Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-26 07:51:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove a hack from NtAccessCheck(). Bug #4169.

Browse source 
svn path=/trunk/; revision=41610
This commit is contained in:
Dmitry Gorbachev 2009-06-25 13:29:58 +00:00
parent d53c35b02b
commit ff37974bba
1 changed files with 85 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

178
reactos/ntoskrnl/se/semgr.c
View file

@ -49,7 +49,7 @@ SepInitExports(VOID)
SepExports.SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
SepExports.SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
SepExports.SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;
SepExports.SeNullSid = SeNullSid;
SepExports.SeWorldSid = SeWorldSid;
SepExports.SeLocalSid = SeLocalSid;
@ -72,11 +72,11 @@ SepInitExports(VOID)
SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid;
SepExports.SeRestrictedSid = SeRestrictedSid;
SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid;
SepExports.SeUndockPrivilege = SeUndockPrivilege;
SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege;
SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege;
SeExports = &SepExports;
return TRUE;
}
@ -92,18 +92,18 @@ SepInitializationPhase0(VOID)
if (!SepInitSDs()) return FALSE;
SepInitPrivileges();
if (!SepInitExports()) return FALSE;
/* Initialize the subject context lock */
ExInitializeResource(&SepSubjectContextLock);
/* Initialize token objects */
SepInitializeTokenImplementation();
/* Clear impersonation info for the idle thread */
PsGetCurrentThread()->ImpersonationInfo = NULL;
PspClearCrossThreadFlag(PsGetCurrentThread(),
CT_ACTIVE_IMPERSONATION_INFO_BIT);
/* Initialize the boot token */
ObInitializeFastReference(&PsGetCurrentProcess()->Token, NULL);
ObInitializeFastReference(&PsGetCurrentProcess()->Token,
@ -117,7 +117,7 @@ SepInitializationPhase1(VOID)
{
NTSTATUS Status;
PAGED_CODE();
/* Insert the system token into the tree */
Status = ObInsertObject((PVOID)(PsGetCurrentProcess()->Token.Value &
~MAX_FAST_REFS),
@ -127,7 +127,7 @@ SepInitializationPhase1(VOID)
NULL,
NULL);
ASSERT(NT_SUCCESS(Status));
/* FIXME: TODO \\ Security directory */
return TRUE;
}
@ -140,17 +140,17 @@ SeInitSystem(VOID)
switch (ExpInitializationPhase)
{
case 0:
/* Do Phase 0 */
return SepInitializationPhase0();
case 1:
/* Do Phase 1 */
return SepInitializationPhase1();
default:
/* Don't know any other phase! Bugcheck! */
KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
0,
@ -170,7 +170,7 @@ SeInitSRM(VOID)
HANDLE DirectoryHandle;
HANDLE EventHandle;
NTSTATUS Status;
/* Create '\Security' directory */
RtlInitUnicodeString(&Name,
L"\\Security");
@ -187,7 +187,7 @@ SeInitSRM(VOID)
DPRINT1("Failed to create 'Security' directory!\n");
return FALSE;
}
/* Create 'LSA_AUTHENTICATION_INITALIZED' event */
RtlInitUnicodeString(&Name,
L"\\LSA_AUTHENTICATION_INITALIZED");
@ -207,12 +207,12 @@ SeInitSRM(VOID)
NtClose(DirectoryHandle);
return FALSE;
}
ZwClose(EventHandle);
ZwClose(DirectoryHandle);
/* FIXME: Create SRM port and listener thread */
return TRUE;
}
@ -228,16 +228,16 @@ SeDefaultObjectMethod(IN PVOID Object,
IN PGENERIC_MAPPING GenericMapping)
{
PAGED_CODE();
/* Select the operation type */
switch (OperationType)
{
/* Setting a new descriptor */
case SetSecurityDescriptor:
/* Sanity check */
ASSERT((PoolType == PagedPool) || (PoolType == NonPagedPool));
/* Set the information */
return ObSetSecurityDescriptorInfo(Object,
SecurityInformation,
@ -245,33 +245,33 @@ SeDefaultObjectMethod(IN PVOID Object,
OldSecurityDescriptor,
PoolType,
GenericMapping);
case QuerySecurityDescriptor:
/* Query the information */
return ObQuerySecurityDescriptorInfo(Object,
SecurityInformation,
SecurityDescriptor,
ReturnLength,
OldSecurityDescriptor);
case DeleteSecurityDescriptor:
/* De-assign it */
return ObDeassignSecurity(OldSecurityDescriptor);
case AssignSecurityDescriptor:
/* Assign it */
ObAssignObjectSecurityDescriptor(Object, SecurityDescriptor, PoolType);
return STATUS_SUCCESS;
default:
/* Bug check */
KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0);
}
/* Should never reach here */
ASSERT(FALSE);
return STATUS_SUCCESS;
@ -284,14 +284,14 @@ SepSidInToken(PACCESS_TOKEN _Token,
{
ULONG i;
PTOKEN Token = (PTOKEN)_Token;
PAGED_CODE();
if (Token->UserAndGroupCount == 0)
{
return FALSE;
}
for (i=0; i<Token->UserAndGroupCount; i++)
{
if (RtlEqualSid(Sid, Token->UserAndGroups[i].Sid))
@ -300,11 +300,11 @@ SepSidInToken(PACCESS_TOKEN _Token,
{
return TRUE;
}
return FALSE;
}
}
return FALSE;
}
@ -314,7 +314,7 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess)
{
*DesiredAccess = 0;
if (SecurityInformation & (OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
{
@ -331,7 +331,7 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess)
{
*DesiredAccess = 0;
if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
{
*DesiredAccess |= WRITE_OWNER;
@ -374,7 +374,7 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
PSID Sid;
NTSTATUS Status;
PAGED_CODE();
/* Check if this is kernel mode */
if (AccessMode == KernelMode)
{
@ -391,12 +391,12 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
/* Give the desired and previous access */
*GrantedAccess = DesiredAccess | PreviouslyGrantedAccess;
}
/* Success */
*AccessStatus = STATUS_SUCCESS;
return TRUE;
}
/* Check if we didn't get an SD */
if (!SecurityDescriptor)
{
@ -404,7 +404,7 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*AccessStatus = STATUS_ACCESS_DENIED;
return FALSE;
}
/* Check for invalid impersonation */
if ((SubjectSecurityContext->ClientToken) &&
(SubjectSecurityContext->ImpersonationLevel < SecurityImpersonation))
@ -412,7 +412,7 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*AccessStatus = STATUS_BAD_IMPERSONATION_LEVEL;
return FALSE;
}
/* Check for no access desired */
if (!DesiredAccess)
{
@ -423,31 +423,31 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*AccessStatus = STATUS_ACCESS_DENIED;
return FALSE;
}
/* Return the previous access only */
*GrantedAccess = PreviouslyGrantedAccess;
*AccessStatus = STATUS_SUCCESS;
*Privileges = NULL;
return TRUE;
}
/* Acquire the lock if needed */
if (!SubjectContextLocked) SeLockSubjectContext(SubjectSecurityContext);
/* Map given accesses */
RtlMapGenericMask(&DesiredAccess, GenericMapping);
if (PreviouslyGrantedAccess)
RtlMapGenericMask(&PreviouslyGrantedAccess, GenericMapping);
CurrentAccess = PreviouslyGrantedAccess;
Token = SubjectSecurityContext->ClientToken ?
SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken;
/* Get the DACL */
Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
&Present,
@ -459,11 +459,11 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
{
SeUnlockSubjectContext(SubjectSecurityContext);
}
*AccessStatus = Status;
return FALSE;
}
/* RULE 1: Grant desired access if the object is unprotected */
if (Present == TRUE && Dacl == NULL)
{
@ -471,18 +471,18 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
{
SeUnlockSubjectContext(SubjectSecurityContext);
}
*GrantedAccess = DesiredAccess;
*AccessStatus = STATUS_SUCCESS;
return TRUE;
}
CurrentAccess = PreviouslyGrantedAccess;
/* RULE 2: Check token for 'take ownership' privilege */
Privilege.Luid = SeTakeOwnershipPrivilege;
Privilege.Attributes = SE_PRIVILEGE_ENABLED;
if (SepPrivilegeCheck(Token,
&Privilege,
1,
@ -497,13 +497,13 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
{
SeUnlockSubjectContext(SubjectSecurityContext);
}
*GrantedAccess = CurrentAccess;
*AccessStatus = STATUS_SUCCESS;
return TRUE;
}
}
/* RULE 3: Check whether the token is the owner */
Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor,
&Sid,
@ -515,11 +515,11 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
{
SeUnlockSubjectContext(SubjectSecurityContext);
}
*AccessStatus = Status;
return FALSE;
}
if (Sid && SepSidInToken(Token, Sid))
{
CurrentAccess |= (READ_CONTROL | WRITE_DAC);
@ -530,13 +530,13 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
{
SeUnlockSubjectContext(SubjectSecurityContext);
}
*GrantedAccess = CurrentAccess;
*AccessStatus = STATUS_SUCCESS;
return TRUE;
}
}
/* Fail if DACL is absent */
if (Present == FALSE)
{
@ -544,12 +544,12 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
{
SeUnlockSubjectContext(SubjectSecurityContext);
}
*GrantedAccess = 0;
*AccessStatus = STATUS_ACCESS_DENIED;
return FALSE;
}
/* RULE 4: Grant rights according to the DACL */
CurrentAce = (PACE)(Dacl + 1);
for (i = 0; i < Dacl->AceCount; i++)
@ -563,13 +563,13 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
{
SeUnlockSubjectContext(SubjectSecurityContext);
}
*GrantedAccess = 0;
*AccessStatus = STATUS_ACCESS_DENIED;
return FALSE;
}
}
else if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
{
if (SepSidInToken(Token, Sid))
@ -585,17 +585,17 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
}
CurrentAce = (PACE)((ULONG_PTR)CurrentAce + CurrentAce->Header.AceSize);
}
if (SubjectContextLocked == FALSE)
{
SeUnlockSubjectContext(SubjectSecurityContext);
}
DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n",
CurrentAccess, DesiredAccess);
*GrantedAccess = CurrentAccess & DesiredAccess;
if (DesiredAccess & MAXIMUM_ALLOWED)
{
*GrantedAccess = CurrentAccess;
@ -688,32 +688,24 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
SubjectSecurityContext.ProcessAuditId = NULL;
SeLockSubjectContext(&SubjectSecurityContext);
/* FIXME */
/* Now perform the access check */
if (SeAccessCheck(SecurityDescriptor,
&SubjectSecurityContext,
TRUE,
DesiredAccess,
0,
&PrivilegeSet, //FIXME
GenericMapping,
PreviousMode,
GrantedAccess,
AccessStatus))
{
Status = *AccessStatus;
}
else
{
Status = STATUS_ACCESS_DENIED;
}
SeAccessCheck(SecurityDescriptor,
&SubjectSecurityContext,
TRUE,
DesiredAccess,
0,
&PrivilegeSet, //FIXME
GenericMapping,
PreviousMode,
GrantedAccess,
AccessStatus);
/* Unlock subject context and dereference the token */
SeUnlockSubjectContext(&SubjectSecurityContext);
ObDereferenceObject(Token);
/* Check succeeded? */
return Status;
/* Check succeeded */
return STATUS_SUCCESS;
}