Re: [ros-dev] [ros-diffs] [ion] 57284: [NTOSKRNL]: Use the token lock acquire/release macros that were already written instead of manually doing it. Also fix the macros since they didn't work in GCC. No functional change, j...
12 Sep
2012
12 Sep
'12
4:56 p.m.
What was the problem with the old macros? The new ones are error-prone.
if (NeedLock) SepAcquireTokenLockExclusive(Token); // <= fail!
WBR,
Timo
Am 12.09.2012 18:29, schrieb ion(a)svn.reactos.org:
Author: ion
Date: Wed Sep 12 16:29:28 2012
New Revision: 57284
URL: http://svn.reactos.org/svn/reactos?rev=57284&view=rev
Log:
[NTOSKRNL]: Use the token lock acquire/release macros that were already written instead
of manually doing it. Also fix the macros since they didn't work in GCC.
No functional change, just code cleanup.
Modified:
trunk/reactos/ntoskrnl/include/internal/se.h
trunk/reactos/ntoskrnl/se/access.c
trunk/reactos/ntoskrnl/se/semgr.c
Modified: trunk/reactos/ntoskrnl/include/internal/se.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/…
==============================================================================
--- trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] Wed Sep 12 16:29:28 2012
@@ -1,4 +1,28 @@
#pragma once
+
+typedef struct _KNOWN_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ ULONG SidStart;
+} KNOWN_ACE, *PKNOWN_ACE;
+
+typedef struct _KNOWN_OBJECT_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ ULONG Flags;
+ ULONG SidStart;
+} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
+
+typedef struct _KNOWN_COMPOUND_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ USHORT CompoundAceType;
+ USHORT Reserved;
+ ULONG SidStart;
+} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
PSID
FORCEINLINE
@@ -75,6 +99,8 @@
return Descriptor->Sacl;
}
}
+
+#ifndef RTL_H
/* SID Authorities */
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
@@ -156,6 +182,19 @@
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
+
+#define SepAcquireTokenLockExclusive(Token) \
+ KeEnterCriticalRegion(); \
+ ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
+
+#define SepAcquireTokenLockShared(Token) \
+ KeEnterCriticalRegion(); \
+ ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
+
+#define SepReleaseTokenLock(Token) \
+ ExReleaseResource(((PTOKEN)Token)->TokenLock); \
+ KeLeaveCriticalRegion(); \
+
//
// Token Functions
//
@@ -434,24 +473,6 @@
OUT PACCESS_TOKEN* NewToken
);
-#define SepAcquireTokenLockExclusive(Token) \
- do { \
- KeEnterCriticalRegion(); \
- ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
- while(0)
-
-#define SepAcquireTokenLockShared(Token) \
- do { \
- KeEnterCriticalRegion(); \
- ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
- while(0)
-
-#define SepReleaseTokenLock(Token) \
- do { \
- ExReleaseResource(((PTOKEN)Token)->TokenLock); \
- KeLeaveCriticalRegion(); \
- while(0)
-
VOID NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
@@ -460,4 +481,6 @@
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
+#endif
+
/* EOF */
Modified: trunk/reactos/ntoskrnl/se/access.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/access.c?rev=5…
==============================================================================
--- trunk/reactos/ntoskrnl/se/access.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/access.c [iso-8859-1] Wed Sep 12 16:29:28 2012
@@ -130,11 +130,7 @@
ASSERT(Sid != NULL);
/* Lock the token if needed */
- if (!TokenLocked)
- {
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
- }
+ if (!TokenLocked) SepAcquireTokenLockShared(Token);
/* Check if the owner SID is found, handling restricted case as well */
Result = SepSidInToken(Token, Sid);
@@ -144,11 +140,7 @@
}
/* Release the lock if we had acquired it */
- if (!TokenLocked)
- {
- ExReleaseResourceLite(Token->TokenLock);
- KeLeaveCriticalRegion();
- }
+ if (!TokenLocked) SepReleaseTokenLock(Token);
/* Return the result */
return Result;
@@ -168,15 +160,13 @@
TokenControl->TokenSource = Token->TokenSource;
/* Lock the token */
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
+ SepAcquireTokenLockShared(Token);
/* Capture the modified it */
TokenControl->ModifiedId = Token->ModifiedId;
/* Unlock it */
- ExReleaseResourceLite(Token->TokenLock);
- KeLeaveCriticalRegion();
+ SepReleaseTokenLock(Token);
