From ff37974bbaf0f32215c2dbe5e32acb35acc5e74a Mon Sep 17 00:00:00 2001 From: Dmitry Gorbachev Date: Thu, 25 Jun 2009 13:29:58 +0000 Subject: [PATCH] Remove a hack from NtAccessCheck(). Bug #4169. svn path=/trunk/; revision=41610 --- reactos/ntoskrnl/se/semgr.c | 178 +++++++++++++++++------------------- 1 file changed, 85 insertions(+), 93 deletions(-) diff --git a/reactos/ntoskrnl/se/semgr.c b/reactos/ntoskrnl/se/semgr.c index b0ee9889d6b..b5bbc02fb15 100644 --- a/reactos/ntoskrnl/se/semgr.c +++ b/reactos/ntoskrnl/se/semgr.c @@ -49,7 +49,7 @@ SepInitExports(VOID) SepExports.SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege; SepExports.SeChangeNotifyPrivilege = SeChangeNotifyPrivilege; SepExports.SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege; - + SepExports.SeNullSid = SeNullSid; SepExports.SeWorldSid = SeWorldSid; SepExports.SeLocalSid = SeLocalSid; @@ -72,11 +72,11 @@ SepInitExports(VOID) SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid; SepExports.SeRestrictedSid = SeRestrictedSid; SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid; - + SepExports.SeUndockPrivilege = SeUndockPrivilege; SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege; SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege; - + SeExports = &SepExports; return TRUE; } @@ -92,18 +92,18 @@ SepInitializationPhase0(VOID) if (!SepInitSDs()) return FALSE; SepInitPrivileges(); if (!SepInitExports()) return FALSE; - + /* Initialize the subject context lock */ ExInitializeResource(&SepSubjectContextLock); - + /* Initialize token objects */ SepInitializeTokenImplementation(); - + /* Clear impersonation info for the idle thread */ PsGetCurrentThread()->ImpersonationInfo = NULL; PspClearCrossThreadFlag(PsGetCurrentThread(), CT_ACTIVE_IMPERSONATION_INFO_BIT); - + /* Initialize the boot token */ ObInitializeFastReference(&PsGetCurrentProcess()->Token, NULL); ObInitializeFastReference(&PsGetCurrentProcess()->Token, @@ -117,7 +117,7 @@ SepInitializationPhase1(VOID) { NTSTATUS Status; PAGED_CODE(); - + /* Insert the system token into the tree */ Status = ObInsertObject((PVOID)(PsGetCurrentProcess()->Token.Value & ~MAX_FAST_REFS), @@ -127,7 +127,7 @@ SepInitializationPhase1(VOID) NULL, NULL); ASSERT(NT_SUCCESS(Status)); - + /* FIXME: TODO \\ Security directory */ return TRUE; } @@ -140,17 +140,17 @@ SeInitSystem(VOID) switch (ExpInitializationPhase) { case 0: - + /* Do Phase 0 */ return SepInitializationPhase0(); - + case 1: - + /* Do Phase 1 */ return SepInitializationPhase1(); - + default: - + /* Don't know any other phase! Bugcheck! */ KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL, 0, @@ -170,7 +170,7 @@ SeInitSRM(VOID) HANDLE DirectoryHandle; HANDLE EventHandle; NTSTATUS Status; - + /* Create '\Security' directory */ RtlInitUnicodeString(&Name, L"\\Security"); @@ -187,7 +187,7 @@ SeInitSRM(VOID) DPRINT1("Failed to create 'Security' directory!\n"); return FALSE; } - + /* Create 'LSA_AUTHENTICATION_INITALIZED' event */ RtlInitUnicodeString(&Name, L"\\LSA_AUTHENTICATION_INITALIZED"); @@ -207,12 +207,12 @@ SeInitSRM(VOID) NtClose(DirectoryHandle); return FALSE; } - + ZwClose(EventHandle); ZwClose(DirectoryHandle); - + /* FIXME: Create SRM port and listener thread */ - + return TRUE; } @@ -228,16 +228,16 @@ SeDefaultObjectMethod(IN PVOID Object, IN PGENERIC_MAPPING GenericMapping) { PAGED_CODE(); - + /* Select the operation type */ switch (OperationType) { /* Setting a new descriptor */ case SetSecurityDescriptor: - + /* Sanity check */ ASSERT((PoolType == PagedPool) || (PoolType == NonPagedPool)); - + /* Set the information */ return ObSetSecurityDescriptorInfo(Object, SecurityInformation, @@ -245,33 +245,33 @@ SeDefaultObjectMethod(IN PVOID Object, OldSecurityDescriptor, PoolType, GenericMapping); - + case QuerySecurityDescriptor: - + /* Query the information */ return ObQuerySecurityDescriptorInfo(Object, SecurityInformation, SecurityDescriptor, ReturnLength, OldSecurityDescriptor); - + case DeleteSecurityDescriptor: - + /* De-assign it */ return ObDeassignSecurity(OldSecurityDescriptor); - + case AssignSecurityDescriptor: - + /* Assign it */ ObAssignObjectSecurityDescriptor(Object, SecurityDescriptor, PoolType); return STATUS_SUCCESS; - + default: - + /* Bug check */ KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0); } - + /* Should never reach here */ ASSERT(FALSE); return STATUS_SUCCESS; @@ -284,14 +284,14 @@ SepSidInToken(PACCESS_TOKEN _Token, { ULONG i; PTOKEN Token = (PTOKEN)_Token; - + PAGED_CODE(); - + if (Token->UserAndGroupCount == 0) { return FALSE; } - + for (i=0; iUserAndGroupCount; i++) { if (RtlEqualSid(Sid, Token->UserAndGroups[i].Sid)) @@ -300,11 +300,11 @@ SepSidInToken(PACCESS_TOKEN _Token, { return TRUE; } - + return FALSE; } } - + return FALSE; } @@ -314,7 +314,7 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess) { *DesiredAccess = 0; - + if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION)) { @@ -331,7 +331,7 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess) { *DesiredAccess = 0; - + if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION)) { *DesiredAccess |= WRITE_OWNER; @@ -374,7 +374,7 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, PSID Sid; NTSTATUS Status; PAGED_CODE(); - + /* Check if this is kernel mode */ if (AccessMode == KernelMode) { @@ -391,12 +391,12 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, /* Give the desired and previous access */ *GrantedAccess = DesiredAccess | PreviouslyGrantedAccess; } - + /* Success */ *AccessStatus = STATUS_SUCCESS; return TRUE; } - + /* Check if we didn't get an SD */ if (!SecurityDescriptor) { @@ -404,7 +404,7 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, *AccessStatus = STATUS_ACCESS_DENIED; return FALSE; } - + /* Check for invalid impersonation */ if ((SubjectSecurityContext->ClientToken) && (SubjectSecurityContext->ImpersonationLevel < SecurityImpersonation)) @@ -412,7 +412,7 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, *AccessStatus = STATUS_BAD_IMPERSONATION_LEVEL; return FALSE; } - + /* Check for no access desired */ if (!DesiredAccess) { @@ -423,31 +423,31 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, *AccessStatus = STATUS_ACCESS_DENIED; return FALSE; } - + /* Return the previous access only */ *GrantedAccess = PreviouslyGrantedAccess; *AccessStatus = STATUS_SUCCESS; *Privileges = NULL; return TRUE; } - + /* Acquire the lock if needed */ if (!SubjectContextLocked) SeLockSubjectContext(SubjectSecurityContext); - + /* Map given accesses */ RtlMapGenericMask(&DesiredAccess, GenericMapping); if (PreviouslyGrantedAccess) RtlMapGenericMask(&PreviouslyGrantedAccess, GenericMapping); - - - + + + CurrentAccess = PreviouslyGrantedAccess; - - - + + + Token = SubjectSecurityContext->ClientToken ? SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken; - + /* Get the DACL */ Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor, &Present, @@ -459,11 +459,11 