mirror of
https://github.com/reactos/reactos.git
synced 2024-06-29 01:12:06 +00:00
[NTOS]
- Fix disabling impersonation in PsDisableImpersonation, and - Fix how we do restore impersonation in NtOpenThreadTokenEx. Patch by Thomas Faber, CORE-7476 #comment Patch committed in revision 60301, thanks :). Please retest the bug. svn path=/trunk/; revision=60301
This commit is contained in:
parent
ccafea6eee
commit
cb93b06d35
|
@ -820,10 +820,10 @@ PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
NTAPI
|
NTAPI
|
||||||
PsDisableImpersonation(IN PETHREAD Thread,
|
PsDisableImpersonation(IN PETHREAD Thread,
|
||||||
IN PSE_IMPERSONATION_STATE ImpersonationState)
|
OUT PSE_IMPERSONATION_STATE ImpersonationState)
|
||||||
{
|
{
|
||||||
PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
|
PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
|
||||||
LONG NewValue, OldValue;
|
LONG OldFlags;
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
PSTRACE(PS_SECURITY_DEBUG,
|
PSTRACE(PS_SECURITY_DEBUG,
|
||||||
"Thread: %p State: %p\n", Thread, ImpersonationState);
|
"Thread: %p State: %p\n", Thread, ImpersonationState);
|
||||||
|
@ -835,19 +835,11 @@ PsDisableImpersonation(IN PETHREAD Thread,
|
||||||
PspLockThreadSecurityExclusive(Thread);
|
PspLockThreadSecurityExclusive(Thread);
|
||||||
|
|
||||||
/* Disable impersonation */
|
/* Disable impersonation */
|
||||||
OldValue = Thread->CrossThreadFlags;
|
OldFlags = PspClearCrossThreadFlag(Thread,
|
||||||
do
|
CT_ACTIVE_IMPERSONATION_INFO_BIT);
|
||||||
{
|
|
||||||
/* Attempt to change the flag */
|
|
||||||
NewValue =
|
|
||||||
InterlockedCompareExchange((PLONG)&Thread->CrossThreadFlags,
|
|
||||||
OldValue &~
|
|
||||||
CT_ACTIVE_IMPERSONATION_INFO_BIT,
|
|
||||||
OldValue);
|
|
||||||
} while (NewValue != OldValue);
|
|
||||||
|
|
||||||
/* Make sure nobody disabled it behind our back */
|
/* Make sure nobody disabled it behind our back */
|
||||||
if (NewValue & CT_ACTIVE_IMPERSONATION_INFO_BIT)
|
if (OldFlags & CT_ACTIVE_IMPERSONATION_INFO_BIT)
|
||||||
{
|
{
|
||||||
/* Copy the old state */
|
/* Copy the old state */
|
||||||
Impersonation = Thread->ImpersonationInfo;
|
Impersonation = Thread->ImpersonationInfo;
|
||||||
|
|
|
@ -1065,7 +1065,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
PTOKEN Token;
|
PTOKEN Token;
|
||||||
ULONG RequiredLength;
|
ULONG RequiredLength;
|
||||||
KPROCESSOR_MODE PreviousMode;
|
KPROCESSOR_MODE PreviousMode;
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
NTSTATUS Status;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
|
@ -2429,6 +2429,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
||||||
PACL Dacl = NULL;
|
PACL Dacl = NULL;
|
||||||
KPROCESSOR_MODE PreviousMode;
|
KPROCESSOR_MODE PreviousMode;
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
|
BOOLEAN RestoreImpersonation = FALSE;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
|
@ -2482,7 +2483,8 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
||||||
|
|
||||||
if (OpenAsSelf)
|
if (OpenAsSelf)
|
||||||
{
|
{
|
||||||
PsDisableImpersonation(PsGetCurrentThread(), &ImpersonationState);
|
RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
|
||||||
|
&ImpersonationState);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (CopyOnOpen)
|
if (CopyOnOpen)
|
||||||
|
@ -2533,7 +2535,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
||||||
|
|
||||||
if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL);
|
if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL);
|
||||||
|
|
||||||
if (OpenAsSelf)
|
if (RestoreImpersonation)
|
||||||
{
|
{
|
||||||
PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
|
PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue