mirror of
https://github.com/reactos/reactos.git
synced 2024-12-29 10:35:28 +00:00
9a2c62b544
The current state of Security manager's code is kind of a mess. Mainly, there's code scattered around places where they shouldn't belong and token implementation (token.c) is already of a bloat in itself as it is. The file has over 6k lines and it's subject to grow exponentially with improvements, features, whatever that is. With that being said, the token implementation code in the kernel will be split accordingly and rest of the code moved to appropriate places. The new layout will look as follows (excluding the already existing files): - client.c (Client security implementation code) - objtype.c (Object type list implementation code -- more code related to object types will be put here when I'm going to implement object type access checks in the future) - subject.c (Subject security context support) The token implementation in the kernel will be split in 4 distinct files as shown: - token.c (Base token support routines) - tokenlif.c (Life management of a token object -- that is Duplication, Creation and Filtering) - tokencls.c (Token Query/Set Information Classes support) - tokenadj.c (Token privileges/groups adjusting support) In addition to that, tidy up the internal header and reorganize it as well.
115 lines
2.9 KiB
C
115 lines
2.9 KiB
C
/*
|
|
* PROJECT: ReactOS Kernel
|
|
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
|
* PURPOSE: Security object type list support routines
|
|
* COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
|
|
*/
|
|
|
|
/* INCLUDES *******************************************************************/
|
|
|
|
#include <ntoskrnl.h>
|
|
#define NDEBUG
|
|
#include <debug.h>
|
|
|
|
/* PRIVATE FUNCTIONS ***********************************************************/
|
|
|
|
/**
|
|
* @brief
|
|
* Captures a list of object types.
|
|
*
|
|
* @param[in] ObjectTypeList
|
|
* An existing list of object types.
|
|
*
|
|
* @param[in] ObjectTypeListLength
|
|
* The length size of the list.
|
|
*
|
|
* @param[in] PreviousMode
|
|
* Processor access level mode.
|
|
*
|
|
* @param[out] CapturedObjectTypeList
|
|
* The captured list of object types.
|
|
*
|
|
* @return
|
|
* Returns STATUS_SUCCESS if the list of object types has been captured
|
|
* successfully. STATUS_INVALID_PARAMETER is returned if the caller hasn't
|
|
* supplied a buffer list of object types. STATUS_INSUFFICIENT_RESOURCES
|
|
* is returned if pool memory allocation for the captured list has failed.
|
|
*/
|
|
NTSTATUS
|
|
SeCaptureObjectTypeList(
|
|
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
|
|
_In_ ULONG ObjectTypeListLength,
|
|
_In_ KPROCESSOR_MODE PreviousMode,
|
|
_Out_ POBJECT_TYPE_LIST *CapturedObjectTypeList)
|
|
{
|
|
SIZE_T Size;
|
|
|
|
if (PreviousMode == KernelMode)
|
|
{
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
if (ObjectTypeListLength == 0)
|
|
{
|
|
*CapturedObjectTypeList = NULL;
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
if (ObjectTypeList == NULL)
|
|
{
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
/* Calculate the list size and check for integer overflow */
|
|
Size = ObjectTypeListLength * sizeof(OBJECT_TYPE_LIST);
|
|
if (Size == 0)
|
|
{
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
/* Allocate a new list */
|
|
*CapturedObjectTypeList = ExAllocatePoolWithTag(PagedPool, Size, TAG_SEPA);
|
|
if (*CapturedObjectTypeList == NULL)
|
|
{
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
_SEH2_TRY
|
|
{
|
|
ProbeForRead(ObjectTypeList, Size, sizeof(ULONG));
|
|
RtlCopyMemory(*CapturedObjectTypeList, ObjectTypeList, Size);
|
|
}
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
ExFreePoolWithTag(*CapturedObjectTypeList, TAG_SEPA);
|
|
*CapturedObjectTypeList = NULL;
|
|
_SEH2_YIELD(return _SEH2_GetExceptionCode());
|
|
}
|
|
_SEH2_END;
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
/**
|
|
* @brief
|
|
* Releases a buffer list of object types.
|
|
*
|
|
* @param[in] CapturedObjectTypeList
|
|
* A list of object types to free.
|
|
*
|
|
* @param[in] PreviousMode
|
|
* Processor access level mode.
|
|
*
|
|
* @return
|
|
* Nothing.
|
|
*/
|
|
VOID
|
|
SeReleaseObjectTypeList(
|
|
_In_ _Post_invalid_ POBJECT_TYPE_LIST CapturedObjectTypeList,
|
|
_In_ KPROCESSOR_MODE PreviousMode)
|
|
{
|
|
if ((PreviousMode != KernelMode) && (CapturedObjectTypeList != NULL))
|
|
ExFreePoolWithTag(CapturedObjectTypeList, TAG_SEPA);
|
|
}
|
|
|
|
/* EOF */
|