2 Jul
2007
2 Jul
'07
10:39 p.m.
Author: hpoussin
Date: Tue Jul 3 02:39:11 2007
New Revision: 27366
URL: http://svn.reactos.org/svn/reactos?rev=27366&view=rev
Log:
Replace tabs by spaces. No code change
Modified:
trunk/reactos/ntoskrnl/se/semgr.c
trunk/reactos/ntoskrnl/se/token.c
Modified: trunk/reactos/ntoskrnl/se/semgr.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=27…
==============================================================================
--- trunk/reactos/ntoskrnl/se/semgr.c (original)
+++ trunk/reactos/ntoskrnl/se/semgr.c Tue Jul 3 02:39:11 2007
@@ -123,15 +123,15 @@
/* Create '\Security' directory */
RtlInitUnicodeString(&Name,
- L"\\Security");
+ L"\\Security");
InitializeObjectAttributes(&ObjectAttributes,
- &Name,
- OBJ_PERMANENT,
- 0,
- NULL);
+ &Name,
+ OBJ_PERMANENT,
+ 0,
+ NULL);
Status = ZwCreateDirectoryObject(&DirectoryHandle,
- DIRECTORY_ALL_ACCESS,
- &ObjectAttributes);
+ DIRECTORY_ALL_ACCESS,
+ &ObjectAttributes);
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to create 'Security' directory!\n");
@@ -140,17 +140,17 @@
/* Create 'LSA_AUTHENTICATION_INITALIZED' event */
RtlInitUnicodeString(&Name,
- L"\\LSA_AUTHENTICATION_INITALIZED");
+ L"\\LSA_AUTHENTICATION_INITALIZED");
InitializeObjectAttributes(&ObjectAttributes,
- &Name,
- OBJ_PERMANENT,
- DirectoryHandle,
- SePublicDefaultSd);
+ &Name,
+ OBJ_PERMANENT,
+ DirectoryHandle,
+ SePublicDefaultSd);
Status = ZwCreateEvent(&EventHandle,
- EVENT_ALL_ACCESS,
- &ObjectAttributes,
- SynchronizationEvent,
- FALSE);
+ EVENT_ALL_ACCESS,
+ &ObjectAttributes,
+ SynchronizationEvent,
+ FALSE);
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to create 'LSA_AUTHENTICATION_INITALIZED'
event!\n");
@@ -271,170 +271,170 @@
/* Get owner and owner size */
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
- {
- if (SecurityDescriptor->Owner != NULL)
- {
- if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
- Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
- (ULONG_PTR)SecurityDescriptor);
- else
- Owner = (PSID)SecurityDescriptor->Owner;
- OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
- }
- Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
- }
+ {
+ if (SecurityDescriptor->Owner != NULL)
+ {
+ if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
+ (ULONG_PTR)SecurityDescriptor);
+ else
+ Owner = (PSID)SecurityDescriptor->Owner;
+ OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
+ }
+ Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
+ }
else
- {
- if (ObjectSd->Owner != NULL)
- {
- Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
- OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
- }
- Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
- }
+ {
+ if (ObjectSd->Owner != NULL)
+ {
+ Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
+ OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
+ }
+ Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
+ }
/* Get group and group size */
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
- {
- if (SecurityDescriptor->Group != NULL)
- {
- if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
- Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group +
- (ULONG_PTR)SecurityDescriptor);
- else
- Group = (PSID)SecurityDescriptor->Group;
- GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
- }
- Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
- }
+ {
+ if (SecurityDescriptor->Group != NULL)
+ {
+ if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group +
+ (ULONG_PTR)SecurityDescriptor);
+ else
+ Group = (PSID)SecurityDescriptor->Group;
+ GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
+ }
+ Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
+ }
else
- {
- if (ObjectSd->Group != NULL)
- {
- Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
- GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
- }
- Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
- }
+ {
+ if (ObjectSd->Group != NULL)
+ {
+ Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
+ GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
+ }
+ Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
+ }
/* Get DACL and DACL size */
if (SecurityInformation & DACL_SECURITY_INFORMATION)
- {
- if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
- (SecurityDescriptor->Dacl != NULL))
- {
- if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
- Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl +
- (ULONG_PTR)SecurityDescriptor);
- else
- Dacl = (PACL)SecurityDescriptor->Dacl;
-
- DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
- }
- Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED |
SE_DACL_PRESENT));
- }
+ {
+ if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
+ (SecurityDescriptor->Dacl != NULL))
+ {
+ if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl +
+ (ULONG_PTR)SecurityDescriptor);
+ else
+ Dacl = (PACL)SecurityDescriptor->Dacl;
+
+ DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
+ }
+ Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED |
SE_DACL_PRESENT));
+ }
else
- {
- if ((ObjectSd->Control & SE_DACL_PRESENT) &&
- (ObjectSd->Dacl != NULL))
- {
- Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
- DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
- }
- Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
- }
+ {
+ if ((ObjectSd->Control & SE_DACL_PRESENT) &&
+ (ObjectSd->Dacl != NULL))
+ {
+ Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
+ DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
+ }
+ Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
+ }
/* Get SACL and SACL size */
if (SecurityInformation & SACL_SECURITY_INFORMATION)
- {
- if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
- (SecurityDescriptor->Sacl != NULL))
- {
- if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
- Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl +
- (ULONG_PTR)SecurityDescriptor);
- else
- Sacl = (PACL)SecurityDescriptor->Sacl;
- SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
- }
- Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED |
SE_SACL_PRESENT));
- }
+ {
+ if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
+ (SecurityDescriptor->Sacl != NULL))
+ {
+ if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl +
+ (ULONG_PTR)SecurityDescriptor);
+ else
+ Sacl = (PACL)SecurityDescriptor->Sacl;
+ SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
+ }
+ Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED |
SE_SACL_PRESENT));
+ }
else
- {
- if ((ObjectSd->Control & SE_SACL_PRESENT) &&
- (ObjectSd->Sacl != NULL))
- {
- Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
- SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
- }
- Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
- }
+ {
+ if ((ObjectSd->Control & SE_SACL_PRESENT) &&
+ (ObjectSd->Sacl != NULL))
+ {
+ Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
+ SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
+ }
+ Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
+ }
NewSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength +
- DaclLength + SaclLength);
+ sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength +
+ DaclLength + SaclLength);
if (NewSd == NULL)
- {
- ObDereferenceObject(Object);
- return STATUS_INSUFFICIENT_RESOURCES;
- }
+ {
+ ObDereferenceObject(Object);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
RtlCreateSecurityDescriptor(NewSd,
- SECURITY_DESCRIPTOR_REVISION1);
+ SECURITY_DESCRIPTOR_REVISION1);
/* We always build a self-relative descriptor */
NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE;
Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR);
if (OwnerLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Owner,
- OwnerLength);
- NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd);
- Current += OwnerLength;
- }
+ {
+ RtlCopyMemory((PVOID)Current,
+ Owner,
+ OwnerLength);
+ NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd);
+ Current += OwnerLength;
+ }
if (GroupLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Group,
- GroupLength);
- NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd);
- Current += GroupLength;
- }
+ {
+ RtlCopyMemory((PVOID)Current,
+ Group,
+ GroupLength);
+ NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd);
+ Current += GroupLength;
+ }
if (DaclLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Dacl,
- DaclLength);
- NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd);
- Current += DaclLength;
- }
+ {
+ RtlCopyMemory((PVOID)Current,
+ Dacl,
+ DaclLength);
+ NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd);
+ Current += DaclLength;
+ }
if (SaclLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Sacl,
- SaclLength);
- NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd);
- Current += SaclLength;
- }
+ {
+ RtlCopyMemory((PVOID)Current,
+ Sacl,
+ SaclLength);
+ NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd);
+ Current += SaclLength;
+ }
/* Add the new SD */
Status = ObpAddSecurityDescriptor(NewSd,
- &Header->SecurityDescriptor);
+ &Header->SecurityDescriptor);
if (NT_SUCCESS(Status))
- {
- /* Remove the old security descriptor */
- ObpRemoveSecurityDescriptor(ObjectSd);
- }
+ {
+ /* Remove the old security descriptor */
+ ObpRemoveSecurityDescriptor(ObjectSd);
+ }
else
- {
- /* Restore the old security descriptor */
- Header->SecurityDescriptor = ObjectSd;
- }
+ {
+ /* Restore the old security descriptor */
+ Header->SecurityDescriptor = ObjectSd;
+ }
ExFreePool(NewSd);
}
@@ -449,7 +449,7 @@
{
/* Assign the security descriptor to the object header */
Status = ObpAddSecurityDescriptor(SecurityDescriptor,
- &Header->SecurityDescriptor);
+ &Header->SecurityDescriptor);
}
@@ -571,14 +571,14 @@
*/
NTSTATUS STDCALL
SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
- IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
- OUT PSECURITY_DESCRIPTOR *NewDescriptor,
- IN GUID *ObjectType OPTIONAL,
- IN BOOLEAN IsDirectoryObject,
- IN ULONG AutoInheritFlags,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
- IN PGENERIC_MAPPING GenericMapping,
- IN POOL_TYPE PoolType)
+ IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
+ OUT PSECURITY_DESCRIPTOR *NewDescriptor,
+ IN GUID *ObjectType OPTIONAL,
+ IN BOOLEAN IsDirectoryObject,
+ IN ULONG AutoInheritFlags,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN POOL_TYPE PoolType)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
@@ -601,12 +601,12 @@
*/
NTSTATUS STDCALL
SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
- PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL,
- PSECURITY_DESCRIPTOR *NewDescriptor,
- BOOLEAN IsDirectoryObject,
- PSECURITY_SUBJECT_CONTEXT SubjectContext,
- PGENERIC_MAPPING GenericMapping,
- POOL_TYPE PoolType)
+ PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL,
+ PSECURITY_DESCRIPTOR *NewDescriptor,
+ BOOLEAN IsDirectoryObject,
+ PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ PGENERIC_MAPPING GenericMapping,
+ POOL_TYPE PoolType)
{
PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor;
PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor;
@@ -646,23 +646,23 @@
Owner = ExplicitDescriptor->Owner;
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
- {
- Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
-
- }
+ {
+ Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
+
+ }
}
else
{
if (Token != NULL)
- {
- DPRINT("Use token owner sid!\n");
- Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
- }
+ {
+ DPRINT("Use token owner sid!\n");
+ Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
+ }
else
- {
- DPRINT("Use default owner sid!\n");
- Owner = SeLocalSystemSid;
- }
+ {
+ DPRINT("Use default owner sid!\n");
+ Owner = SeLocalSystemSid;
+ }
Control |= SE_OWNER_DEFAULTED;
}
@@ -676,22 +676,22 @@
DPRINT("Use explicit group sid!\n");
Group = ExplicitDescriptor->Group;
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
- {
- Group = (PSID)(((ULONG_PTR)Group) + (ULONG_PTR)ExplicitDescriptor);
- }
+ {
+ Group = (PSID)(((ULONG_PTR)Group) + (ULONG_PTR)ExplicitDescriptor);
+ }
}
else
{
if (Token != NULL)
- {
- DPRINT("Use token group sid!\n");
- Group = Token->PrimaryGroup;
- }
+ {
+ DPRINT("Use token group sid!\n");
+ Group = Token->PrimaryGroup;
+ }
else
- {
- DPRINT("Use default group sid!\n");
- Group = SeLocalSystemSid;
- }
+ {
+ DPRINT("Use default group sid!\n");
+ Group = SeLocalSystemSid;
+ }
Control |= SE_OWNER_DEFAULTED;
}
@@ -707,22 +707,22 @@
DPRINT("Use explicit DACL!\n");
