- Fix NPX check in context switcher.

- Fix ObLogSecurityDescriptor. - Fix some missing features in SeAccessCheck. svn path=/trunk/; revision=26140
2024-06-29 01:12:06 +00:00 · 2007-03-19 19:05:39 +00:00 · 2007-03-19 19:05:39 +00:00 · 71e781df12
parent 1d2fd8ac1f
commit 71e781df12
3 changed files with 80 additions and 27 deletions
--- a/reactos/ntoskrnl/ke/i386/ctxswitch.S
+++ b/reactos/ntoskrnl/ke/i386/ctxswitch.S
@ -550,7 +550,7 @@ NewCr0:
    /* Assert NPX State */
    test byte ptr [esi+KTHREAD_NPX_STATE], ~(NPX_STATE_NOT_LOADED)
    jnz InvalidNpx
-    test dword ptr [eax - (NPX_FRAME_LENGTH - FN_CR0_NPX_STATE)], ~(CR0_MP + CR0_EM + CR0_TS)
+    test dword ptr [eax - (NPX_FRAME_LENGTH - FN_CR0_NPX_STATE)], ~(CR0_PE + CR0_MP + CR0_EM + CR0_TS)
    jnz InvalidNpx
 #endif

--- a/reactos/ntoskrnl/ob/sdcache.c
+++ b/reactos/ntoskrnl/ob/sdcache.c
@ -371,11 +371,13 @@ ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,
 {
    /* HACK: Return the same descriptor back */
    PISECURITY_DESCRIPTOR SdCopy;
-    DPRINT1("ObLogSecurityDescriptor is not implemented!\n",
-            InputSecurityDescriptor);
+    ULONG Length;
+    DPRINT("ObLogSecurityDescriptor is not implemented!\n",
+           InputSecurityDescriptor);

-    SdCopy = ExAllocatePool(PagedPool, sizeof(*SdCopy));
-    RtlCopyMemory(SdCopy, InputSecurityDescriptor, sizeof(*SdCopy));
+    Length = RtlLengthSecurityDescriptor(InputSecurityDescriptor);
+    SdCopy = ExAllocatePool(PagedPool, Length);
+    RtlCopyMemory(SdCopy, InputSecurityDescriptor, Length);
    *OutputSecurityDescriptor = SdCopy;
    return STATUS_SUCCESS;
 }
--- a/reactos/ntoskrnl/se/semgr.c
+++ b/reactos/ntoskrnl/se/semgr.c
@ -911,38 +911,87 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 	      OUT PACCESS_MASK GrantedAccess,
 	      OUT PNTSTATUS AccessStatus)
 {
-  LUID_AND_ATTRIBUTES Privilege;
-  ACCESS_MASK CurrentAccess, AccessMask;
-  PACCESS_TOKEN Token;
-  ULONG i;
-  PACL Dacl;
-  BOOLEAN Present;
-  BOOLEAN Defaulted;
-  PACE CurrentAce;
-  PSID Sid;
-  NTSTATUS Status;
+    LUID_AND_ATTRIBUTES Privilege;
+    ACCESS_MASK CurrentAccess, AccessMask;
+    PACCESS_TOKEN Token;
+    ULONG i;
+    PACL Dacl;
+    BOOLEAN Present;
+    BOOLEAN Defaulted;
+    PACE CurrentAce;
+    PSID Sid;
+    NTSTATUS Status;
+    PAGED_CODE();

-  PAGED_CODE();
+    /* Check if this is kernel mode */
+    if (AccessMode == KernelMode)
+    {
+        /* Check if kernel wants everything */
+        if (DesiredAccess & MAXIMUM_ALLOWED)
+        {
+            /* Give it */
+            *GrantedAccess = GenericMapping->GenericAll;
+            *GrantedAccess |= (DesiredAccess &~ MAXIMUM_ALLOWED);
+            *GrantedAccess |= PreviouslyGrantedAccess;
+        }
+        else
+        {
+            /* Give the desired and previous access */
+            *GrantedAccess = DesiredAccess | PreviouslyGrantedAccess;
+        }
+
+        /* Success */
+        *AccessStatus = STATUS_SUCCESS;
+        return TRUE;
+    }
+
+    /* Check if we didn't get an SD */
+    if (!SecurityDescriptor)
+    {
+        /* Automatic failure */
+        *AccessStatus = STATUS_ACCESS_DENIED;
+        return FALSE;
+    }
+
+    /* Check for invalid impersonation */
+    if ((SubjectSecurityContext->ClientToken) &&
+        (SubjectSecurityContext->ImpersonationLevel < SecurityImpersonation))
+    {
+        *AccessStatus = STATUS_BAD_IMPERSONATION_LEVEL;
+        return FALSE;
+    }
+
+    /* Check for no access desired */
+    if (!DesiredAccess)
+    {
+        /* Check if we had no previous access */
+        if (!PreviouslyGrantedAccess)
+        {
+            /* Then there's nothing to give */
+            *AccessStatus = STATUS_ACCESS_DENIED;
+            return FALSE;
+        }
+
+        /* Return the previous access only */
+        *GrantedAccess = PreviouslyGrantedAccess;
+        *AccessStatus = STATUS_SUCCESS;
+        *Privileges = NULL;
+        return TRUE;
+    }
+
+    /* Acquire the lock if needed */
+    if (!SubjectContextLocked) SeLockSubjectContext(SubjectSecurityContext);

  /* Map given accesses */
  RtlMapGenericMask(&DesiredAccess, GenericMapping);
  if (PreviouslyGrantedAccess)
    RtlMapGenericMask(&PreviouslyGrantedAccess, GenericMapping);

-  /* Check if we didn't get an SD */
-  if (!SecurityDescriptor)
-  {
-      /* Automatic failure */
-      *AccessStatus = STATUS_ACCESS_DENIED;
-      return FALSE;
-  }
+

  CurrentAccess = PreviouslyGrantedAccess;

-  if (SubjectContextLocked == FALSE)
-    {
-      SeLockSubjectContext(SubjectSecurityContext);
-    }
+

  Token = SubjectSecurityContext->ClientToken ?
 	    SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken;
@ -1077,7 +1126,9 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
            }
        }
        else
+        {
          DPRINT1("Unknown Ace type 0x%lx\n", CurrentAce->Header.AceType);
+      }
        CurrentAce = (PACE)((ULONG_PTR)CurrentAce + CurrentAce->Header.AceSize);
    }