Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 01:55:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

Rollback last change, since we found out that IoCreateFile can accept

Browse source 
usermode parameters too

svn path=/trunk/; revision=13254
This commit is contained in:
Gé van Geldorp 2005-01-24 21:21:17 +00:00
parent 4b48677143
commit d4d3631bfe
5 changed files with 83 additions and 896 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
reactos/ntoskrnl/include/internal/safe.h
View file

@ -21,28 +21,4 @@ RtlReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString,
IN KPROCESSOR_MODE CurrentMode, IN KPROCESSOR_MODE CurrentMode,
IN BOOLEAN CaptureIfKernel); IN BOOLEAN CaptureIfKernel);
NTSTATUS #endif /* __NTOSKRNL_INCLUDE_INTERNAL_SAFE_Hb */
RtlCaptureSecurityDescriptor(OUT PSECURITY_DESCRIPTOR Dest,
IN KPROCESSOR_MODE PreviousMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
IN PSECURITY_DESCRIPTOR UnsafeSrc);
VOID
RtlReleaseCapturedSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
IN KPROCESSOR_MODE CurrentMode,
IN BOOLEAN CaptureIfKernel);
NTSTATUS
RtlCaptureObjectAttributes(OUT POBJECT_ATTRIBUTES Dest,
IN KPROCESSOR_MODE CurrentMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
IN POBJECT_ATTRIBUTES UnsafeSrc);
VOID
RtlReleaseCapturedObjectAttributes(IN POBJECT_ATTRIBUTES CapturedObjectAttributes,
IN KPROCESSOR_MODE CurrentMode,
IN BOOLEAN CaptureIfKernel);
#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SAFE_H */

239
reactos/ntoskrnl/io/create.c
View file

@ -17,7 +17,7 @@
/* GLOBALS *******************************************************************/ /* GLOBALS *******************************************************************/
#define TAG_IO_CREATE TAG('I', 'O', 'C', 'R') #define TAG_FILE_NAME TAG('F', 'N', 'A', 'M')
/* FUNCTIONS *************************************************************/ /* FUNCTIONS *************************************************************/
@ -357,7 +357,7 @@ IoCreateFile(OUT PHANDLE FileHandle,
PreviousMode = ExGetPreviousMode(); PreviousMode = ExGetPreviousMode();
Status = ObCreateObject(KernelMode, Status = ObCreateObject(PreviousMode,
IoFileObjectType, IoFileObjectType,
ObjectAttributes, ObjectAttributes,
PreviousMode, PreviousMode,
@ -533,132 +533,32 @@ IoCreateFile(OUT PHANDLE FileHandle,
* @implemented * @implemented
*/ */
NTSTATUS STDCALL NTSTATUS STDCALL
NtCreateFile(PHANDLE FileHandleUnsafe, NtCreateFile(PHANDLE FileHandle,
ACCESS_MASK DesiredAccess, ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributesUnsafe, POBJECT_ATTRIBUTES ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlockUnsafe, PIO_STATUS_BLOCK IoStatusBlock,
PLARGE_INTEGER AllocateSizeUnsafe, PLARGE_INTEGER AllocateSize,
ULONG FileAttributes, ULONG FileAttributes,
ULONG ShareAccess, ULONG ShareAccess,
ULONG CreateDisposition, ULONG CreateDisposition,
ULONG CreateOptions, ULONG CreateOptions,
PVOID EaBufferUnsafe, PVOID EaBuffer,
ULONG EaLength) ULONG EaLength)
{ {
KPROCESSOR_MODE PreviousMode; return IoCreateFile(FileHandle,
NTSTATUS Status; DesiredAccess,
HANDLE FileHandle; ObjectAttributes,
OBJECT_ATTRIBUTES ObjectAttributes; IoStatusBlock,
IO_STATUS_BLOCK IoStatusBlock; AllocateSize,
LARGE_INTEGER AllocateSize; FileAttributes,
PVOID EaBuffer; ShareAccess,
CreateDisposition,
PreviousMode = ExGetPreviousMode(); CreateOptions,
if (KernelMode == PreviousMode) EaBuffer,
{ EaLength,
return IoCreateFile(FileHandleUnsafe, CreateFileTypeNone,
DesiredAccess, NULL,
ObjectAttributesUnsafe, 0);
IoStatusBlockUnsafe,
AllocateSizeUnsafe,
FileAttributes,
ShareAccess,
CreateDisposition,
CreateOptions,
EaBufferUnsafe,
EaLength,
CreateFileTypeNone,
NULL,
0);
}
Status = RtlCaptureObjectAttributes(&ObjectAttributes,
PreviousMode,
PagedPool,
FALSE,
ObjectAttributesUnsafe);
if (! NT_SUCCESS(Status))
{
return Status;
}
if (0 != EaLength)
{
EaBuffer = ExAllocatePoolWithTag(PagedPool, EaLength, TAG_IO_CREATE);
if (NULL == EaBuffer)
{
RtlReleaseCapturedObjectAttributes(&ObjectAttributes,
PreviousMode,
FALSE);
return STATUS_NO_MEMORY;
}
}
_SEH_TRY
{
if (NULL != AllocateSizeUnsafe)
{
ProbeForRead(AllocateSizeUnsafe,
sizeof(LARGE_INTEGER),
sizeof(ULONG));
AllocateSize = *AllocateSizeUnsafe;
}
if (0 != EaLength)
{
ProbeForRead(EaBufferUnsafe,
EaLength,
sizeof(UCHAR));
RtlCopyMemory(EaBuffer, EaBufferUnsafe, EaLength);
}
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if (! NT_SUCCESS(Status))
{
return Status;
}
Status = IoCreateFile(&FileHandle,
DesiredAccess,
&ObjectAttributes,
&IoStatusBlock,
(NULL == AllocateSizeUnsafe ? NULL : &AllocateSize),
FileAttributes,
ShareAccess,
CreateDisposition,
CreateOptions,
(0 == EaLength ? NULL : EaBuffer),
EaLength,
CreateFileTypeNone,
NULL,
0);
if (! NT_SUCCESS(Status))
{
return Status;
}
_SEH_TRY
{
ProbeForWrite(FileHandleUnsafe,
sizeof(HANDLE),
sizeof(ULONG));
*FileHandleUnsafe = FileHandle;
ProbeForWrite(IoStatusBlockUnsafe,
sizeof(IO_STATUS_BLOCK),
sizeof(ULONG));
*IoStatusBlockUnsafe = IoStatusBlock;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
return Status;
} }
@ -698,90 +598,27 @@ NtCreateFile(PHANDLE FileHandleUnsafe,
* @implemented * @implemented
*/ */
NTSTATUS STDCALL NTSTATUS STDCALL
NtOpenFile(PHANDLE FileHandleUnsafe, NtOpenFile(PHANDLE FileHandle,
ACCESS_MASK DesiredAccess, ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributesUnsafe, POBJECT_ATTRIBUTES ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlockUnsafe, PIO_STATUS_BLOCK IoStatusBlock,
ULONG ShareAccess, ULONG ShareAccess,
ULONG OpenOptions) ULONG OpenOptions)
{ {
KPROCESSOR_MODE PreviousMode; return IoCreateFile(FileHandle,
NTSTATUS Status; DesiredAccess,
HANDLE FileHandle; ObjectAttributes,
OBJECT_ATTRIBUTES ObjectAttributes; IoStatusBlock,
IO_STATUS_BLOCK IoStatusBlock; NULL,
0,
PreviousMode = ExGetPreviousMode(); ShareAccess,
if (KernelMode == PreviousMode) FILE_OPEN,
{ OpenOptions,
return IoCreateFile(FileHandleUnsafe, NULL,
DesiredAccess, 0,
ObjectAttributesUnsafe, CreateFileTypeNone,
IoStatusBlockUnsafe, NULL,
NULL, 0);
0,
ShareAccess,
FILE_OPEN,
OpenOptions,
NULL,
0,
CreateFileTypeNone,
NULL,
0);
}
Status = RtlCaptureObjectAttributes(&ObjectAttributes,
PreviousMode,
PagedPool,
FALSE,
ObjectAttributesUnsafe);
if (! NT_SUCCESS(Status))
{
return Status;
}
if (! NT_SUCCESS(Status))
{
return Status;
}
Status = IoCreateFile(&FileHandle,
DesiredAccess,
&ObjectAttributes,
&IoStatusBlock,
NULL,
0,
ShareAccess,
FILE_OPEN,
OpenOptions,
NULL,
0,
CreateFileTypeNone,
NULL,
0);
if (! NT_SUCCESS(Status))
{
return Status;
}
_SEH_TRY
{
ProbeForWrite(FileHandleUnsafe,
sizeof(HANDLE),
sizeof(ULONG));
*FileHandleUnsafe = FileHandle;
ProbeForWrite(IoStatusBlockUnsafe,
sizeof(IO_STATUS_BLOCK),
sizeof(ULONG));
*IoStatusBlockUnsafe = IoStatusBlock;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
return Status;
} }
/* EOF */ /* EOF */

120
reactos/ntoskrnl/io/mailslot.c
View file

@ -18,21 +18,16 @@
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/
NTSTATUS STDCALL NTSTATUS STDCALL
NtCreateMailslotFile(OUT PHANDLE FileHandleUnsafe, NtCreateMailslotFile(OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributesUnsafe, IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlockUnsafe, OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG CreateOptions, IN ULONG CreateOptions,
IN ULONG MailslotQuota, IN ULONG MailslotQuota,
IN ULONG MaxMessageSize, IN ULONG MaxMessageSize,
IN PLARGE_INTEGER TimeOutUnsafe) IN PLARGE_INTEGER TimeOut)
{ {
MAILSLOT_CREATE_PARAMETERS Buffer; MAILSLOT_CREATE_PARAMETERS Buffer;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
HANDLE FileHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
DPRINT("NtCreateMailslotFile(FileHandle %x, DesiredAccess %x, " DPRINT("NtCreateMailslotFile(FileHandle %x, DesiredAccess %x, "
"ObjectAttributes %x ObjectAttributes->ObjectName->Buffer %S)\n", "ObjectAttributes %x ObjectAttributes->ObjectName->Buffer %S)\n",
@ -41,103 +36,32 @@ NtCreateMailslotFile(OUT PHANDLE FileHandleUnsafe,
ASSERT_IRQL(PASSIVE_LEVEL); ASSERT_IRQL(PASSIVE_LEVEL);
if (TimeOutUnsafe != NULL) if (TimeOut != NULL)
{ {
if (UserMode == PreviousMode) Buffer.ReadTimeout.QuadPart = TimeOut->QuadPart;
{ Buffer.TimeoutSpecified = TRUE;
Status = STATUS_SUCCESS;
_SEH_TRY
{
ProbeForRead(TimeOutUnsafe,
sizeof(LARGE_INTEGER),
sizeof(LARGE_INTEGER));
Buffer.ReadTimeout.QuadPart = TimeOutUnsafe->QuadPart;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
else
{
Buffer.ReadTimeout.QuadPart = TimeOutUnsafe->QuadPart;
}
Buffer.TimeoutSpecified = TRUE;
} }
else else
{ {
Buffer.TimeoutSpecified = FALSE; Buffer.TimeoutSpecified = FALSE;
} }
Buffer.MailslotQuota = MailslotQuota; Buffer.MailslotQuota = MailslotQuota;
Buffer.MaximumMessageSize = MaxMessageSize; Buffer.MaximumMessageSize = MaxMessageSize;
PreviousMode = ExGetPreviousMode(); return IoCreateFile(FileHandle,
if (KernelMode == PreviousMode) DesiredAccess,
{ ObjectAttributes,
return IoCreateFile(FileHandleUnsafe, IoStatusBlock,
DesiredAccess, NULL,
ObjectAttributesUnsafe, FILE_ATTRIBUTE_NORMAL,
IoStatusBlockUnsafe, FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, FILE_CREATE,
FILE_ATTRIBUTE_NORMAL, CreateOptions,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
FILE_CREATE, 0,
CreateOptions, CreateFileTypeMailslot,
NULL, (PVOID)&Buffer,
0, 0);
CreateFileTypeMailslot,
(PVOID)&Buffer,
0);
}
Status = RtlCaptureObjectAttributes(&ObjectAttributes,
PreviousMode,
PagedPool,
FALSE,
ObjectAttributesUnsafe);
if (! NT_SUCCESS(Status))
{
return Status;
}
Status = IoCreateFile(&FileHandle,
DesiredAccess,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_CREATE,
CreateOptions,
NULL,
0,
CreateFileTypeMailslot,
(PVOID)&Buffer,
0);
if (! NT_SUCCESS(Status))
{
return Status;
}
_SEH_TRY
{
ProbeForWrite(FileHandleUnsafe,
sizeof(HANDLE),
sizeof(ULONG));
*FileHandleUnsafe = FileHandle;
ProbeForWrite(IoStatusBlockUnsafe,
sizeof(IO_STATUS_BLOCK),
sizeof(ULONG));
*IoStatusBlockUnsafe = IoStatusBlock;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
return Status;
} }
/* EOF */ /* EOF */

116
reactos/ntoskrnl/io/npipe.c
View file

@ -17,10 +17,10 @@
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/
NTSTATUS STDCALL NTSTATUS STDCALL
NtCreateNamedPipeFile(PHANDLE FileHandleUnsafe, NtCreateNamedPipeFile(PHANDLE FileHandle,
ACCESS_MASK DesiredAccess, ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributesUnsafe, POBJECT_ATTRIBUTES ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlockUnsafe, PIO_STATUS_BLOCK IoStatusBlock,
ULONG ShareAccess, ULONG ShareAccess,
ULONG CreateDisposition, ULONG CreateDisposition,
ULONG CreateOptions, ULONG CreateOptions,
@ -30,14 +30,9 @@ NtCreateNamedPipeFile(PHANDLE FileHandleUnsafe,
ULONG MaximumInstances, ULONG MaximumInstances,
ULONG InboundQuota, ULONG InboundQuota,
ULONG OutboundQuota, ULONG OutboundQuota,
PLARGE_INTEGER DefaultTimeoutUnsafe) PLARGE_INTEGER DefaultTimeout)
{ {
NAMED_PIPE_CREATE_PARAMETERS Buffer; NAMED_PIPE_CREATE_PARAMETERS Buffer;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
HANDLE FileHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
DPRINT("NtCreateNamedPipeFile(FileHandle %x, DesiredAccess %x, " DPRINT("NtCreateNamedPipeFile(FileHandle %x, DesiredAccess %x, "
"ObjectAttributes %x ObjectAttributes->ObjectName->Buffer %S)\n", "ObjectAttributes %x ObjectAttributes->ObjectName->Buffer %S)\n",
@ -46,28 +41,9 @@ NtCreateNamedPipeFile(PHANDLE FileHandleUnsafe,
ASSERT_IRQL(PASSIVE_LEVEL); ASSERT_IRQL(PASSIVE_LEVEL);
if (DefaultTimeoutUnsafe != NULL) if (DefaultTimeout != NULL)
{ {
if (UserMode == PreviousMode) Buffer.DefaultTimeout.QuadPart = DefaultTimeout->QuadPart;
{
Status = STATUS_SUCCESS;
_SEH_TRY
{
ProbeForRead(DefaultTimeoutUnsafe,
sizeof(LARGE_INTEGER),
sizeof(LARGE_INTEGER));
Buffer.DefaultTimeout.QuadPart = DefaultTimeoutUnsafe->QuadPart;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
else
{
Buffer.DefaultTimeout.QuadPart = DefaultTimeoutUnsafe->QuadPart;
}
Buffer.TimeoutSpecified = TRUE; Buffer.TimeoutSpecified = TRUE;
} }
else else
@ -81,72 +57,20 @@ NtCreateNamedPipeFile(PHANDLE FileHandleUnsafe,
Buffer.InboundQuota = InboundQuota; Buffer.InboundQuota = InboundQuota;
Buffer.OutboundQuota = OutboundQuota; Buffer.OutboundQuota = OutboundQuota;
PreviousMode = ExGetPreviousMode(); return IoCreateFile(FileHandle,
if (KernelMode == PreviousMode) DesiredAccess,
{ ObjectAttributes,
return IoCreateFile(FileHandleUnsafe, IoStatusBlock,
DesiredAccess, NULL,
ObjectAttributesUnsafe, FILE_ATTRIBUTE_NORMAL,
IoStatusBlockUnsafe, ShareAccess,
NULL, CreateDisposition,
FILE_ATTRIBUTE_NORMAL, CreateOptions,
ShareAccess, NULL,
CreateDisposition, 0,
CreateOptions, CreateFileTypeNamedPipe,
NULL, (PVOID)&Buffer,
0, 0);
CreateFileTypeNamedPipe,
(PVOID)&Buffer,
0);
}
Status = RtlCaptureObjectAttributes(&ObjectAttributes,
PreviousMode,
PagedPool,
FALSE,
ObjectAttributesUnsafe);
if (! NT_SUCCESS(Status))
{
return Status;
}
Status = IoCreateFile(&FileHandle,
DesiredAccess,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
ShareAccess,
CreateDisposition,
CreateOptions,
NULL,
0,
CreateFileTypeNamedPipe,
(PVOID)&Buffer,
0);
if (! NT_SUCCESS(Status))
{
return Status;
}
_SEH_TRY
{
ProbeForWrite(FileHandleUnsafe,
sizeof(HANDLE),
sizeof(ULONG));
*FileHandleUnsafe = FileHandle;
ProbeForWrite(IoStatusBlockUnsafe,
sizeof(IO_STATUS_BLOCK),
sizeof(ULONG));
*IoStatusBlockUnsafe = IoStatusBlock;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
return Status;
} }
/* EOF */ /* EOF */

478
reactos/ntoskrnl/rtl/capture.c
View file

@ -32,8 +32,6 @@
#define NDEBUG #define NDEBUG
#include <internal/debug.h> #include <internal/debug.h>
#define TAG_CAPT TAG('C', 'A', 'P', 'T')
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/
NTSTATUS NTSTATUS
@ -97,7 +95,7 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
if(Src.Length > 0) if(Src.Length > 0)
{ {
Dest->MaximumLength = Src.Length + sizeof(WCHAR); Dest->MaximumLength = Src.Length + sizeof(WCHAR);
Dest->Buffer = ExAllocatePoolWithTag(PoolType, Dest->MaximumLength, TAG_CAPT); Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength);
if (Dest->Buffer == NULL) if (Dest->Buffer == NULL)
{ {
Dest->Length = Dest->MaximumLength = 0; Dest->Length = Dest->MaximumLength = 0;
@ -166,7 +164,7 @@ RtlCaptureAnsiString(PANSI_STRING Dest,
*/ */
Dest->Length = Src->Length; Dest->Length = Src->Length;
Dest->MaximumLength = Src->MaximumLength; Dest->MaximumLength = Src->MaximumLength;
Dest->Buffer = ExAllocatePoolWithTag(NonPagedPool, Dest->MaximumLength, TAG_CAPT); Dest->Buffer = ExAllocatePool(NonPagedPool, Dest->MaximumLength);
if (Dest->Buffer == NULL) if (Dest->Buffer == NULL)
{ {
return(Status); return(Status);
@ -185,478 +183,6 @@ RtlCaptureAnsiString(PANSI_STRING Dest,
return(STATUS_SUCCESS); return(STATUS_SUCCESS);
} }
static NTSTATUS
CaptureSID(OUT PSID *Dest,
IN KPROCESSOR_MODE PreviousMode,
IN POOL_TYPE PoolType,
IN PSID UnsafeSrc)
{
SID Src;
ULONG Length;
NTSTATUS Status = STATUS_SUCCESS;
ASSERT(Dest != NULL);
if(UserMode == PreviousMode)
{
_SEH_TRY
{
ProbeForRead(UnsafeSrc,
sizeof(SID),
sizeof(ULONG));
RtlCopyMemory(&Src, UnsafeSrc, sizeof(SID));
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
else
{
/* capture even though it is considered to be valid */
RtlCopyMemory(&Src, UnsafeSrc, sizeof(SID));
}
if(SID_REVISION != Src.Revision)
{
return STATUS_INVALID_PARAMETER;
}
Length = RtlLengthSid(&Src);
*Dest = ExAllocatePoolWithTag(PoolType, Length, TAG_CAPT);
if(NULL == *Dest)
{
return STATUS_NO_MEMORY;
}
if(UserMode == PreviousMode)
{
_SEH_TRY
{
ProbeForRead(UnsafeSrc,
Length,
sizeof(ULONG));
RtlCopyMemory(*Dest, UnsafeSrc, Length);
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
else
{
RtlCopyMemory(*Dest, UnsafeSrc, Length);
}
return Status;
}
static NTSTATUS
CaptureACL(OUT PACL *Dest,
IN KPROCESSOR_MODE PreviousMode,
IN POOL_TYPE PoolType,
IN PACL UnsafeSrc)
{
ACL Src;
ULONG Length;
NTSTATUS Status = STATUS_SUCCESS;
ASSERT(Dest != NULL);
if(UserMode == PreviousMode)
{
_SEH_TRY
{
ProbeForRead(UnsafeSrc,
sizeof(ACL),
sizeof(ULONG));
RtlCopyMemory(&Src, UnsafeSrc, sizeof(ACL));
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
else
{
/* capture even though it is considered to be valid */
RtlCopyMemory(&Src, UnsafeSrc, sizeof(ACL));
}
if(Src.AclRevision < MIN_ACL_REVISION || MAX_ACL_REVISION < Src.AclRevision)
{
return STATUS_INVALID_PARAMETER;
}
Length = Src.AclSize;
*Dest = ExAllocatePoolWithTag(PoolType, Length, TAG_CAPT);
if(NULL == *Dest)
{
return STATUS_NO_MEMORY;
}
if(UserMode == PreviousMode)
{
_SEH_TRY
{
ProbeForRead(UnsafeSrc,
Length,
sizeof(ULONG));
RtlCopyMemory(*Dest, UnsafeSrc, Length);
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
else
{
RtlCopyMemory(*Dest, UnsafeSrc, Length);
}
return Status;
}
NTSTATUS
RtlCaptureSecurityDescriptor(OUT PSECURITY_DESCRIPTOR Dest,
IN KPROCESSOR_MODE PreviousMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
IN PSECURITY_DESCRIPTOR UnsafeSrc)
{
SECURITY_DESCRIPTOR Src;
NTSTATUS Status = STATUS_SUCCESS;
ASSERT(Dest != NULL);
/*
* Copy the object attributes to kernel space.
*/
if(PreviousMode == UserMode)
{
_SEH_TRY
{
ProbeForRead(UnsafeSrc,
sizeof(SECURITY_DESCRIPTOR),
sizeof(ULONG));
Src = *UnsafeSrc;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
else if(!CaptureIfKernel)
{
/* just copy the structure, the pointers are considered valid */
*Dest = *UnsafeSrc;
return STATUS_SUCCESS;
}
else
{
/* capture the object attributes even though it is considered to be valid */
Src = *UnsafeSrc;
}
if(SECURITY_DESCRIPTOR_REVISION1 != Src.Revision)
{
return STATUS_INVALID_PARAMETER;
}
Dest->Revision = Src.Revision;
Dest->Sbz1 = Src.Sbz1;
Dest->Control = Src.Control;
Status = CaptureSID(&Dest->Owner, PreviousMode, PoolType, Src.Owner);
if(!NT_SUCCESS(Status))
{
return Status;
}
Status = CaptureSID(&Dest->Group, PreviousMode, PoolType, Src.Group);
if(!NT_SUCCESS(Status))
{
if(NULL != Dest->Owner)
{
ExFreePool(Dest->Owner);
}
return Status;
}
Status = CaptureACL(&Dest->Sacl, PreviousMode, PoolType, Src.Sacl);
if(!NT_SUCCESS(Status))
{
if(NULL != Dest->Group)
{
ExFreePool(Dest->Group);
}
if(NULL != Dest->Owner)
{
ExFreePool(Dest->Owner);
}
return Status;
}
Status = CaptureACL(&Dest->Dacl, PreviousMode, PoolType, Src.Dacl);
if(!NT_SUCCESS(Status))
{
if(NULL != Dest->Sacl)
{
ExFreePool(Dest->Sacl);
}
if(NULL != Dest->Group)
{
ExFreePool(Dest->Group);
}
if(NULL != Dest->Owner)
{
ExFreePool(Dest->Owner);
}
return Status;
}
return Status;
}
VOID
RtlReleaseCapturedSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
IN KPROCESSOR_MODE PreviousMode,
IN BOOLEAN CaptureIfKernel)
{
ASSERT(SECURITY_DESCRIPTOR_REVISION1 == CapturedSecurityDescriptor->Revision);
if(PreviousMode == KernelMode && !CaptureIfKernel)
{
return;
}
if(NULL != CapturedSecurityDescriptor->Dacl)
{
ExFreePool(CapturedSecurityDescriptor->Dacl);
}
if(NULL != CapturedSecurityDescriptor->Sacl)
{
ExFreePool(CapturedSecurityDescriptor->Sacl);
}
if(NULL != CapturedSecurityDescriptor->Group)
{
ExFreePool(CapturedSecurityDescriptor->Group);
}
if(NULL != CapturedSecurityDescriptor->Owner)
{
ExFreePool(CapturedSecurityDescriptor->Owner);
}
}
NTSTATUS
RtlCaptureObjectAttributes(OUT POBJECT_ATTRIBUTES Dest,
IN KPROCESSOR_MODE PreviousMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
IN POBJECT_ATTRIBUTES UnsafeSrc)
{
OBJECT_ATTRIBUTES Src;
NTSTATUS Status = STATUS_SUCCESS;
ASSERT(Dest != NULL);
/*
* Copy the object attributes to kernel space.