Dacl = ExplicitDescriptor->Dacl;
if (Dacl != NULL && (ExplicitDescriptor->Control &
SE_SELF_RELATIVE))
- {
- Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor);
- }
+ {
+ Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor);
+ }
Control |= SE_DACL_PRESENT;
}
else if (ParentDescriptor != NULL &&
- (ParentDescriptor->Control & SE_DACL_PRESENT))
+ (ParentDescriptor->Control & SE_DACL_PRESENT))
{
DPRINT("Use parent DACL!\n");
/* FIXME: Inherit */
Dacl = ParentDescriptor->Dacl;
if (Dacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
- {
- Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
- }
+ {
+ Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
+ }
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
}
else if (Token != NULL && Token->DefaultDacl != NULL)
@@ -750,22 +750,22 @@
DPRINT("Use explicit SACL!\n");
Sacl = ExplicitDescriptor->Sacl;
if (Sacl != NULL && (ExplicitDescriptor->Control &
SE_SELF_RELATIVE))
- {
- Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor);
- }
+ {
+ Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor);
+ }
Control |= SE_SACL_PRESENT;
}
else if (ParentDescriptor != NULL &&
- (ParentDescriptor->Control & SE_SACL_PRESENT))
+ (ParentDescriptor->Control & SE_SACL_PRESENT))
{
DPRINT("Use parent SACL!\n");
/* FIXME: Inherit */
Sacl = ParentDescriptor->Sacl;
if (Sacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
- {
- Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
- }
+ {
+ Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
+ }
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
}
@@ -777,14 +777,14 @@
OwnerLength + GroupLength + DaclLength + SaclLength;
DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %d OwnerLength %d GroupLength %d DaclLength
%d SaclLength %d\n",
- sizeof(SECURITY_DESCRIPTOR),
- OwnerLength,
- GroupLength,
- DaclLength,
- SaclLength);
+ sizeof(SECURITY_DESCRIPTOR),
+ OwnerLength,
+ GroupLength,
+ DaclLength,
+ SaclLength);
Descriptor = ExAllocatePool(PagedPool,
- Length);
+ Length);
if (Descriptor == NULL)
{
DPRINT1("ExAlloctePool() failed\n");
@@ -794,7 +794,7 @@
RtlZeroMemory( Descriptor, Length );
RtlCreateSecurityDescriptor(Descriptor,
- SECURITY_DESCRIPTOR_REVISION);
+ SECURITY_DESCRIPTOR_REVISION);
Descriptor->Control = (USHORT)Control | SE_SELF_RELATIVE;
@@ -803,8 +803,8 @@
if (SaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
- Sacl,
- SaclLength);
+ Sacl,
+ SaclLength);
Descriptor->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += SaclLength;
}
@@ -812,8 +812,8 @@
if (DaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
- Dacl,
- DaclLength);
+ Dacl,
+ DaclLength);
Descriptor->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += DaclLength;
}
@@ -821,8 +821,8 @@
if (OwnerLength != 0)
{
RtlCopyMemory((PVOID)Current,
- Owner,
- OwnerLength);
+ Owner,
+ OwnerLength);
Descriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += OwnerLength;
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
@@ -852,7 +852,7 @@
static BOOLEAN
SepSidInToken(PACCESS_TOKEN _Token,
- PSID Sid)
+ PSID Sid)
{
ULONG i;
PTOKEN Token = (PTOKEN)_Token;
@@ -901,15 +901,15 @@
*/
BOOLEAN STDCALL
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
- IN BOOLEAN SubjectContextLocked,
- IN ACCESS_MASK DesiredAccess,
- IN ACCESS_MASK PreviouslyGrantedAccess,
- OUT PPRIVILEGE_SET* Privileges,
- IN PGENERIC_MAPPING GenericMapping,
- IN KPROCESSOR_MODE AccessMode,
- OUT PACCESS_MASK GrantedAccess,
- OUT PNTSTATUS AccessStatus)
+ IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
+ IN BOOLEAN SubjectContextLocked,
+ IN ACCESS_MASK DesiredAccess,
+ IN ACCESS_MASK PreviouslyGrantedAccess,
+ OUT PPRIVILEGE_SET* Privileges,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus)
{
LUID_AND_ATTRIBUTES Privilege;
ACCESS_MASK CurrentAccess, AccessMask;
@@ -994,19 +994,19 @@
Token = SubjectSecurityContext->ClientToken ?
- SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken;
+ SubjectSecurityContext->ClientToken :
SubjectSecurityContext->PrimaryToken;
/* Get the DACL */
Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
- &Present,
- &Dacl,
- &Defaulted);
+ &Present,
+ &Dacl,
+ &Defaulted);
if (!NT_SUCCESS(Status))
{
if (SubjectContextLocked == FALSE)
- {
- SeUnlockSubjectContext(SubjectSecurityContext);
- }
+ {
+ SeUnlockSubjectContext(SubjectSecurityContext);
+ }
*AccessStatus = Status;
return FALSE;
@@ -1016,9 +1016,9 @@
if (Present == TRUE && Dacl == NULL)
{
if (SubjectContextLocked == FALSE)
- {
- SeUnlockSubjectContext(SubjectSecurityContext);
- }
+ {
+ SeUnlockSubjectContext(SubjectSecurityContext);
+ }
*GrantedAccess = DesiredAccess;
*AccessStatus = STATUS_SUCCESS;
@@ -1032,36 +1032,36 @@
Privilege.Attributes = SE_PRIVILEGE_ENABLED;
if (SepPrivilegeCheck(Token,
- &Privilege,
- 1,
- PRIVILEGE_SET_ALL_NECESSARY,
- AccessMode))
+ &Privilege,
+ 1,
+ PRIVILEGE_SET_ALL_NECESSARY,
+ AccessMode))
{
CurrentAccess |= WRITE_OWNER;
if (DesiredAccess == CurrentAccess)
- {
- if (SubjectContextLocked == FALSE)
- {
- SeUnlockSubjectContext(SubjectSecurityContext);
- }
-
- *GrantedAccess = CurrentAccess;
- *AccessStatus = STATUS_SUCCESS;
- return TRUE;
- }
+ {
+ if (SubjectContextLocked == FALSE)
+ {
+ SeUnlockSubjectContext(SubjectSecurityContext);
+ }
+
+ *GrantedAccess = CurrentAccess;
+ *AccessStatus = STATUS_SUCCESS;
+ return TRUE;
+ }
}
/* RULE 3: Check whether the token is the owner */
Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor,
- &Sid,
- &Defaulted);
+ &Sid,
+ &Defaulted);
if (!NT_SUCCESS(Status))
{
DPRINT1("RtlGetOwnerSecurityDescriptor() failed (Status %lx)\n",
Status);
if (SubjectContextLocked == FALSE)
- {
- SeUnlockSubjectContext(SubjectSecurityContext);
- }
+ {
+ SeUnlockSubjectContext(SubjectSecurityContext);
+ }
*AccessStatus = Status;
return FALSE;
@@ -1071,25 +1071,25 @@
{
CurrentAccess |= (READ_CONTROL | WRITE_DAC);
if (DesiredAccess == CurrentAccess)
- {
- if (SubjectContextLocked == FALSE)
- {
- SeUnlockSubjectContext(SubjectSecurityContext);
- }
-
- *GrantedAccess = CurrentAccess;
- *AccessStatus = STATUS_SUCCESS;
- return TRUE;
- }
+ {
+ if (SubjectContextLocked == FALSE)
+ {
+ SeUnlockSubjectContext(SubjectSecurityContext);
+ }
+
+ *GrantedAccess = CurrentAccess;
+ *AccessStatus = STATUS_SUCCESS;
+ return TRUE;
+ }
}
/* Fail if DACL is absent */
