[ros-diffs] [ion] 26140: - Fix NPX check in context switcher. - Fix ObLogSecurityDescriptor. - Fix some missing features in SeAccessCheck.

Author: ion Date: Mon Mar 19 22:05:39 2007 New Revision: 26140 URL: http://svn.reactos.org/svn/reactos?rev=26140&view=rev Log: - Fix NPX check in context switcher. - Fix ObLogSecurityDescriptor. - Fix some missing features in SeAccessCheck. Modified: trunk/reactos/ntoskrnl/ke/i386/ctxswitch.S trunk/reactos/ntoskrnl/ob/sdcache.c trunk/reactos/ntoskrnl/se/semgr.c Modified: trunk/reactos/ntoskrnl/ke/i386/ctxswitch.S URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/ctxswitch… ============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/ctxswitch.S (original) +++ trunk/reactos/ntoskrnl/ke/i386/ctxswitch.S Mon Mar 19 22:05:39 2007 @@ -550,7 +550,7 @@ /* Assert NPX State */ test byte ptr [esi+KTHREAD_NPX_STATE], ~(NPX_STATE_NOT_LOADED) jnz InvalidNpx - test dword ptr [eax - (NPX_FRAME_LENGTH - FN_CR0_NPX_STATE)], ~(CR0_MP + CR0_EM + CR0_TS) + test dword ptr [eax - (NPX_FRAME_LENGTH - FN_CR0_NPX_STATE)], ~(CR0_PE + CR0_MP + CR0_EM + CR0_TS) jnz InvalidNpx #endif Modified: trunk/reactos/ntoskrnl/ob/sdcache.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/sdcache.c?rev=… ============================================================================== --- trunk/reactos/ntoskrnl/ob/sdcache.c (original) +++ trunk/reactos/ntoskrnl/ob/sdcache.c Mon Mar 19 22:05:39 2007 @@ -371,11 +371,13 @@ { /* HACK: Return the same descriptor back */ PISECURITY_DESCRIPTOR SdCopy; - DPRINT1("ObLogSecurityDescriptor is not implemented!\n", - InputSecurityDescriptor); - - SdCopy = ExAllocatePool(PagedPool, sizeof(*SdCopy)); - RtlCopyMemory(SdCopy, InputSecurityDescriptor, sizeof(*SdCopy)); + ULONG Length; + DPRINT("ObLogSecurityDescriptor is not implemented!\n", + InputSecurityDescriptor); + + Length = RtlLengthSecurityDescriptor(InputSecurityDescriptor); + SdCopy = ExAllocatePool(PagedPool, Length); + RtlCopyMemory(SdCopy, InputSecurityDescriptor, Length); *OutputSecurityDescriptor = SdCopy; return STATUS_SUCCESS; } Modified: trunk/reactos/ntoskrnl/se/semgr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=26… ============================================================================== --- trunk/reactos/ntoskrnl/se/semgr.c (original) +++ trunk/reactos/ntoskrnl/se/semgr.c Mon Mar 19 22:05:39 2007 @@ -911,38 +911,87 @@ OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus) { - LUID_AND_ATTRIBUTES Privilege; - ACCESS_MASK CurrentAccess, AccessMask; - PACCESS_TOKEN Token; - ULONG i; - PACL Dacl; - BOOLEAN Present; - BOOLEAN Defaulted; - PACE CurrentAce; - PSID Sid; - NTSTATUS Status; - - PAGED_CODE(); + LUID_AND_ATTRIBUTES Privilege; + ACCESS_MASK CurrentAccess, AccessMask; + PACCESS_TOKEN Token; + ULONG i; + PACL Dacl; + BOOLEAN Present; + BOOLEAN Defaulted; + PACE CurrentAce; + PSID Sid; + NTSTATUS Status; + PAGED_CODE(); + + /* Check if this is kernel mode */ + if (AccessMode == KernelMode) + { + /* Check if kernel wants everything */ + if (DesiredAccess & MAXIMUM_ALLOWED) + { + /* Give it */ + *GrantedAccess = GenericMapping->GenericAll; + *GrantedAccess |= (DesiredAccess &~ MAXIMUM_ALLOWED); + *GrantedAccess |= PreviouslyGrantedAccess; + } + else + { + /* Give the desired and previous access */ + *GrantedAccess = DesiredAccess | PreviouslyGrantedAccess; + } + + /* Success */ + *AccessStatus = STATUS_SUCCESS; + return TRUE; + } + + /* Check if we didn't get an SD */ + if (!SecurityDescriptor) + { + /* Automatic failure */ + *AccessStatus = STATUS_ACCESS_DENIED; + return FALSE; + } + + /* Check for invalid impersonation */ + if ((SubjectSecurityContext->ClientToken) && + (SubjectSecurityContext->ImpersonationLevel < SecurityImpersonation)) + { + *AccessStatus = STATUS_BAD_IMPERSONATION_LEVEL; + return FALSE; + } + + /* Check for no access desired */ + if (!DesiredAccess) + { + /* Check if we had no previous access */ + if (!PreviouslyGrantedAccess) + { + /* Then there's nothing to give */ + *AccessStatus = STATUS_ACCESS_DENIED; + return FALSE; + } + + /* Return the previous access only */ + *GrantedAccess = PreviouslyGrantedAccess; + *AccessStatus = STATUS_SUCCESS; + *Privileges = NULL; + return TRUE; + } + + /* Acquire the lock if needed */ + if (!SubjectContextLocked) SeLockSubjectContext(SubjectSecurityContext); /* Map given accesses */ RtlMapGenericMask(&DesiredAccess, GenericMapping); if (PreviouslyGrantedAccess) RtlMapGenericMask(&PreviouslyGrantedAccess, GenericMapping); - /* Check if we didn't get an SD */ - if (!SecurityDescriptor) - { - /* Automatic failure */ - *AccessStatus = STATUS_ACCESS_DENIED; - return FALSE; - } + CurrentAccess = PreviouslyGrantedAccess; - if (SubjectContextLocked == FALSE) - { - SeLockSubjectContext(SubjectSecurityContext); - } + Token = SubjectSecurityContext->ClientToken ? SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken; @@ -1077,7 +1126,9 @@ } } else + { DPRINT1("Unknown Ace type 0x%lx\n", CurrentAce->Header.AceType); + } CurrentAce = (PACE)((ULONG_PTR)CurrentAce + CurrentAce->Header.AceSize); }