FALSE); + } + if (memcmp(Sid1, Sid2, RtlLengthSid(Sid1) != 0)) + { + return(FALSE); + } + return(TRUE); +} + +ULONG RtlLengthSid(PSID Sid) +{ + return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4); +} + + +NTSTATUS RtlCopySid(ULONG BufferLength, PSID Src, PSID Dest) +{ + if (BufferLength < RtlLengthSid(Src)) + { + return(STATUS_UNSUCCESSFUL); + } + memmove(Dest, Src, RtlLengthSid(Src)); + return(STATUS_SUCCESS); +} diff --git a/reactos/ntoskrnl/se/token.c b/reactos/ntoskrnl/se/token.c new file mode 100644 index 00000000000..d99f6639131 --- /dev/null +++ b/reactos/ntoskrnl/se/token.c @@ -0,0 +1,120 @@ +/* + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS kernel + * PURPOSE: Security manager + * FILE: kernel/se/token.c + * PROGRAMER: David Welch + * REVISION HISTORY: + * 26/07/98: Added stubs for security functions + */ + +/* INCLUDES *****************************************************************/ + +#include + +#include + +/* GLOBALS *******************************************************************/ + +POBJECT_TYPE SeTokenType = NULL; + +/* FUNCTIONS *****************************************************************/ + +VOID SeInitializeTokenManager(VOID) +{ + UNICODE_STRING TypeName; + + RtlInitUnicodeString(&TypeName, L"Token"); + + SeTokenType = ExAllocatePool(NonPagedPool, sizeof(OBJECT_TYPE)); + + SeTokenType->MaxObjects = ULONG_MAX; + SeTokenType->MaxHandles = ULONG_MAX; + SeTokenType->TotalObjects = 0; + SeTokenType->TotalHandles = 0; + SeTokenType->PagedPoolCharge = 0; + SeTokenType->NonpagedPoolCharge = 0; + SeTokenType->Dump = NULL; + SeTokenType->Open = NULL; + SeTokenType->Close = NULL; + SeTokenType->Delete = NULL; + SeTokenType->Parse = NULL; + SeTokenType->Security = NULL; + SeTokenType->QueryName = NULL; + SeTokenType->OkayToClose = NULL; + SeTokenType->Create = NULL; + +} + +NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle, + IN TOKEN_INFORMATION_CLASS + TokenInformationClass, + OUT PVOID TokenInformation, + IN ULONG TokenInformationLength, + OUT PULONG ReturnLength) +{ + NTSTATUS Status; + PACCESS_TOKEN Token; + + Status = ObReferenceObjectByHandle(TokenHandle, +// TOKEN_QUERY_INFORMATION, + 0, + SeTokenType, + UserMode, + (PVOID*)&Token, + NULL); + if (!NT_SUCCESS(Status)) + { + return(Status); + } + + ObDereferenceObject(Token); + return(STATUS_SUCCESS); +} + + + + +NTSTATUS +STDCALL +NtSetInformationToken( + IN HANDLE TokenHandle, + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + OUT PVOID TokenInformation, + IN ULONG TokenInformationLength + ) +{ + UNIMPLEMENTED; +} + +NTSTATUS +STDCALL +NtDuplicateToken ( + IN HANDLE ExistingToken, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, + IN TOKEN_TYPE TokenType, + OUT PHANDLE NewToken + ) +{ + UNIMPLEMENTED; +} + +NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN TOKEN_TYPE TokenType, + IN PLUID AuthenticationId, + IN PLARGE_INTEGER ExpirationTime, + IN PTOKEN_USER TokenUser, + IN PTOKEN_GROUPS TokenGroups, + IN PTOKEN_PRIVILEGES TokenPrivileges, + IN PTOKEN_OWNER TokenOwner, + IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, + IN PTOKEN_DEFAULT_DACL TokenDefaultDacl, + IN PTOKEN_SOURCE TokenSource) +{ + UNIMPLEMENTED; +} + diff --git a/reactos/subsys/csrss/api/handle.c b/reactos/subsys/csrss/api/handle.c new file mode 100644 index 00000000000..870225963b6 --- /dev/null +++ b/reactos/subsys/csrss/api/handle.c @@ -0,0 +1,20 @@ +/* $Id: handle.c,v 1.1 1999/12/26 15:50:53 dwelch Exp $ + * + * reactos/subsys/csrss/api/handle.c + * + * Console I/O functions + * + * ReactOS Operating System + */ + +/* INCLUDES ******************************************************************/ + +#include + +#include "csrss.h" +#include "api.h" + +/* FUNCTIONS *****************************************************************/ + +NTSTATUS CsrCreateObject(PHANDLE Handle, + PVOID Object)