if (Present == FALSE)
{
if (SubjectContextLocked == FALSE)
- {
- SeUnlockSubjectContext(SubjectSecurityContext);
- }
+ {
+ SeUnlockSubjectContext(SubjectSecurityContext);
+ }
*GrantedAccess = 0;
*AccessStatus = STATUS_ACCESS_DENIED;
@@ -1172,13 +1172,13 @@
NTSTATUS STDCALL
NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- OUT PPRIVILEGE_SET PrivilegeSet,
- OUT PULONG ReturnLength,
- OUT PACCESS_MASK GrantedAccess,
- OUT PNTSTATUS AccessStatus)
+ IN HANDLE TokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ OUT PPRIVILEGE_SET PrivilegeSet,
+ OUT PULONG ReturnLength,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus)
{
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext = {0};
KPROCESSOR_MODE PreviousMode;
@@ -1198,11 +1198,11 @@
}
Status = ObReferenceObjectByHandle(TokenHandle,
- TOKEN_QUERY,
- SepTokenObjectType,
- PreviousMode,
- (PVOID*)&Token,
- NULL);
+ TOKEN_QUERY,
+ SepTokenObjectType,
+ PreviousMode,
+ (PVOID*)&Token,
+ NULL);
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to reference token (Status %lx)\n", Status);
@@ -1232,15 +1232,15 @@
SeLockSubjectContext(&SubjectSecurityContext);
if (SeAccessCheck(SecurityDescriptor,
- &SubjectSecurityContext,
- TRUE,
- DesiredAccess,
- 0,
- &PrivilegeSet,
- GenericMapping,
- PreviousMode,
- GrantedAccess,
- AccessStatus))
+ &SubjectSecurityContext,
+ TRUE,
+ DesiredAccess,
+ 0,
+ &PrivilegeSet,
+ GenericMapping,
+ PreviousMode,
+ GrantedAccess,
+ AccessStatus))
{
Status = *AccessStatus;
}
Modified: trunk/reactos/ntoskrnl/se/token.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=27…
==============================================================================
--- trunk/reactos/ntoskrnl/se/token.c (original)
+++ trunk/reactos/ntoskrnl/se/token.c Tue Jul 3 02:39:11 2007
@@ -26,9 +26,9 @@
ERESOURCE SepTokenLock;
static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
- TOKEN_WRITE,
- TOKEN_EXECUTE,
- TOKEN_ALL_ACCESS};
+ TOKEN_WRITE,
+ TOKEN_EXECUTE,
+ TOKEN_ALL_ACCESS};
static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = {
@@ -133,7 +133,7 @@
static ULONG
RtlLengthSidAndAttributes(ULONG Count,
- PSID_AND_ATTRIBUTES Src)
+ PSID_AND_ATTRIBUTES Src)
{
ULONG i;
ULONG uLength;
@@ -151,8 +151,8 @@
NTSTATUS
NTAPI
SepFindPrimaryGroupAndDefaultOwner(PTOKEN Token,
- PSID PrimaryGroup,
- PSID DefaultOwner)
+ PSID PrimaryGroup,
+ PSID DefaultOwner)
{
ULONG i;
@@ -167,15 +167,15 @@
for (i = 0; i < Token->UserAndGroupCount; i++)
{
if (DefaultOwner &&
- RtlEqualSid(Token->UserAndGroups[i].Sid, DefaultOwner))
- {
- Token->DefaultOwnerIndex = i;
- }
+ RtlEqualSid(Token->UserAndGroups[i].Sid, DefaultOwner))
+ {
+ Token->DefaultOwnerIndex = i;
+ }
if (RtlEqualSid(Token->UserAndGroups[i].Sid, PrimaryGroup))
- {
- Token->PrimaryGroup = Token->UserAndGroups[i].Sid;
- }
+ {
+ Token->PrimaryGroup = Token->UserAndGroups[i].Sid;
+ }
}
if (Token->DefaultOwnerIndex == Token->UserAndGroupCount)
@@ -195,12 +195,12 @@
NTSTATUS
STDCALL
SepDuplicateToken(PTOKEN Token,
- POBJECT_ATTRIBUTES ObjectAttributes,
- BOOLEAN EffectiveOnly,
- TOKEN_TYPE TokenType,
- SECURITY_IMPERSONATION_LEVEL Level,
- KPROCESSOR_MODE PreviousMode,
- PTOKEN* NewAccessToken)
+ POBJECT_ATTRIBUTES ObjectAttributes,
+ BOOLEAN EffectiveOnly,
+ TOKEN_TYPE TokenType,
+ SECURITY_IMPERSONATION_LEVEL Level,
+ KPROCESSOR_MODE PreviousMode,
+ PTOKEN* NewAccessToken)
{
ULONG uLength;
ULONG i;
@@ -211,14 +211,14 @@
PAGED_CODE();
Status = ObCreateObject(PreviousMode,
- SepTokenObjectType,
- ObjectAttributes,
- PreviousMode,
- NULL,
- sizeof(TOKEN),
- 0,
- 0,
- (PVOID*)&AccessToken);
+ SepTokenObjectType,
+ ObjectAttributes,
+ PreviousMode,
+ NULL,
+ sizeof(TOKEN),
+ 0,
+ 0,
+ (PVOID*)&AccessToken);
if (!NT_SUCCESS(Status))
{
DPRINT1("ObCreateObject() failed (Status %lx)\n");
@@ -249,8 +249,8 @@
AccessToken->TokenSource.SourceIdentifier.LowPart =
Token->TokenSource.SourceIdentifier.LowPart;
AccessToken->TokenSource.SourceIdentifier.HighPart =
Token->TokenSource.SourceIdentifier.HighPart;
memcpy(AccessToken->TokenSource.SourceName,
- Token->TokenSource.SourceName,
- sizeof(Token->TokenSource.SourceName));
+ Token->TokenSource.SourceName,
+ sizeof(Token->TokenSource.SourceName));
AccessToken->ExpirationTime.QuadPart = Token->ExpirationTime.QuadPart;
AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
@@ -261,24 +261,24 @@
AccessToken->UserAndGroups =
(PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
- uLength,
- TAG('T', 'O', 'K', 'u'));
+ uLength,
+ TAG('T', 'O', 'K',
'u'));
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
- Token->UserAndGroups,
- uLength,
- AccessToken->UserAndGroups,
- EndMem,
- &EndMem,
- &uLength);
+ Token->UserAndGroups,
+ uLength,
+ AccessToken->UserAndGroups,
+ EndMem,
+ &EndMem,
+ &uLength);
if (NT_SUCCESS(Status))
{
Status = SepFindPrimaryGroupAndDefaultOwner(
- AccessToken,
- Token->PrimaryGroup,
- 0);
+ AccessToken,
+ Token->PrimaryGroup,
+ 0);
}
if (NT_SUCCESS(Status))
@@ -287,32 +287,32 @@
uLength = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
AccessToken->Privileges =
- (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
- uLength,
- TAG('T', 'O', 'K', 'p'));
+ (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
+ uLength,
+ TAG('T', 'O',
'K', 'p'));
for (i = 0; i < AccessToken->PrivilegeCount; i++)
- {
- RtlCopyLuid(&AccessToken->Privileges[i].Luid,
- &Token->Privileges[i].Luid);
- AccessToken->Privileges[i].Attributes =
- Token->Privileges[i].Attributes;
- }
+ {
+ RtlCopyLuid(&AccessToken->Privileges[i].Luid,
+ &Token->Privileges[i].Luid);
+ AccessToken->Privileges[i].Attributes =
+ Token->Privileges[i].Attributes;
+ }
if ( Token->DefaultDacl )
- {
- AccessToken->DefaultDacl =
- (PACL) ExAllocatePoolWithTag(PagedPool,
- Token->DefaultDacl->AclSize,
- TAG('T', 'O', 'K', 'd'));
- memcpy(AccessToken->DefaultDacl,
- Token->DefaultDacl,
- Token->DefaultDacl->AclSize);
- }
+ {
+ AccessToken->DefaultDacl =
+ (PACL) ExAllocatePoolWithTag(PagedPool,
+ Token->DefaultDacl->AclSize,
+ TAG('T', 'O', 'K',
'd'));
+ memcpy(AccessToken->DefaultDacl,
+ Token->DefaultDacl,
+ Token->DefaultDacl->AclSize);
+ }
else
- {
- AccessToken->DefaultDacl = 0;
- }
+ {
+ AccessToken->DefaultDacl = 0;
+ }
}
if ( NT_SUCCESS(Status) )
@@ -404,20 +404,20 @@
NTSTATUS
STDCALL
