From ba5a26559b81f6b354bbd62331c054e78b960a53 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Sat, 31 May 2003 11:10:30 +0000 Subject: [PATCH] - Implemented RtlAdjustPrivileges(). - Implemented NtAdjustPrivilegesToken() partially. - Fixed declaration of LUID. svn path=/trunk/; revision=4804 --- reactos/include/ntdll/rtl.h | 8 +- reactos/include/ntos/security.h | 8 +- reactos/lib/ntdll/def/ntdll.def | 4 +- reactos/lib/ntdll/def/ntdll.edf | 4 +- reactos/lib/ntdll/rtl/luid.c | 9 +- reactos/lib/ntdll/rtl/security.c | 79 +++++++++- reactos/ntoskrnl/include/internal/se.h | 24 +-- reactos/ntoskrnl/se/luid.c | 34 ++-- reactos/ntoskrnl/se/priv.c | 205 ++++++++++++++----------- reactos/ntoskrnl/se/token.c | 176 ++++++++++++--------- 10 files changed, 359 insertions(+), 192 deletions(-) diff --git a/reactos/include/ntdll/rtl.h b/reactos/include/ntdll/rtl.h index e041ca2493b..1e826523223 100644 --- a/reactos/include/ntdll/rtl.h +++ b/reactos/include/ntdll/rtl.h @@ -1,4 +1,4 @@ -/* $Id: rtl.h,v 1.38 2003/04/02 00:05:59 hyperion Exp $ +/* $Id: rtl.h,v 1.39 2003/05/31 11:07:00 ekohl Exp $ * */ @@ -518,6 +518,12 @@ RtlIsValidIndexHandle ( IN ULONG Index ); +NTSTATUS STDCALL +RtlAdjustPrivilege(IN ULONG Privilege, + IN BOOLEAN Enable, + IN BOOLEAN CurrentThread, + OUT PBOOLEAN Enabled); + NTSTATUS STDCALL RtlImpersonateSelf ( diff --git a/reactos/include/ntos/security.h b/reactos/include/ntos/security.h index 6fc42b58f8e..26d8ee8a5e5 100644 --- a/reactos/include/ntos/security.h +++ b/reactos/include/ntos/security.h @@ -239,7 +239,11 @@ typedef enum _ACL_INFORMATION_CLASS typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; -typedef LARGE_INTEGER LUID, *PLUID; +typedef struct _LUID +{ + ULONG LowPart; + LONG HighPart; +} LUID, *PLUID; typedef struct _SECURITY_DESCRIPTOR { @@ -255,7 +259,7 @@ typedef struct _SECURITY_DESCRIPTOR typedef struct _LUID_AND_ATTRIBUTES { LUID Luid; - DWORD Attributes; + ULONG Attributes; } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES; typedef struct _TOKEN_SOURCE diff --git a/reactos/lib/ntdll/def/ntdll.def b/reactos/lib/ntdll/def/ntdll.def index b4679970124..d6690bd7e3f 100644 --- a/reactos/lib/ntdll/def/ntdll.def +++ b/reactos/lib/ntdll/def/ntdll.def @@ -1,4 +1,4 @@ -; $Id: ntdll.def,v 1.99 2003/05/15 11:02:03 ekohl Exp $ +; $Id: ntdll.def,v 1.100 2003/05/31 11:08:08 ekohl Exp $ ; ; ReactOS Operating System ; @@ -286,7 +286,7 @@ RtlAddAtomToAtomTable@12 ;RtlAddAttributeActionToRXact RtlAddAuditAccessAce@24 ;RtlAddCompoundAce -;RtlAdjustPrivilege +RtlAdjustPrivilege@16 RtlAllocateAndInitializeSid@44 RtlAllocateHandle@8 RtlAllocateHeap@12 diff --git a/reactos/lib/ntdll/def/ntdll.edf b/reactos/lib/ntdll/def/ntdll.edf index 693ae99ff8e..1029bfc0d87 100644 --- a/reactos/lib/ntdll/def/ntdll.edf +++ b/reactos/lib/ntdll/def/ntdll.edf @@ -1,4 +1,4 @@ -; $Id: ntdll.edf,v 1.88 2003/05/15 11:02:03 ekohl Exp $ +; $Id: ntdll.edf,v 1.89 2003/05/31 11:08:08 ekohl Exp $ ; ; ReactOS Operating System ; @@ -286,7 +286,7 @@ RtlAddAtomToAtomTable=RtlAddAtomToAtomTable@12 ;RtlAddAttributeActionToRXact RtlAddAuditAccessAce=RtlAddAuditAccessAce@24 ;RtlAddCompoundAce -;RtlAdjustPrivilege +RtlAdjustPrivilege=RtlAdjustPrivilege@16 RtlAllocateAndInitializeSid=RtlAllocateAndInitializeSid@44 