}
NTSTATUS
@@ -327,13 +317,11 @@
ClientToken = SubjectContext->ClientToken;
/* Always lock the primary */
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(PrimaryToken->TokenLock, TRUE);
+ SepAcquireTokenLockShared(PrimaryToken);
/* Lock the impersonation one if it's there */
if (!ClientToken) return;
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(ClientToken->TokenLock, TRUE);
+ SepAcquireTokenLockShared(ClientToken);
}
/*
@@ -351,13 +339,11 @@
ClientToken = SubjectContext->ClientToken;
/* Always unlock the primary one */
- ExReleaseResourceLite(PrimaryToken->TokenLock);
- KeLeaveCriticalRegion();
+ SepReleaseTokenLock(PrimaryToken);
/* Unlock the impersonation one if it's there */
if (!ClientToken) return;
- ExReleaseResourceLite(ClientToken->TokenLock);
- KeLeaveCriticalRegion();
+ SepReleaseTokenLock(ClientToken);
}
/*
Modified: trunk/reactos/ntoskrnl/se/semgr.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=57…
==============================================================================
--- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Wed Sep 12 16:29:28 2012
@@ -952,8 +952,7 @@
SeCaptureSubjectContext(&SubjectSecurityContext);
/* Lock the token */
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
+ SepAcquireTokenLockShared(Token);
/* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED))
@@ -990,8 +989,7 @@
/* Release subject context and unlock the token */
SeReleaseSubjectContext(&SubjectSecurityContext);
- ExReleaseResourceLite(Token->TokenLock);
- KeLeaveCriticalRegion();
+ SepReleaseTokenLock(Token);
/* Release the captured security descriptor */
SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
12 Sep
12 Sep
5:05 p.m.
New subject: [ros-diffs] [ion] 57284: [NTOSKRNL]: Use the token lock acquire/release macros that were already written instead of manually doing it. Also fix the macros since they didn't work in GCC. No functional change, j...
The old ones gave compiler errors... if you guys can fix them, go ahead :)
--
Best regards,
Alex Ionescu
On 2012-09-12, at 9:56 AM, Timo Kreuzer <timo.kreuzer(a)web.de> wrote:
What was the problem with the old macros? The new ones are error-prone.
if (NeedLock) SepAcquireTokenLockExclusive(Token); // <= fail!
WBR,
Timo
Am 12.09.2012 18:29, schrieb ion(a)svn.reactos.org:
Author: ion
Date: Wed Sep 12 16:29:28 2012
New Revision: 57284
URL: http://svn.reactos.org/svn/reactos?rev=57284&view=rev
Log:
[NTOSKRNL]: Use the token lock acquire/release macros that were already written instead
of manually doing it. Also fix the macros since they didn't work in GCC.
No functional change, just code cleanup.
Modified:
trunk/reactos/ntoskrnl/include/internal/se.h
trunk/reactos/ntoskrnl/se/access.c
trunk/reactos/ntoskrnl/se/semgr.c
Modified: trunk/reactos/ntoskrnl/include/internal/se.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/…
==============================================================================
--- trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] Wed Sep 12 16:29:28 2012
@@ -1,4 +1,28 @@
#pragma once
+
+typedef struct _KNOWN_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ ULONG SidStart;
+} KNOWN_ACE, *PKNOWN_ACE;
+
+typedef struct _KNOWN_OBJECT_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ ULONG Flags;
+ ULONG SidStart;
+} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
+
+typedef struct _KNOWN_COMPOUND_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ USHORT CompoundAceType;
+ USHORT Reserved;
+ ULONG SidStart;
+} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
PSID
FORCEINLINE
@@ -75,6 +99,8 @@
return Descriptor->Sacl;
}
}
+
+#ifndef RTL_H
/* SID Authorities */
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
@@ -156,6 +182,19 @@
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
+
+#define SepAcquireTokenLockExclusive(Token) \
+ KeEnterCriticalRegion(); \
+ ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
+
+#define SepAcquireTokenLockShared(Token) \
+ KeEnterCriticalRegion(); \
+ ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
+
+#define SepReleaseTokenLock(Token) \
+ ExReleaseResource(((PTOKEN)Token)->TokenLock); \
+ KeLeaveCriticalRegion(); \
+
//
// Token Functions
//
@@ -434,24 +473,6 @@
OUT PACCESS_TOKEN* NewToken
);
-#define SepAcquireTokenLockExclusive(Token) \
- do { \
- KeEnterCriticalRegion(); \
- ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
- while(0)
-
-#define SepAcquireTokenLockShared(Token) \
- do { \
- KeEnterCriticalRegion(); \
- ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
- while(0)
-
-#define SepReleaseTokenLock(Token) \
- do { \
- ExReleaseResource(((PTOKEN)Token)->TokenLock); \
- KeLeaveCriticalRegion(); \
- while(0)
-
VOID NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
@@ -460,4 +481,6 @@
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
+#endif
+
/* EOF */
Modified: trunk/reactos/ntoskrnl/se/access.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/access.c?rev=5…
==============================================================================
--- trunk/reactos/ntoskrnl/se/access.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/access.c [iso-8859-1] Wed Sep 12 16:29:28 2012
@@ -130,11 +130,7 @@
ASSERT(Sid != NULL);
/* Lock the token if needed */
- if (!TokenLocked)
- {
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
- }
+ if (!TokenLocked) SepAcquireTokenLockShared(Token);
/* Check if the owner SID is found, handling restricted case as well */
Result = SepSidInToken(Token, Sid);
@@ -144,11 +140,7 @@
}
/* Release the lock if we had acquired it */
- if (!TokenLocked)
- {
- ExReleaseResourceLite(Token->TokenLock);
- KeLeaveCriticalRegion();
- }
+ if (!TokenLocked) SepReleaseTokenLock(Token);
/* Return the result */
return Result;
@@ -168,15 +160,13 @@
TokenControl->TokenSource = Token->TokenSource;
/* Lock the token */
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
+ SepAcquireTokenLockShared(Token);
/* Capture the modified it */
TokenControl->ModifiedId = Token->ModifiedId;
/* Unlock it */
- ExReleaseResourceLite(Token->TokenLock);
- KeLeaveCriticalRegion();
+ SepReleaseTokenLock(Token);
}
NTSTATUS
@@ -327,13 +317,11 @@
ClientToken = SubjectContext->ClientToken;
/* Always lock the primary */
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(PrimaryToken->TokenLock, TRUE);
+ SepAcquireTokenLockShared(PrimaryToken);
/* Lock the impersonation one if it's there */
if (!ClientToken) return;
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(ClientToken->TokenLock, TRUE);
+ SepAcquireTokenLockShared(ClientToken);
}
/*
@@ -351,13 +339,11 @@
ClientToken = SubjectContext->ClientToken;
/* Always unlock the primary one */
- ExReleaseResourceLite(PrimaryToken->TokenLock);
- KeLeaveCriticalRegion();
+ SepReleaseTokenLock(PrimaryToken);
/* Unlock the impersonation one if it's there */
if (!ClientToken) return;
- ExReleaseResourceLite(ClientToken->TokenLock);
- KeLeaveCriticalRegion();
+ SepReleaseTokenLock(ClientToken);
}
/*
Modified: trunk/reactos/ntoskrnl/se/semgr.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=57…
==============================================================================
--- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Wed Sep 12 16:29:28 2012
@@ -952,8 +952,7 @@
SeCaptureSubjectContext(&SubjectSecurityContext);
/* Lock the token */
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
+ SepAcquireTokenLockShared(Token);
/* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED))
@@ -990,8 +989,7 @@
/* Release subject context and unlock the token */
SeReleaseSubjectContext(&SubjectSecurityContext);
- ExReleaseResourceLite(Token->TokenLock);
- KeLeaveCriticalRegion();
+ SepReleaseTokenLock(Token);
/* Release the captured security descriptor */
SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev 
5:12 p.m.
New subject: [ros-diffs] [ion] 57284: [NTOSKRNL]: Use the token lock acquire/release macros that were already written instead of manually doing it. Also fix the macros since they didn't work in GCC. No functional change, j...
I think the old ones were missing a brace before the 'while' statement
-----Original Message-----
From: ros-dev-bounces(a)reactos.org [mailto:ros-dev-bounces@reactos.org] On
Behalf Of Alex Ionescu
Sent: 12 September 2012 18:05
To: ReactOS Development List
Subject: Re: [ros-dev] [ros-diffs] [ion] 57284: [NTOSKRNL]: Use the token
lock acquire/release macros that were already written instead of manually
doing it. Also fix the macros since they didn't work in GCC. No functional
change, j...
