[ros-diffs] [ion] 12806: Use proper PISID pointer to SID structure, fix wrong LUID definition, and remove duplicate code in Security Manager

Use proper PISID pointer to SID structure, fix wrong LUID definition, and remove duplicate code in Security Manager Modified: trunk/reactos/include/ntdll/rtl.h Modified: trunk/reactos/include/ntos/obtypes.h Modified: trunk/reactos/include/ntos/security.h Modified: trunk/reactos/lib/rtl/sid.c Modified: trunk/reactos/ntoskrnl/se/luid.c Modified: trunk/reactos/ntoskrnl/se/sd.c Modified: trunk/reactos/ntoskrnl/se/sid.c Modified: trunk/reactos/ntoskrnl/se/token.c _____

Modified: trunk/reactos/include/ntdll/rtl.h --- trunk/reactos/include/ntdll/rtl.h 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/include/ntdll/rtl.h 2005-01-04 22:44:50 UTC (rev 12806) @@ -193,6 +193,18 @@

VOID );

+VOID +STDCALL +RtlpFreeDebugInfo( + PRTL_CRITICAL_SECTION_DEBUG DebugInfo +); + +PRTL_CRITICAL_SECTION_DEBUG +STDCALL +RtlpAllocateDebugInfo( + VOID +); + NTSTATUS STDCALL RtlAddAccessAllowedAceEx (IN OUT PACL Acl, IN ULONG Revision, _____

Modified: trunk/reactos/include/ntos/obtypes.h --- trunk/reactos/include/ntos/obtypes.h 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/include/ntos/obtypes.h 2005-01-04 22:44:50 UTC (rev 12806) @@ -83,8 +83,8 @@

HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; - SECURITY_DESCRIPTOR *SecurityDescriptor; - SECURITY_QUALITY_OF_SERVICE *SecurityQualityOfService; + PVOID SecurityDescriptor; + PVOID SecurityQualityOfService; } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;

#endif /* __USE_W32API */ _____

Modified: trunk/reactos/include/ntos/security.h --- trunk/reactos/include/ntos/security.h 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/include/ntos/security.h 2005-01-04 22:44:50 UTC (rev 12806) @@ -74,6 +74,18 @@

#ifndef __USE_W32API

+#ifndef _MSC_VER +#define SYSTEM_LUID {{ 0x3E7, 0x0 }} +#define ANONYMOUS_LOGON_LUID {{ 0x3e6, 0x0 }} +#define LOCALSERVICE_LUID {{ 0x3e5, 0x0 }} +#define NETWORKSERVICE_LUID {{ 0x3e4, 0x0 }} +#else +#define SYSTEM_LUID { 0x3E7, 0x0 } +#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 } +#define LOCALSERVICE_LUID { 0x3e5, 0x0 } +#define NETWORKSERVICE_LUID { 0x3e4, 0x0 } +#endif + /* SID Auhority */ #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} @@ -227,8 +239,10 @@ UCHAR SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority; ULONG SubAuthority[1]; -} SID, *PSID; +} SID, *PISID;

+typedef PVOID PSID; + typedef struct _ACL { UCHAR AclRevision; _____

Modified: trunk/reactos/lib/rtl/sid.c --- trunk/reactos/lib/rtl/sid.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/lib/rtl/sid.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -1,4 +1,4 @@

-/* $Id: sid.c,v 1.4 2004/07/12 19:39:29 ekohl Exp $ +/* $Id$ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -22,8 +22,10 @@ /* FUNCTIONS ***************************************************************/

BOOLEAN STDCALL -RtlValidSid(IN PSID Sid) +RtlValidSid(IN PSID Sid_) { + PISID Sid = Sid_; + if ((Sid->Revision != SID_REVISION) || (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES)) { @@ -48,10 +50,12 @@ * @implemented */ NTSTATUS STDCALL -RtlInitializeSid(IN PSID Sid, +RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount) { + PISID Sid = Sid_; + Sid->Revision = SID_REVISION; Sid->SubAuthorityCount = SubAuthorityCount; memcpy(&Sid->IdentifierAuthority, @@ -66,9 +70,11 @@ * @implemented */ PULONG STDCALL -RtlSubAuthoritySid(IN PSID Sid, +RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority) { + PISID Sid = Sid_; + return &Sid->SubAuthority[SubAuthority]; }

