mirror of
https://github.com/reactos/reactos.git
synced 2025-04-07 06:14:44 +00:00
[NTOS:SE] Minor refactor on NtOpenThreadTokenEx
- Remove a redundant call of ObReferenceObjectByHandle. Not only it didn't make much sense (we reference the object from thread handle and the new thread object referencing the same handle!), specifying a request access of THREAD_ALL_ACCESS for the thread object is kind of suspicious and all of these access rights are unwanted. - Add some failure checks involving the CopyOnOpen code paths - Add some DPRINT1 debug prints (concerning the CopyOnOpen code paths as usual)
This commit is contained in:
George Bișoc
parent
5ee09256de
commit
5912c11650
1 changed files with 48 additions and 29 deletions
|
|
@ -4233,7 +4233,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
||||||
IN ULONG HandleAttributes,
|
IN ULONG HandleAttributes,
|
||||||
OUT PHANDLE TokenHandle)
|
OUT PHANDLE TokenHandle)
|
||||||
{
|
{
|
||||||
PETHREAD Thread, NewThread;
|
PETHREAD Thread;
|
||||||
HANDLE hToken;
|
HANDLE hToken;
|
||||||
PTOKEN Token, NewToken = NULL, PrimaryToken;
|
PTOKEN Token, NewToken = NULL, PrimaryToken;
|
||||||
BOOLEAN CopyOnOpen, EffectiveOnly;
|
BOOLEAN CopyOnOpen, EffectiveOnly;
|
||||||
|
|
@ -4307,40 +4307,53 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
||||||
|
|
||||||
if (CopyOnOpen)
|
if (CopyOnOpen)
|
||||||
{
|
{
|
||||||
Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_ALL_ACCESS,
|
PrimaryToken = PsReferencePrimaryToken(Thread->ThreadsProcess);
|
||||||
PsThreadType, KernelMode,
|
|
||||||
(PVOID*)&NewThread, NULL);
|
Status = SepCreateImpersonationTokenDacl(Token, PrimaryToken, &Dacl);
|
||||||
|
|
||||||
|
ObFastDereferenceObject(&Thread->ThreadsProcess->Token, PrimaryToken);
|
||||||
|
|
||||||
if (NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
PrimaryToken = PsReferencePrimaryToken(NewThread->ThreadsProcess);
|
if (Dacl)
|
||||||
|
|
||||||
Status = SepCreateImpersonationTokenDacl(Token, PrimaryToken, &Dacl);
|
|
||||||
|
|
||||||
ObFastDereferenceObject(&NewThread->ThreadsProcess->Token, PrimaryToken);
|
|
||||||
|
|
||||||
if (NT_SUCCESS(Status))
|
|
||||||
{
|
{
|
||||||
if (Dacl)
|
Status = RtlCreateSecurityDescriptor(&SecurityDescriptor,
|
||||||
|
SECURITY_DESCRIPTOR_REVISION);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
RtlCreateSecurityDescriptor(&SecurityDescriptor,
|
DPRINT1("NtOpenThreadTokenEx(): Failed to create a security descriptor (Status 0x%lx)\n", Status);
|
||||||
SECURITY_DESCRIPTOR_REVISION);
|
|
||||||
RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl,
|
|
||||||
FALSE);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
InitializeObjectAttributes(&ObjectAttributes, NULL, HandleAttributes,
|
Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl,
|
||||||
NULL, Dacl ? &SecurityDescriptor : NULL);
|
FALSE);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
Status = SepDuplicateToken(Token, &ObjectAttributes, EffectiveOnly,
|
|
||||||
TokenImpersonation, ImpersonationLevel,
|
|
||||||
KernelMode, &NewToken);
|
|
||||||
if (NT_SUCCESS(Status))
|
|
||||||
{
|
{
|
||||||
ObReferenceObject(NewToken);
|
DPRINT1("NtOpenThreadTokenEx(): Failed to set a DACL to the security descriptor (Status 0x%lx)\n", Status);
|
||||||
Status = ObInsertObject(NewToken, NULL, DesiredAccess, 0, NULL,
|
|
||||||
&hToken);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
InitializeObjectAttributes(&ObjectAttributes, NULL, HandleAttributes,
|
||||||
|
NULL, Dacl ? &SecurityDescriptor : NULL);
|
||||||
|
|
||||||
|
Status = SepDuplicateToken(Token, &ObjectAttributes, EffectiveOnly,
|
||||||
|
TokenImpersonation, ImpersonationLevel,
|
||||||
|
KernelMode, &NewToken);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
DPRINT1("NtOpenThreadTokenEx(): Failed to duplicate the token (Status 0x%lx)\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
ObReferenceObject(NewToken);
|
||||||
|
Status = ObInsertObject(NewToken, NULL, DesiredAccess, 0, NULL,
|
||||||
|
&hToken);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
DPRINT1("NtOpenThreadTokenEx(): Failed to insert the token object (Status 0x%lx)\n", Status);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DPRINT1("NtOpenThreadTokenEx(): Failed to impersonate token from DACL (Status 0x%lx)\n", Status);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -4348,6 +4361,10 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
||||||
Status = ObOpenObjectByPointer(Token, HandleAttributes,
|
Status = ObOpenObjectByPointer(Token, HandleAttributes,
|
||||||
NULL, DesiredAccess, SeTokenObjectType,
|
NULL, DesiredAccess, SeTokenObjectType,
|
||||||
PreviousMode, &hToken);
|
PreviousMode, &hToken);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
DPRINT1("NtOpenThreadTokenEx(): Failed to open the object (Status 0x%lx)\n", Status);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Dacl) ExFreePoolWithTag(Dacl, TAG_ACL);
|
if (Dacl) ExFreePoolWithTag(Dacl, TAG_ACL);
|
||||||
|
|
@ -4361,13 +4378,15 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
||||||
|
|
||||||
if (NT_SUCCESS(Status) && CopyOnOpen)
|
if (NT_SUCCESS(Status) && CopyOnOpen)
|
||||||
{
|
{
|
||||||
PsImpersonateClient(Thread, NewToken, FALSE, EffectiveOnly, ImpersonationLevel);
|
Status = PsImpersonateClient(Thread, NewToken, FALSE, EffectiveOnly, ImpersonationLevel);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
DPRINT1("NtOpenThreadTokenEx(): Failed to impersonate the client (Status 0x%lx)\n");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NewToken) ObDereferenceObject(NewToken);
|
if (NewToken) ObDereferenceObject(NewToken);
|
||||||
|
|
||||||
if (CopyOnOpen && NewThread) ObDereferenceObject(NewThread);
|
|
||||||
|
|
||||||
ObDereferenceObject(Thread);
|
ObDereferenceObject(Thread);
|
||||||
|
|
||||||
if (NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue