diff --git a/ntoskrnl/ps/security.c b/ntoskrnl/ps/security.c index 619ff56d247..0b3f97fbf06 100644 --- a/ntoskrnl/ps/security.c +++ b/ntoskrnl/ps/security.c @@ -615,6 +615,8 @@ PsImpersonateClient(IN PETHREAD Thread, { PPS_IMPERSONATION_INFORMATION Impersonation, OldData; PTOKEN OldToken = NULL; + PEJOB Job; + PAGED_CODE(); PSTRACE(PS_SECURITY_DEBUG, "Thread: %p, Token: %p\n", Thread, Token); @@ -668,8 +670,32 @@ PsImpersonateClient(IN PETHREAD Thread, } } - /* Check if this is a job, which we don't support yet */ - if (Thread->ThreadsProcess->Job) ASSERT(FALSE); + /* FIXME: If the process token can't impersonate, we need to make a copy instead */ + + /* Check if this is a job */ + Job = Thread->ThreadsProcess->Job; + if (Job != NULL) + { + /* No admin allowed in this job */ + if ((Job->SecurityLimitFlags & JOB_OBJECT_SECURITY_NO_ADMIN) && + SeTokenIsAdmin(Token)) + { + return STATUS_ACCESS_DENIED; + } + + /* No restricted tokens allowed in this job */ + if ((Job->SecurityLimitFlags & JOB_OBJECT_SECURITY_RESTRICTED_TOKEN) && + SeTokenIsRestricted(Token)) + { + return STATUS_ACCESS_DENIED; + } + + /* We don't support job filters yet */ + if (Job->Filter != NULL) + { + ASSERT(Job->Filter == NULL); + } + } /* Lock thread security */ PspLockThreadSecurityExclusive(Thread); diff --git a/sdk/include/ndk/pstypes.h b/sdk/include/ndk/pstypes.h index 219b880368f..55839aca37a 100644 --- a/sdk/include/ndk/pstypes.h +++ b/sdk/include/ndk/pstypes.h @@ -216,6 +216,14 @@ extern POBJECT_TYPE NTSYSAPI PsJobType; #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000 +// +// Job Security Limit Flags +// +#define JOB_OBJECT_SECURITY_NO_ADMIN 0x0001 +#define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN 0x0002 +#define JOB_OBJECT_SECURITY_ONLY_TOKEN 0x0004 +#define JOB_OBJECT_SECURITY_FILTER_TOKENS 0x0008 + // // Cross Thread Flags //