*/
if(PreviousMode == UserMode)
{
_SEH_TRY
{
ProbeForRead(UnsafeSrc,
sizeof(OBJECT_ATTRIBUTES),
sizeof(ULONG));
Src = *UnsafeSrc;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
else if(!CaptureIfKernel)
{
/* just copy the structure, the pointers are considered valid */
*Dest = *UnsafeSrc;
return STATUS_SUCCESS;
}
else
{
/* capture the object attributes even though it is considered to be valid */
Src = *UnsafeSrc;
}
if(Src.Length < sizeof(OBJECT_ATTRIBUTES) || NULL == Src.ObjectName)
{
return STATUS_INVALID_PARAMETER;
}
Dest->Length = sizeof(OBJECT_ATTRIBUTES);
Dest->RootDirectory = Src.RootDirectory;
Dest->ObjectName = ExAllocatePoolWithTag(PoolType, sizeof(UNICODE_STRING), TAG_CAPT);
if(NULL == Dest->ObjectName)
{
return STATUS_NO_MEMORY;
}
Status = RtlCaptureUnicodeString(Dest->ObjectName,
PreviousMode,
PoolType,
CaptureIfKernel,
Src.ObjectName);
if(!NT_SUCCESS(Status))
{
ExFreePool(Dest->ObjectName);
return Status;
}
Dest->Attributes = Src.Attributes;
if(NULL == Src.SecurityDescriptor)
{
Dest->SecurityDescriptor = NULL;
}
else
{
Dest->SecurityDescriptor = ExAllocatePoolWithTag(PoolType, sizeof(SECURITY_DESCRIPTOR), TAG_CAPT);
if(NULL == Dest->SecurityDescriptor)
{
RtlReleaseCapturedUnicodeString(Dest->ObjectName,
PreviousMode,
CaptureIfKernel);
ExFreePool(Dest->ObjectName);
return STATUS_NO_MEMORY;
}
Status = RtlCaptureSecurityDescriptor(Dest->SecurityDescriptor,
PreviousMode,
PoolType,
CaptureIfKernel,
Src.SecurityDescriptor);
if(!NT_SUCCESS(Status))
{
ExFreePool(Dest->SecurityDescriptor);
RtlReleaseCapturedUnicodeString(Dest->ObjectName,
PreviousMode,
CaptureIfKernel);
ExFreePool(Dest->ObjectName);
return Status;
}
}
if(NULL == Src.SecurityQualityOfService)
{
Dest->SecurityQualityOfService = NULL;
}
else
{
Dest->SecurityQualityOfService = ExAllocatePoolWithTag(PoolType, sizeof(SECURITY_QUALITY_OF_SERVICE), TAG_CAPT);
if(NULL == Dest->SecurityQualityOfService)
{
Status = STATUS_NO_MEMORY;
}
else
{
/*
* Copy the data to kernel space.
*/
_SEH_TRY
{
RtlCopyMemory(Dest->SecurityQualityOfService,
Src.SecurityQualityOfService,
sizeof(SECURITY_QUALITY_OF_SERVICE));
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
ExFreePool(Dest->SecurityQualityOfService);
}
}
if(!NT_SUCCESS(Status))
{
if(NULL != Dest->SecurityDescriptor)
{
RtlReleaseCapturedSecurityDescriptor(Dest->SecurityDescriptor,
PreviousMode,
CaptureIfKernel);
ExFreePool(Dest->SecurityDescriptor);
}
RtlReleaseCapturedUnicodeString(Dest->ObjectName,
PreviousMode,
CaptureIfKernel);
ExFreePool(Dest->ObjectName);
return Status;
}
}
return Status;
}
VOID
RtlReleaseCapturedObjectAttributes(IN POBJECT_ATTRIBUTES CapturedObjectAttributes,
IN KPROCESSOR_MODE PreviousMode,
IN BOOLEAN CaptureIfKernel)
{
ASSERT(NULL != CapturedObjectAttributes->ObjectName);
if(PreviousMode == KernelMode && !CaptureIfKernel)
{
return;
}
if(NULL != CapturedObjectAttributes->SecurityQualityOfService)
{
ExFreePool(CapturedObjectAttributes->SecurityQualityOfService);
}
if(NULL != CapturedObjectAttributes->SecurityDescriptor)
{
RtlReleaseCapturedSecurityDescriptor(CapturedObjectAttributes->SecurityDescriptor,
PreviousMode,
CaptureIfKernel);
ExFreePool(CapturedObjectAttributes->SecurityDescriptor);
}
RtlReleaseCapturedUnicodeString(CapturedObjectAttributes->ObjectName,
PreviousMode,
CaptureIfKernel);
ExFreePool(CapturedObjectAttributes->ObjectName);
}
/* /*
* @unimplemented * @unimplemented
*/ */