RtlAllocateHandle=RtlAllocateHandle@8 RtlAllocateHeap=RtlAllocateHeap@12 diff --git a/reactos/lib/ntdll/rtl/luid.c b/reactos/lib/ntdll/rtl/luid.c index 8bb2038e0ad..c11b00c11cd 100644 --- a/reactos/lib/ntdll/rtl/luid.c +++ b/reactos/lib/ntdll/rtl/luid.c @@ -1,4 +1,4 @@ -/* $Id: luid.c,v 1.5 2002/09/08 10:23:05 chorns Exp $ +/* $Id: luid.c,v 1.6 2003/05/31 11:08:50 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -13,13 +13,15 @@ #include + /* FUNCTIONS *****************************************************************/ VOID STDCALL RtlCopyLuid(PLUID LuidDest, PLUID LuidSrc) { - LuidDest->QuadPart = LuidSrc->QuadPart; + LuidDest->LowPart = LuidSrc->LowPart; + LuidDest->HighPart = LuidSrc->HighPart; } @@ -43,7 +45,8 @@ BOOLEAN STDCALL RtlEqualLuid(PLUID Luid1, PLUID Luid2) { - return((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE); + return (Luid1->LowPart == Luid2->LowPart && + Luid1->HighPart == Luid2->HighPart); } /* EOF */ diff --git a/reactos/lib/ntdll/rtl/security.c b/reactos/lib/ntdll/rtl/security.c index 21b1399a306..90d809d89cc 100644 --- a/reactos/lib/ntdll/rtl/security.c +++ b/reactos/lib/ntdll/rtl/security.c @@ -1,4 +1,4 @@ -/* $Id: security.c,v 1.7 2002/09/08 10:23:06 chorns Exp $ +/* $Id: security.c,v 1.8 2003/05/31 11:08:50 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -12,6 +12,11 @@ #include #include +#define NDEBUG +#include + + +/* FUNCTIONS ****************************************************************/ NTSTATUS STDCALL RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) @@ -62,4 +67,76 @@ RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) return(Status); } + +NTSTATUS STDCALL +RtlAdjustPrivilege(IN ULONG Privilege, + IN BOOLEAN Enable, + IN BOOLEAN CurrentThread, + OUT PBOOLEAN Enabled) +{ + TOKEN_PRIVILEGES NewState; + TOKEN_PRIVILEGES OldState; + ULONG ReturnLength; + HANDLE TokenHandle; + NTSTATUS Status; + + DPRINT1("RtlAdjustPrivilege() called\n"); + + if (CurrentThread) + { + Status = NtOpenThreadToken (NtCurrentThread (), + TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, + FALSE, + &TokenHandle); + } + else + { + Status = NtOpenProcessToken (NtCurrentProcess (), + TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, + &TokenHandle); + } + + if (!NT_SUCCESS (Status)) + { + DPRINT1("Retrieving token handle failed (Status %lx)\n", Status); + return Status; + } + + NewState.PrivilegeCount = 1; + NewState.Privileges[0].Luid.LowPart = Privilege; + NewState.Privileges[0].Luid.HighPart = 0; + NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0; + + Status = NtAdjustPrivilegesToken (TokenHandle, + FALSE, + &NewState, + sizeof(TOKEN_PRIVILEGES), + &OldState, + &ReturnLength); + NtClose (TokenHandle); + if (Status == STATUS_NOT_ALL_ASSIGNED) + { + DPRINT1("Failed to assign all privileges\n"); + return STATUS_PRIVILEGE_NOT_HELD; + } + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status); + return Status; + } + + if (OldState.PrivilegeCount == 0) + { + *Enabled = Enable; + } + else + { + *Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED); + } + + DPRINT1("RtlAdjustPrivilege() done\n"); + + return STATUS_SUCCESS; +} + /* EOF */ diff --git a/reactos/ntoskrnl/include/internal/se.h b/reactos/ntoskrnl/include/internal/se.h index 