Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-01 02:10:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

[FORMATTING]

Browse source 
No code changes.

svn path=/trunk/; revision=47383
This commit is contained in:
Eric Kohl 2010-05-28 16:28:27 +00:00
parent 4e25539b71
commit f0910f33d3
9 changed files with 856 additions and 827 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
reactos/ntoskrnl/se/access.c
View file

@ -30,6 +30,7 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext) OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
{ {
BOOLEAN CopyOnOpen, EffectiveOnly; BOOLEAN CopyOnOpen, EffectiveOnly;
PAGED_CODE(); PAGED_CODE();
/* Save the unique ID */ /* Save the unique ID */
@ -127,6 +128,7 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
{ {
ACCESS_MASK AccessMask = Access; ACCESS_MASK AccessMask = Access;
PTOKEN Token; PTOKEN Token;
PAGED_CODE(); PAGED_CODE();
/* Map the Generic Acess to Specific Access if we have a Mapping */ /* Map the Generic Acess to Specific Access if we have a Mapping */
@ -200,6 +202,7 @@ NTAPI
SeDeleteAccessState(IN PACCESS_STATE AccessState) SeDeleteAccessState(IN PACCESS_STATE AccessState)
{ {
PAUX_ACCESS_DATA AuxData; PAUX_ACCESS_DATA AuxData;
PAGED_CODE(); PAGED_CODE();
/* Get the Auxiliary Data */ /* Get the Auxiliary Data */
@ -213,6 +216,7 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
{ {
ExFreePool(AccessState->ObjectName.Buffer); ExFreePool(AccessState->ObjectName.Buffer);
} }
if (AccessState->ObjectTypeName.Buffer) if (AccessState->ObjectTypeName.Buffer)
{ {
ExFreePool(AccessState->ObjectTypeName.Buffer); ExFreePool(AccessState->ObjectTypeName.Buffer);
@ -252,6 +256,7 @@ SeCreateClientSecurity(IN PETHREAD Thread,
PACCESS_TOKEN Token; PACCESS_TOKEN Token;
NTSTATUS Status; NTSTATUS Status;
PACCESS_TOKEN NewToken; PACCESS_TOKEN NewToken;
PAGED_CODE(); PAGED_CODE();
Token = PsReferenceEffectiveToken(Thread, Token = PsReferenceEffectiveToken(Thread,
@ -279,8 +284,7 @@ SeCreateClientSecurity(IN PETHREAD Thread,
} }
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) || ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
(Qos->EffectiveOnly)) ? (Qos->EffectiveOnly)) ? TRUE : FALSE;
TRUE : FALSE;
} }
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING) if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
@ -358,10 +362,12 @@ SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
{ {
b = ClientContext->DirectAccessEffectiveOnly; b = ClientContext->DirectAccessEffectiveOnly;
} }
if (ServerThread == NULL) if (ServerThread == NULL)
{ {
ServerThread = PsGetCurrentThread(); ServerThread = PsGetCurrentThread();
} }
PsImpersonateClient(ServerThread, PsImpersonateClient(ServerThread,
ClientContext->ClientToken, ClientContext->ClientToken,
1, 1,

11
reactos/ntoskrnl/se/acl.c
View file

@ -60,7 +60,6 @@ SepInitDACLs(VOID)
GENERIC_ALL, GENERIC_ALL,
SeLocalSystemSid); SeLocalSystemSid);
/* create PublicDefaultUnrestrictedDacl */ /* create PublicDefaultUnrestrictedDacl */
AclLength = sizeof(ACL) + AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) + (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
@ -216,7 +215,7 @@ SepInitDACLs(VOID)
GENERIC_READ | GENERIC_EXECUTE, GENERIC_READ | GENERIC_EXECUTE,
SeRestrictedCodeSid); SeRestrictedCodeSid);
return(TRUE); return TRUE;
} }
NTSTATUS NTAPI NTSTATUS NTAPI
@ -299,7 +298,7 @@ SepCaptureAcl(IN PACL InputAcl,
NewAcl = ExAllocatePool(PoolType, NewAcl = ExAllocatePool(PoolType,
AclSize); AclSize);
if(NewAcl != NULL) if (NewAcl != NULL)
{ {
_SEH2_TRY _SEH2_TRY
{ {
@ -322,7 +321,7 @@ SepCaptureAcl(IN PACL InputAcl,
Status = STATUS_INSUFFICIENT_RESOURCES; Status = STATUS_INSUFFICIENT_RESOURCES;
} }
} }
else if(!CaptureIfKernel) else if (!CaptureIfKernel)
{ {
*CapturedAcl = InputAcl; *CapturedAcl = InputAcl;
} }
@ -333,7 +332,7 @@ SepCaptureAcl(IN PACL InputAcl,
NewAcl = ExAllocatePool(PoolType, NewAcl = ExAllocatePool(PoolType,
AclSize); AclSize);
if(NewAcl != NULL) if (NewAcl != NULL)
{ {
RtlCopyMemory(NewAcl, RtlCopyMemory(NewAcl,
InputAcl, InputAcl,
@ -358,7 +357,7 @@ SepReleaseAcl(IN PACL CapturedAcl,
{ {
PAGED_CODE(); PAGED_CODE();
if(CapturedAcl != NULL && if (CapturedAcl != NULL &&
(AccessMode != KernelMode || (AccessMode != KernelMode ||
(AccessMode == KernelMode && CaptureIfKernel))) (AccessMode == KernelMode && CaptureIfKernel)))
{ {

