- Add check for optimized case for objects with no name and no security, but not implemented (ObpIncrementUnnamedHandleCount in Gl00my docs), since I need a better translation then babelfish's.
- Fix ObInsertObject to save the Security Descriptor in the Access State structure. Gl00my mentions this isn't absorbed by SeCreateAccessCheck and I just noticed that too.
- We only need to perform security checks for a new object, in ObInsertObject, not if the object already existed.
- Added proper backout+failure code in ObInsertObject if lookup failed, and also look out for mismatch/exists/collision cases (implemented using simple logic).
svn path=/trunk/; revision=22280
- Re-wrote the way ObInsertObject handles security as described in Chapters 6 and 9 of Gl00my (ie: made it use ObGetObjectSecurity and ObAssignObjectSecurity; ironically, these functions already existed/are exported and could've been used since the start instead of duplicating code).
- Fix ObpReferenceCachedSecurityDescriptor only to touch the cached entry if it actually gets a non-NULL descriptor. Also improved it to return the referenced SD, instead of requiring the caller to do it manually.
svn path=/trunk/; revision=22279
* Create the ACCESS_STATE structure much earlier.
* Actually send the access state and parse context to ObFindObject, when called from ObInsertObject (this should fix some hidden regressions, since they finally get an access state with access masks now).
* Remove some deprecated hacks.
* If inserting the handle failed, cleanup the name and remove it from the directory entry.
* Fix a memory leak because we weren't deleting the access state.
svn path=/trunk/; revision=22278
- Minor/trivial fixes to some Object Security APIs that were left in the dark:
* Use PagedPool instead of NonPagedPool memory, and also tag the allocation for debugging.
* Send needed data to the security procedure instead of NULL/0, including the Generic Mapping, and the actual Security Decriptor.
* Only un-assign the descriptor in case of failure, not all the time (the whole point of the API is to assign it!)
* Tell the caller that memory was NOT allocated if we failed to get the security descriptor.
svn path=/trunk/; revision=22277
- Because of the split, we can now directly only do an Increment when duplicating the handle, since we don't need to create a brand new one. Also, when inheriting, we can now properly do an increment as well, instead of simply manually increasing the handle count (because for each inherited handle, access checks and openprocedure should've still been called).
svn path=/trunk/; revision=22276
* Honour ObjectType passed to the function and fail if it doesn't match.
* Use table-based logic instead of process-based logic for Kernel vs User-mode handles (same change that's been done all over the place, since it requires only one dereference of the process object).
* Do the GENERIC/MAXIMUM_ALLOWED logic directly inside the ACCESS_STATE structure.
* This is where we should call the OpenProcedure (acc. to Gl00my), but this kills win32k -- investigate, #ifed out for now.
* Increase the object type's number of handles as well.
* Set the handle table entry's ObAttributes correctly; the old code seems to have been messing that up.
* Honour the AdditionalReferences parameter and do referencing bias if requested.
* Honour the ReturnedObject parameter to return the object pointer back to the caller.
* Add OBTRACEing to the function.
* If we failed because a handle couldn't be allocated, use the distinguied STATUS_INSUFFICIENT_RESOURCES error code instead of the generic STATUS_UNSCUCESFFUL, and backout all the changes we made by calling ObpDecrementHandleCount.
svn path=/trunk/; revision=22267
- Change ObpCreateHandle to use an ACCESS_STATE structure instead of DesiredAccess. This is to help moving to an updated model where creating and incrementing a handle are 2 operations, so that code can be refactored (similarly to how we now have Delete/Decrement as 2 operations).
- Fix functions that were not creating an ACCESS_STATE Structure to create one locally now, or use the one passed as a parameter, if available.
svn path=/trunk/; revision=22265
- Make ObpCreateHandle internal to Ob as it should be. Change NtCreateProcessTokenEx to use ObOpenObjectByPointer, it has no business manually trying to create a handle. Same goes for ExpLoadInitialProcess.
svn path=/trunk/; revision=22264
- Make ObpCreateHandleTable return NTSTATUS instead of VOID, so that it can return STATUS_INSUFFIENT_RESOURCES if the handle table couldn't be allocated.
svn path=/trunk/; revision=22249
- Call the OkayToClose Procedure, if one is present, to allow the object owner a chance to disallow closing this handle. I believe this is required for properly protecting Winsta/Desktop handles (instead of using the regular protection mode, since that one can be bypassed). Thomas, get to work!
svn path=/trunk/; revision=22246
- Added function documentation header for ObpDecrementHandleCount and ObpSetHandleAttributes
- Modified ObpDecrementHandleCount to accept Process and GrantedAccess paraemters since the definition for the Close Procedure Callback requires them (and we were currently sending NULL). Also send 0 for process handle count, since we don't yet parse/support per-process handle databases.
- Minor optimization: All objects have an object type, don't actually check if the object has one when decrementing a handle.
- Minor accounting fix: Decrement the total number of handles for the object type whose handle count is being decreased.
svn path=/trunk/; revision=22245
- Make sure callers of NtMakePermanentObject have SeCreatePermanentPrivilege.
- Implement ObpDeleteNameCheck as described in Gl00my's Ob Documentation (using such documentation falls under US Reverse Engineering Law - Clean rooming).
- Remove duplicated code in ObpDecrementHandleCount and ObpSetPermanentObject and have them use ObpDeleteNameCheck instead.
- Fixes thanks to using this routine:
* Name-check is now properly done.
* The keep-alive reference is now deleted when going from permanent->temporary object.
* The parent directory is now dereferenced and cleared when deleting the object.
* The security procedure is now called to delete the SD, and the name buffer is freed.
- Remove ObGetObjectHandleCount, it's not a public function.
svn path=/trunk/; revision=22244
- Added stub exports for ObCloseHandle, ObReferenceSecurityDesciptor, ObSetHandleAttributes, ObSetSecurityObjectByPointer so that someday someone can know what needs to be implemented.
- Removed ObGetObjectPointerCount. It is not exported in newer OSes and was always undocumented.
- Move ObQueryObjecctAuditingByHandle to security.c and optimized it not to attach to the system process, as well as to cache the handle table instead of dereferencing the owner process all the time.
svn path=/trunk/; revision=22232
- Bug fixes:
* Remove MAXIMUM_ALLOWED<->GENERIC_ALL conversion, I could find no mention of this in the docs.
* Remove GENERIC_ACCESS <-> RtlMapGenericMask conversion, I could find no mention of this in the docs, and this mapping is only required when creating handles, not when referencing pointers.
- Optimizations:
* Restructure code and remove code which was sometimes duplicated up to 5 times.
* Do not attach/detach from the system process, this isn't required since we're merely getting a kernel pointer from the handle netry.
* Directly increase the pointer count instead of calling ObReferenceObject, since we already have the object header in a variable.
* Cache ObpKernelHandleTable/Process->ObjectTable and use those directly instead of always de-referencing the process.
svn path=/trunk/; revision=22231