@@ -77,8 +83,10 @@ * @implemented */ PUCHAR STDCALL -RtlSubAuthorityCountSid(IN PSID Sid) +RtlSubAuthorityCountSid(IN PSID Sid_) { + PISID Sid = Sid_; + return &Sid->SubAuthorityCount; }

@@ -87,9 +95,12 @@ * @implemented */ BOOLEAN STDCALL -RtlEqualSid(IN PSID Sid1, - IN PSID Sid2) +RtlEqualSid(IN PSID Sid1_, + IN PSID Sid2_) { + PISID Sid1 = Sid1_; + PISID Sid2 = Sid2_; + if (Sid1->Revision != Sid2->Revision) { return(FALSE); @@ -110,8 +121,10 @@ * @implemented */ ULONG STDCALL -RtlLengthSid(IN PSID Sid) +RtlLengthSid(IN PSID Sid_) { + PISID Sid = Sid_; + return (sizeof(SID) + (Sid->SubAuthorityCount-1) * sizeof(ULONG)); }

@@ -180,8 +193,10 @@ * @implemented */ PSID_IDENTIFIER_AUTHORITY STDCALL -RtlIdentifierAuthoritySid(IN PSID Sid) +RtlIdentifierAuthoritySid(IN PSID Sid_) { + PISID Sid = Sid_; + return &Sid->IdentifierAuthority; }

@@ -202,7 +217,7 @@ ULONG SubAuthority7, PSID *Sid) { - PSID pSid; + PISID pSid;

if (SubAuthorityCount > 8) return STATUS_INVALID_SID; @@ -267,9 +282,12 @@ * @implemented */ BOOLEAN STDCALL -RtlEqualPrefixSid(IN PSID Sid1, - IN PSID Sid2) +RtlEqualPrefixSid(IN PSID Sid1_, + IN PSID Sid2_) { + PISID Sid1 = Sid1_; + PISID Sid2 = Sid2_; + return(Sid1->SubAuthorityCount == Sid2->SubAuthorityCount && !RtlCompareMemory(Sid1, Sid2, (Sid1->SubAuthorityCount - 1) * sizeof(DWORD) + 8)); @@ -281,13 +299,14 @@ */ NTSTATUS STDCALL RtlConvertSidToUnicodeString(PUNICODE_STRING String, - PSID Sid, + PSID Sid_, BOOLEAN AllocateBuffer) { WCHAR Buffer[256]; PWSTR wcs; ULONG Length; ULONG i; + PISID Sid = Sid_;

if (RtlValidSid (Sid) == FALSE) return STATUS_INVALID_SID; _____

Modified: trunk/reactos/ntoskrnl/se/luid.c --- trunk/reactos/ntoskrnl/se/luid.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/ntoskrnl/se/luid.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -1,4 +1,4 @@

-/* $Id: luid.c,v 1.10 2004/08/15 16:39:11 chorns Exp $ +/* $Id$ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -20,15 +20,15 @@ static LARGE_INTEGER LuidIncrement; static LARGE_INTEGER LuidValue;

-#define SYSTEM_LUID 0x3E7; - /* FUNCTIONS *****************************************************************/

VOID INIT_FUNCTION SepInitLuid(VOID) { + LARGE_INTEGER DummyLuidValue = SYSTEM_LUID; + KeInitializeSpinLock(&LuidLock); - LuidValue.QuadPart = SYSTEM_LUID; + LuidValue = DummyLuidValue; LuidIncrement.QuadPart = 1; }

_____

Modified: trunk/reactos/ntoskrnl/se/sd.c --- trunk/reactos/ntoskrnl/se/sd.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/ntoskrnl/se/sd.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -1,4 +1,4 @@

-/* $Id: sd.c,v 1.20 2004/08/15 16:39:12 chorns Exp $ +/* $Id$ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -319,7 +319,7 @@ IN PSECURITY_DESCRIPTOR SecurityDescriptor) { ULONG SdLength; - PSID Sid; + PISID Sid; PACL Acl;

if (Length < SECURITY_DESCRIPTOR_MIN_LENGTH) @@ -355,7 +355,7 @@ return FALSE; }

- Sid = (PSID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner); + Sid = (PISID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner); if (Sid->Revision != SID_REVISION) { DPRINT1("Invalid Owner SID revision\n"); _____