20
reactos/ntoskrnl/se/audit.c
View file

@ -4,7 +4,7 @@
* FILE: ntoskrnl/se/audit.c * FILE: ntoskrnl/se/audit.c
* PURPOSE: Audit functions * PURPOSE: Audit functions
* *
* PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de> * PROGRAMMERS: Eric Kohl
*/ */
/* INCLUDES *******************************************************************/ /* INCLUDES *******************************************************************/
@ -47,6 +47,7 @@ SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
POBJECT_NAME_INFORMATION ObjectNameInfo = NULL; POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
ULONG ReturnLength = 8; ULONG ReturnLength = 8;
NTSTATUS Status; NTSTATUS Status;
PAGED_CODE(); PAGED_CODE();
ASSERT(AuditInfo); ASSERT(AuditInfo);
@ -120,6 +121,7 @@ SeLocateProcessImageName(IN PEPROCESS Process,
PUNICODE_STRING ImageName; PUNICODE_STRING ImageName;
PFILE_OBJECT FileObject; PFILE_OBJECT FileObject;
NTSTATUS Status = STATUS_SUCCESS; NTSTATUS Status = STATUS_SUCCESS;
PAGED_CODE(); PAGED_CODE();
/* Assume failure */ /* Assume failure */
@ -260,11 +262,9 @@ SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
*/ */
VOID VOID
NTAPI NTAPI
SeCloseObjectAuditAlarm( SeCloseObjectAuditAlarm(IN PVOID Object,
IN PVOID Object,
IN HANDLE Handle, IN HANDLE Handle,
IN BOOLEAN PerformAction IN BOOLEAN PerformAction)
)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -363,7 +363,7 @@ NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN BOOLEAN GenerateOnClose) IN BOOLEAN GenerateOnClose)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return(STATUS_NOT_IMPLEMENTED); return STATUS_NOT_IMPLEMENTED;
} }
@ -373,7 +373,7 @@ NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN BOOLEAN GenerateOnClose) IN BOOLEAN GenerateOnClose)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return(STATUS_NOT_IMPLEMENTED); return STATUS_NOT_IMPLEMENTED;
} }
@ -392,7 +392,7 @@ NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
OUT PBOOLEAN GenerateOnClose) OUT PBOOLEAN GenerateOnClose)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return(STATUS_NOT_IMPLEMENTED); return STATUS_NOT_IMPLEMENTED;
} }
@ -404,7 +404,7 @@ NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN BOOLEAN AccessGranted) IN BOOLEAN AccessGranted)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return(STATUS_NOT_IMPLEMENTED); return STATUS_NOT_IMPLEMENTED;
} }
@ -417,7 +417,7 @@ NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN BOOLEAN AccessGranted) IN BOOLEAN AccessGranted)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return(STATUS_NOT_IMPLEMENTED); return STATUS_NOT_IMPLEMENTED;
} }
/* EOF */ /* EOF */

55
reactos/ntoskrnl/se/priv.c
View file

@ -51,7 +51,7 @@ LUID SeEnableDelegationPrivilege;
VOID VOID
INIT_FUNCTION INIT_FUNCTION
NTAPI NTAPI
SepInitPrivileges (VOID) SepInitPrivileges(VOID)
{ {
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE; SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
SeCreateTokenPrivilege.HighPart = 0; SeCreateTokenPrivilege.HighPart = 0;
@ -110,7 +110,7 @@ SepInitPrivileges (VOID)
BOOLEAN BOOLEAN
NTAPI NTAPI
SepPrivilegeCheck (PTOKEN Token, SepPrivilegeCheck(PTOKEN Token,
PLUID_AND_ATTRIBUTES Privileges, PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount, ULONG PrivilegeCount,
ULONG PrivilegeControl, ULONG PrivilegeControl,
@ -120,7 +120,7 @@ SepPrivilegeCheck (PTOKEN Token,
ULONG j; ULONG j;
ULONG k; ULONG k;
DPRINT ("SepPrivilegeCheck() called\n"); DPRINT("SepPrivilegeCheck() called\n");
PAGED_CODE(); PAGED_CODE();
@ -139,8 +139,8 @@ SepPrivilegeCheck (PTOKEN Token,
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart && if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart) Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
{ {
DPRINT ("Found privilege\n"); DPRINT("Found privilege\n");
DPRINT ("Privilege attributes %lx\n", DPRINT("Privilege attributes %lx\n",
Token->Privileges[i].Attributes); Token->Privileges[i].Attributes);
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED) if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
@ -170,14 +170,14 @@ SepPrivilegeCheck (PTOKEN Token,
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src, SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount, ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode, KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem, PLUID_AND_ATTRIBUTES AllocatedMem,
ULONG AllocatedLength, ULONG AllocatedLength,
POOL_TYPE PoolType, POOL_TYPE PoolType,
BOOLEAN CaptureIfKernel, BOOLEAN CaptureIfKernel,
PLUID_AND_ATTRIBUTES* Dest, PLUID_AND_ATTRIBUTES *Dest,
PULONG Length) PULONG Length)
{ {
ULONG BufferSize; ULONG BufferSize;
@ -236,7 +236,6 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
{ {
*Dest = ExAllocatePool(PoolType, *Dest = ExAllocatePool(PoolType,
BufferSize); BufferSize);
if (*Dest == NULL) if (*Dest == NULL)
{ {
return STATUS_INSUFFICIENT_RESOURCES; return STATUS_INSUFFICIENT_RESOURCES;
@ -266,7 +265,7 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
VOID VOID
NTAPI NTAPI
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege, SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode, KPROCESSOR_MODE PreviousMode,
BOOLEAN CaptureIfKernel) BOOLEAN CaptureIfKernel)
{ {
@ -307,8 +306,9 @@ SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
/* /*
* @implemented * @implemented
*/ */
BOOLEAN NTAPI BOOLEAN
SePrivilegeCheck (PPRIVILEGE_SET Privileges, NTAPI
SePrivilegeCheck(PPRIVILEGE_SET Privileges,
PSECURITY_SUBJECT_CONTEXT SubjectContext, PSECURITY_SUBJECT_CONTEXT SubjectContext,
KPROCESSOR_MODE PreviousMode) KPROCESSOR_MODE PreviousMode)
{ {
@ -329,7 +329,7 @@ SePrivilegeCheck (PPRIVILEGE_SET Privileges,
} }
} }
return SepPrivilegeCheck (Token, return SepPrivilegeCheck(Token,
Privileges->Privilege, Privileges->Privilege,
Privileges->PrivilegeCount, Privileges->PrivilegeCount,
Privileges->Control, Privileges->Control,
@ -339,8 +339,9 @@ SePrivilegeCheck (PPRIVILEGE_SET Privileges,
/* /*
* @implemented * @implemented
*/ */
BOOLEAN NTAPI BOOLEAN
SeSinglePrivilegeCheck (IN LUID PrivilegeValue, NTAPI
SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
IN KPROCESSOR_MODE PreviousMode) IN KPROCESSOR_MODE PreviousMode)
{ {
SECURITY_SUBJECT_CONTEXT SubjectContext; SECURITY_SUBJECT_CONTEXT SubjectContext;
@ -349,35 +350,36 @@ SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
PAGED_CODE(); PAGED_CODE();
SeCaptureSubjectContext (&SubjectContext); SeCaptureSubjectContext(&SubjectContext);
Priv.PrivilegeCount = 1; Priv.PrivilegeCount = 1;
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY; Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
Priv.Privilege[0].Luid = PrivilegeValue; Priv.Privilege[0].Luid = PrivilegeValue;
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED; Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
Result = SePrivilegeCheck (&Priv, Result = SePrivilegeCheck(&Priv,
&SubjectContext, &SubjectContext,
PreviousMode); PreviousMode);
if (PreviousMode != KernelMode) if (PreviousMode != KernelMode)
{ {
#if 0 #if 0
SePrivilegedServiceAuditAlarm (0, SePrivilegedServiceAuditAlarm(0,
&SubjectContext, &SubjectContext,
&PrivilegeValue); &PrivilegeValue);
#endif #endif
} }
SeReleaseSubjectContext (&SubjectContext); SeReleaseSubjectContext(&SubjectContext);
return Result; return Result;
} }
/* SYSTEM CALLS ***************************************************************/ /* SYSTEM CALLS ***************************************************************/
NTSTATUS NTAPI NTSTATUS
NtPrivilegeCheck (IN HANDLE ClientToken, NTAPI
NtPrivilegeCheck(IN HANDLE ClientToken,
IN PPRIVILEGE_SET RequiredPrivileges, IN PPRIVILEGE_SET RequiredPrivileges,
OUT PBOOLEAN Result) OUT PBOOLEAN Result)
{ {
@ -438,7 +440,7 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
/* reference the token and make sure we're /* reference the token and make sure we're
not doing an anonymous impersonation */ not doing an anonymous impersonation */
Status = ObReferenceObjectByHandle (ClientToken, Status = ObReferenceObjectByHandle(ClientToken,
TOKEN_QUERY, TOKEN_QUERY,
SepTokenObjectType, SepTokenObjectType,
PreviousMode, PreviousMode,
@ -452,12 +454,12 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
if (Token->TokenType == TokenImpersonation && if (Token->TokenType == TokenImpersonation &&
Token->ImpersonationLevel < SecurityIdentification) Token->ImpersonationLevel < SecurityIdentification)
{ {
ObDereferenceObject (Token); ObDereferenceObject(Token);
return STATUS_BAD_IMPERSONATION_LEVEL; return STATUS_BAD_IMPERSONATION_LEVEL;
} }
/* capture the privileges */ /* capture the privileges */
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege, Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
PrivilegeCount, PrivilegeCount,
PreviousMode, PreviousMode,
NULL, NULL,
@ -472,13 +474,13 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
return Status; return Status;
} }
CheckResult = SepPrivilegeCheck (Token, CheckResult = SepPrivilegeCheck(Token,
Privileges, Privileges,
PrivilegeCount, PrivilegeCount,
PrivilegeControl, PrivilegeControl,
PreviousMode); PreviousMode);
ObDereferenceObject (Token); ObDereferenceObject(Token);
/* return the array */ /* return the array */
_SEH2_TRY _SEH2_TRY
@ -495,12 +497,11 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
} }
_SEH2_END; _SEH2_END;
SeReleaseLuidAndAttributesArray (Privileges, SeReleaseLuidAndAttributesArray(Privileges,
PreviousMode, PreviousMode,
TRUE); TRUE);
return Status; return Status;
} }
/* EOF */ /* EOF */

74
reactos/ntoskrnl/se/sd.c
View file

@ -227,9 +227,9 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
ASSERT(CapturedSecurityQualityOfService); ASSERT(CapturedSecurityQualityOfService);
ASSERT(Present); ASSERT(Present);
if(ObjectAttributes != NULL) if (ObjectAttributes != NULL)
{ {
if(AccessMode != KernelMode) if (AccessMode != KernelMode)
{ {
SECURITY_QUALITY_OF_SERVICE SafeQos; SECURITY_QUALITY_OF_SERVICE SafeQos;
@ -238,15 +238,15 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
ProbeForRead(ObjectAttributes, ProbeForRead(ObjectAttributes,
sizeof(OBJECT_ATTRIBUTES), sizeof(OBJECT_ATTRIBUTES),
sizeof(ULONG)); sizeof(ULONG));
if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES)) if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
{ {
if(ObjectAttributes->SecurityQualityOfService != NULL) if (ObjectAttributes->SecurityQualityOfService != NULL)
{ {
ProbeForRead(ObjectAttributes->SecurityQualityOfService, ProbeForRead(ObjectAttributes->SecurityQualityOfService,
sizeof(SECURITY_QUALITY_OF_SERVICE), sizeof(SECURITY_QUALITY_OF_SERVICE),
sizeof(ULONG)); sizeof(ULONG));
if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length == if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
sizeof(SECURITY_QUALITY_OF_SERVICE)) sizeof(SECURITY_QUALITY_OF_SERVICE))
{ {
/* don't allocate memory here because ExAllocate should bugcheck /* don't allocate memory here because ExAllocate should bugcheck
@ -279,13 +279,13 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
} }
_SEH2_END; _SEH2_END;
if(NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
if(*Present) if (*Present)
{ {
CapturedQos = ExAllocatePool(PoolType, CapturedQos = ExAllocatePool(PoolType,
sizeof(SECURITY_QUALITY_OF_SERVICE)); sizeof(SECURITY_QUALITY_OF_SERVICE));
if(CapturedQos != NULL) if (CapturedQos != NULL)
{ {
RtlCopyMemory(CapturedQos, RtlCopyMemory(CapturedQos,
&SafeQos, &SafeQos,
@ -305,18 +305,18 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
} }
else else
{ {
if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES)) if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
{ {
if(CaptureIfKernel) if (CaptureIfKernel)
{ {
if(ObjectAttributes->SecurityQualityOfService != NULL) if (ObjectAttributes->SecurityQualityOfService != NULL)
{ {
if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length == if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
sizeof(SECURITY_QUALITY_OF_SERVICE)) sizeof(SECURITY_QUALITY_OF_SERVICE))
{ {
CapturedQos = ExAllocatePool(PoolType, CapturedQos = ExAllocatePool(PoolType,
sizeof(SECURITY_QUALITY_OF_SERVICE)); sizeof(SECURITY_QUALITY_OF_SERVICE));
if(CapturedQos != NULL) if (CapturedQos != NULL)
{ {
RtlCopyMemory(CapturedQos, RtlCopyMemory(CapturedQos,
ObjectAttributes->SecurityQualityOfService, ObjectAttributes->SecurityQualityOfService,
@ -370,7 +370,7 @@ SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecur
{ {
PAGED_CODE(); PAGED_CODE();
if(CapturedSecurityQualityOfService != NULL && if (CapturedSecurityQualityOfService != NULL &&
(AccessMode != KernelMode || CaptureIfKernel)) (AccessMode != KernelMode || CaptureIfKernel))
{ {
ExFreePool(CapturedSecurityQualityOfService); ExFreePool(CapturedSecurityQualityOfService);
@ -399,9 +399,9 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
ULONG DescriptorSize = 0; ULONG DescriptorSize = 0;
NTSTATUS Status; NTSTATUS Status;
if(OriginalSecurityDescriptor != NULL) if (OriginalSecurityDescriptor != NULL)
{ {
if(CurrentMode != KernelMode) if (CurrentMode != KernelMode)
{ {
RtlZeroMemory(&DescriptorCopy, sizeof(DescriptorCopy)); RtlZeroMemory(&DescriptorCopy, sizeof(DescriptorCopy));
@ -415,7 +415,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
DescriptorSize, DescriptorSize,
sizeof(ULONG)); sizeof(ULONG));
if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1) if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
{ {
_SEH2_YIELD(return STATUS_UNKNOWN_REVISION); _SEH2_YIELD(return STATUS_UNKNOWN_REVISION);
} }
@ -432,7 +432,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
ProbeForRead(OriginalSecurityDescriptor, ProbeForRead(OriginalSecurityDescriptor,
DescriptorSize, DescriptorSize,
sizeof(ULONG)); sizeof(ULONG));
if(DescriptorCopy.Control & SE_SELF_RELATIVE) if (DescriptorCopy.Control & SE_SELF_RELATIVE)
{ {
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor; PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
@ -456,9 +456,9 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
} }
_SEH2_END; _SEH2_END;
} }
else if(!CaptureIfKernel) else if (!CaptureIfKernel)
{ {
if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1) if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
{ {
return STATUS_UNKNOWN_REVISION; return STATUS_UNKNOWN_REVISION;
} }
@ -479,7 +479,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
DescriptorCopy.Control = OriginalSecurityDescriptor->Control; DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ? DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR)); sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
if(DescriptorCopy.Control & SE_SELF_RELATIVE) if (DescriptorCopy.Control & SE_SELF_RELATIVE)
{ {
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor; PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
@ -497,25 +497,25 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
} }
} }
if(DescriptorCopy.Control & SE_SELF_RELATIVE) if (DescriptorCopy.Control & SE_SELF_RELATIVE)
{ {
/* in case we're dealing with a self-relative descriptor, do a basic convert /* in case we're dealing with a self-relative descriptor, do a basic convert
to an absolute descriptor. We do this so we can simply access the data to an absolute descriptor. We do this so we can simply access the data
using the pointers without calculating them again. */ using the pointers without calculating them again. */
DescriptorCopy.Control &= ~SE_SELF_RELATIVE; DescriptorCopy.Control &= ~SE_SELF_RELATIVE;
if(DescriptorCopy.Owner != NULL) if (DescriptorCopy.Owner != NULL)
{ {
DescriptorCopy.Owner = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Owner); DescriptorCopy.Owner = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Owner);
} }
if(DescriptorCopy.Group != NULL) if (DescriptorCopy.Group != NULL)
{ {
DescriptorCopy.Group = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Group); DescriptorCopy.Group = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Group);
} }
if(DescriptorCopy.Dacl != NULL) if (DescriptorCopy.Dacl != NULL)
{ {
DescriptorCopy.Dacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Dacl); DescriptorCopy.Dacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Dacl);
} }
if(DescriptorCopy.Sacl != NULL) if (DescriptorCopy.Sacl != NULL)
{ {
DescriptorCopy.Sacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Sacl); DescriptorCopy.Sacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Sacl);
} }
@ -683,7 +683,6 @@ Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \
to the caller */ to the caller */
*CapturedSecurityDescriptor = NewDescriptor; *CapturedSecurityDescriptor = NewDescriptor;
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
else else
{ {
@ -899,13 +898,14 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
{ {
if (SecurityDescriptor->Owner != NULL) if (SecurityDescriptor->Owner != NULL)
{ {
if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner + Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
(ULONG_PTR)SecurityDescriptor); (ULONG_PTR)SecurityDescriptor);
else else
Owner = (PSID)SecurityDescriptor->Owner; Owner = (PSID)SecurityDescriptor->Owner;
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
} }
Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED); Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
} }
else else
@ -915,6 +915,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd); Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
} }
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED); Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
} }
@ -930,6 +931,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
Group = (PSID)SecurityDescriptor->Group; Group = (PSID)SecurityDescriptor->Group;
GroupLength = ROUND_UP(RtlLengthSid(Group), 4); GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
} }
Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED); Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
} }
else else
@ -939,6 +941,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd); Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
GroupLength = ROUND_UP(RtlLengthSid(Group), 4); GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
} }
Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED); Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
} }
@ -956,6 +959,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
} }
Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
} }
else else
@ -966,6 +970,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd); Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
} }
Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
} }
@ -982,6 +987,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
Sacl = (PACL)SecurityDescriptor->Sacl; Sacl = (PACL)SecurityDescriptor->Sacl;
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
} }
Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
} }
else else
@ -992,6 +998,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd); Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
} }
Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
} }
@ -1006,6 +1013,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
RtlCreateSecurityDescriptor(NewSd, RtlCreateSecurityDescriptor(NewSd,
SECURITY_DESCRIPTOR_REVISION1); SECURITY_DESCRIPTOR_REVISION1);
/* We always build a self-relative descriptor */ /* We always build a self-relative descriptor */
NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE; NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE;
@ -1288,7 +1296,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
Token = SubjectContext->PrimaryToken; Token = SubjectContext->PrimaryToken;
} }
/* Inherit the Owner SID */ /* Inherit the Owner SID */
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Owner != NULL) if (ExplicitDescriptor != NULL && ExplicitDescriptor->Owner != NULL)
{ {
@ -1298,7 +1305,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE) if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
{ {
Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor); Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
} }
} }
else else
@ -1319,7 +1325,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
/* Inherit the Group SID */ /* Inherit the Group SID */
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Group != NULL) if (ExplicitDescriptor != NULL && ExplicitDescriptor->Group != NULL)
{ {
@ -1348,7 +1353,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
GroupLength = ROUND_UP(RtlLengthSid(Group), 4); GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
/* Inherit the DACL */ /* Inherit the DACL */
if (ExplicitDescriptor != NULL && if (ExplicitDescriptor != NULL &&
(ExplicitDescriptor->Control & SE_DACL_PRESENT) && (ExplicitDescriptor->Control & SE_DACL_PRESENT) &&
@ -1373,6 +1377,7 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
{ {
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor); Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
} }
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED); Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
} }
else if (Token != NULL && Token->DefaultDacl != NULL) else if (Token != NULL && Token->DefaultDacl != NULL)
@ -1391,7 +1396,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0; DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0;
/* Inherit the SACL */ /* Inherit the SACL */
if (ExplicitDescriptor != NULL && if (ExplicitDescriptor != NULL &&
(ExplicitDescriptor->Control & SE_SACL_PRESENT) && (ExplicitDescriptor->Control & SE_SACL_PRESENT) &&
@ -1416,12 +1420,12 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
{ {
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor); Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
} }
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED); Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
} }
SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0; SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0;
/* Allocate and initialize the new security descriptor */ /* Allocate and initialize the new security descriptor */
Length = sizeof(SECURITY_DESCRIPTOR) + Length = sizeof(SECURITY_DESCRIPTOR) +
OwnerLength + GroupLength + DaclLength + SaclLength; OwnerLength + GroupLength + DaclLength + SaclLength;
@ -1479,7 +1483,9 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner); DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
} }
else else
{
DPRINT("Owner of %x is zero length\n", Descriptor); DPRINT("Owner of %x is zero length\n", Descriptor);
}
if (GroupLength != 0) if (GroupLength != 0)
{ {

19
reactos/ntoskrnl/se/semgr.c
View file

@ -17,13 +17,15 @@
PSE_EXPORTS SeExports = NULL; PSE_EXPORTS SeExports = NULL;
SE_EXPORTS SepExports; SE_EXPORTS SepExports;
ULONG SidInTokenCalls = 0;
extern ULONG ExpInitializationPhase; extern ULONG ExpInitializationPhase;
extern ERESOURCE SepSubjectContextLock; extern ERESOURCE SepSubjectContextLock;
/* PRIVATE FUNCTIONS **********************************************************/ /* PRIVATE FUNCTIONS **********************************************************/
static BOOLEAN INIT_FUNCTION static BOOLEAN
INIT_FUNCTION
SepInitExports(VOID) SepInitExports(VOID)
{ {
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege; SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
@ -118,6 +120,7 @@ NTAPI
SepInitializationPhase1(VOID) SepInitializationPhase1(VOID)
{ {
NTSTATUS Status; NTSTATUS Status;
PAGED_CODE(); PAGED_CODE();
/* Insert the system token into the tree */ /* Insert the system token into the tree */
@ -279,8 +282,6 @@ SeDefaultObjectMethod(IN PVOID Object,
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
ULONG SidInTokenCalls = 0;
static BOOLEAN static BOOLEAN
SepSidInToken(PACCESS_TOKEN _Token, SepSidInToken(PACCESS_TOKEN _Token,
PSID Sid) PSID Sid)
@ -340,7 +341,8 @@ SepTokenIsOwner(PACCESS_TOKEN Token,
return SepSidInToken(Token, Sid); return SepSidInToken(Token, Sid);
} }
VOID NTAPI VOID
NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess) OUT PACCESS_MASK DesiredAccess)
{ {
@ -351,13 +353,15 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
{ {
*DesiredAccess |= READ_CONTROL; *DesiredAccess |= READ_CONTROL;
} }
if (SecurityInformation & SACL_SECURITY_INFORMATION) if (SecurityInformation & SACL_SECURITY_INFORMATION)
{ {
*DesiredAccess |= ACCESS_SYSTEM_SECURITY; *DesiredAccess |= ACCESS_SYSTEM_SECURITY;
} }
} }
VOID NTAPI VOID
NTAPI
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess) OUT PACCESS_MASK DesiredAccess)
{ {
@ -367,10 +371,12 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
{ {
*DesiredAccess |= WRITE_OWNER; *DesiredAccess |= WRITE_OWNER;
} }
if (SecurityInformation & DACL_SECURITY_INFORMATION) if (SecurityInformation & DACL_SECURITY_INFORMATION)
{ {
*DesiredAccess |= WRITE_DAC; *DesiredAccess |= WRITE_DAC;
} }
if (SecurityInformation & SACL_SECURITY_INFORMATION) if (SecurityInformation & SACL_SECURITY_INFORMATION)
{ {
*DesiredAccess |= ACCESS_SYSTEM_SECURITY; *DesiredAccess |= ACCESS_SYSTEM_SECURITY;
@ -763,7 +769,8 @@ SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
/* /*
* @implemented * @implemented
*/ */
BOOLEAN NTAPI BOOLEAN
NTAPI
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked, IN BOOLEAN SubjectContextLocked,