SeAppendPrivileges(
- PACCESS_STATE AccessState,
- PPRIVILEGE_SET Privileges
- )
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PACCESS_STATE AccessState,
+ PPRIVILEGE_SET Privileges
+ )
+{
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
STDCALL
SeCopyClientToken(PACCESS_TOKEN Token,
SECURITY_IMPERSONATION_LEVEL Level,
- KPROCESSOR_MODE PreviousMode,
- PACCESS_TOKEN* NewToken)
+ KPROCESSOR_MODE PreviousMode,
+ PACCESS_TOKEN* NewToken)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
@@ -425,17 +425,17 @@
PAGED_CODE();
InitializeObjectAttributes(&ObjectAttributes,
- NULL,
- 0,
- NULL,
- NULL);
+ NULL,
+ 0,
+ NULL,
+ NULL);
Status = SepDuplicateToken(Token,
- &ObjectAttributes,
- FALSE,
- TokenImpersonation,
- Level,
- PreviousMode,
- (PTOKEN*)NewToken);
+ &ObjectAttributes,
+ FALSE,
+ TokenImpersonation,
+ Level,
+ PreviousMode,
+ (PTOKEN*)NewToken);
return(Status);
}
@@ -523,14 +523,14 @@
NTSTATUS
STDCALL
SeCreateClientSecurityFromSubjectContext(
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
- IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
- IN BOOLEAN ServerIsRemote,
- OUT PSECURITY_CLIENT_CONTEXT ClientContext
- )
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
+ IN BOOLEAN ServerIsRemote,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext
+ )
+{
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
/*
@@ -539,16 +539,16 @@
NTSTATUS
STDCALL
SeFilterToken(
- IN PACCESS_TOKEN ExistingToken,
- IN ULONG Flags,
- IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
- IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
- IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
- OUT PACCESS_TOKEN * FilteredToken
- )
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ IN PACCESS_TOKEN ExistingToken,
+ IN ULONG Flags,
+ IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
+ IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
+ IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
+ OUT PACCESS_TOKEN * FilteredToken
+ )
+{
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
/*
@@ -557,10 +557,10 @@
VOID
STDCALL
SeFreePrivileges(
- IN PPRIVILEGE_SET Privileges
- )
-{
- UNIMPLEMENTED;
+ IN PPRIVILEGE_SET Privileges
+ )
+{
+ UNIMPLEMENTED;
}
@@ -570,12 +570,12 @@
NTSTATUS
STDCALL
SeImpersonateClientEx(
- IN PSECURITY_CLIENT_CONTEXT ClientContext,
- IN PETHREAD ServerThread OPTIONAL
- )
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN PETHREAD ServerThread OPTIONAL
+ )
+{
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
/*
@@ -583,7 +583,7 @@
*/
VOID STDCALL
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
- IN PETHREAD ServerThread OPTIONAL)
+ IN PETHREAD ServerThread OPTIONAL)
{
UCHAR b;
@@ -602,10 +602,10 @@
ServerThread = PsGetCurrentThread();
}
PsImpersonateClient(ServerThread,
- ClientContext->ClientToken,
- 1,
- b,
- ClientContext->SecurityQos.ImpersonationLevel);
+ ClientContext->ClientToken,
+ 1,
+ b,
+ ClientContext->SecurityQos.ImpersonationLevel);
}
@@ -658,10 +658,10 @@
*/
NTSTATUS STDCALL
NtQueryInformationToken(IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength,
- OUT PULONG ReturnLength)
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength,
+ OUT PULONG ReturnLength)
{
union
{
@@ -693,11 +693,11 @@
}
Status = ObReferenceObjectByHandle(TokenHandle,
- (TokenInformationClass == TokenSource) ? TOKEN_QUERY_SOURCE : TOKEN_QUERY,
- SepTokenObjectType,
- PreviousMode,
- (PVOID*)&Token,
- NULL);
+ (TokenInformationClass == TokenSource) ?
TOKEN_QUERY_SOURCE : TOKEN_QUERY,
+ SepTokenObjectType,
+ PreviousMode,
+ (PVOID*)&Token,
+ NULL);
if (NT_SUCCESS(Status))
{
switch (TokenInformationClass)
@@ -783,7 +783,7 @@
}
_SEH_END;
- break;
+ break;
}
case TokenPrivileges:
@@ -1114,9 +1114,9 @@
}
case TokenGroupsAndPrivileges:
- DPRINT1("NtQueryInformationToken(TokenGroupsAndPrivileges) not
implemented\n");
- Status = STATUS_NOT_IMPLEMENTED;
- break;
+ DPRINT1("NtQueryInformationToken(TokenGroupsAndPrivileges) not
implemented\n");
+ Status = STATUS_NOT_IMPLEMENTED;
+ break;
case TokenRestrictedSids:
{
@@ -1160,13 +1160,13 @@
}
_SEH_END;
- break;
+ break;
}
case TokenSandBoxInert:
- DPRINT1("NtQueryInformationToken(TokenSandboxInert) not implemented\n");
- Status = STATUS_NOT_IMPLEMENTED;
- break;
+ DPRINT1("NtQueryInformationToken(TokenSandboxInert) not
implemented\n");
+ Status = STATUS_NOT_IMPLEMENTED;
+ break;
case TokenSessionId:
{
@@ -1200,9 +1200,9 @@
}
default:
- DPRINT1("NtQueryInformationToken(%d) invalid information class\n",
TokenInformationClass);
- Status = STATUS_INVALID_INFO_CLASS;
- break;
+ DPRINT1("NtQueryInformationToken(%d) invalid information class\n",
TokenInformationClass);
+ Status = STATUS_INVALID_INFO_CLASS;
+ break;
}
ObDereferenceObject(Token);
@@ -1217,13 +1217,13 @@
NTSTATUS
STDCALL
SeQueryInformationToken(
- IN PACCESS_TOKEN Token,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID *TokenInformation
- )
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ IN PACCESS_TOKEN Token,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID *TokenInformation
+ )
+{
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
/*
@@ -1232,9 +1232,9 @@
NTSTATUS
STDCALL
SeQuerySessionIdToken(
- IN PACCESS_TOKEN Token,
- IN PULONG pSessionId
- )
+ IN PACCESS_TOKEN Token,
+ IN PULONG pSessionId
+ )
{
*pSessionId = ((PTOKEN)Token)->SessionId;
return STATUS_SUCCESS;
@@ -1248,9 +1248,9 @@
NTSTATUS STDCALL
NtSetInformationToken(IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength)
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength)
{
PTOKEN Token;
KPROCESSOR_MODE PreviousMode;
@@ -1281,11 +1281,11 @@
}
Status = ObReferenceObjectByHandle(TokenHandle,
- NeededAccess,
- SepTokenObjectType,
- PreviousMode,
- (PVOID*)&Token,
- NULL);
+ NeededAccess,
+ SepTokenObjectType,
+ PreviousMode,
+ (PVOID*)&Token,
+ NULL);
if (NT_SUCCESS(Status))
{
switch (TokenInformationClass)
@@ -1539,11 +1539,11 @@
}
Status = ObReferenceObjectByHandle(ExistingTokenHandle,
- TOKEN_DUPLICATE,
- SepTokenObjectType,
- PreviousMode,
- (PVOID*)&Token,
- NULL);
+ TOKEN_DUPLICATE,
+ SepTokenObjectType,
+ PreviousMode,
+ (PVOID*)&Token,
+ NULL);
if (NT_SUCCESS(Status))
{
Status = SepDuplicateToken(Token,
@@ -1551,19 +1551,19 @@
EffectiveOnly,
TokenType,
(QoSPresent ?
CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
- PreviousMode,
- &NewToken);
+ PreviousMode,
+ &NewToken);
ObDereferenceObject(Token);
if (NT_SUCCESS(Status))
{
Status = ObInsertObject((PVOID)NewToken,
- NULL,
- DesiredAccess,
- 0,
- NULL,
- &hToken);
+ NULL,
+ DesiredAccess,
+ 0,
+ NULL,
+ &hToken);
if (NT_SUCCESS(Status))
{
@@ -1590,15 +1590,15 @@
VOID SepAdjustGroups(PACCESS_TOKEN Token,
- ULONG a,
- BOOLEAN ResetToDefault,
- PSID_AND_ATTRIBUTES Groups,
- ULONG b,
- KPROCESSOR_MODE PreviousMode,
- ULONG c,
- PULONG d,
- PULONG e,
- PULONG f)
+ ULONG a,
+ BOOLEAN ResetToDefault,
+ PSID_AND_ATTRIBUTES Groups,
+ ULONG b,
+ KPROCESSOR_MODE PreviousMode,
+ ULONG c,
+ PULONG d,
+ PULONG e,
+ PULONG f)
{
UNIMPLEMENTED;
}
@@ -1606,11 +1606,11 @@
NTSTATUS STDCALL
NtAdjustGroupsToken(IN HANDLE TokenHandle,
- IN BOOLEAN ResetToDefault,
- IN PTOKEN_GROUPS NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_GROUPS PreviousState OPTIONAL,
- OUT PULONG ReturnLength)
+ IN BOOLEAN ResetToDefault,
+ IN PTOKEN_GROUPS NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_GROUPS PreviousState OPTIONAL,
+ OUT PULONG ReturnLength)
{
#if 0
NTSTATUS Status;
@@ -1622,23 +1622,23 @@
PAGED_CODE();
Status = ObReferenceObjectByHandle(TokenHandle,
- ?,
- SepTokenObjectType,
- UserMode,
- (PVOID*)&Token,
- NULL);
+ ?,
+ SepTokenObjectType,
+ UserMode,
+ (PVOID*)&Token,
+ NULL);
SepAdjustGroups(Token,
- 0,
- ResetToDefault,
- NewState->Groups,
- ?,
- PreviousState,
- 0,
- &a,
- &b,
- &c);
+ 0,
+ ResetToDefault,
+ NewState->Groups,
+ ?,
+ PreviousState,
+ 0,
+ &a,
+ &b,
+ &c);
#else
UNIMPLEMENTED;
return(STATUS_NOT_IMPLEMENTED);
@@ -1649,14 +1649,14 @@
#if 0
NTSTATUS
SepAdjustPrivileges(PACCESS_TOKEN Token,
- ULONG a,
- KPROCESSOR_MODE PreviousMode,
- ULONG PrivilegeCount,
- PLUID_AND_ATTRIBUTES Privileges,
- PTOKEN_PRIVILEGES* PreviousState,
- PULONG b,
- PULONG c,
- PULONG d)
+ ULONG a,
+ KPROCESSOR_MODE PreviousMode,
+ ULONG PrivilegeCount,
+ PLUID_AND_ATTRIBUTES Privileges,
+ PTOKEN_PRIVILEGES* PreviousState,
+ PULONG b,
+ PULONG c,
+ PULONG d)
{
ULONG i;
@@ -1665,24 +1665,24 @@
if (Token->PrivilegeCount > 0)
{
for (i = 0; i < Token->PrivilegeCount; i++)
- {
- if (PreviousMode != KernelMode)
- {
- if (Token->Privileges[i]->Attributes & SE_PRIVILEGE_ENABLED == 0)
- {
- if (a != 0)
- {
- if (PreviousState != NULL)
- {
- memcpy(&PreviousState[i],
- &Token->Privileges[i],
- sizeof(LUID_AND_ATTRIBUTES));
- }
- Token->Privileges[i].Attributes &= (~SE_PRIVILEGE_ENABLED);
- }
- }
- }
- }
+ {
+ if (PreviousMode != KernelMode)
+ {
+ if (Token->Privileges[i]->Attributes & SE_PRIVILEGE_ENABLED ==
0)
+ {
+ if (a != 0)
+ {
+ if (PreviousState != NULL)
+ {
+ memcpy(&PreviousState[i],
+ &Token->Privileges[i],
+ sizeof(LUID_AND_ATTRIBUTES));
+ }
+ Token->Privileges[i].Attributes &= (~SE_PRIVILEGE_ENABLED);
+ }
+ }
+ }
+ }
}
if (PreviousMode != KernelMode)
@@ -1692,8 +1692,8 @@
else
{
if (PrivilegeCount <= ?)