The old ones gave compiler errors... if you guys can fix them, go ahead :)
--
Best regards,
Alex Ionescu
On 2012-09-12, at 9:56 AM, Timo Kreuzer <timo.kreuzer(a)web.de> wrote:
What was the problem with the old macros? The new ones are error-prone.
if (NeedLock) SepAcquireTokenLockExclusive(Token); // <= fail!
WBR,
Timo
Am 12.09.2012 18:29, schrieb ion(a)svn.reactos.org:
> Author: ion
> Date: Wed Sep 12 16:29:28 2012
> New Revision: 57284
>
> URL: http://svn.reactos.org/svn/reactos?rev=57284&view=rev
> Log:
> [NTOSKRNL]: Use the token lock acquire/release macros that were already
written
instead of manually doing it. Also fix the macros since they didn't
work in GCC.
> No functional change, just code cleanup.
>
> Modified:
> trunk/reactos/ntoskrnl/include/internal/se.h
> trunk/reactos/ntoskrnl/se/access.c
> trunk/reactos/ntoskrnl/se/semgr.c
>
> Modified: trunk/reactos/ntoskrnl/include/internal/se.h
> URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/s
e.h?rev=57284&r1=57283&r2=57284&view=diff
>
============================================================================
==
> --- trunk/reactos/ntoskrnl/include/internal/se.h
[iso-8859-1] (original)
> +++ trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] Wed Sep 12
16:29:28 2012
> @@ -1,4 +1,28 @@
> #pragma once
> +
> +typedef struct _KNOWN_ACE
> +{
> + ACE_HEADER Header;
> + ACCESS_MASK Mask;
> + ULONG SidStart;
> +} KNOWN_ACE, *PKNOWN_ACE;
> +
> +typedef struct _KNOWN_OBJECT_ACE
> +{
> + ACE_HEADER Header;
> + ACCESS_MASK Mask;
> + ULONG Flags;
> + ULONG SidStart;
> +} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
> +
> +typedef struct _KNOWN_COMPOUND_ACE
> +{
> + ACE_HEADER Header;
> + ACCESS_MASK Mask;
> + USHORT CompoundAceType;
> + USHORT Reserved;
> + ULONG SidStart;
> +} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
> PSID
> FORCEINLINE
> @@ -75,6 +99,8 @@
> return Descriptor->Sacl;
> }
> }
> +
> +#ifndef RTL_H
> /* SID Authorities */
> extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
> @@ -156,6 +182,19 @@
> extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
> extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
> +
> +#define SepAcquireTokenLockExclusive(Token)
\
> + KeEnterCriticalRegion();
\
> +
ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);
\
> +
> +#define SepAcquireTokenLockShared(Token)
\
> + KeEnterCriticalRegion();
\
> +
ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);
\
> +
> +#define SepReleaseTokenLock(Token)
\
> +
ExReleaseResource(((PTOKEN)Token)->TokenLock);
\
> + KeLeaveCriticalRegion();
\
> +
> //
> // Token Functions
> //
> @@ -434,24 +473,6 @@
> OUT PACCESS_TOKEN* NewToken
> );
> -#define SepAcquireTokenLockExclusive(Token)
\
> - do {
\
> - KeEnterCriticalRegion();
\
> -
ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);
\
> - while(0)
> -
> -#define SepAcquireTokenLockShared(Token)
\
> - do {
\
> - KeEnterCriticalRegion();
\
> -
ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);
\
> - while(0)
> -
> -#define SepReleaseTokenLock(Token)
\
> - do {
\
> -
ExReleaseResource(((PTOKEN)Token)->TokenLock);
\
> - KeLeaveCriticalRegion();
\
> - while(0)
> -
> VOID NTAPI
> SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
> OUT PACCESS_MASK DesiredAccess);
> @@ -460,4 +481,6 @@
> SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
> OUT PACCESS_MASK DesiredAccess);
> +#endif
> +
> /* EOF */
>
> Modified: trunk/reactos/ntoskrnl/se/access.c
> URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/access.c?rev=57
284&r1=57283&r2=57284&view=diff
>
============================================================================
==
> --- trunk/reactos/ntoskrnl/se/access.c
[iso-8859-1] (original)