6a401d81cf7..a646e21a253 100644 --- a/reactos/ntoskrnl/include/internal/se.h +++ b/reactos/ntoskrnl/include/internal/se.h @@ -120,15 +120,21 @@ NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process, PACCESS_TOKEN NewToken, PACCESS_TOKEN* OldTokenP); -NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, - ULONG PrivilegeCount, - KPROCESSOR_MODE PreviousMode, - PLUID_AND_ATTRIBUTES AllocatedMem, - ULONG AllocatedLength, - POOL_TYPE PoolType, - ULONG d, - PLUID_AND_ATTRIBUTES* Dest, - PULONG Length); +NTSTATUS +SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, + ULONG PrivilegeCount, + KPROCESSOR_MODE PreviousMode, + PLUID_AND_ATTRIBUTES AllocatedMem, + ULONG AllocatedLength, + POOL_TYPE PoolType, + ULONG d, + PLUID_AND_ATTRIBUTES* Dest, + PULONG Length); + +VOID +SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, + KPROCESSOR_MODE PreviousMode, + ULONG a); #endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */ diff --git a/reactos/ntoskrnl/se/luid.c b/reactos/ntoskrnl/se/luid.c index f7215a5f1b1..9edbf0db0e5 100644 --- a/reactos/ntoskrnl/se/luid.c +++ b/reactos/ntoskrnl/se/luid.c @@ -1,4 +1,4 @@ -/* $Id: luid.c,v 1.6 2002/09/08 10:23:43 chorns Exp $ +/* $Id: luid.c,v 1.7 2003/05/31 11:10:30 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -19,7 +19,9 @@ static KSPIN_LOCK LuidLock; static LARGE_INTEGER LuidIncrement; -static LUID Luid; +static LARGE_INTEGER LuidValue; + +#define SYSTEM_LUID 0x3E7; /* FUNCTIONS *****************************************************************/ @@ -27,25 +29,27 @@ VOID SepInitLuid(VOID) { KeInitializeSpinLock(&LuidLock); - Luid.QuadPart = 999; /* SYSTEM_LUID */ + LuidValue.QuadPart = SYSTEM_LUID; LuidIncrement.QuadPart = 1; } NTSTATUS STDCALL -NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId) +NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId) { - KIRQL oldIrql; - LUID ReturnedLuid; + LARGE_INTEGER ReturnedLuid; + KIRQL Irql; KeAcquireSpinLock(&LuidLock, - &oldIrql); - ReturnedLuid = Luid; - Luid = RtlLargeIntegerAdd(Luid, - LuidIncrement); + &Irql); + ReturnedLuid = LuidValue; + LuidValue = RtlLargeIntegerAdd(LuidValue, + LuidIncrement); KeReleaseSpinLock(&LuidLock, - oldIrql); - *LocallyUniqueId = ReturnedLuid; + Irql); + + LocallyUniqueId->LowPart = ReturnedLuid.u.LowPart; + LocallyUniqueId->HighPart = ReturnedLuid.u.HighPart; return(STATUS_SUCCESS); } @@ -55,7 +59,8 @@ VOID STDCALL RtlCopyLuid(IN PLUID LuidDest, IN PLUID LuidSrc) { - LuidDest->QuadPart = LuidSrc->QuadPart; + LuidDest->LowPart = LuidSrc->LowPart; + LuidDest->HighPart = LuidSrc->HighPart; } @@ -63,7 +68,8 @@ BOOLEAN STDCALL RtlEqualLuid(IN PLUID Luid1, IN PLUID Luid2) { - return((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE); + return (Luid1->LowPart == Luid2->LowPart && + Luid1->HighPart == Luid2->HighPart); } /* EOF */ diff --git a/reactos/ntoskrnl/se/priv.c b/reactos/ntoskrnl/se/priv.c index a23149febb4..cfa4c3fa790 100644 --- a/reactos/ntoskrnl/se/priv.c +++ b/reactos/ntoskrnl/se/priv.c @@ -1,4 +1,4 @@ -/* $Id: priv.c,v 1.5 2002/09/08 10:23:43 chorns Exp $ +/* $Id: priv.c,v 1.6 2003/05/31 11:10:30 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -47,102 +47,124 @@ LUID SeRemoteShutdownPrivilege; /* FUNCTIONS ***************************************************************/ VOID -SepInitPrivileges(VOID) +SepInitPrivileges (VOID) { - SeCreateTokenPrivilege.QuadPart = SE_CREATE_TOKEN_PRIVILEGE; - SeAssignPrimaryTokenPrivilege.QuadPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE; - SeLockMemoryPrivilege.QuadPart = SE_LOCK_MEMORY_PRIVILEGE; - SeIncreaseQuotaPrivilege.QuadPart = SE_INCREASE_QUOTA_PRIVILEGE; - SeUnsolicitedInputPrivilege.QuadPart = SE_UNSOLICITED_INPUT_PRIVILEGE; - SeTcbPrivilege.QuadPart = SE_TCB_PRIVILEGE; - SeSecurityPrivilege.QuadPart = SE_SECURITY_PRIVILEGE; - SeTakeOwnershipPrivilege.QuadPart = SE_TAKE_OWNERSHIP_PRIVILEGE; - SeLoadDriverPrivilege.QuadPart = SE_LOAD_DRIVER_PRIVILEGE; - SeSystemProfilePrivilege.QuadPart = SE_SYSTEM_PROFILE_PRIVILEGE; - SeSystemtimePrivilege.QuadPart = SE_SYSTEMTIME_PRIVILEGE; - SeProfileSingleProcessPrivilege.QuadPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE; - SeIncreaseBasePriorityPrivilege.QuadPart = SE_INC_BASE_PRIORITY_PRIVILEGE; - SeCreatePagefilePrivilege.QuadPart = SE_CREATE_PAGEFILE_PRIVILEGE; - SeCreatePermanentPrivilege.QuadPart = SE_CREATE_PERMANENT_PRIVILEGE; - SeBackupPrivilege.QuadPart = SE_BACKUP_PRIVILEGE; - SeRestorePrivilege.QuadPart = SE_RESTORE_PRIVILEGE; - SeShutdownPrivilege.QuadPart = SE_SHUTDOWN_PRIVILEGE; - SeDebugPrivilege.QuadPart = SE_DEBUG_PRIVILEGE; - SeAuditPrivilege.QuadPart = SE_AUDIT_PRIVILEGE; - SeSystemEnvironmentPrivilege.QuadPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE; - SeChangeNotifyPrivilege.QuadPart = SE_CHANGE_NOTIFY_PRIVILEGE; - SeRemoteShutdownPrivilege.QuadPart = SE_REMOTE_SHUTDOWN_PRIVILEGE; + SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE; + SeCreateTokenPrivilege.HighPart = 0; + SeAssignPrimaryTokenPrivilege.LowPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE; + SeAssignPrimaryTokenPrivilege.HighPart = 0; + SeLockMemoryPrivilege.LowPart = SE_LOCK_MEMORY_PRIVILEGE; + SeLockMemoryPrivilege.HighPart = 0; + SeIncreaseQuotaPrivilege.LowPart = SE_INCREASE_QUOTA_PRIVILEGE; + SeIncreaseQuotaPrivilege.HighPart = 0; + SeUnsolicitedInputPrivilege.LowPart = SE_UNSOLICITED_INPUT_PRIVILEGE; + SeUnsolicitedInputPrivilege.HighPart = 0; + SeTcbPrivilege.LowPart = SE_TCB_PRIVILEGE; + SeTcbPrivilege.HighPart = 0; + SeSecurityPrivilege.LowPart = SE_SECURITY_PRIVILEGE; + SeSecurityPrivilege.HighPart = 0; + SeTakeOwnershipPrivilege.LowPart = SE_TAKE_OWNERSHIP_PRIVILEGE; + SeTakeOwnershipPrivilege.HighPart = 0; + SeLoadDriverPrivilege.LowPart = SE_LOAD_DRIVER_PRIVILEGE; + SeLoadDriverPrivilege.HighPart = 0; + SeSystemProfilePrivilege.LowPart = SE_SYSTEM_PROFILE_PRIVILEGE; + SeSystemProfilePrivilege.HighPart = 0; + SeSystemtimePrivilege.LowPart = SE_SYSTEMTIME_PRIVILEGE; + SeSystemtimePrivilege.HighPart = 0; + SeProfileSingleProcessPrivilege.LowPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE; + SeProfileSingleProcessPrivilege.HighPart = 0; + SeIncreaseBasePriorityPrivilege.LowPart = SE_INC_BASE_PRIORITY_PRIVILEGE; + SeIncreaseBasePriorityPrivilege.HighPart = 0; + SeCreatePagefilePrivilege.LowPart = SE_CREATE_PAGEFILE_PRIVILEGE; + SeCreatePagefilePrivilege.HighPart = 0; + SeCreatePermanentPrivilege.LowPart = SE_CREATE_PERMANENT_PRIVILEGE; + SeCreatePermanentPrivilege.HighPart = 0; + SeBackupPrivilege.LowPart = SE_BACKUP_PRIVILEGE; + SeBackupPrivilege.HighPart = 0; + SeRestorePrivilege.LowPart = SE_RESTORE_PRIVILEGE; + SeRestorePrivilege.HighPart = 0; + SeShutdownPrivilege.LowPart = SE_SHUTDOWN_PRIVILEGE; + SeShutdownPrivilege.HighPart = 0; + SeDebugPrivilege.LowPart = SE_DEBUG_PRIVILEGE; + SeDebugPrivilege.HighPart = 0; + SeAuditPrivilege.LowPart = SE_AUDIT_PRIVILEGE; + SeAuditPrivilege.HighPart = 0; + SeSystemEnvironmentPrivilege.LowPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE; + SeSystemEnvironmentPrivilege.HighPart = 0; + SeChangeNotifyPrivilege.LowPart = SE_CHANGE_NOTIFY_PRIVILEGE; + SeChangeNotifyPrivilege.HighPart = 0; + SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE; + SeRemoteShutdownPrivilege.HighPart = 0; } -BOOLEAN SepPrivilegeCheck(PACCESS_TOKEN Token, - PLUID_AND_ATTRIBUTES Privileges, - ULONG PrivilegeCount, - ULONG PrivilegeControl, - KPROCESSOR_MODE PreviousMode) +BOOLEAN +SepPrivilegeCheck (PACCESS_TOKEN Token, + PLUID_AND_ATTRIBUTES Privileges, + ULONG PrivilegeCount, + ULONG PrivilegeControl, + KPROCESSOR_MODE PreviousMode) { - ULONG i; - PLUID_AND_ATTRIBUTES Current; - ULONG j; - ULONG k; - - if (PreviousMode == KernelMode) - { - return(TRUE); - } - - j = 0; - if (PrivilegeCount != 0) - { - k = PrivilegeCount; - do - { - i = Token->PrivilegeCount; - Current = Token->Privileges; - for (i = 0; i < Token->PrivilegeCount; i++) - { - if (!(Current[i].Attributes & SE_PRIVILEGE_ENABLED) && - Privileges[i].Luid.u.LowPart == - Current[i].Luid.u.LowPart && - Privileges[i].Luid.u.HighPart == - Current[i].Luid.u.HighPart) - { - Privileges[i].Attributes = - Privileges[i].Attributes | - SE_PRIVILEGE_USED_FOR_ACCESS; - j++; - break; - } - } - k--; - } while (k > 0); - } - - if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) && - PrivilegeCount == j) - { - return(TRUE); - } - - if (j > 0 && - !(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY)) - { - return(TRUE); - } + PLUID_AND_ATTRIBUTES Current; + ULONG i; + ULONG j; + ULONG k; - return(FALSE); + if (PreviousMode == KernelMode) + { + return TRUE; + } + + j = 0; + if (PrivilegeCount != 0) + { + k = PrivilegeCount; + do + { + i = Token->PrivilegeCount; + Current = Token->Privileges; + for (i = 0; i < Token->PrivilegeCount; i++) + { + if (!(Current[i].Attributes & SE_PRIVILEGE_ENABLED) && + Privileges[i].Luid.LowPart == Current[i].Luid.LowPart && + Privileges[i].Luid.HighPart == Current[i].Luid.HighPart) + { + Privileges[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS; + j++; + break; + } + } + k--; + } + while (k > 0); + } + + if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) && + PrivilegeCount == j) + { + return TRUE; + } + + if (j > 0 && + !(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY)) + { + return TRUE; + } + + return FALSE; } -NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, - ULONG PrivilegeCount, - KPROCESSOR_MODE PreviousMode, - PLUID_AND_ATTRIBUTES AllocatedMem, - ULONG AllocatedLength, - POOL_TYPE PoolType, - ULONG d, - PLUID_AND_ATTRIBUTES* Dest, - PULONG Length) +NTSTATUS +SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src, + ULONG PrivilegeCount, + KPROCESSOR_MODE PreviousMode, + PLUID_AND_ATTRIBUTES AllocatedMem, + ULONG AllocatedLength, + POOL_TYPE