When returning STATUS_ACCESS_DENIED when required (currently disabled), ReactOS boots up to login screen on 3rd boot.
Now, we just need to fix callers.
svn path=/trunk/; revision=26130
- Create Phase 1 initialization for the SRM (SeInitSystem). Right now it inserts the system boot token into object manager, which is something we forgot to do before.
- Renamed ExPhase2Init to Phase1Initialization, since it's not Phase 2.
- Updated Phase 1 PS Initialization to get the KeLoaderBlock pointer and use it as a context parameter when calling Phase1Initialization.
- Split off Phase1Initialization into Phase1InitializationDiscard, which is the bulk of the phase 1 code (99% of it) and can be put in an .INIT section to be freed after boot.
- Modify parts of the Inbv setup code. Also implement support for /SOS, and try to mimic its behaviour on NT (not fully achieved). You will need /SOS to see boot messages on the screen! FreeLDR now adds this by default to the "Debug "configuration.
- Temporarily disable ReactOS Banner during boot. We will get this data from the .mc/.res file in a later patch instead of hard-coding it.
- Optimize calling and usage of ExpLoadInitialProcess.
- Add support for Y2K bug fix documented for Windows NT (/YEAR).
- Add support to detect WinPE/MiniNT/ReactOS Live CD.
- Add temporary debugging code to MmInit2 and some Mm functions to detect if these functions are being used too early, which could result in catastrophic to subtle bugs.
- Add more bugchecks when failures occur, and enhance others. Also add more codes to ntoskrnl.mc.
- Disable calls to ObfDereferenceDeviceMap since it's not yet implemented.
svn path=/trunk/; revision=25624
- Save parent directory during lookups and check if the caller has the right to traverse it, if we ever need to.
- Optimize the configuration of the lookup context so that it's only done when necessary, add stub calls to lock the directory.
svn path=/trunk/; revision=25396
- Add call to SeOpenObjectAuditAlarm in ObCheckObjectAccess.
- Start adding Ob Callout validation on checked builds. For now only done around security functions.
- Set *MemoryAllocated to FALSE in ObGetObjectSecurity early on to avoid inconcistent state if the callback failed.
- Implement new XP function ObSetSecurityObjectByPointer and simplify NtSetSecurityObject by making it use it.
- More Win 2003 SecurityDescriptor Cache functions to sdcache instead of obsecure.c.
svn path=/trunk/; revision=25240
- Put volatile statements in EX_RUNDOWN_REF, IRP, DEVICE_OBJECT, ERESOURCE, FILE_OBJECT, IO_REMOVE_LOCK, WORK_QUEUE_ITEM where required (thanks to Microsoft's changes in the WDK to mark the fields properly).
- Update FILE_OBJECT definition.
- Add some asserts to some I/O functions.
- Add stub support for File Objects created by XP+ Drivers which have File Object Extensions.
- Add some fixes to IopDeleteFile, including proper reference counting for the DO and VPB, as well as cleanup when the file is closed without a handle.
- Fix a bug in IopSecurityFile.
- Queue and unqueue IRPs in all I/O functions.
- Fully support IRP cancellation now.
- Fix critical bugs in NtDeviceIoControlFile and NtDeviceFsControlFile which were causing double queueing of IRPs and freeing of invalid memory, as well as invalid paramter checking for user-mode buffers.
- Add exhaustive validation checks to IoCreateFile, add more failure cases, and validate the EA buffer. Also support IO_ATTACH_DEVICE_API flag.
- Implement IoCreateStreamFileObjectEx and IoCreateStreamFileObjectLite and fix several bugs in the original implementation of IoCreateStreamFileObject.
- Fix a bug in RtlRaiseException.
- Update Io*ShareAccess routines to support XP+ style semantics related to special File Object flags which disable their use.
- Add validation to all Query/Set routines so that information clasess, lengths, buffers and alignment are properly checked.
- Also add an array for the proper acess rights that each query/set operation requires.
- Check backup/restore privileges during I/O File operations.
- Check traverse access during I/O File Operations.
- Check access privileges to the device during I/O file operations.
- Rename IopReferenceDeviceObject and also verify if an exclusive DO is trying to be invalidly opened.
- Support various extra security checks during I/O File/Device Parse Routine.
- Fix a bug during IopCleanupIrp so that we don't dereference the File OBject if this was a create operation.
- Fix some bogus asserts in IofCompleteRequest, and save the IRP Flags before signalling it's event, since the driver might've freed it behind our back.
- Fix a large bug in ObInsertObject which affected the insert of unnamed objects with forced security options (Such as process/threads).
- Fix the creation of the Process/Thread/Job Obejct Types to that security information is forced.
- Remove "Fix PS!!!" messages since the bug is now fixed and these objects now get proper security descriptors.
- Fix another bug in ObInsertObjet which wasn't properly validating user-mode objects and always assumed kernel mode.
- Silence multiple trace/checkpoint messages that have accumulated throughout time for various debugging purposes.
svn path=/trunk/; revision=25118
- Call PsInitSystem instead of PspInitPhase0, since PsInitsystem is the "external" phase-choosing routine.
- Implement ExComputeTickCountMultiplier to create a 24-bit precision remainder + whole integer of the ms/clock tick used in SharedUserData.
- Set the OS version and Machine Type (i386/PPC (<3 Arty) in SharedUserData.
- Move some HAL calls in Phase 2 (actually Phase 1...), same for KeInit2.
- Break into KDBG a bit earlier.
svn path=/trunk/; revision=24363
- Implemented SeAssignPrimaryToken.
- Setup Boot/System Token for Idle Process in SeInit2.
- Remove ROS hack in SeCaptureSubjectContextEx.
- Call SeAssignPrimaryToken in PspInitializeProcessSecurty when called for the Initial Process creation.
- Implement PsInitiailizeQuotaSystem and set PspDefauptQuotaBlock for the idle process so that it can be used for the initial process.
- Rewrite Process Manager Phase 0 initialization from scratch, to create a new initial system process and thread which will be used for Phase 1 (in ROS, phase 2) initialization of the executive.
- Fix a bug in PspCreateProcess which was using an uninitialized value of SectionObject in some cases, instead of NULL.
- Call PsInitailizeQuotaSystem from ObInit, and also create the system handle table inside the idle process, and make it the ObpKernelHandleTable.
- Do Executive Phase 0 Initialization at APC_LEVEL.
- Start idle thread at HIGH_PRIORITY then lower it to 0 once the Initial Thread is setup, so that it can run, then keep priority to 0 at DISPATCH_LEVEL and jump into idle loop code.
- Add NtYieldExecution to idle loop code since it's now being used.
- Fix IoGetCurrentProcess which was previously hacked.
- Remove some checks for Thread == NULL in ke_x.h, since this is now impossible.
- Split Phase 0/1 initialization in ex\init.c, since one runs in a separate thread now. Also don't lower IRQL to PASSIVE_LEVEL anymore (run at APC_LEVEL).
svn path=/trunk/; revision=24148
- Implemented a bit more security calls in PspCreateProcess as seen in WI II. We now create an AccessState.
- Also write the PID in the ObjectTable.
svn path=/trunk/; revision=23236
- Implement ObReferenceEx and ObDereferenceEx.
- Split off ObpDeferObjectCompletion. A new win2003/vista API requires direct acess to being able to defer deletes.
- Fix some bugs in Process Token management and make it all properly use Fast Referencing.
- When duplicating a token in a new process, don't de-reference it before it's even created, and also insert it.
- Change ExpChangeRundown macro to fix warnings in msvc.
svn path=/trunk/; revision=23013
- Fix some w32api incompatibility cruft since w32api insists on including winnt.h from kernel-mode.
- Fix some stuff that was including both kernel-mode and user-mode headers together.