12
reactos/ntoskrnl/se/sid.c
View file

@ -150,7 +150,7 @@ SepInitSecurityIDs(VOID)
SeAnonymousLogonSid == NULL) SeAnonymousLogonSid == NULL)
{ {
FreeInitializedSids(); FreeInitializedSids();
return(FALSE); return FALSE;
} }
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1); RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
@ -253,7 +253,7 @@ SepInitSecurityIDs(VOID)
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0); SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID; *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
return(TRUE); return TRUE;
} }
NTSTATUS NTSTATUS
@ -293,7 +293,7 @@ SepCaptureSid(IN PSID InputSid,
/* allocate a SID and copy it */ /* allocate a SID and copy it */
NewSid = ExAllocatePool(PoolType, NewSid = ExAllocatePool(PoolType,
SidSize); SidSize);
if(NewSid != NULL) if (NewSid != NULL)
{ {
_SEH2_TRY _SEH2_TRY
{ {
@ -316,7 +316,7 @@ SepCaptureSid(IN PSID InputSid,
Status = STATUS_INSUFFICIENT_RESOURCES; Status = STATUS_INSUFFICIENT_RESOURCES;
} }
} }
else if(!CaptureIfKernel) else if (!CaptureIfKernel)
{ {
*CapturedSid = InputSid; *CapturedSid = InputSid;
return STATUS_SUCCESS; return STATUS_SUCCESS;
@ -328,7 +328,7 @@ SepCaptureSid(IN PSID InputSid,
/* allocate a SID and copy it */ /* allocate a SID and copy it */
NewSid = ExAllocatePool(PoolType, NewSid = ExAllocatePool(PoolType,
SidSize); SidSize);
if(NewSid != NULL) if (NewSid != NULL)
{ {
RtlCopyMemory(NewSid, RtlCopyMemory(NewSid,
Sid, Sid,
@ -353,7 +353,7 @@ SepReleaseSid(IN PSID CapturedSid,
{ {
PAGED_CODE(); PAGED_CODE();
if(CapturedSid != NULL && if (CapturedSid != NULL &&
(AccessMode != KernelMode || (AccessMode != KernelMode ||
(AccessMode == KernelMode && CaptureIfKernel))) (AccessMode == KernelMode && CaptureIfKernel)))
{ {

