- Refactor most of the code, since there's quite some stuff that don't make much sense.
For instance ImpersonationLevel is basically the requested impersonation level a
server asks for. PsImpersonateClient doesn't explicitly say that SecurityAnonymous
and SecurityIdentification are not allowed. If the server was to give such levels
it simply means it doesn't want to impersonate the client.
Another thing that doesn't make much sense is that we check if the client is
associated with an anonymous token, then avoid impersonating regular anonymous
tokens that weren't created by the system. Only system can create such tokens
and an anonymous token basically means a token with hidden security info.
- Check that the server is within the same client logon session.
- If the server is granted the SeImpersonatePrivilege privilege, allow impersonation
regardless of the conditions we want to check for.
- Update the documentation and code comments.
As it currently stands the PsImpersonateClient routine does the following approach.
If impersonation couldn't be granted to a client the routine will make a copy
of the client's access token. As it makes a copy of the said token PsImpersonateClient
will reference the copied token after impersonation info have been filled out.
In the same code path we are assigning the desired level for impersonation to thread
impersonation info.
This is wrong for two reasons:
- On a copy situation the SeCopyClientToken routine holds a reference as the object
has been created. Referencing it at the bottom of the PsImpersonateClient routine
will make it that the token is referenced twice and whenever a server stops
impersonation the token still has an extra reference count which keeps the token
still alive in object database and memory space.
- If client impersonation is not possible the thread impersonation info should
have been assigned SecurityIdentification level to further indicate that the
actual impersonation of the thread is not currently in force but instead we
are assigning the impersonation level that is supplied by the caller. For instance
if the requested level is SecurityDelegation but impersonation is not possible
the level will be assigned that of SecurityDelegation yet the token has an
impersonation level of SecurityIdentification. This could lead to erratic behaviors
as well as potential impersonation escalation.
Fix the aforementioned issues by avoiding a double reference and properly assign
the impersonation level to SecurityIdentification if the server is not able to
impersonate the target client.
- Add the missing privileges to the SYSTEM privileges which might be needed,
notably SeUndockPrivilege, SeManageVolumePrivilege, SeCreateGlobalPrivilege and
SeImpersonatePrivilege.
Specifically SeImpersonatePrivilege is important here because with it we
allow system components of the core OS to perform certain system tasks.
- Declare the Groups array with a maximum of 3 elements in SepCreateSystemProcessToken
and 1 element in SepCreateSystemAnonymousLogonToken respectively, because previously
this array was oversized with most of free space left as a waste.
- Avoid hardcoding the size value of the Privilege array, instead initialize it
by hand and compute the exact number of elements with RTL_NUMBER_OF.
Due to a update of MSBuild build worker, MSBuild keeps failing which is a nuisance.
Temporarily disable that worker until a proper fix is shipped.
CORE-18911
- Fix whitespace; add SAL annotations, doxygen documentation...
- Deduplicate the array of description strings corresponding to
IO_QUERY_DEVICE_DATA_FORMAT.
- Unhardcode the "[3]" into 'IoQueryDeviceMaxData': the maximum number
of device data queried.
The definition is also in xdk/iotypes.h and ntddk.h around _ARC_DDK_
for compatibility, but arc.h should also be self-contained regarding
ARC definitions.
- Wrap most of the code into a new private routine, SepOpenThreadToken.
And properly fail gracefully if we fail to open a thread's token instead of just keeping going.
- Do not use the same thread object that we have referenced in NtOpenThreadTokenEx
to do a copy of the access token in case we can't open it directly.
Instead we must reference a new object with full access, solely used for
the purpose to do our required operations.
- Add debug prints
CORE-18986
Removing any disabled privileges or groups in the middle of token dynamic
part allocation can pose problems. During the operation of making an access
token as effective, we are toying with the privileges and groups arrays
of the token.
After that we are allocating the dynamic part and set EndMem (the end tail
of the memory part) to that dynamic part, previously it was set to the
variable part. As a matter of fact we are making the token effective in
the middle where EndMem still points to VariablePart, thus DynamicPart
will end up with memory pool blocks butchered in the pool list.
Another problem, albeit not related to the DynamicPart corruption, is that
the code starts iterating over the UserAndGroups array from 0, which is
the actual user. One cannot simply remove the user from the array, so we
have to start looping right from the groups.
Move the token effective code part at the end of the SepDuplicateToken
function, which fixes the random pool corruptions caused by the butchered
DynamicPart.
CORE-18986
Our paint program used the pixels per meter (PPM)
unit but this unit is hardly used in the world.
Let's use DPI (dots per inch) and/or pixels per
centimeter (PPCM). CORE-18867
The unhiding and guilty revision that was identified by @stasm by bisecting the
bootability of LiveCD was 0.4.15-dev-6050-g13e6cbc
As that was the symptom: "We could not longer boot livecd". CORE-18986
- Delete the win32ksvc-ros.h file, which was not used
- Use a separate file for x64 (based on 2k3 x64 free)
- Delete w32ksvc.db. It's unused since ages.
CORE-18962
- Deduplicate a while-loop by adding one more recursive call.
- Add IopMapDetectedDeviceId() helper function with a structure
in order to reduce hardcoded constants and checks.
Make resource files consistent among different languages.
CORE-18903
Add the WS_DISABLED flag for IDC_BUTTON_HELP and IDC_BUTTON_SAVE_INFO,
in those places where it was not done. The actions corresponding to those
buttons are currently unimplemented, this is why they were disabled.
Signed-off-by: Nikita Piatygorskiy <generalhammond16@gmail.com>
These must use the corresponding NtUserSetWindowWord/Long function and cannot use NtUserSetWindowLongPtr, otherwise the function can fail, when there is only space for a LONG, but not for a LONG_PTR at the specified offset.
CORE-18978
Fixes NULL pointer access when e.g. class.lpszClassName == NULL and
the class is registered. The RegisterClass(ExA/W/...) should return 0
instead of throwing an invalid access exception.
However, providing an invalid pointer will trigger a crash.
OSK et Magnify are mixed at initialization (language dependent),
LBS_STANDARD includes LBS_SORT style that changes the content in the listbox.
Patch by KRosUser.
CORE-18274