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, { SeUnlockSubjectContext(SubjectSecurityContext); } - + *AccessStatus = Status; return FALSE; } - + /* RULE 1: Grant desired access if the object is unprotected */ if (Present == TRUE && Dacl == NULL) { @@ -471,18 +471,18 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, { SeUnlockSubjectContext(SubjectSecurityContext); } - + *GrantedAccess = DesiredAccess; *AccessStatus = STATUS_SUCCESS; return TRUE; } - + CurrentAccess = PreviouslyGrantedAccess; - + /* RULE 2: Check token for 'take ownership' privilege */ Privilege.Luid = SeTakeOwnershipPrivilege; Privilege.Attributes = SE_PRIVILEGE_ENABLED; - + if (SepPrivilegeCheck(Token, &Privilege, 1, @@ -497,13 +497,13 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, { SeUnlockSubjectContext(SubjectSecurityContext); } - + *GrantedAccess = CurrentAccess; *AccessStatus = STATUS_SUCCESS; return TRUE; } } - + /* RULE 3: Check whether the token is the owner */ Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor, &Sid, @@ -515,11 +515,11 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, { SeUnlockSubjectContext(SubjectSecurityContext); } - + *AccessStatus = Status; return FALSE; } - + if (Sid && SepSidInToken(Token, Sid)) { CurrentAccess |= (READ_CONTROL | WRITE_DAC); @@ -530,13 +530,13 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, { SeUnlockSubjectContext(SubjectSecurityContext); } - + *GrantedAccess = CurrentAccess; *AccessStatus = STATUS_SUCCESS; return TRUE; } } - + /* Fail if DACL is absent */ if (Present == FALSE) { @@ -544,12 +544,12 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, { SeUnlockSubjectContext(SubjectSecurityContext); } - + *GrantedAccess = 0; *AccessStatus = STATUS_ACCESS_DENIED; return FALSE; } - + /* RULE 4: Grant rights according to the DACL */ CurrentAce = (PACE)(Dacl + 1); for (i = 0; i < Dacl->AceCount; i++) @@ -563,13 +563,13 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, { SeUnlockSubjectContext(SubjectSecurityContext); } - + *GrantedAccess = 0; *AccessStatus = STATUS_ACCESS_DENIED; return FALSE; } } - + else if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE) { if (SepSidInToken(Token, Sid)) @@ -585,17 +585,17 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, } CurrentAce = (PACE)((ULONG_PTR)CurrentAce + CurrentAce->Header.AceSize); } - + if (SubjectContextLocked == FALSE) { SeUnlockSubjectContext(SubjectSecurityContext); } - + DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n", CurrentAccess, DesiredAccess); - + *GrantedAccess = CurrentAccess & DesiredAccess; - + if (DesiredAccess & MAXIMUM_ALLOWED) { *GrantedAccess = CurrentAccess; @@ -688,32 +688,24 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, SubjectSecurityContext.ProcessAuditId = NULL; SeLockSubjectContext(&SubjectSecurityContext); - /* FIXME */ /* Now perform the access check */ - if (SeAccessCheck(SecurityDescriptor, - &SubjectSecurityContext, - TRUE, - DesiredAccess, - 0, - &PrivilegeSet, //FIXME - GenericMapping, - PreviousMode, - GrantedAccess, - AccessStatus)) - { - Status = *AccessStatus; - } - else - { - Status = STATUS_ACCESS_DENIED; - } + SeAccessCheck(SecurityDescriptor, + &SubjectSecurityContext, + TRUE, + DesiredAccess, + 0, + &PrivilegeSet, //FIXME + GenericMapping, + PreviousMode, + GrantedAccess, + AccessStatus); /* Unlock subject context and dereference the token */ SeUnlockSubjectContext(&SubjectSecurityContext); ObDereferenceObject(Token); - /* Check succeeded? */ - return Status; + /* Check succeeded */ + return STATUS_SUCCESS; }