1) The documented Object Create Information Structure and semantics implemented. All Object Attributes and passed data from user-mode is now probed and saved into this object create structure when ObCreateObject is called.
2) ObCreateObject does NOT PERFORM ANY OTHER OPERATION EXCEPT CREATING THE OBJECT ANYMORE. ObCreateObject will NOT insert the Object into the tree and other operations. These are now done correctly by ObInsertObject. Therefore, the biggest hurdle was changing pieces of code which assumed ObCreateObject would be enough.
3) ObInsertObject uses the captured create info for all operations isntead of the Object Attributes.
4) ObFindObject now uses the captured info as well.
5) The OBject name and directory are now stored in the documented Object Name Information, always allocated and freed from non paged pool.
HACKS:
5) Because the registry code is horribly broken and doesn't use ObFindObjectByName, the old ObFindObject had to be temporarily duplicated into CmpFindObject.
7) Win32k used ObInsertObject in CsrInsertObject as a way to create a handle inside csrss. However, OBInsertObject now does more then this. As a temporary hack, ObpCreateHandle is exported from the kernel and called from win32k. A fix needs to be done for this, but I don't know the design of win32k+csrss well enough to find a solution.
8) SEH has been commented out in some places of the new probing code because it breaks smss and explorer. These need to be investigated (seh did not exist in the previous code, so this is not really a hack)
9) Named objects with a parent directory are NOT allowed. However because of bugs in kernel32, the new check has been temporarily disabled. (this check did not exist in the previous code, so this is not really a hack)
The next patch will add a proper ObFindObject which will support a more complete Parse Procedure with context and security information. This is needed for proper registry access (requested by Eric Kohl) and for proper functionality of the Desktop/File creation, which should use the Parse routine, and not the Create Handle Routine. This will also make it possible to remove some previous hacks and pave the way for a fixed Iop/IoCreateFile
svn path=/trunk/; revision=15395
2. RtlGetVersion needs to be implemented differently in ntoskrnl and ntdll, ntoskrnl's version must not access the PEB (which might not be present) while ntdlls gets most information from the PEB structure
3. can't use spinlocks to serialize access to the security descriptor cache since it calls sd rtl functions which require to run < apc level
svn path=/trunk/; revision=13712
2. Fixed and extended RtlCaptureUnicodeString()
3. securely access buffers in NtQuerySystemEnvironmentValue() and NtSetSystemEnvironmentValue() and check for required SeSystemEnvironmentPrivilege privilege
svn path=/trunk/; revision=13208
on the list. This makes the registry, and dll loading case insensitive when
we are on a case preserving filesystem.
ntoskrnl/ex/power.c: My own contributions to the poweroff message list.
ntoskrnl/mm/npool.c: Fixed bit-rot in whole page alloc. That's how i found
the bug below.
se/semgr.c, lib/rtl/sd.c:
semgr, when creating a SECURITY_DESCRIPTOR, anded the PRESENT and DEFAULT
flags rather than oring them for group, dacl, and sacl, leading to
RtlLengthSecurityDescriptor giving the wrong length to sdcache. When
sdcache would copy the security descriptor, it would be too short, and
the bound check from the whole-page allocator would go off. I fixed this
and made rtl/sd.c use the ROUND_UP macro and RtlLengthSid. This is cleaner.
It may not be completely correct yet but it no-longer truncates security
descriptors into the cache, which means that the Owner, Group and etc
SIDs should now actually work right when coming from the cache, no matter
what happens in the heap. They probably seemed to work before simply
because they trashed the ends of their blocks and never moved in the
cache.
svn path=/trunk/; revision=11040
* apps/tests/tokentest/tokentest.c (ROS_ACE_HEADER): Move field
AccessMask ...
(ROS_ACE): ... here.
(DisplayDacl): Make pAce an ROS_ACE*; Use new path for AceType; Use
sizeof(ACE) instead of sizeof(ACE_HEADER).
* include/ntos/security.h (ACE_HEADER): Move field AccessMask ...
(ACE): ... here.
* lib/ntdll/rtl/acl.c: Use new path for AccessMask.
* ntoskrnl/se/semgr.c: Ditto.
* ntoskrnl/se/acl.c (SepInitDACLs): Use new path for AccessMask; Use
sizeof(ACE) instead of sizeof(ACE_HEADER).
* ntoskrnl/se/token.c (SepCreateSystemProcessToken): Use sizeof(ACE)
instead of sizeof(ACE_HEADER).
svn path=/trunk/; revision=3654
Moved general security types into new header file
Implemented ThreadImpersonationToken info class
Bug fixes to queuing code
svn path=/trunk/; revision=919