12 Sep
2024
12 Sep
'24
2:44 p.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=156053cafd3d325ac5d6e…
commit 156053cafd3d325ac5d6e6c341dae55bbb99b88c
Author: Thomas Faber <thomas.faber(a)reactos.org>
AuthorDate: Sat May 27 18:24:29 2023 -0400
Commit: Timo Kreuzer <timo.kreuzer(a)reactos.org>
CommitDate: Thu Sep 12 17:44:13 2024 +0300
[NDK] Match AUX_ACCESS_DATA definition with publicly available version.
Looks like public symbols contain this structure starting with Win7,
so we can deduce what it looked like in Win2003.
Note that our previous definition was missing a second ULONG at the
end, which can be seen in the SeQueryInfoToken kmtest -- if you
allocated only sizeof(AUX_ACCESS_DATA), the test would crash with
a 4 byte buffer overflow.
---
.../rostests/kmtests/ntos_se/SeQueryInfoToken.c | 32 +++++++++++-----------
ntoskrnl/ob/obhandle.c | 6 ++--
ntoskrnl/se/access.c | 4 +--
ntoskrnl/se/priv.c | 14 +++++-----
sdk/include/ndk/setypes.h | 19 +++++++++++--
5 files changed, 45 insertions(+), 30 deletions(-)
diff --git a/modules/rostests/kmtests/ntos_se/SeQueryInfoToken.c
b/modules/rostests/kmtests/ntos_se/SeQueryInfoToken.c
index 2ddf864d086..f58bbc3b17e 100644
--- a/modules/rostests/kmtests/ntos_se/SeQueryInfoToken.c
+++ b/modules/rostests/kmtests/ntos_se/SeQueryInfoToken.c
@@ -279,7 +279,7 @@ START_TEST(SeQueryInfoToken)
// Testing SeAppendPrivileges //
//----------------------------------------------------------------//
- InitialPrivilegeCount = AuxData->PrivilegeSet->PrivilegeCount;
+ InitialPrivilegeCount = AuxData->PrivilegesUsed->PrivilegeCount;
trace("Initial privilege count = %lu\n", InitialPrivilegeCount);
// Testing SeAppendPrivileges. Must change PrivilegeCount to 2 (1 + 1)
@@ -291,7 +291,7 @@ START_TEST(SeQueryInfoToken)
Status = SeAppendPrivileges(AccessState, NewPrivilegeSet);
ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
- ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount, InitialPrivilegeCount + 1);
+ ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount, InitialPrivilegeCount +
1);
ExFreePoolWithTag(NewPrivilegeSet, 'QSmK');
//----------------------------------------------------------------//
@@ -305,7 +305,7 @@ START_TEST(SeQueryInfoToken)
Status = SeAppendPrivileges(AccessState, NewPrivilegeSet);
ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
- ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount, InitialPrivilegeCount + 5);
+ ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount, InitialPrivilegeCount +
5);
ExFreePoolWithTag(NewPrivilegeSet, 'QSmK');
//----------------------------------------------------------------//
@@ -313,14 +313,14 @@ START_TEST(SeQueryInfoToken)
//----------------------------------------------------------------//
// KPROCESSOR_MODE is set to KernelMode ===> Always return TRUE
- ok(SePrivilegeCheck(AuxData->PrivilegeSet,
&(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed
with KernelMode mode arg\n");
+ ok(SePrivilegeCheck(AuxData->PrivilegesUsed,
&(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed
with KernelMode mode arg\n");
// and call it again
- ok(SePrivilegeCheck(AuxData->PrivilegeSet,
&(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed
with KernelMode mode arg\n");
+ ok(SePrivilegeCheck(AuxData->PrivilegesUsed,
&(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed
with KernelMode mode arg\n");
//----------------------------------------------------------------//
// KPROCESSOR_MODE is set to UserMode. Expect false
- ok(!SePrivilegeCheck(AuxData->PrivilegeSet,
&(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck
unexpected success with UserMode arg\n");
+ ok(!SePrivilegeCheck(AuxData->PrivilegesUsed,
&(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck
unexpected success with UserMode arg\n");
//----------------------------------------------------------------//
@@ -345,8 +345,8 @@ START_TEST(SeQueryInfoToken)
ok((Privileges != NULL), "Privileges is NULL\n");
if (Privileges)
{
- trace("AuxData->PrivilegeSet->PrivilegeCount = %d ;
Privileges->PrivilegeCount = %d\n",
- AuxData->PrivilegeSet->PrivilegeCount,
Privileges->PrivilegeCount);
+ trace("AuxData->PrivilegesUsed->PrivilegeCount = %d ;
Privileges->PrivilegeCount = %d\n",
+ AuxData->PrivilegesUsed->PrivilegeCount,
Privileges->PrivilegeCount);
}
if (Privileges) SeFreePrivileges(Privileges);
@@ -375,16 +375,16 @@ START_TEST(SeQueryInfoToken)
NewPrivilegeSet->PrivilegeCount = 14;
ok((SeAppendPrivileges(AccessState, NewPrivilegeSet)) == STATUS_SUCCESS,
"SeAppendPrivileges failed\n");
- ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount,
InitialPrivilegeCount + 19);
+ ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount,
InitialPrivilegeCount + 19);
ExFreePoolWithTag(NewPrivilegeSet, 'QSmK');
- for (i = 0; i < AuxData->PrivilegeSet->PrivilegeCount; i++)
+ for (i = 0; i < AuxData->PrivilegesUsed->PrivilegeCount; i++)
{
- AuxData->PrivilegeSet->Privilege[i].Attributes =
TPrivileges->Privileges[i].Attributes;
- AuxData->PrivilegeSet->Privilege[i].Luid =
TPrivileges->Privileges[i].Luid;
+ AuxData->PrivilegesUsed->Privilege[i].Attributes =
TPrivileges->Privileges[i].Attributes;
+ AuxData->PrivilegesUsed->Privilege[i].Luid =
TPrivileges->Privileges[i].Luid;
}
- //trace("AccessState->privCount = %u\n\n",
((PAUX_ACCESS_DATA)(AccessState->AuxData))->PrivilegeSet->PrivilegeCount);
+ //trace("AccessState->privCount = %u\n\n",
((PAUX_ACCESS_DATA)(AccessState->AuxData))->PrivilegesUsed->PrivilegeCount);
- ok(SePrivilegeCheck(AuxData->PrivilegeSet,
&(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck fails in
UserMode, but I wish it will success\n");
+ ok(SePrivilegeCheck(AuxData->PrivilegesUsed,
&(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck fails in
UserMode, but I wish it will success\n");
}
}
@@ -407,8 +407,8 @@ START_TEST(SeQueryInfoToken)
ok((Privileges != NULL), "Privileges is NULL\n");
if (Privileges)
{
- trace("AuxData->PrivilegeSet->PrivilegeCount = %d ;
Privileges->PrivilegeCount = %d\n",
- AuxData->PrivilegeSet->PrivilegeCount,
Privileges->PrivilegeCount);
+ trace("AuxData->PrivilegesUsed->PrivilegeCount = %d ;
Privileges->PrivilegeCount = %d\n",
+ AuxData->PrivilegesUsed->PrivilegeCount,
Privileges->PrivilegeCount);
}
if (Privileges) SeFreePrivileges(Privileges);
diff --git a/ntoskrnl/ob/obhandle.c b/ntoskrnl/ob/obhandle.c
index 28a2fc77e36..530e32fbfaf 100644
--- a/ntoskrnl/ob/obhandle.c
+++ b/ntoskrnl/ob/obhandle.c
@@ -1647,8 +1647,8 @@ ObpCreateHandle(IN OB_OPEN_REASON OpenReason,
if (OpenReason == ObCreateHandle)
{
/* Check if we need to audit the privileges */
- if ((AuxData->PrivilegeSet) &&
- (AuxData->PrivilegeSet->PrivilegeCount))
+ if ((AuxData->PrivilegesUsed) &&
+ (AuxData->PrivilegesUsed->PrivilegeCount))
{
/* Do the audit */
#if 0
@@ -1656,7 +1656,7 @@ ObpCreateHandle(IN OB_OPEN_REASON OpenReason,
&AccessState->
SubjectSecurityContext,
GrantedAccess,
- AuxData->PrivilegeSet,
+ AuxData->PrivilegesUsed,
TRUE,
ExGetPreviousMode());
#endif
diff --git a/ntoskrnl/se/access.c b/ntoskrnl/se/access.c
index d9eacc550c7..d1ecd5bd571 100644
--- a/ntoskrnl/se/access.c
+++ b/ntoskrnl/se/access.c
@@ -88,7 +88,7 @@ SeCreateAccessStateEx(
}
/* Set the Auxiliary Data */
- AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
+ AuxData->PrivilegesUsed = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
FIELD_OFFSET(ACCESS_STATE,
Privileges));
if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
@@ -158,7 +158,7 @@ SeDeleteAccessState(
/* Deallocate Privileges */
if (AccessState->PrivilegesAllocated)
- ExFreePoolWithTag(AuxData->PrivilegeSet, TAG_PRIVILEGE_SET);
+ ExFreePoolWithTag(AuxData->PrivilegesUsed, TAG_PRIVILEGE_SET);
/* Deallocate Name and Type Name */
if (AccessState->ObjectName.Buffer)
diff --git a/ntoskrnl/se/priv.c b/ntoskrnl/se/priv.c
index a147d2bd2b7..c7f284d293d 100644
--- a/ntoskrnl/se/priv.c
+++ b/ntoskrnl/se/priv.c
@@ -601,9 +601,9 @@ SeAppendPrivileges(
/* Calculate the size of the old privilege set */
OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
- (AuxData->PrivilegeSet->PrivilegeCount - 1) *
sizeof(LUID_AND_ATTRIBUTES);
+ (AuxData->PrivilegesUsed->PrivilegeCount - 1) *
sizeof(LUID_AND_ATTRIBUTES);
- if (AuxData->PrivilegeSet->PrivilegeCount +
+ if (AuxData->PrivilegesUsed->PrivilegeCount +
Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
{
/* Calculate the size of the new privilege set */
@@ -619,7 +619,7 @@ SeAppendPrivileges(
/* Copy original privileges from the acess state */
RtlCopyMemory(PrivilegeSet,
- AuxData->PrivilegeSet,
+ AuxData->PrivilegesUsed,
OldPrivilegeSetSize);
/* Append privileges from the privilege set*/
@@ -632,23 +632,23 @@ SeAppendPrivileges(
/* Free the old privilege set if it was allocated */
if (AccessState->PrivilegesAllocated != FALSE)
- ExFreePoolWithTag(AuxData->PrivilegeSet, TAG_PRIVILEGE_SET);
+ ExFreePoolWithTag(AuxData->PrivilegesUsed, TAG_PRIVILEGE_SET);
/* Now we are using an allocated privilege set */
AccessState->PrivilegesAllocated = TRUE;
/* Assign the new privileges to the access state */
- AuxData->PrivilegeSet = PrivilegeSet;
+ AuxData->PrivilegesUsed = PrivilegeSet;
}
else
{
/* Append privileges */
- RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet +
OldPrivilegeSetSize),
+ RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegesUsed +
OldPrivilegeSetSize),
(PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) -
sizeof(LUID_AND_ATTRIBUTES)),
Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
/* Adjust the number of privileges in the target privilege set */
- AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
+ AuxData->PrivilegesUsed->PrivilegeCount += Privileges->PrivilegeCount;
}
return STATUS_SUCCESS;
diff --git a/sdk/include/ndk/setypes.h b/sdk/include/ndk/setypes.h
index 1f54e097318..d9fe4c4f9b6 100644
--- a/sdk/include/ndk/setypes.h
+++ b/sdk/include/ndk/setypes.h
@@ -255,9 +255,24 @@ typedef struct _TOKEN
typedef struct _AUX_ACCESS_DATA
{
- PPRIVILEGE_SET PrivilegeSet;
+ PPRIVILEGE_SET PrivilegesUsed;
GENERIC_MAPPING GenericMapping;
- ULONG Reserved;
+ ACCESS_MASK AccessesToAudit;
+ ACCESS_MASK MaximumAuditMask;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+ GUID TransactionId;
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+ PVOID NewSecurityDescriptor;
+ PVOID ExistingSecurityDescriptor;
+ PVOID ParentSecurityDescriptor;
+ VOID (NTAPI *DerefSecurityDescriptor)(PVOID, PVOID);
+ PVOID SDLock;
+ ACCESS_REASONS AccessReasons;
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN8)
+ BOOLEAN GenerateStagingEvents;
+#endif
} AUX_ACCESS_DATA, *PAUX_ACCESS_DATA;
//