PoolType, + ULONG d, + PLUID_AND_ATTRIBUTES* Dest, + PULONG Length) { PLUID_AND_ATTRIBUTES* NewMem; ULONG SrcLength; @@ -181,14 +203,16 @@ NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, return(STATUS_SUCCESS); } + VOID SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, ULONG a) { - ExFreePool(Privilege); + ExFreePool(Privilege); } + NTSTATUS STDCALL NtPrivilegeCheck(IN HANDLE ClientToken, IN PPRIVILEGE_SET RequiredPrivileges, @@ -246,6 +270,7 @@ NtPrivilegeCheck(IN HANDLE ClientToken, return(STATUS_SUCCESS); } + BOOLEAN STDCALL SePrivilegeCheck(PPRIVILEGE_SET Privileges, PSECURITY_SUBJECT_CONTEXT SubjectContext, @@ -273,6 +298,7 @@ SePrivilegeCheck(PPRIVILEGE_SET Privileges, PreviousMode)); } + BOOLEAN STDCALL SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode) @@ -304,3 +330,4 @@ SeSinglePrivilegeCheck(IN LUID PrivilegeValue, return(r); } +/* EOF */ diff --git a/reactos/ntoskrnl/se/token.c b/reactos/ntoskrnl/se/token.c index 97f8c69f982..96e92ec5e6e 100644 --- a/reactos/ntoskrnl/se/token.c +++ b/reactos/ntoskrnl/se/token.c @@ -1,4 +1,4 @@ -/* $Id: token.c,v 1.22 2002/10/25 21:48:00 chorns Exp $ +/* $Id: token.c,v 1.23 2003/05/31 11:10:30 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -172,10 +172,14 @@ SepDuplicateToken(PACCESS_TOKEN Token, AccessToken->TokenInUse = 0; AccessToken->TokenType = TokenType; AccessToken->ImpersonationLevel = Level; - AccessToken->AuthenticationId.QuadPart = SYSTEM_LUID; + AccessToken->AuthenticationId.LowPart = SYSTEM_LUID; + AccessToken->AuthenticationId.HighPart = 0; - AccessToken->TokenSource.SourceIdentifier.QuadPart = Token->TokenSource.SourceIdentifier.QuadPart; - memcpy(AccessToken->TokenSource.SourceName, Token->TokenSource.SourceName, sizeof(Token->TokenSource.SourceName)); + AccessToken->TokenSource.SourceIdentifier.LowPart = Token->TokenSource.SourceIdentifier.LowPart; + AccessToken->TokenSource.SourceIdentifier.HighPart = Token->TokenSource.SourceIdentifier.HighPart; + memcpy(AccessToken->TokenSource.SourceName, + Token->TokenSource.SourceName, + sizeof(Token->TokenSource.SourceName)); AccessToken->ExpirationTime.QuadPart = Token->ExpirationTime.QuadPart; AccessToken->UserAndGroupCount = Token->UserAndGroupCount; AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex; @@ -820,54 +824,53 @@ NtAdjustGroupsToken(IN HANDLE TokenHandle, #if 0 -NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8 - ULONG a, // 0xC - KPROCESSOR_MODE PreviousMode, // 0x10 - ULONG PrivilegeCount, // 0x14 - PLUID_AND_ATTRIBUTES Privileges, // 0x18 - PTOKEN_PRIVILEGES* PreviousState, // 0x1C - PULONG b, // 0x20 - PULONG c, // 0x24 - PULONG d) // 0x28 +NTSTATUS +SepAdjustPrivileges(PACCESS_TOKEN Token, + ULONG a, + KPROCESSOR_MODE PreviousMode, + ULONG PrivilegeCount, + PLUID_AND_ATTRIBUTES Privileges, + PTOKEN_PRIVILEGES* PreviousState, + PULONG b, + PULONG c, + PULONG d) { - ULONG i; - - *c = 0; - if (Token->PrivilegeCount > 0) - { - for (i=0; iPrivilegeCount; i++) - { - if (PreviousMode != 0) - { - if (!