- Use PISECURITY_DESCRIPTOR, not PSECURITY_DESCRIPTOR.
svn path=/trunk/; revision=19726
- Correct the Pool Charge for Object Types, select a Default Object, always use a security procedure, read global flag for maintaing type lists, set the pool type
- Initialize a Default Wait Object.
- Fix security callback for objects.
- Implement SeDefaultObjectMethod for security callbacks of objects which don't have a custom one.
svn path=/trunk/; revision=17176
1) The documented Object Create Information Structure and semantics implemented. All Object Attributes and passed data from user-mode is now probed and saved into this object create structure when ObCreateObject is called.
2) ObCreateObject does NOT PERFORM ANY OTHER OPERATION EXCEPT CREATING THE OBJECT ANYMORE. ObCreateObject will NOT insert the Object into the tree and other operations. These are now done correctly by ObInsertObject. Therefore, the biggest hurdle was changing pieces of code which assumed ObCreateObject would be enough.
3) ObInsertObject uses the captured create info for all operations isntead of the Object Attributes.
4) ObFindObject now uses the captured info as well.
5) The OBject name and directory are now stored in the documented Object Name Information, always allocated and freed from non paged pool.
HACKS:
5) Because the registry code is horribly broken and doesn't use ObFindObjectByName, the old ObFindObject had to be temporarily duplicated into CmpFindObject.
7) Win32k used ObInsertObject in CsrInsertObject as a way to create a handle inside csrss. However, OBInsertObject now does more then this. As a temporary hack, ObpCreateHandle is exported from the kernel and called from win32k. A fix needs to be done for this, but I don't know the design of win32k+csrss well enough to find a solution.
8) SEH has been commented out in some places of the new probing code because it breaks smss and explorer. These need to be investigated (seh did not exist in the previous code, so this is not really a hack)
9) Named objects with a parent directory are NOT allowed. However because of bugs in kernel32, the new check has been temporarily disabled. (this check did not exist in the previous code, so this is not really a hack)
The next patch will add a proper ObFindObject which will support a more complete Parse Procedure with context and security information. This is needed for proper registry access (requested by Eric Kohl) and for proper functionality of the Desktop/File creation, which should use the Parse routine, and not the Create Handle Routine. This will also make it possible to remove some previous hacks and pave the way for a fixed Iop/IoCreateFile
svn path=/trunk/; revision=15395
2. RtlGetVersion needs to be implemented differently in ntoskrnl and ntdll, ntoskrnl's version must not access the PEB (which might not be present) while ntdlls gets most information from the PEB structure
3. can't use spinlocks to serialize access to the security descriptor cache since it calls sd rtl functions which require to run < apc level
svn path=/trunk/; revision=13712
2. Fixed and extended RtlCaptureUnicodeString()
3. securely access buffers in NtQuerySystemEnvironmentValue() and NtSetSystemEnvironmentValue() and check for required SeSystemEnvironmentPrivilege privilege
svn path=/trunk/; revision=13208
on the list. This makes the registry, and dll loading case insensitive when
we are on a case preserving filesystem.
ntoskrnl/ex/power.c: My own contributions to the poweroff message list.
ntoskrnl/mm/npool.c: Fixed bit-rot in whole page alloc. That's how i found
the bug below.
se/semgr.c, lib/rtl/sd.c:
semgr, when creating a SECURITY_DESCRIPTOR, anded the PRESENT and DEFAULT
flags rather than oring them for group, dacl, and sacl, leading to
RtlLengthSecurityDescriptor giving the wrong length to sdcache. When
sdcache would copy the security descriptor, it would be too short, and
the bound check from the whole-page allocator would go off. I fixed this
and made rtl/sd.c use the ROUND_UP macro and RtlLengthSid. This is cleaner.
It may not be completely correct yet but it no-longer truncates security
descriptors into the cache, which means that the Owner, Group and etc
SIDs should now actually work right when coming from the cache, no matter
what happens in the heap. They probably seemed to work before simply
because they trashed the ends of their blocks and never moved in the
cache.
svn path=/trunk/; revision=11040