[ros-diffs] [hbelusca] 60301: [NTOS] - Fix disabling impersonation in PsDisableImpersonation, and - Fix how we do restore impersonation in NtOpenThreadTokenEx. Patch by Thomas Faber, CORE-7476 #comment Patch c...

Author: hbelusca Date: Sun Sep 22 00:26:31 2013 New Revision: 60301 URL: http://svn.reactos.org/svn/reactos?rev=60301&view=rev Log: [NTOS] - Fix disabling impersonation in PsDisableImpersonation, and - Fix how we do restore impersonation in NtOpenThreadTokenEx. Patch by Thomas Faber, CORE-7476 #comment Patch committed in revision 60301, thanks :). Please retest the bug. Modified: trunk/reactos/ntoskrnl/ps/security.c trunk/reactos/ntoskrnl/se/token.c Modified: trunk/reactos/ntoskrnl/ps/security.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/security.c?rev… ============================================================================== --- trunk/reactos/ntoskrnl/ps/security.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ps/security.c [iso-8859-1] Sun Sep 22 00:26:31 2013 @@ -820,10 +820,10 @@ BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, - IN PSE_IMPERSONATION_STATE ImpersonationState) + OUT PSE_IMPERSONATION_STATE ImpersonationState) { PPS_IMPERSONATION_INFORMATION Impersonation = NULL; - LONG NewValue, OldValue; + LONG OldFlags; PAGED_CODE(); PSTRACE(PS_SECURITY_DEBUG, "Thread: %p State: %p\n", Thread, ImpersonationState); @@ -835,19 +835,11 @@ PspLockThreadSecurityExclusive(Thread); /* Disable impersonation */ - OldValue = Thread->CrossThreadFlags; - do - { - /* Attempt to change the flag */ - NewValue = - InterlockedCompareExchange((PLONG)&Thread->CrossThreadFlags, - OldValue &~ - CT_ACTIVE_IMPERSONATION_INFO_BIT, - OldValue); - } while (NewValue != OldValue); + OldFlags = PspClearCrossThreadFlag(Thread, + CT_ACTIVE_IMPERSONATION_INFO_BIT); /* Make sure nobody disabled it behind our back */ - if (NewValue & CT_ACTIVE_IMPERSONATION_INFO_BIT) + if (OldFlags & CT_ACTIVE_IMPERSONATION_INFO_BIT) { /* Copy the old state */ Impersonation = Thread->ImpersonationInfo; Modified: trunk/reactos/ntoskrnl/se/token.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=60… ============================================================================== --- trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] Sun Sep 22 00:26:31 2013 @@ -1065,7 +1065,7 @@ PTOKEN Token; ULONG RequiredLength; KPROCESSOR_MODE PreviousMode; - NTSTATUS Status = STATUS_SUCCESS; + NTSTATUS Status; PAGED_CODE(); @@ -2429,6 +2429,7 @@ PACL Dacl = NULL; KPROCESSOR_MODE PreviousMode; NTSTATUS Status; + BOOLEAN RestoreImpersonation = FALSE; PAGED_CODE(); @@ -2482,7 +2483,8 @@ if (OpenAsSelf) { - PsDisableImpersonation(PsGetCurrentThread(), &ImpersonationState); + RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(), + &ImpersonationState); } if (CopyOnOpen) @@ -2533,7 +2535,7 @@ if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL); - if (OpenAsSelf) + if (RestoreImpersonation) { PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState); }