Add a missing ACE(SeAliasAdminsSid / GENERIC_ALL) to the SePublicDefaultDacl ACL. This fixes a kmtest:ObSecurity failure.
svn path=/trunk/; revision=74050
- Use tags when allocation and freeing memory and define them in tag.h
- Fix some wrongly used tags when freeing
- Our new memory manager doesn't check tags when ExFreePoolWithTag is used. It will be fixed after testing
svn path=/trunk/; revision=52043
- Don't call ExSystemExceptionFilter() if we know the caller is user mode.
- Get rid of a couple of dependencies on the NTSTATUS being initialized with STATUS_SUCCESS -- indicate success where properly instead.
svn path=/trunk/; revision=42942
Migrate ntoskrnl to PSEH 2.0. The code should speak for itself
modified ntoskrnl/ex/atom.c
_SEH_LEAVE was used improperly in NtQueryInformationAtom. As a free bonus, the upgrade to PSEH 2.0 (and to _SEH2_LEAVE) fixes the potential bug
modified ntoskrnl/fsrtl/fastio.c
Corrected exception filter logic
modified ntoskrnl/include/internal/ex.h
Goodbye _SEH_ExSystemExceptionFilter, you won't be missed
modified ntoskrnl/include/internal/ntoskrnl.h
Don't FORCEINLINE functions that use SEH, it's bad form and the compiler doesn't like
modified ntoskrnl/ke/i386/usercall.c
Dispatch the correct EXCEPTION_RECORD in case of exception inside KiInitializeUserApc
modified ntoskrnl/ke/powerpc/exp.c
Removed bogus, unused SEH code
modified ntoskrnl/ntoskrnl-generic.rbuild
Sources using PSEH 2.0 must be compiled with -fno-unit-at-a-time due to a GCC bug. See also http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17982 and http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38054
Apparently, -fno-unit-at-a-time makes GCC crash when using precompiled headers. Disable precompiled headers for ntoskrnl
svn path=/trunk/; revision=37615
- Stop committing on crack.
- Read IRC logs and use your head.
- GCC 3.4.5 is buggy, don't use. Don't break good code to hide compiler bugs.
svn path=/trunk/; revision=26248
- Fix various security structures and constants
- Add code to capture quality of service structures and ACLs
- Secure buffer access in NtQueryInformationToken, NtSetInformationToken, NtNotifyChangeDirectoryFile and NtQueryDirectoryFile
svn path=/trunk/; revision=13984
2. RtlGetVersion needs to be implemented differently in ntoskrnl and ntdll, ntoskrnl's version must not access the PEB (which might not be present) while ntdlls gets most information from the PEB structure
3. can't use spinlocks to serialize access to the security descriptor cache since it calls sd rtl functions which require to run < apc level
svn path=/trunk/; revision=13712
I double checked, but in case someone's recent commit is somehow overwritten -- please, don't be very frustrated :) -- I will fix it, just drop me a note.
svn path=/trunk/; revision=7338
* apps/tests/tokentest/tokentest.c (ROS_ACE_HEADER): Move field
AccessMask ...
(ROS_ACE): ... here.
(DisplayDacl): Make pAce an ROS_ACE*; Use new path for AceType; Use
sizeof(ACE) instead of sizeof(ACE_HEADER).
* include/ntos/security.h (ACE_HEADER): Move field AccessMask ...
(ACE): ... here.
* lib/ntdll/rtl/acl.c: Use new path for AccessMask.
* ntoskrnl/se/semgr.c: Ditto.
* ntoskrnl/se/acl.c (SepInitDACLs): Use new path for AccessMask; Use
sizeof(ACE) instead of sizeof(ACE_HEADER).
* ntoskrnl/se/token.c (SepCreateSystemProcessToken): Use sizeof(ACE)
instead of sizeof(ACE_HEADER).
svn path=/trunk/; revision=3654
- Implement RtlGetAce()
- Fix bug which cause RtlCreateAcl() to always fail.
- Cleanup parameter names and fix bug that caused a buffer overrun in RtlCopySidAndAttributesArray()
- When referencing the token object in NtQueryInformationToken() pass in either TOKEN_QUERY access or TOKEN_QUERY_SOURCE access. Passing in zero led to ObReferenceObjectByHandle() always failing with ACCESS_DENIED.
- Fixed NtQueryInformationToken() to check the buffer length and return STATUS_BUFFER_TO_SMALL and the required length.
- Ensure that the ReturnLength is set correctly when NtQueryInformationToken() succeeds. Previously, it was set to the number of bytes unused in the user buffer in some cases or not set at all.
- Handle case of NULL default dacl correctly in NtQueryInformationToken()
- Update main makefile to build apps\utils.
- Update makefiles in apps\utils to have the correct PATH_TO_TOP.
- Update main makefile to build apps\tests\tokentest
Written by Joseph Galbraith.
svn path=/trunk/; revision=3024
Moved general security types into new header file
Implemented ThreadImpersonationToken info class
Bug fixes to queuing code
svn path=/trunk/; revision=919