- {
- }
+ {
+ }
}
if (
}
@@ -1705,11 +1705,11 @@
*/
NTSTATUS STDCALL
NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
- IN BOOLEAN DisableAllPrivileges,
- IN PTOKEN_PRIVILEGES NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
- OUT PULONG ReturnLength OPTIONAL)
+ IN BOOLEAN DisableAllPrivileges,
+ IN PTOKEN_PRIVILEGES NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
+ OUT PULONG ReturnLength OPTIONAL)
{
// PLUID_AND_ATTRIBUTES Privileges;
KPROCESSOR_MODE PreviousMode;
@@ -1734,41 +1734,41 @@
// PrivilegeCount = NewState->PrivilegeCount;
PreviousMode = KeGetPreviousMode ();
// SeCaptureLuidAndAttributesArray(NewState->Privileges,
-// PrivilegeCount,
-// PreviousMode,
-// NULL,
-// 0,
-// NonPagedPool,
-// 1,
-// &Privileges,
-// &Length);
+// PrivilegeCount,
+// PreviousMode,
+// NULL,
+// 0,
+// NonPagedPool,
+// 1,
+// &Privileges,
+// &Length);
Status = ObReferenceObjectByHandle (TokenHandle,
- TOKEN_ADJUST_PRIVILEGES | (PreviousState != NULL ? TOKEN_QUERY : 0),
- SepTokenObjectType,
- PreviousMode,
- (PVOID*)&Token,
- NULL);
+ TOKEN_ADJUST_PRIVILEGES | (PreviousState != NULL ?
TOKEN_QUERY : 0),
+ SepTokenObjectType,
+ PreviousMode,
+ (PVOID*)&Token,
+ NULL);
if (!NT_SUCCESS(Status))
{
DPRINT1 ("Failed to reference token (Status %lx)\n", Status);
// SeReleaseLuidAndAttributesArray(Privileges,
-// PreviousMode,
-// 0);
+// PreviousMode,
+// 0);
return Status;
}
#if 0
SepAdjustPrivileges(Token,
- 0,
- PreviousMode,
- PrivilegeCount,
- Privileges,
- PreviousState,
- &a,
- &b,
- &c);
+ 0,
+ PreviousMode,
+ PrivilegeCount,
+ Privileges,
+ PreviousState,
+ &a,
+ &b,
+ &c);
#endif
PrivilegeCount = (BufferLength - FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges)) /
@@ -1781,14 +1781,14 @@
if (DisableAllPrivileges == TRUE)
{
for (i = 0; i < Token->PrivilegeCount; i++)
- {
- if (Token->Privileges[i].Attributes != 0)
- {
- DPRINT ("Attributes differ\n");
-
- /* Save current privilege */
- if (PreviousState != NULL)
- {
+ {
+ if (Token->Privileges[i].Attributes != 0)
+ {
+ DPRINT ("Attributes differ\n");
+
+ /* Save current privilege */
+ if (PreviousState != NULL)
+ {
if (k < PrivilegeCount)
{
PreviousState->PrivilegeCount++;
@@ -1803,37 +1803,37 @@
*/
}
k++;
- }
-
- /* Update current privlege */
- Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
- }
- }
+ }
+
+ /* Update current privlege */
+ Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
+ }
+ }
Status = STATUS_SUCCESS;
}
else
{
Count = 0;
for (i = 0; i < Token->PrivilegeCount; i++)
- {
- for (j = 0; j < NewState->PrivilegeCount; j++)
- {
- if (Token->Privileges[i].Luid.LowPart ==
NewState->Privileges[j].Luid.LowPart &&
- Token->Privileges[i].Luid.HighPart == NewState->Privileges[j].Luid.HighPart)
- {
- DPRINT ("Found privilege\n");
-
- if ((Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED) !=
- (NewState->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED))
- {
- DPRINT ("Attributes differ\n");
- DPRINT ("Current attributes %lx desired attributes %lx\n",
- Token->Privileges[i].Attributes,
- NewState->Privileges[j].Attributes);
-
- /* Save current privilege */
- if (PreviousState != NULL)
- {
+ {
+ for (j = 0; j < NewState->PrivilegeCount; j++)
+ {
+ if (Token->Privileges[i].Luid.LowPart ==
NewState->Privileges[j].Luid.LowPart &&
+ Token->Privileges[i].Luid.HighPart ==
NewState->Privileges[j].Luid.HighPart)
+ {
+ DPRINT ("Found privilege\n");
+
+ if ((Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED) !=
+ (NewState->Privileges[j].Attributes &
SE_PRIVILEGE_ENABLED))
+ {
+ DPRINT ("Attributes differ\n");
+ DPRINT ("Current attributes %lx desired attributes
%lx\n",
+ Token->Privileges[i].Attributes,
+ NewState->Privileges[j].Attributes);
+
+ /* Save current privilege */
+ if (PreviousState != NULL)
+ {
if (k < PrivilegeCount)
{
PreviousState->PrivilegeCount++;
@@ -1848,33 +1848,33 @@
*/
}
k++;
- }
-
- /* Update current privlege */
- Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
- Token->Privileges[i].Attributes |=
- (NewState->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED);
- DPRINT ("New attributes %lx\n",
- Token->Privileges[i].Attributes);
- }
+ }
+
+ /* Update current privlege */
+ Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
+ Token->Privileges[i].Attributes |=
+ (NewState->Privileges[j].Attributes &
SE_PRIVILEGE_ENABLED);
+ DPRINT ("New attributes %lx\n",
+ Token->Privileges[i].Attributes);
+ }
Count++;
- }
- }
- }
+ }
+ }
+ }
Status = Count < NewState->PrivilegeCount ? STATUS_NOT_ALL_ASSIGNED :
STATUS_SUCCESS;
}
if (ReturnLength != NULL)
{
*ReturnLength = sizeof(TOKEN_PRIVILEGES) +
- (sizeof(LUID_AND_ATTRIBUTES) * (k - 1));
+ (sizeof(LUID_AND_ATTRIBUTES) * (k - 1));
}
ObDereferenceObject (Token);
// SeReleaseLuidAndAttributesArray(Privileges,
-// PreviousMode,
-// 0);
+// PreviousMode,
+// 0);
DPRINT ("NtAdjustPrivilegesToken() done\n");
@@ -1926,14 +1926,14 @@
* Initialize the token
*/
Status = ObCreateObject(KernelMode,
- SepTokenObjectType,
- NULL,
- KernelMode,
- NULL,
- sizeof(TOKEN),
- 0,
- 0,
- (PVOID*)&AccessToken);
+ SepTokenObjectType,
+ NULL,
+ KernelMode,
+ NULL,
+ sizeof(TOKEN),
+ 0,
+ 0,
+ (PVOID*)&AccessToken);
if (!NT_SUCCESS(Status))
{
return NULL;
@@ -1978,8 +1978,8 @@
AccessToken->UserAndGroups =
(PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
- uSize,
- TAG('T', 'O', 'K', 'u'));
+ uSize,
+ TAG('T', 'O', 'K',
'u'));
SidArea = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
i = 0;
@@ -2009,9 +2009,9 @@
uSize = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
AccessToken->Privileges =
- (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
- uSize,
- TAG('T', 'O', 'K', 'p'));
+ (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
+ uSize,
+ TAG('T', 'O',
'K', 'p'));
i = 0;
AccessToken->Privileges[i].Attributes =
SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
@@ -2089,8 +2089,8 @@
uSize = (uSize & (~3)) + 8;
AccessToken->DefaultDacl =
(PACL) ExAllocatePoolWithTag(PagedPool,
- uSize,
- TAG('T', 'O', 'K', 'd'));
+ uSize,
+ TAG('T', 'O', 'K',
'd'));
Status = RtlCreateAcl(AccessToken->DefaultDacl, uSize, ACL_REVISION);
if ( NT_SUCCESS(Status) )
{
@@ -2114,18 +2114,18 @@
NTSTATUS STDCALL
NtCreateToken(OUT PHANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN TOKEN_TYPE TokenType,
- IN PLUID AuthenticationId,
- IN PLARGE_INTEGER ExpirationTime,
- IN PTOKEN_USER TokenUser,
- IN PTOKEN_GROUPS TokenGroups,
- IN PTOKEN_PRIVILEGES TokenPrivileges,
- IN PTOKEN_OWNER TokenOwner,
- IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
- IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
- IN PTOKEN_SOURCE TokenSource)
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN TOKEN_TYPE TokenType,
+ IN PLUID AuthenticationId,
+ IN PLARGE_INTEGER ExpirationTime,
+ IN PTOKEN_USER TokenUser,
+ IN PTOKEN_GROUPS TokenGroups,
+ IN PTOKEN_PRIVILEGES TokenPrivileges,
+ IN PTOKEN_OWNER TokenOwner,
+ IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
+ IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
+ IN PTOKEN_SOURCE TokenSource)
{
HANDLE hToken;
PTOKEN AccessToken;
@@ -2201,14 +2201,14 @@
return(Status);
Status = ObCreateObject(PreviousMode,
- SepTokenObjectType,
- ObjectAttributes,
- PreviousMode,
- NULL,
- sizeof(TOKEN),
- 0,
- 0,
- (PVOID*)&AccessToken);
+ SepTokenObjectType,
+ ObjectAttributes,
+ PreviousMode,
+ NULL,
+ sizeof(TOKEN),
+ 0,
+ 0,
+ (PVOID*)&AccessToken);
if (!NT_SUCCESS(Status))
{
DPRINT1("ObCreateObject() failed (Status %lx)\n");
@@ -2218,10 +2218,10 @@
AccessToken->TokenLock = &SepTokenLock;
RtlCopyLuid(&AccessToken->TokenSource.SourceIdentifier,
- &TokenSource->SourceIdentifier);
+ &TokenSource->SourceIdentifier);
memcpy(AccessToken->TokenSource.SourceName,
- TokenSource->SourceName,
- sizeof(TokenSource->SourceName));
+ TokenSource->SourceName,
+ sizeof(TokenSource->SourceName));
RtlCopyLuid(&AccessToken->TokenId, &TokenId);
RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId);
@@ -2250,44 +2250,44 @@
AccessToken->UserAndGroups =
(PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
- uLength,
- TAG('T', 'O', 'K', 'u'));
+ uLength,
+ TAG('T', 'O', 'K',
'u'));
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
Status = RtlCopySidAndAttributesArray(1,
- &TokenUser->User,
- uLength,
- AccessToken->UserAndGroups,
- EndMem,
- &EndMem,
- &uLength);
+ &TokenUser->User,
+ uLength,
+ AccessToken->UserAndGroups,
+ EndMem,
+ &EndMem,
+ &uLength);
if (NT_SUCCESS(Status))
{
Status = RtlCopySidAndAttributesArray(TokenGroups->GroupCount,
- TokenGroups->Groups,
- uLength,
- &AccessToken->UserAndGroups[1],
- EndMem,
- &EndMem,
- &uLength);
+ TokenGroups->Groups,
+ uLength,
+ &AccessToken->UserAndGroups[1],
+ EndMem,
+ &EndMem,
+ &uLength);
}
if (NT_SUCCESS(Status))
{
Status = SepFindPrimaryGroupAndDefaultOwner(
- AccessToken,
- TokenPrimaryGroup->PrimaryGroup,
- TokenOwner->Owner);
+ AccessToken,
+ TokenPrimaryGroup->PrimaryGroup,
+ TokenOwner->Owner);
}
if (NT_SUCCESS(Status))
{
uLength = TokenPrivileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
AccessToken->Privileges =
- (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
- uLength,
- TAG('T', 'O', 'K', 'p'));
+ (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
+ uLength,
+ TAG('T', 'O',
'K', 'p'));
if (PreviousMode != KernelMode)
{
@@ -2314,20 +2314,20 @@
if (NT_SUCCESS(Status))
{
AccessToken->DefaultDacl =
- (PACL) ExAllocatePoolWithTag(PagedPool,
- TokenDefaultDacl->DefaultDacl->AclSize,
- TAG('T', 'O', 'K', 'd'));
+ (PACL) ExAllocatePoolWithTag(PagedPool,
+ TokenDefaultDacl->DefaultDacl->AclSize,
+ TAG('T', 'O', 'K',
'd'));
memcpy(AccessToken->DefaultDacl,
- TokenDefaultDacl->DefaultDacl,
- TokenDefaultDacl->DefaultDacl->AclSize);
+ TokenDefaultDacl->DefaultDacl,
+ TokenDefaultDacl->DefaultDacl->AclSize);
}
Status = ObInsertObject ((PVOID)AccessToken,
- NULL,
- DesiredAccess,
- 0,
- NULL,
- &hToken);
+ NULL,
+ DesiredAccess,
+ 0,
+ NULL,
+ &hToken);
if (!NT_SUCCESS(Status))
{
DPRINT1("ObInsertObject() failed (Status %lx)\n", Status);
@@ -2355,7 +2355,7 @@
*/
NTSTATUS STDCALL
SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
- OUT PLUID LogonId)
+ OUT PLUID LogonId)
{
PAGED_CODE();
@@ -2396,8 +2396,8 @@
BOOLEAN
STDCALL
SeTokenIsAdmin(
- IN PACCESS_TOKEN Token
- )
+ IN PACCESS_TOKEN Token
+ )
{
PAGED_CODE();
return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0;
@@ -2409,8 +2409,8 @@
BOOLEAN
STDCALL
SeTokenIsRestricted(
- IN PACCESS_TOKEN Token
- )
+ IN PACCESS_TOKEN Token
+ )
{
PAGED_CODE();
return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
@@ -2422,8 +2422,8 @@
BOOLEAN
STDCALL
SeTokenIsWriteRestricted(
- IN PACCESS_TOKEN Token
- )
+ IN PACCESS_TOKEN Token
+ )
{
PAGED_CODE();
return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0;
@@ -2436,11 +2436,11 @@
NTSTATUS
STDCALL
NtImpersonateAnonymousToken(
- IN HANDLE Thread
- )
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ IN HANDLE Thread
+ )
+{
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}