146
reactos/ntoskrnl/se/token.c
View file

@ -25,10 +25,12 @@ ERESOURCE SepTokenLock;
TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}}; TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}};
LUID SeSystemAuthenticationId = SYSTEM_LUID; LUID SeSystemAuthenticationId = SYSTEM_LUID;
static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ, static GENERIC_MAPPING SepTokenMapping = {
TOKEN_READ,
TOKEN_WRITE, TOKEN_WRITE,
TOKEN_EXECUTE, TOKEN_EXECUTE,
TOKEN_ALL_ACCESS}; TOKEN_ALL_ACCESS
};
static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = { static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = {
@ -108,10 +110,11 @@ SepFreeProxyData(PVOID ProxyData)
NTSTATUS NTSTATUS
NTAPI NTAPI
SepCopyProxyData(PVOID* Dest, PVOID Src) SepCopyProxyData(PVOID* Dest,
PVOID Src)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return(STATUS_NOT_IMPLEMENTED); return STATUS_NOT_IMPLEMENTED;
} }
NTSTATUS NTSTATUS
@ -170,7 +173,7 @@ RtlLengthSidAndAttributes(ULONG Count,
for (i = 0; i < Count; i++) for (i = 0; i < Count; i++)
uLength += RtlLengthSid(Src[i].Sid); uLength += RtlLengthSid(Src[i].Sid);
return(uLength); return uLength;
} }
@ -214,7 +217,7 @@ SepFindPrimaryGroupAndDefaultOwner(PTOKEN Token,
return(STATUS_INVALID_PRIMARY_GROUP); return(STATUS_INVALID_PRIMARY_GROUP);
} }
return(STATUS_SUCCESS); return STATUS_SUCCESS;
} }
@ -248,7 +251,7 @@ SepDuplicateToken(PTOKEN Token,
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DPRINT1("ObCreateObject() failed (Status %lx)\n", Status); DPRINT1("ObCreateObject() failed (Status %lx)\n", Status);
return(Status); return Status;
} }
/* Zero out the buffer */ /* Zero out the buffer */
@ -258,14 +261,14 @@ SepDuplicateToken(PTOKEN Token,
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
ObDereferenceObject(AccessToken); ObDereferenceObject(AccessToken);
return(Status); return Status;
} }
Status = ZwAllocateLocallyUniqueId(&AccessToken->ModifiedId); Status = ZwAllocateLocallyUniqueId(&AccessToken->ModifiedId);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
ObDereferenceObject(AccessToken); ObDereferenceObject(AccessToken);
return(Status); return Status;
} }
AccessToken->TokenLock = &SepTokenLock; AccessToken->TokenLock = &SepTokenLock;
@ -327,7 +330,7 @@ SepDuplicateToken(PTOKEN Token,
Token->Privileges[i].Attributes; Token->Privileges[i].Attributes;
} }
if ( Token->DefaultDacl ) if (Token->DefaultDacl)
{ {
AccessToken->DefaultDacl = AccessToken->DefaultDacl =
(PACL) ExAllocatePoolWithTag(PagedPool, (PACL) ExAllocatePoolWithTag(PagedPool,
@ -339,13 +342,13 @@ SepDuplicateToken(PTOKEN Token,
} }
} }
if ( NT_SUCCESS(Status) ) if (NT_SUCCESS(Status))
{ {
*NewAccessToken = AccessToken; *NewAccessToken = AccessToken;
return(STATUS_SUCCESS); return(STATUS_SUCCESS);
} }
return(Status); return Status;
} }
NTSTATUS NTSTATUS
@ -447,10 +450,11 @@ SeCopyClientToken(IN PACCESS_TOKEN Token,
PreviousMode, PreviousMode,
(PTOKEN*)NewToken); (PTOKEN*)NewToken);
return(Status); return Status;
} }
VOID NTAPI VOID
NTAPI
SepDeleteToken(PVOID ObjectBody) SepDeleteToken(PVOID ObjectBody)
{ {
PTOKEN AccessToken = (PTOKEN)ObjectBody; PTOKEN AccessToken = (PTOKEN)ObjectBody;
@ -577,11 +581,11 @@ SepCreateToken(OUT PHANDLE TokenHandle,
Status = ZwAllocateLocallyUniqueId(&TokenId); Status = ZwAllocateLocallyUniqueId(&TokenId);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
return(Status); return Status;
Status = ZwAllocateLocallyUniqueId(&ModifiedId); Status = ZwAllocateLocallyUniqueId(&ModifiedId);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
return(Status); return Status;
Status = ObCreateObject(PreviousMode, Status = ObCreateObject(PreviousMode,
SepTokenObjectType, SepTokenObjectType,
@ -595,7 +599,7 @@ SepCreateToken(OUT PHANDLE TokenHandle,
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DPRINT1("ObCreateObject() failed (Status %lx)\n"); DPRINT1("ObCreateObject() failed (Status %lx)\n");
return(Status); return Status;
} }
/* Zero out the buffer */ /* Zero out the buffer */
@ -708,8 +712,7 @@ SepCreateToken(OUT PHANDLE TokenHandle,
if (!SystemToken) if (!SystemToken)
{ {
Status = ObInsertObject((PVOID)AccessToken,
Status = ObInsertObject ((PVOID)AccessToken,
NULL, NULL,
DesiredAccess, DesiredAccess,
0, 0,
@ -915,7 +918,8 @@ SeQuerySessionIdToken(IN PACCESS_TOKEN Token,
/* /*
* @implemented * @implemented
*/ */
NTSTATUS NTAPI NTSTATUS
NTAPI
SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token, SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
OUT PLUID LogonId) OUT PLUID LogonId)
{ {
@ -960,6 +964,7 @@ NTAPI
SeTokenIsAdmin(IN PACCESS_TOKEN Token) SeTokenIsAdmin(IN PACCESS_TOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0; return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0;
} }
@ -971,6 +976,7 @@ NTAPI
SeTokenIsRestricted(IN PACCESS_TOKEN Token) SeTokenIsRestricted(IN PACCESS_TOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0; return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
} }
@ -982,6 +988,7 @@ NTAPI
SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token) SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0; return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0;
} }
@ -1020,8 +1027,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
ReturnLength, ReturnLength,
NULL, NULL,
PreviousMode); PreviousMode);
if (!NT_SUCCESS(Status))
if(!NT_SUCCESS(Status))
{ {
DPRINT("NtQueryInformationToken() failed, Status: 0x%x\n", Status); DPRINT("NtQueryInformationToken() failed, Status: 0x%x\n", Status);
return Status; return Status;
@ -1047,7 +1053,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
Status = RtlCopySidAndAttributesArray(1, Status = RtlCopySidAndAttributesArray(1,
&Token->UserAndGroups[0], &Token->UserAndGroups[0],
@ -1062,7 +1068,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1086,7 +1092,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) - ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES)); ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
@ -1107,7 +1113,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1131,7 +1137,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
tp->PrivilegeCount = Token->PrivilegeCount; tp->PrivilegeCount = Token->PrivilegeCount;
RtlCopyLuidAndAttributesArray(Token->PrivilegeCount, RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
@ -1143,7 +1149,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1168,7 +1174,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
to->Owner = (PSID)(to + 1); to->Owner = (PSID)(to + 1);
Status = RtlCopySid(SidLen, Status = RtlCopySid(SidLen,
@ -1180,7 +1186,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1205,7 +1211,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
tpg->PrimaryGroup = (PSID)(tpg + 1); tpg->PrimaryGroup = (PSID)(tpg + 1);
Status = RtlCopySid(SidLen, Status = RtlCopySid(SidLen,
@ -1217,7 +1223,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1238,16 +1244,16 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
DPRINT("NtQueryInformationToken(TokenDefaultDacl)\n"); DPRINT("NtQueryInformationToken(TokenDefaultDacl)\n");
RequiredLength = sizeof(TOKEN_DEFAULT_DACL); RequiredLength = sizeof(TOKEN_DEFAULT_DACL);
if(Token->DefaultDacl != NULL) if (Token->DefaultDacl != NULL)
{ {
RequiredLength += Token->DefaultDacl->AclSize; RequiredLength += Token->DefaultDacl->AclSize;
} }
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
if(Token->DefaultDacl != NULL) if (Token->DefaultDacl != NULL)
{ {
tdd->DefaultDacl = (PACL)(tdd + 1); tdd->DefaultDacl = (PACL)(tdd + 1);
RtlCopyMemory(tdd->DefaultDacl, RtlCopyMemory(tdd->DefaultDacl,
@ -1264,7 +1270,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1287,7 +1293,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
*ts = Token->TokenSource; *ts = Token->TokenSource;
} }
@ -1296,7 +1302,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1319,7 +1325,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
*tt = Token->TokenType; *tt = Token->TokenType;
} }
@ -1328,7 +1334,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1359,7 +1365,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