Modified: trunk/reactos/ntoskrnl/se/sid.c --- trunk/reactos/ntoskrnl/se/sid.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/ntoskrnl/se/sid.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -1,4 +1,4 @@

-/* $Id: sid.c,v 1.16 2003/12/30 18:52:06 fireball Exp $ +/* $Id$ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -11,9 +11,9 @@

/* INCLUDES *****************************************************************/

-#include <ddk/ntddk.h> -#include <internal/se.h> +#include <ntoskrnl.h>

+#define NDEBUG #include <internal/debug.h>

#define TAG_SID TAG('S', 'I', 'D', 'T') @@ -467,230 +467,4 @@ return(TRUE); }

- -/* - * @implemented - */ -BOOLEAN STDCALL -RtlValidSid(PSID Sid) -{ - if ((Sid->Revision & 0xf) != 1) - { - return(FALSE); - } - if (Sid->SubAuthorityCount > 15) - { - return(FALSE); - } - return(TRUE); -} - - -/* - * @implemented - */ -ULONG STDCALL -RtlLengthRequiredSid(UCHAR SubAuthorityCount) -{ - return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG)); -} - - -/* - * @implemented - */ -NTSTATUS STDCALL -RtlInitializeSid(PSID Sid, - PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, - UCHAR SubAuthorityCount) -{ - Sid->Revision = 1; - Sid->SubAuthorityCount = SubAuthorityCount; - RtlCopyMemory(&Sid->IdentifierAuthority, - IdentifierAuthority, - sizeof(SID_IDENTIFIER_AUTHORITY)); - return(STATUS_SUCCESS); -} - - -/* - * @implemented - */ -PULONG STDCALL -RtlSubAuthoritySid(PSID Sid, - ULONG SubAuthority) -{ - return(&Sid->SubAuthority[SubAuthority]); -} - - -/* - * @implemented - */ -PUCHAR STDCALL -RtlSubAuthorityCountSid(PSID Sid) -{ - return(&Sid->SubAuthorityCount); -} - - -/* - * @implemented - */ -BOOLEAN STDCALL -RtlEqualSid(PSID Sid1, - PSID Sid2) -{ - if (Sid1->Revision != Sid2->Revision) - { - return(FALSE); - } - if ((*RtlSubAuthorityCountSid(Sid1)) != - (*RtlSubAuthorityCountSid(Sid2))) - { - return(FALSE); - } - if (memcmp(Sid1, Sid2, RtlLengthSid(Sid1)) != 0) - { - return(FALSE); - } - return(TRUE); -} - - -/* - * @implemented - */ -ULONG STDCALL -RtlLengthSid(PSID Sid) -{ - return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4); -} - - -/* - * @implemented - */ -NTSTATUS STDCALL -RtlCopySid(ULONG BufferLength, - PSID Dest, - PSID Src) -{ - if (BufferLength < RtlLengthSid(Src)) - { - return(STATUS_UNSUCCESSFUL); - } - memmove(Dest, Src, RtlLengthSid(Src)); - return(STATUS_SUCCESS); -} - - -NTSTATUS STDCALL -RtlCopySidAndAttributesArray(ULONG Count, - PSID_AND_ATTRIBUTES Src, - ULONG SidAreaSize, - PSID_AND_ATTRIBUTES Dest, - PVOID SidArea, - PVOID* RemainingSidArea, - PULONG RemainingSidAreaSize) -{ - ULONG Length; - ULONG i; - - Length = SidAreaSize; - - for (i=0; i<Count; i++) - { - if (RtlLengthSid(Src[i].Sid) > Length) - { - return(STATUS_BUFFER_TOO_SMALL); - } - Length = Length - RtlLengthSid(Src[i].Sid); - Dest[i].Sid = SidArea; - Dest[i].Attributes = Src[i].Attributes; - RtlCopySid(RtlLengthSid(Src[i].Sid), SidArea, Src[i].Sid); - SidArea = (char*)SidArea + RtlLengthSid(Src[i].Sid); - } - *RemainingSidArea = SidArea; - *RemainingSidAreaSize = Length; - return(STATUS_SUCCESS); -} - - -/* - * @implemented - */ -NTSTATUS STDCALL -RtlConvertSidToUnicodeString(PUNICODE_STRING String, - PSID Sid, - BOOLEAN AllocateString) -{ - WCHAR Buffer[256]; - PWSTR Ptr; - ULONG Length; - ULONG i; - - if (!RtlValidSid(Sid)) - return STATUS_INVALID_SID; - - Ptr = Buffer; - Ptr += swprintf (Ptr, - L"S-%u-", - Sid->Revision); - - if(!Sid->IdentifierAuthority.Value[0] && - !Sid->IdentifierAuthority.Value[1]) - { - Ptr += swprintf(Ptr, - L"%u", - (ULONG)Sid->IdentifierAuthority.Value[2] << 24 | - (ULONG)Sid->IdentifierAuthority.Value[3] << 16 | - (ULONG)Sid->IdentifierAuthority.Value[4] << 8 | - (ULONG)Sid->IdentifierAuthority.Value[5]); - } - else - { - Ptr += swprintf(Ptr, - L"0x%02hx%02hx%02hx%02hx%02hx%02hx", - Sid->IdentifierAuthority.Value[0], - Sid->IdentifierAuthority.Value[1], - Sid->IdentifierAuthority.Value[2], - Sid->IdentifierAuthority.Value[3], - Sid->IdentifierAuthority.Value[4], - Sid->IdentifierAuthority.Value[5]); - } - - for (i = 0; i < Sid->SubAuthorityCount; i++) - { - Ptr += swprintf(Ptr, - L"-%u", - Sid->SubAuthority[i]); - } - - Length = (Ptr - Buffer) * sizeof(WCHAR); - - if (AllocateString) - { - String->Buffer = ExAllocatePool(NonPagedPool, - Length + sizeof(WCHAR)); - if (String->Buffer == NULL) - return STATUS_NO_MEMORY; - - String->MaximumLength = Length + sizeof(WCHAR); - } - else - { - if (Length > String->MaximumLength) - return STATUS_BUFFER_TOO_SMALL; - } - String->Length = Length; - memmove(String->Buffer, - Buffer, - Length); - if (Length < String->MaximumLength) - String->Buffer[Length/sizeof(WCHAR)] = 0; - - return STATUS_SUCCESS; -} - /* EOF */ _____

Modified: trunk/reactos/ntoskrnl/se/token.c --- trunk/reactos/ntoskrnl/se/token.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/ntoskrnl/se/token.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -11,13 +11,7 @@

/* INCLUDES *****************************************************************/

-#include <limits.h> -#define NTOS_MODE_KERNEL -#include <ntos.h> -#include <internal/ob.h> -#include <internal/ps.h> -#include <internal/se.h> -#include <internal/safe.h> +#include <ntoskrnl.h>

#define NDEBUG #include <internal/debug.h> @@ -31,8 +25,6 @@ TOKEN_EXECUTE, TOKEN_ALL_ACCESS};

-//#define SYSTEM_LUID 0x3E7; - /* FUNCTIONS *****************************************************************/

VOID SepFreeProxyData(PVOID ProxyData) @@ -1028,6 +1020,7 @@ * NOTE: Some sources claim 4th param is ImpersonationLevel, but on W2K * this is certainly NOT true, thou i can't say for sure that EffectiveOnly * is correct either. -Gunnar + * This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI */ NTSTATUS STDCALL NtDuplicateToken(IN HANDLE ExistingTokenHandle, @@ -1060,7 +1053,7 @@ EffectiveOnly, TokenType, ObjectAttributes->SecurityQualityOfService ? - ObjectAttributes->SecurityQualityOfService->ImpersonationLevel : + ((PSECURITY_QUALITY_OF_SERVICE)(ObjectAttributes->SecurityQualityOfServi ce))->ImpersonationLevel : 0 /*SecurityAnonymous*/, PreviousMode, &NewToken); @@ -1645,7 +1638,8 @@ AccessToken->Privileges = 0;

AccessToken->TokenType = TokenType; - AccessToken->ImpersonationLevel = ObjectAttributes->SecurityQualityOfService->ImpersonationLevel; + AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE) + (ObjectAttributes->SecurityQualityOfService))->ImpersonationLevel;

/* * Normally we would just point these members into the variable information