> +++ trunk/reactos/ntoskrnl/se/access.c [iso-8859-1] Wed Sep 12 16:29:28
2012
> @@ -130,11 +130,7 @@
> ASSERT(Sid != NULL);
> /* Lock the token if needed */
> - if (!TokenLocked)
> - {
> - KeEnterCriticalRegion();
> - ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
> - }
> + if (!TokenLocked) SepAcquireTokenLockShared(Token);
> /* Check if the owner SID is found, handling restricted case as
well */
>> Result = SepSidInToken(Token, Sid);
>> @@ -144,11 +140,7 @@
>> }
>> /* Release the lock if we had acquired it */
>> - if (!TokenLocked)
>> - {
>> - ExReleaseResourceLite(Token->TokenLock);
>> - KeLeaveCriticalRegion();
>> - }
>> + if (!TokenLocked) SepReleaseTokenLock(Token);
>> /* Return the result */
>> return Result;
>> @@ -168,15 +160,13 @@
>> TokenControl->TokenSource = Token->TokenSource;
>> /* Lock the token */
> - KeEnterCriticalRegion();
>> -
ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
>> + SepAcquireTokenLockShared(Token);
>> /* Capture the modified it */
>> TokenControl->ModifiedId = Token->ModifiedId;
>> /* Unlock it */
>> - ExReleaseResourceLite(Token->TokenLock);
> - KeLeaveCriticalRegion();
>> +
SepReleaseTokenLock(Token);
>> }
>> NTSTATUS
>> @@ -327,13 +317,11 @@
>> ClientToken = SubjectContext->ClientToken;
>> /* Always lock the primary */
> - KeEnterCriticalRegion();
>> -
ExAcquireResourceSharedLite(PrimaryToken->TokenLock, TRUE);
>> + SepAcquireTokenLockShared(PrimaryToken);
>> /* Lock the impersonation one if it's there */
>> if (!ClientToken) return;
> - KeEnterCriticalRegion();
>> -
ExAcquireResourceSharedLite(ClientToken->TokenLock, TRUE);
>> + SepAcquireTokenLockShared(ClientToken);
>> }
>> /*
>> @@ -351,13 +339,11 @@
>> ClientToken = SubjectContext->ClientToken;
>> /* Always unlock the primary one */
>> - ExReleaseResourceLite(PrimaryToken->TokenLock);
> - KeLeaveCriticalRegion();
>> +
SepReleaseTokenLock(PrimaryToken);
>> /* Unlock the impersonation one if it's there */
>> if (!ClientToken) return;
>> - ExReleaseResourceLite(ClientToken->TokenLock);
> - KeLeaveCriticalRegion();
>> +
SepReleaseTokenLock(ClientToken);
>> }
>> /*
>>
>> Modified: trunk/reactos/ntoskrnl/se/semgr.c
>> URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=572
84&r1=57283&r2=57284&view=diff
>
============================================================================
==
> --- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1]
(original)
> +++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Wed Sep 12 16:29:28
2012
>> @@ -952,8 +952,7 @@
>> SeCaptureSubjectContext(&SubjectSecurityContext);
>> /* Lock the token */
> - KeEnterCriticalRegion();
>> -
ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
>> + SepAcquireTokenLockShared(Token);
>> /* Check if the token is the owner and grant WRITE_DAC and
READ_CONTROL rights */
>> if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED))
>> @@ -990,8 +989,7 @@
>> /* Release subject context and unlock the token */
>> SeReleaseSubjectContext(&SubjectSecurityContext);
>> - ExReleaseResourceLite(Token->TokenLock);
> - KeLeaveCriticalRegion();
>> +
SepReleaseTokenLock(Token);
>> /* Release the captured security descriptor */
>> SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
>>
>>
>>
>
>
> _______________________________________________
> Ros-dev mailing list
> Ros-dev(a)reactos.org
> http://www.reactos.org/mailman/listinfo/ros-dev
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
5:37 p.m.
New subject: [ros-diffs] [ion] 57284: [NTOSKRNL]: Use the token lock acquire/release macros that were already written instead of manually doing it. Also fix the macros since they didn't work in GCC. No functional change, j...
We could use inline functions instead.
Am 12.09.2012 19:12, schrieb Ged Murphy:
I think the old ones were missing a brace before the
'while' statement
-----Original Message-----
From: ros-dev-bounces(a)reactos.org [mailto:ros-dev-bounces@reactos.org] On
Behalf Of Alex Ionescu
Sent: 12 September 2012 18:05
To: ReactOS Development List
Subject: Re: [ros-dev] [ros-diffs] [ion] 57284: [NTOSKRNL]: Use the token
lock acquire/release macros that were already written instead of manually
doing it. Also fix the macros since they didn't work in GCC. No functional
change, j...
The old ones gave compiler errors... if you guys can fix them, go ahead :)
--
Best regards,
Alex Ionescu
On 2012-09-12, at 9:56 AM, Timo Kreuzer <timo.kreuzer(a)web.de> wrote:
What was the problem with the old macros? The new
ones are error-prone.
if (NeedLock) SepAcquireTokenLockExclusive(Token); // <= fail!
WBR,
Timo
Am 12.09.2012 18:29, schrieb ion(a)svn.reactos.org:
> Author: ion
> Date: Wed Sep 12 16:29:28 2012
> New Revision: 57284
>
> URL: http://svn.reactos.org/svn/reactos?rev=57284&view=rev
> Log:
> [NTOSKRNL]: Use the token lock acquire/release macros that were already
written instead of manually doing it. Also fix the macros since they didn't
work in GCC.
> No functional change, just code cleanup.
>
> Modified:
> trunk/reactos/ntoskrnl/include/internal/se.h
> trunk/reactos/ntoskrnl/se/access.c
> trunk/reactos/ntoskrnl/se/semgr.c
>
> Modified: trunk/reactos/ntoskrnl/include/internal/se.h
> URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/s
e.h?rev=57284&r1=57283&r2=57284&view=diff
============================================================================
==
> ---
trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] (original)
> +++ trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] Wed Sep 12
16:29:28 2012
> @@ -1,4 +1,28 @@
> #pragma once
> +
> +typedef struct _KNOWN_ACE
> +{
> + ACE_HEADER Header;
> + ACCESS_MASK Mask;
> + ULONG SidStart;
> +} KNOWN_ACE, *PKNOWN_ACE;
> +
> +typedef struct _KNOWN_OBJECT_ACE
> +{
> + ACE_HEADER Header;
> + ACCESS_MASK Mask;
> + ULONG Flags;
> + ULONG SidStart;
> +} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
> +
> +typedef struct _KNOWN_COMPOUND_ACE
> +{
> + ACE_HEADER Header;
> + ACCESS_MASK Mask;
> + USHORT CompoundAceType;
> + USHORT Reserved;
> + ULONG SidStart;
> +} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
> PSID
> FORCEINLINE
> @@ -75,6 +99,8 @@
> return Descriptor->Sacl;
> }
> }
> +
> +#ifndef RTL_H
> /* SID Authorities */
> extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
> @@ -156,6 +182,19 @@
> extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
> extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
> +
> +#define SepAcquireTokenLockExclusive(Token)
\
> + KeEnterCriticalRegion();
\
> +
ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);
\
> +
> +#define SepAcquireTokenLockShared(Token)
\
> + KeEnterCriticalRegion();
\
> +
ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);
\
> +
> +#define SepReleaseTokenLock(Token)
\
> +
ExReleaseResource(((PTOKEN)Token)->TokenLock);
\
> + KeLeaveCriticalRegion();
\
> +
> //
> // Token Functions
> //
> @@ -434,24 +473,6 @@
> OUT PACCESS_TOKEN* NewToken
> );
> -#define SepAcquireTokenLockExclusive(Token)
\
> - do {
\
> - KeEnterCriticalRegion();
\
> -
ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);
\
> - while(0)
> -
> -#define SepAcquireTokenLockShared(Token)
\
> - do {
\
> - KeEnterCriticalRegion();
\
> -
ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);
\
> - while(0)
> -
> -#define SepReleaseTokenLock(Token)
\
> - do {
\
> -
ExReleaseResource(((PTOKEN)Token)->TokenLock);
\
> - KeLeaveCriticalRegion();
\
> - while(0)
> -
> VOID NTAPI
> SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
> OUT PACCESS_MASK DesiredAccess);
> @@ -460,4 +481,6 @@
> SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
> OUT PACCESS_MASK DesiredAccess);
> +#endif
> +
> /* EOF */
>
> Modified: trunk/reactos/ntoskrnl/se/access.c
> URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/access.c?rev=57
284&r1=57283&r2=57284&view=diff
============================================================================
==
> --- trunk/reactos/ntoskrnl/se/access.c
[iso-8859-1] (original)
> +++ trunk/reactos/ntoskrnl/se/access.c [iso-8859-1] Wed Sep 12 16:29:28
2012
> @@ -130,11 +130,7 @@
> ASSERT(Sid != NULL);
> /* Lock the token if needed */
> - if (!TokenLocked)
> - {
> - KeEnterCriticalRegion();
> - ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
> - }
> + if (!TokenLocked) SepAcquireTokenLockShared(Token);
> /* Check if the owner SID is found, handling restricted case as
well
*/
>> Result = SepSidInToken(Token, Sid);
>> @@ -144,11 +140,7 @@
>> }
>> /* Release the lock if we had acquired it */
>> - if (!TokenLocked)
>> - {
>> - ExReleaseResourceLite(Token->TokenLock);
>> - KeLeaveCriticalRegion();
>> - }
>> + if (!TokenLocked) SepReleaseTokenLock(Token);
>> /* Return the result */
>> return Result;
>> @@ -168,15 +160,13 @@
>> TokenControl->TokenSource = Token->TokenSource;
>> /* Lock the token */
> - KeEnterCriticalRegion();
>>
- ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
>> + SepAcquireTokenLockShared(Token);
>> /* Capture the modified it */
>> TokenControl->ModifiedId = Token->ModifiedId;
>> /* Unlock it */
>> - ExReleaseResourceLite(Token->TokenLock);
> - KeLeaveCriticalRegion();
>>
+ SepReleaseTokenLock(Token);
>> }
>> NTSTATUS
>> @@ -327,13 +317,11 @@
>> ClientToken = SubjectContext->ClientToken;
>> /* Always lock the primary */
> - KeEnterCriticalRegion();
>>
- ExAcquireResourceSharedLite(PrimaryToken->TokenLock, TRUE);
>> + SepAcquireTokenLockShared(PrimaryToken);
>> /* Lock the impersonation one if it's there */
>> if (!ClientToken) return;
> - KeEnterCriticalRegion();
>>
- ExAcquireResourceSharedLite(ClientToken->TokenLock, TRUE);
>> + SepAcquireTokenLockShared(ClientToken);
>> }
>> /*
>> @@ -351,13 +339,11 @@
>> ClientToken = SubjectContext->ClientToken;
>> /* Always unlock the primary one */
>> - ExReleaseResourceLite(PrimaryToken->TokenLock);
> - KeLeaveCriticalRegion();
>>
+ SepReleaseTokenLock(PrimaryToken);
>> /* Unlock the impersonation one if it's there */
>> if (!ClientToken) return;
>> - ExReleaseResourceLite(ClientToken->TokenLock);
> - KeLeaveCriticalRegion();
>>
+ SepReleaseTokenLock(ClientToken);
>> }
>> /*
>>
>> Modified: trunk/reactos/ntoskrnl/se/semgr.c
>> URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=572
84&r1=57283&r2=57284&view=diff
============================================================================
==
> --- trunk/reactos/ntoskrnl/se/semgr.c
[iso-8859-1] (original)
> +++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Wed Sep 12 16:29:28
2012
>> @@ -952,8 +952,7 @@
>> SeCaptureSubjectContext(&SubjectSecurityContext);
>> /* Lock the token */
> - KeEnterCriticalRegion();
>>
- ExAcquireResourceSharedLite(Token->TokenLock, TRUE);
>> + SepAcquireTokenLockShared(Token);
>> /* Check if the token is the owner and grant WRITE_DAC and
READ_CONTROL rights */
>> if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED))
>> @@ -990,8 +989,7 @@
>> /* Release subject context and unlock the token */
>> SeReleaseSubjectContext(&SubjectSecurityContext);
>> - ExReleaseResourceLite(Token->TokenLock);
> - KeLeaveCriticalRegion();
>>
+ SepReleaseTokenLock(Token);
>> /* Release the captured security descriptor */
>> SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
>>
>>
>>
>
> _______________________________________________
> Ros-dev mailing list
> Ros-dev(a)reactos.org
> http://www.reactos.org/mailman/listinfo/ros-dev
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
4394
days inactive
4394
days old
3 comments
3 participants
participants (3)
-
Alex Ionescu -
Ged Murphy -
Timo Kreuzer