*sil = Token->ImpersonationLevel; *sil = Token->ImpersonationLevel;
} }
@ -1368,7 +1374,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1391,7 +1397,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
ts->TokenId = Token->TokenId; ts->TokenId = Token->TokenId;
ts->AuthenticationId = Token->AuthenticationId; ts->AuthenticationId = Token->AuthenticationId;
@ -1409,7 +1415,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1432,7 +1438,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
RtlCopyLuid(&to->OriginatingLogonSession, RtlCopyLuid(&to->OriginatingLogonSession,
&Token->AuthenticationId); &Token->AuthenticationId);
@ -1442,7 +1448,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1471,7 +1477,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
_SEH2_TRY _SEH2_TRY
{ {
if(TokenInformationLength >= RequiredLength) if (TokenInformationLength >= RequiredLength)
{ {
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) - ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
(Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)); (Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
@ -1492,7 +1498,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = STATUS_BUFFER_TOO_SMALL; Status = STATUS_BUFFER_TOO_SMALL;
} }
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = RequiredLength; *ReturnLength = RequiredLength;
} }
@ -1520,14 +1526,14 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
Status = SeQuerySessionIdToken(Token, Status = SeQuerySessionIdToken(Token,
&SessionId); &SessionId);
if(NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
_SEH2_TRY _SEH2_TRY
{ {
/* buffer size was already verified, no need to check here again */ /* buffer size was already verified, no need to check here again */
*(PULONG)TokenInformation = SessionId; *(PULONG)TokenInformation = SessionId;
if(ReturnLength != NULL) if (ReturnLength != NULL)
{ {
*ReturnLength = sizeof(ULONG); *ReturnLength = sizeof(ULONG);
} }
@ -1551,7 +1557,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
ObDereferenceObject(Token); ObDereferenceObject(Token);
} }
return(Status); return Status;
} }
@ -1582,15 +1588,14 @@ NtSetInformationToken(IN HANDLE TokenHandle,
TokenInformation, TokenInformation,
TokenInformationLength, TokenInformationLength,
PreviousMode); PreviousMode);
if (!NT_SUCCESS(Status))
if(!NT_SUCCESS(Status))
{ {
/* Invalid buffers */ /* Invalid buffers */
DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status); DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
return Status; return Status;
} }
if(TokenInformationClass == TokenSessionId) if (TokenInformationClass == TokenSessionId)
{ {
NeededAccess |= TOKEN_ADJUST_SESSIONID; NeededAccess |= TOKEN_ADJUST_SESSIONID;
} }
@ -1607,7 +1612,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
{ {
case TokenOwner: case TokenOwner:
{ {
if(TokenInformationLength >= sizeof(TOKEN_OWNER)) if (TokenInformationLength >= sizeof(TOKEN_OWNER))
{ {
PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation; PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
PSID InputSid = NULL, CapturedSid; PSID InputSid = NULL, CapturedSid;
@ -1627,7 +1632,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
PagedPool, PagedPool,
FALSE, FALSE,
&CapturedSid); &CapturedSid);
if(NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
RtlCopySid(RtlLengthSid(CapturedSid), RtlCopySid(RtlLengthSid(CapturedSid),
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid,
@ -1646,7 +1651,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
case TokenPrimaryGroup: case TokenPrimaryGroup:
{ {
if(TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP)) if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
{ {
PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation; PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
PSID InputSid = NULL, CapturedSid; PSID InputSid = NULL, CapturedSid;
@ -1666,7 +1671,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
PagedPool, PagedPool,
FALSE, FALSE,
&CapturedSid); &CapturedSid);
if(NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
RtlCopySid(RtlLengthSid(CapturedSid), RtlCopySid(RtlLengthSid(CapturedSid),
Token->PrimaryGroup, Token->PrimaryGroup,
@ -1685,7 +1690,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
case TokenDefaultDacl: case TokenDefaultDacl:
{ {
if(TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL)) if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
{ {
PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation; PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
PACL InputAcl = NULL; PACL InputAcl = NULL;
@ -1700,7 +1705,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
} }
_SEH2_END; _SEH2_END;
if(InputAcl != NULL) if (InputAcl != NULL)
{ {
PACL CapturedAcl; PACL CapturedAcl;
@ -1710,7 +1715,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
PagedPool, PagedPool,
TRUE, TRUE,
&CapturedAcl); &CapturedAcl);
if(NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
/* free the previous dacl if present */ /* free the previous dacl if present */
if(Token->DefaultDacl != NULL) if(Token->DefaultDacl != NULL)
@ -1725,7 +1730,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
else else
{ {
/* clear and free the default dacl if present */ /* clear and free the default dacl if present */
if(Token->DefaultDacl != NULL) if (Token->DefaultDacl != NULL)
{ {
ExFreePool(Token->DefaultDacl); ExFreePool(Token->DefaultDacl);
Token->DefaultDacl = NULL; Token->DefaultDacl = NULL;
@ -1754,7 +1759,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
} }
_SEH2_END; _SEH2_END;
if(!SeSinglePrivilegeCheck(SeTcbPrivilege, if (!SeSinglePrivilegeCheck(SeTcbPrivilege,
PreviousMode)) PreviousMode))
{ {
Status = STATUS_PRIVILEGE_NOT_HELD; Status = STATUS_PRIVILEGE_NOT_HELD;
@ -1775,7 +1780,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
ObDereferenceObject(Token); ObDereferenceObject(Token);
} }
return(Status); return Status;
} }
@ -1827,7 +1832,7 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
FALSE, FALSE,
&CapturedSecurityQualityOfService, &CapturedSecurityQualityOfService,
&QoSPresent); &QoSPresent);
if(!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status); DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
return Status; return Status;
@ -1899,7 +1904,7 @@ NtAdjustGroupsToken(IN HANDLE TokenHandle,
* @implemented * @implemented
*/ */
NTSTATUS NTAPI NTSTATUS NTAPI
NtAdjustPrivilegesToken (IN HANDLE TokenHandle, NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges, IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState, IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength, IN ULONG BufferLength,
@ -1997,6 +2002,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
* accordingly and fail. * accordingly and fail.
*/ */
} }
k++; k++;
} }
@ -2004,6 +2010,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED; Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
} }
} }
Status = STATUS_SUCCESS; Status = STATUS_SUCCESS;
} }
else else
@ -2042,6 +2049,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
* accordingly and fail. * accordingly and fail.
*/ */
} }
k++; k++;
} }
@ -2052,10 +2060,12 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
DPRINT ("New attributes %lx\n", DPRINT ("New attributes %lx\n",
Token->Privileges[i].Attributes); Token->Privileges[i].Attributes);
} }
Count++; Count++;
} }
} }
} }
Status = Count < NewState->PrivilegeCount ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS; Status = Count < NewState->PrivilegeCount ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS;
} }
@ -2102,7 +2112,7 @@ NtCreateToken(OUT PHANDLE TokenHandle,
PreviousMode = ExGetPreviousMode(); PreviousMode = ExGetPreviousMode();
if(PreviousMode != KernelMode) if (PreviousMode != KernelMode)
{ {
_SEH2_TRY _SEH2_TRY
{ {
@ -2324,7 +2334,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
if (CopyOnOpen && NewThread) ObDereferenceObject(NewThread); if (CopyOnOpen && NewThread) ObDereferenceObject(NewThread);
if(NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
_SEH2_TRY _SEH2_TRY
{ {