mirror of
https://github.com/reactos/reactos.git
synced 2025-08-05 00:45:43 +00:00
[NTOSKRNL] Add support for unsecure object names
This commit is contained in:
parent
0f36353551
commit
9c6037182c
1 changed files with 21 additions and 5 deletions
|
@ -814,11 +814,27 @@ ParseFromRoot:
|
||||||
/* Get the object header */
|
/* Get the object header */
|
||||||
ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject);
|
ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject);
|
||||||
|
|
||||||
/* FIXME: Check if this is a Section Object or Sym Link */
|
/*
|
||||||
/* FIXME: If it is, then check if this isn't session 0 */
|
* Deny object creation if:
|
||||||
/* FIXME: If it isn't, check for SeCreateGlobalPrivilege */
|
* That's a section object or a symbolic link
|
||||||
/* FIXME: If privilege isn't there, check for unsecure name */
|
* Which isn't in the same section that root directory
|
||||||
/* FIXME: If it isn't a known unsecure name, then fail */
|
* That doesn't have the SeCreateGlobalPrivilege
|
||||||
|
* And that is not a known unsecure name
|
||||||
|
*/
|
||||||
|
if (RootDirectory->SessionId != -1)
|
||||||
|
{
|
||||||
|
if (ObjectHeader->Type == MmSectionObjectType ||
|
||||||
|
ObjectHeader->Type == ObpSymbolicLinkObjectType)
|
||||||
|
{
|
||||||
|
if (RootDirectory->SessionId != PsGetCurrentProcessSessionId() &&
|
||||||
|
!SeSinglePrivilegeCheck(SeCreateGlobalPrivilege, AccessCheckMode) &&
|
||||||
|
!ObpIsUnsecureName(&ComponentName, BooleanFlagOn(Attributes, OBJ_CASE_INSENSITIVE)))
|
||||||
|
{
|
||||||
|
Status = STATUS_ACCESS_DENIED;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Create Object Name */
|
/* Create Object Name */
|
||||||
NewName = ExAllocatePoolWithTag(PagedPool,
|
NewName = ExAllocatePoolWithTag(PagedPool,
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue