Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-29 01:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS]

Browse source 
- Fix disabling impersonation in PsDisableImpersonation, and
- Fix how we do restore impersonation in NtOpenThreadTokenEx.
Patch by Thomas Faber,
CORE-7476 #comment Patch committed in revision 60301, thanks :). Please retest the bug.

svn path=/trunk/; revision=60301
This commit is contained in:
Hermès Bélusca-Maïto 2013-09-22 00:26:31 +00:00
parent ccafea6eee
commit cb93b06d35
2 changed files with 10 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
reactos/ntoskrnl/ps/security.c
View file

@ -820,10 +820,10 @@ PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
BOOLEAN BOOLEAN
NTAPI NTAPI
PsDisableImpersonation(IN PETHREAD Thread, PsDisableImpersonation(IN PETHREAD Thread,
IN PSE_IMPERSONATION_STATE ImpersonationState) OUT PSE_IMPERSONATION_STATE ImpersonationState)
{ {
PPS_IMPERSONATION_INFORMATION Impersonation = NULL; PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
LONG NewValue, OldValue; LONG OldFlags;
PAGED_CODE(); PAGED_CODE();
PSTRACE(PS_SECURITY_DEBUG, PSTRACE(PS_SECURITY_DEBUG,
"Thread: %p State: %p\n", Thread, ImpersonationState); "Thread: %p State: %p\n", Thread, ImpersonationState);
@ -835,19 +835,11 @@ PsDisableImpersonation(IN PETHREAD Thread,
PspLockThreadSecurityExclusive(Thread); PspLockThreadSecurityExclusive(Thread);
/* Disable impersonation */ /* Disable impersonation */
OldValue = Thread->CrossThreadFlags; OldFlags = PspClearCrossThreadFlag(Thread,
do CT_ACTIVE_IMPERSONATION_INFO_BIT);
{
/* Attempt to change the flag */
NewValue =
InterlockedCompareExchange((PLONG)&Thread->CrossThreadFlags,
OldValue &~
CT_ACTIVE_IMPERSONATION_INFO_BIT,
OldValue);
} while (NewValue != OldValue);
/* Make sure nobody disabled it behind our back */ /* Make sure nobody disabled it behind our back */
if (NewValue & CT_ACTIVE_IMPERSONATION_INFO_BIT) if (OldFlags & CT_ACTIVE_IMPERSONATION_INFO_BIT)
{ {
/* Copy the old state */ /* Copy the old state */
Impersonation = Thread->ImpersonationInfo; Impersonation = Thread->ImpersonationInfo;

8
reactos/ntoskrnl/se/token.c
View file

@ -1065,7 +1065,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
PTOKEN Token; PTOKEN Token;
ULONG RequiredLength; ULONG RequiredLength;
KPROCESSOR_MODE PreviousMode; KPROCESSOR_MODE PreviousMode;
NTSTATUS Status = STATUS_SUCCESS; NTSTATUS Status;
PAGED_CODE(); PAGED_CODE();
@ -2429,6 +2429,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
PACL Dacl = NULL; PACL Dacl = NULL;
KPROCESSOR_MODE PreviousMode; KPROCESSOR_MODE PreviousMode;
NTSTATUS Status; NTSTATUS Status;
BOOLEAN RestoreImpersonation = FALSE;
PAGED_CODE(); PAGED_CODE();
@ -2482,7 +2483,8 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
if (OpenAsSelf) if (OpenAsSelf)
{ {
PsDisableImpersonation(PsGetCurrentThread(), &ImpersonationState); RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
&ImpersonationState);
} }
if (CopyOnOpen) if (CopyOnOpen)
@ -2533,7 +2535,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL); if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL);
if (OpenAsSelf) if (RestoreImpersonation)
{ {
PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState); PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
} }