(Token->Privileges[i]->Attributes & - SE_PRIVILEGE_ENABLED)) + ULONG i; + + *c = 0; + + if (Token->PrivilegeCount > 0) + { + for (i = 0; i < Token->PrivilegeCount; i++) + { + if (PreviousMode != KernelMode) + { + if (Token->Privileges[i]->Attributes & SE_PRIVILEGE_ENABLED == 0) + { + if (a != 0) { - if (a != 0) - { - if (PreviousState != NULL) - { - memcpy(&PreviousState[i], - &Token->Privileges[i], - sizeof(LUID_AND_ATTRIBUTES)); - } - Token->Privileges[i].Attributes = - Token->Privileges[i].Attributes & - (~SE_PRIVILEGE_ENABLED); - } + if (PreviousState != NULL) + { + memcpy(&PreviousState[i], + &Token->Privileges[i], + sizeof(LUID_AND_ATTRIBUTES)); + } + Token->Privileges[i].Attributes &= (~SE_PRIVILEGE_ENABLED); } - } - } - } - if (PreviousMode != 0) - { - Token->TokenFlags = Token->TokenFlags & (~1); - } - else - { - if (PrivilegeCount <= ?) - { - - } + } + } + } + } + + if (PreviousMode != KernelMode) + { + Token->TokenFlags = Token->TokenFlags & (~1); + } + else + { + if (PrivilegeCount <= ?) + { + } } if ( } @@ -882,37 +885,69 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle, OUT PTOKEN_PRIVILEGES PreviousState, OUT PULONG ReturnLength) { + PLUID_AND_ATTRIBUTES Privileges; + KPROCESSOR_MODE PreviousMode; + ULONG PrivilegeCount; + PACCESS_TOKEN Token; + ULONG Length; #if 0 - ULONG PrivilegeCount; - ULONG Length; - PSID_AND_ATTRIBUTES Privileges; ULONG a; ULONG b; ULONG c; - - PrivilegeCount = NewState->PrivilegeCount; - - SeCaptureLuidAndAttributesArray(NewState->Privileges, - &PrivilegeCount, - KeGetPreviousMode(), - NULL, - 0, - NonPagedPool, - 1, - &Privileges. - &Length); +#endif + NTSTATUS Status; + + DPRINT1("NtAdjustPrivilegesToken() called\n"); + + PrivilegeCount = NewState->PrivilegeCount; + PreviousMode = KeGetPreviousMode(); + SeCaptureLuidAndAttributesArray(NewState->Privileges, + PrivilegeCount, + PreviousMode, + NULL, + 0, + NonPagedPool, + 1, + &Privileges, + &Length); + + Status = ObReferenceObjectByHandle(TokenHandle, + TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, + SepTokenObjectType, + PreviousMode, + (PVOID*)&Token, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("Failed to reference token (Status %lx)\n", Status); + SeReleaseLuidAndAttributesArray(Privileges, + PreviousMode, + 0); + return(Status); + } + + +#if 0 SepAdjustPrivileges(Token, 0, - KeGetPreviousMode(), + PreviousMode, PrivilegeCount, Privileges, PreviousState, &a, &b, &c); -#else - UNIMPLEMENTED; #endif + + ObDereferenceObject(Token); + + SeReleaseLuidAndAttributesArray(Privileges, + PreviousMode, + 0); + + DPRINT1("NtAdjustPrivilegesToken() done\n"); + + return STATUS_SUCCESS; } @@ -955,11 +990,13 @@ SepCreateSystemProcessToken(struct _EPROCESS* Process) return(Status); } - AccessToken->AuthenticationId.QuadPart = SYSTEM_LUID; + AccessToken->AuthenticationId.LowPart = SYSTEM_LUID; + AccessToken->AuthenticationId.HighPart = 0; AccessToken->TokenType = TokenPrimary; AccessToken->ImpersonationLevel = SecurityDelegation; - AccessToken->TokenSource.SourceIdentifier.QuadPart = 0; + AccessToken->TokenSource.SourceIdentifier.LowPart = 0; + AccessToken->TokenSource.SourceIdentifier.HighPart = 0; memcpy(AccessToken->TokenSource.SourceName, "SeMgr\0\0\0", 8); AccessToken->ExpirationTime.QuadPart = -1; AccessToken->UserAndGroupCount = 4; @@ -1106,6 +1143,7 @@ SepCreateSystemProcessToken(struct _EPROCESS* Process) return(STATUS_SUCCESS); } + NTSTATUS STDCALL NtCreateToken(OUT PHANDLE UnsafeTokenHandle, IN ACCESS_MASK DesiredAccess,